Shared Security Podcast

In episode 137 for September 7th 2020: A federal appeals court finds the NSA’s bulk collection of phone data was unlawful, new research shows that browsing histories are unique enough to reliably identify users, and my personal story about a car accident and the privacy of your public records. ** Links mentioned on the show ** Appeals court finds NSA’s bulk phone data collection was unlawful https://www.cnet.com/news/appeals-court-finds-nsas-bulk-phone-data-collection-was-unlawful/ Mozilla research: Browsing histories are unique enough to reliably identify users https://www.zdnet.com/article/mozilla-research-browsing-histories-are-unique-enough-to-reliably-identify-users/ Replication: Why We Still Can’t Browse in Peace: On the Uniqueness and Reidentifiability of Web Browsing Histories https://www.usenix.org/system/files/soups2020-bird.pdf Aggressive solicitation comes after auto accidents in Detroit https://www.freep.com/story/news/local/michigan/detroit/2017/05/07/detroit-car-insurance-lawyers-accidents-solicitation/100301782/ The 2019 Florida Statutes http://www.leg.state.fl.us/Statutes/index.cfm?App_mode=Display_Statute&URL=0300-0399/0316/Sections/0316.066.html ** Watch this episode on YouTube ** https://www.youtube.com/c/SharedSecurityPodcast ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post NSA Data Collection Ruling, Browsing History Identification, Ambulance Chasing appeared first on Shared Security Podcast.

In our August monthly episode we start our three part series on targeted attacks. In this episode we focus on OSINT (Open Source Intelligence) and reconnaissance techniques used by attackers in phishing and BEC (Business Email Compromise) attacks. Kyle Lovett, Principal Penetration Tester at Veracode, joins us to demonstrate some of the tools and techniques used by attackers and professional penetration testers when conducting these targeted attacks. ** Links mentioned on the show ** Kyle Lovett on Darknet Diaries Episode 5 (#ASUSGATE) https://darknetdiaries.com/episode/5/ Cisco Employee Earns Security Bug Bounty – 1 Million United Miles! https://blogs.cisco.com/wearecisco/cisco-employee-earns-security-bug-bounty-1-million-united-miles A Search Engine for Threats https://www.threatcrowd.org/ Hacker Target – DNS Tools https://hackertarget.com/ip-tools/ DNS Recon & Research, Find & Lookup DNS Records https://dnsdumpster.com/ WMAP Mass Web Screenshot Tool for Mapping Web Networks (Chrome Extension) https://chrome.google.com/webstore/detail/wmap/pflahkdjlekaeehbenhpkpipgkbbdbbo Find email addresses with Hunter https://hunter.io/ Shodan – Internet-connected device search engine https://www.shodan.io/ Connect with Kyle on Twitter https://twitter.com/SquirrelBuddha ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Targeted Attacks Part 1 – OSINT and Reconnaissance appeared first on Shared Security Podcast.

In episode 136 for August 31st 2020: Uber’s former security chief is charged over covering up a 2016 data breach, Facebook pushes for data portability legislation, and how a malicious iOS SDK breached the privacy of millions of mobile users. ** Links mentioned on the show ** Former Uber Security Chief Charged Over Covering Up 2016 Data Breach https://thehackernews.com/2020/08/uber-data-breach-cover-ups.html Facebook pushes for data portability legislation ahead of FTC hearing https://www.reuters.com/article/us-facebook-antitrust/facebook-pushes-for-data-portability-legislation-ahead-of-ftc-hearing-idUSKBN25H0BG Malicious iOS SDK breaches user privacy for millions https://www.helpnetsecurity.com/2020/08/24/malicious-ios-sdk/ ** Watch this episode on YouTube ** https://www.youtube.com/c/SharedSecurityPodcast ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Uber CISO Charged, Facebook Data Portability, Malicious iOS SDK appeared first on Shared Security Podcast.

In episode 135 for August 24th 2020: Details on how researchers can use audio recordings of keys being used in locks to create copies, Carnival cruise lines becomes the victim of a ransomware attack, and a data broker exposes nearly 235 million profiles scraped from social media sites. ** Links mentioned on the show ** Picking Locks with Audio Technology https://cacm.acm.org/news/246744-picking-locks-with-audio-technology/fulltext World’s largest cruise line operator discloses ransomware attack https://www.zdnet.com/article/worlds-largest-cruise-line-operator-discloses-ransomware-attack/ https://www.sec.gov/ix?doc=/Archives/edgar/data/815097/000095014220002039/eh2001078_8k.htm Social media data broker exposes nearly 235 million profiles scraped from Instagram, TikTok, and Youtube https://www.comparitech.com/blog/information-security/social-data-leak/ ** Watch this episode on YouTube ** https://www.youtube.com/c/SharedSecurityPodcast ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Take the Click Armor 3-minute interactive assessment: Can I be Phished? https://www.clickarmor.ca/canibephished ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Audio Recordings Used to Copy Keys, Carnival Ransomware Attack, Social Media Profile Data Exposed appeared first on Shared Security Podcast.

In episode 134 for August 17th 2020: Details on new critical vulnerabilities found in Amazon Echo devices, what the end of the Privacy Shield framework means EU citizens personal data, and new data breach fines issued to Capital One and Twitter by the OCC and FTC. ** Links mentioned on the show ** Keeping the gate locked on your IoT devices: Vulnerabilities found on Amazon’s Alexa https://research.checkpoint.com/2020/amazons-alexa-hacked/ Privacy Shield Is Dead, And Data Marketplaces Are Just Getting Going https://www.forbes.com/sites/forbestechcouncil/2020/08/10/privacy-shield-is-dead-and-data-marketplaces-are-just-getting-going/ https://iapp.org/news/a/is-privacy-shield-really-gone/ Capital One Fined $80 Million for 2019 Data Breach Affecting 106 Million Users https://thehackernews.com/2020/08/capital-one-data-breach.html https://www.occ.treas.gov/news-issuances/news-releases/2020/nr-occ-2020-101.html Twitter expecting FTC fine of up to $250M for alleged privacy violations https://www.digitaltrends.com/news/twitter-expects-hefty-ftc-fine-for-alleged-privacy-violations/ ** Watch this episode on YouTube ** https://youtu.be/srHOFDnXB-g ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Take the Click Armor 3-minute interactive assessment: Can I be Phished? https://www.clickarmor.ca/canibephished ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Amazon Echo Exploit, Privacy Shield, Capital One Data Breach Update appeared first on Shared Security Podcast.

In episode 133 for August 10th 2020: What we can learn from the big Twitter hack, why everyone is trying to ban TikTok, and pharmacy chain Rite Aid’s use of facial recognition cameras. ** Links mentioned on the show ** How the FBI tracked down the Twitter hackers https://blog.twitter.com/en_us/topics/company/2020/an-update-on-our-security-incident.html https://www.zdnet.com/article/how-the-fbi-tracked-down-the-twitter-hackers/ Call for TikTok security check before HQ decision https://www.bbc.com/news/technology-53640909 Rite Aid deployed facial recognition systems in hundreds of U.S. stores https://www.reuters.com/investigates/special-report/usa-riteaid-software/ ** Watch this episode on YouTube ** https://youtu.be/bb28WGS1Jlk ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Take the Click Armor 3-minute interactive assessment: Can I be Phished? https://www.clickarmor.ca/canibephished ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Twitter Hack Lessons Learned, TikTok Ban, Rite Aid Facial Recognition Cameras appeared first on Shared Security Podcast.

In episode 132 for August 3rd 2020: How the big tech companies like Google, Apple, Facebook, and Twitter collect your private data and how you can delete it with Kira Rakova from Undatify. ** Links mentioned on the show ** Find out more about Undatify https://undatify.me/ https://www.instagram.com/undatifyme/ The Step-by-Step Guide to Erasing Your Entire Google History https://pixelprivacy.com/resources/erasing-google-history How to Download And Delete Your Data From Facebook https://www.online-tech-tips.com/computer-tips/how-to-download-and-delete-your-data-from-facebook/ How to Delete Your Private Data from Apple’s Servers https://www.macobserver.com/tips/quick-tip/delete-private-data-apple-servers/ How to delete your Twitter history https://www.theverge.com/2018/2/8/16991396/how-to-delete-twitter-history-tweetdelete ** Watch this episode on YouTube ** Check out the live demo of deleting private data in Google: https://youtu.be/9k3JHr0gG5s ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Take the Click Armor 3-minute interactive assessment: Can I be Phished? https://www.clickarmor.ca/canibephished ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post How Big Tech Collects Your Private Data and How to Delete It appeared first on Shared Security Podcast.

In episode 131 for July 27th 2020: The FBI charges two Chinese hackers for one of the largest Chinese directed hacking campaigns ever discovered, how the BadPower fast charger attack could melt or set your devices on fire, and details on a massive leak of Instacart customer information. ** Links mentioned on the show ** DOJ says Chinese hackers targeted coronavirus vaccine research https://www.politico.com/news/2020/07/21/doj-chinese-hackers-coronavirus-research-375855 BadPower attack corrupts fast chargers to melt or set your device on fire https://www.zdnet.com/article/badpower-attack-corrupts-fast-chargers-to-melt-or-set-your-device-on-fire Instacart user data is reportedly being sold online, but the company denies there was a breach https://www.buzzfeednews.com/article/janelytvynenko/instacart-customers-info-sold-online ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Take the Click Armor 3-minute interactive assessment: Can I be Phished? https://www.clickarmor.ca/canibephished ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Chinese Hacking Campaign Exposed, BadPower Fast Charger Attack, Instacart Data Leak appeared first on Shared Security Podcast.

In episode 102 of our July monthly show Scott and Tom walk-through the recommended privacy settings for Amazon Echo and Google Home smart speakers. ** Links mentioned on the show ** 8 ways to protect your Amazon Echo privacy while working from home https://www.cnet.com/how-to/8-ways-to-protect-your-amazon-echo-privacy-while-working-from-home/ How To Make Your Amazon Echo and Google Home as Private as Possible https://www.wired.com/story/alexa-google-assistant-echo-smart-speaker-privacy-controls/ Is your Google Home or Nest secure? How to find and delete your private data https://www.cnet.com/how-to/is-your-google-home-or-nest-secure-how-to-find-and-delete-your-private-data/ ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Take the Click Armor 3-minute interactive assessment: Can I be Phished? https://www.clickarmor.ca/canibephished ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post Privacy Settings for Amazon Echo and Google Home appeared first on Shared Security Podcast.

In episode 130 for July 20th 2020: Details on the big Twitter hack which took over high-profile accounts, a major wormable critical vulnerability in Microsoft Windows DNS Server, and how email impersonation attacks take advantage of everyone working from home. ** Links mentioned on the show ** Twitter blames ‘coordinated’ attack on its systems for hack of Joe Biden, Barack Obama, Bill Gates and others https://www.cnn.com/2020/07/15/tech/twitter-hack-elon-musk-bill-gates/index.html https://twitter.com/TwitterSupport/status/1283591846464233474 Hackers Convinced Twitter Employee to Help Them Hijack Accounts https://www.vice.com/en_us/article/jgxd3d/twitter-insider-access-panel-account-hacks-biden-uber-bezos Crypto hack latest in a history of high-profile Twitter breaches https://www.hindustantimes.com/world-news/crypto-hack-latest-in-a-history-of-high-profile-twitter-breaches/story-5z9Q0hh4S3yjSmv5fgAiZK.html Microsoft warns of critical Windows DNS Server vulnerability that’s ‘wormable’ https://www.theverge.com/2020/7/14/21324353/microsoft-windows-dns-server-security-vulnerability-patch-critical-flaw Email impersonations becoming pervasive, preying on a distracted and dispersed workforce https://www.helpnetsecurity.com/2020/07/15/email-impersonations ** Thank you to our sponsors! ** Silent Pocket Visit https://silent-pocket.com to check out Silent Pocket’s amazing line of faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 15% off your order at checkout using discount code “sharedsecurity”. Edgewise Networks Find out how Edgewise can stop lateral threat movement and prevent data breaches. Visit https://edgewise.net and request a demo! Take the Click Armor 3-minute interactive assessment: Can I be Phished? https://www.clickarmor.ca/canibephished ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, full transcripts of each weekly episode, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net Twitter: https://twitter.com/sharedsec Facebook: https://facebook.com/sharedsec Instagram: https://instagram.com/sharedsecurity YouTube: https://www.youtube.com/c/SharedSecurityPodcast The post The Big Twitter Hack, Critical Windows DNS Server Update, Email Impersonation Attacks appeared first on Shared Security Podcast.