Shared Security Podcast

In episode 153 for December 28th 2020: In our last episode of the year co-host Tom Eston talks about his top 3 tips to keep you cybersecure in 2021. Thank you for listening, watching us on YouTube, and supporting our show and sponsors this year. We wish you and your family a new year that’s safe and secure! ** Links mentioned on the show ** Everything You Need to Know About Password Managers https://www.consumerreports.org/digital-security/everything-you-need-to-know-about-password-managers/ For more details on when we may see the end of passwords, check out my interview with Andrew Shikiar from the FIDO Alliance https://sharedsecurity.net/2020/04/27/the-end-of-passwords-as-we-know-it/ Two-factor authentication: How and why to use it https://www.cnet.com/how-to/how-and-why-to-use-two-factor-authentication/ Stop putting off your device updates—here’s why https://www.popsci.com/update-every-gadget/ ** Watch this episode on YouTube ** https://youtu.be/X0JYaenuwR0 ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Top 3 Cybersecurity Tips appeared first on Shared Security Podcast.

Our last episode of the year is our always entertaining year in review and 2021 predictions with co-hosts Scott Wright and Kevin Johnson. Thank you for listening and supporting the show in 2020! ** Links mentioned on the show ** Check out our year in review and 2020 predictions recorded around the same time last year! https://sharedsecurity.net/2019/12/23/the-year-in-review-and-2020-predictions-with-kevin-johnson/ ** Watch this episode on YouTube ** https://youtu.be/gKiymWnnfzM ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post The Year in Review and 2021 Predictions appeared first on Shared Security Podcast.

In episode 152 for December 21st 2020: A discussion about the SolarWinds Orion backdoor, third-party security, and the threat of supply chain attacks with co-host Kevin Johnson. ** Links mentioned on the show ** US govt, FireEye breached after SolarWinds supply-chain attack https://www.bleepingcomputer.com/news/security/us-govt-fireeye-breached-after-solarwinds-supply-chain-attack/ https://savebreach.com/solarwinds-credentials-exposure-led-to-us-government-fireye-breach/ https://www.zdnet.com/article/sec-filings-solarwinds-says-18000-customers-are-impacted-by-recent-hack/ What We Know (And Don’t) About The SolarWinds Orion Hack So Far https://labs.bishopfox.com/industry-blog/what-we-know-and-dont-about-the-solarwinds-orion-hack SolarWinds attack explained: And why it was so hard to detect https://www.csoonline.com/article/3601508/solarwinds-supply-chain-attack-explained-why-organizations-were-not-prepared.html Highly Evasive Attacker Leverages SolarWinds Supply Chain to Compromise Multiple Global Victims With SUNBURST Backdoor https://www.fireeye.com/blog/threat-research/2020/12/evasive-attacker-leverages-solarwinds-supply-chain-compromises-with-sunburst-backdoor.html ** Watch this episode on YouTube ** https://youtu.be/ojDvx6Wwn6I ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post SolarWinds/SUNBURST Backdoor, Third-Party and Supply Chain Security appeared first on Shared Security Podcast.

In episode 151 for December 14th 2020: What you need to know about the stolen FireEye “Red Team” tools and the FUD going on in the media about the attack, Foxconn gets hit with a ransomware attack plus details on how ransomware attacks are evolving, and how Apple is stopping advertisers from tracking you across different applications. ** Links mentioned on the show ** FireEye Shares Details of Recent Cyber Attack, Actions to Protect Community https://www.fireeye.com/blog/products-and-services/2020/12/fireeye-shares-details-of-recent-cyber-attack-actions-to-protect-community.html https://www.fireeye.com/blog/threat-research/2020/12/unauthorized-access-of-fireeye-red-team-tools.html https://www.theguardian.com/technology/2020/dec/08/fireeye-hack-cybersecurity-theft?mid=1 https://techcentral.co.za/why-everyone-should-be-worried-by-the-fireeye-hack/103750/ The Stolen FireEye Red Team Tools Are Mostly Open Source https://labs.bishopfox.com/industry-blog/the-stolen-fireeye-red-team-tools-are-mostly-open-source Foxconn electronics giant hit by ransomware, $34 million ransom https://www.bleepingcomputer.com/news/security/foxconn-electronics-giant-hit-by-ransomware-34-million-ransom/ https://www.zdnet.com/article/ransomware-gangs-are-getting-faster-at-encrypting-networks-that-will-make-them-harder-to-stop/ Apple could block apps that don’t comply with new privacy feature https://www.reuters.com/article/idUSKBN28I21I Scoop: WhatsApp goes after Apple over privacy label requirements https://www.axios.com/whatsapp-apple-privacy-label-requirements-cc0d5edd-ab2f-4549-b9d7-ea3c97184056.html Tom’s take on Apple’s “privacy labels” – Episode 147 https://sharedsecurity.net/2020/11/16/stolen-source-code-apple-zero-days-bidens-privacy-and-cybersecurity-policies/ Watch on YouTube: https://youtu.be/8v1QTAZ6gqM ** Watch this episode on YouTube ** https://youtu.be/mOgoR6E9_vc ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post FireEye Hacked, Foxconn Ransomware Attack, Apple’s New Privacy Features appeared first on Shared Security Podcast.

In episode 150 for December 7th 2020: Details about a now patched iPhone zero-click Wi-Fi exploit, the FBI warns of business email compromise scammers using email auto-forwarding in attacks, and how nation-state attackers are targeting the COVID-19 vaccine supply ‘cold chain’. ** Links mentioned on the show ** Google Hacker Details Zero-Click ‘Wormable’ Wi-Fi Exploit to Hack iPhones https://thehackernews.com/2020/12/google-hacker-details-zero-click.html https://googleprojectzero.blogspot.com/2020/12/an-ios-zero-click-radio-proximity.html FBI warns of BEC scammers using email auto-forwarding in attacks https://www.bleepingcomputer.com/news/security/fbi-warns-of-bec-scammers-using-email-auto-forwarding-in-attacks/ https://www.bleepingcomputer.com/news/security/fbi-cybercrime-victims-lost-35-billion-in-2019/ Coronavirus: Hackers targeted Covid vaccine supply ‘cold chain’ https://securityintelligence.com/posts/ibm-uncovers-global-phishing-covid-19-vaccine-cold-chain/ ** Watch this episode on YouTube ** https://youtu.be/rMfij4AThzI ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post iPhone Zero-Click Exploit, BEC Email Auto-Forward Scams, COVID-19 Vaccine Cold Chain Attacks appeared first on Shared Security Podcast.

In our November monthly episode we discuss the scams that you may encounter this holiday shopping season due to the pandemic and our top tips on how to stay safe and more secure when doing your shopping this year. ** Links mentioned on the show ** Digital Safety in the New Normal: Holiday Edition https://www.ibtimes.com/digital-safety-new-normal-holiday-edition-3087840 Online Holiday Shopping Scams https://us-cert.cisa.gov/ncas/current-activity/2020/11/24/online-holiday-shopping-scams ** Watch this episode on YouTube ** https://youtu.be/D3IIgfp9-sk ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Holiday Shopping Scams and Tips to Stay Safe appeared first on Shared Security Podcast.

In episode 149 for November 30th 2020: Police begin to pilot a program to live-stream Amazon Ring cameras, new details about Amazon Sidewalk, Congress unanimously passes a federal Internet of Things security law, and a Facebook Messenger bug that lets an attacker listen to you before you pick up a call. ** Links mentioned on the show ** Police Will Pilot a Program to Live-Stream Amazon Ring Cameras https://www.eff.org/deeplinks/2020/11/police-will-pilot-program-live-stream-amazon-ring-cameras What is Amazon Sidewalk? https://www.aboutamazon.com/news/devices/introducing-amazon-sidewalk https://m.media-amazon.com/images/G/01/sidewalk/privacy_security_whitepaper_final.pdf Congress unanimously passes federal IoT security law https://blog.rapid7.com/2020/11/18/congress-unanimously-passes-federal-iot-security-law/ Facebook Messenger Bug Lets Hackers Listen to You Before You Pick Up the Call https://thehackernews.com/2020/11/facebook-messenger-bug-lets-hackers.html ** Watch this episode on YouTube ** https://youtu.be/FHyJUwF7rJE ** Thank you to our sponsors! ** Silent Pocket Looking to give the gift of privacy this holiday season? Our sponsor Silent Pocket has a huge sale going on right now until November 30th where you can get a free Silent Pocket hat, free domestic shipping, and 15% off everything on silentpocket.com. Not only that, right now some of their most popular faraday products are 40% off! To take advantage of this exclusive holiday offer visit silentpocket.com and use discount code “sharedsecurity” at checkout. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Amazon Sidewalk, Federal IoT Security Law, Facebook Messenger Bug appeared first on Shared Security Podcast.

In episode 148 for November 23rd 2020: This week Kevin Johnson joins me to discuss the Twitter firing of Chris Krebs, Director of the Cybersecurity and Infrastructure Security Agency, and our thoughts about a common sense approach to social media and Section 230 of the Communications Decency Act. ** Links mentioned on the show ** Trump fires top cybersecurity official Christopher Krebs https://www.cbsnews.com/news/trump-fires-cybersecurity-chief-christopher-krebs/ Don’t Blame Section 230 for Big Tech’s Failures. Blame Big Tech. https://www.eff.org/deeplinks/2020/11/dont-blame-section-230-big-techs-failures-blame-big-tech Computer Security Experts Urge White House to Keep Politics Out of Election Security https://www.eff.org/press/releases/computer-security-experts-urge-white-house-keep-politics-out-election-security ** Watch this episode on YouTube ** https://youtu.be/YfMQQHYBfQI ** Thank you to our sponsors! ** Silent Pocket Looking to give the gift of privacy this holiday season? Our sponsor Silent Pocket has a huge sale going on right now until November 30th where you can get a free Silent Pocket hat, free domestic shipping, and 15% off everything on silentpocket.com. Not only that, right now some of their most popular faraday products are 40% off! To take advantage of this exclusive holiday offer visit silentpocket.com and use discount code “sharedsecurity” at checkout. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post CISA Director Chris Krebs Fired, Common Sense and Section 230 appeared first on Shared Security Podcast.

In episode 147 for November 16th 2020: The latest about source code stolen from US government agencies and private companies, three actively exploited iOS zero-days in the wild and new App Store privacy labels, and what a Biden administration could mean for privacy and cybersecurity. ** Links mentioned on the show ** Our 3 part series on Targeted Attacks – Watch on YouTube! https://www.youtube.com/playlist?list=PLOh_LIYqw5qV22VV9pT-SNpItiKDxOJaO Our interviews with StartPage.com All about StartPage, the Worlds Most Private Search Engine, with Alex Kubiak https://sharedsecurity.net/2020/09/21/startpage-com-the-worlds-most-private-search-engine/ Privacy Mindset between Europe and United Stated with Kelly Finnerty https://sharedsecurity.net/2020/11/09/privacy-mindset-europe-vs-united-states/ FBI: Hackers stole source code from US government agencies and private companies https://www.ic3.gov/Media/News/2020/201103-3.pdf Update Your iOS Devices Now — 3 Actively Exploited 0-Days Discovered https://thehackernews.com/2020/11/update-your-ios-devices-now-3-actively.html Apple will require apps to add privacy ‘nutrition labels’ starting December 8th https://www.theverge.com/2020/11/5/21551926/apple-privacy-developers-nutrition-labels-app-store-ios-14 What could a Biden administration mean for privacy, cybersecurity? https://iapp.org/news/a/what-could-a-biden-administration-mean-for-privacy-cybersecurity/ https://www.axios.com/tech-industry-policy-biden-era-reset-41c27988-fab2-4e3b-baf2-62d1282de96a.html ** Watch this episode on YouTube ** https://youtu.be/8v1QTAZ6gqM ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Stolen Source Code, Apple Zero-Days, Biden’s Privacy and Cybersecurity Policies appeared first on Shared Security Podcast.

In episode 146 for November 9th 2020: My conversation with Kelly Finnerty, Director of Brand and Content for Startpage.com on the differences in privacy mindset between Europe and the United States. ** Links mentioned on the show ** Future of Privacy Forum https://fpf.org/ Startpage.com https://www.startpage.com StartPage Privacy Please Blog https://www.startpage.com/privacy-please/ Follow Kelly on Twitter https://twitter.com/Kelly_Startpage Connect with Kelly on LinkedIn https://www.linkedin.com/in/kelly-finnerty-5267648/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Privacy Mindset: Europe vs. United States appeared first on Shared Security Podcast.