UNSECURITY: Information Security Podcast

In this episode, Evan and Brad discuss the Women's Society of Cyberjutsu (WSC) class on using your home network to learn attacks and defenses, plus a recap on the Wisconsin FBI Infragard SuperCon.In the news this week, the FBI says surge in sextortion attacks cost targeted users $8M this year.Give episode 146 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Don't forget to like and subscribe!Surge in Sextortion Attacks Cost Targeted Users $8M This Yearhttps://www.ehackingnews.com/2021/09/surge-in-sextortion-attacks-cost.html

In this episode, Evan and Brad conduct a mental health check-in and have a candid discussion about their own struggles. They also discuss the first foundational steps in building a security program including less "what to do", and more "how to do".In the news this week, a cryptocurrency hacker returns $260 million in stolen funds, and the State Department is hit by a cyberattack amid Afghan evacuation.Give episode 145 a listen and send any questions, comments, or feedback to unsecurity@protonmail.com Cryptocurrency hacker returns fundshttps://www.bbc.com/news/business-58180692State Department cyberattackhttps://nypost.com/2021/08/21/state-department-hit-by-cyber-attack-amid-afghan-evacuation-report/

In this episode, Evan and Brad focus on the concept of PDEIS (Programmatic Distributed Empowerment of Information Security) and its ability to involve and empower others within the organization; not just CISOs, to make their own risk decisions. They also debate the trend of information security leaders facing legal repercussions in the wake of the recent SolarWinds incident. As always, they close with some industry updates such as the T-Mobile breach, and more. Give episode 144 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Please like and subscribe!SolarWinds Breachhttps://www.secureworld.io/industry-news/ciso-lawsuit-solarwindsT-Mobile Investigating Claims of Massive Data Breachhttps://krebsonsecurity.com/2021/08/t-mobile-investigating-claims-of-massive-data-breach/T-Mobile confirms it was hacked againhttps://siliconangle.com/2021/08/16/t-mobile-confirms-hacked/US Govt’s secret terrorist watchlist with 2M records exposed onlinehttps://www.hackread.com/us-secret-terrorist-watchlist-exposed-online

The boys are back with Team Ambush recapping their DEF CON 29 experience. This sparked a conversation about everyone's highs and lows at the event. Team Ambush brings insight about the hacking challenges and competitions they won, were involved in, and why it's important. Evan & Brad continued to discuss how Team Ambush finished in 1st place in the biomedical hacking and dive deep into the medical devices that are the easiest to hack into. They also touched on this year's annual Hacks & Hops event on October 14th, at the Nissan Stadium in Nashville, Tennessee. https://hacksandhops.com/ Give episode 143 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com Please like and subscribe!

It's finally here, the annual BlackHat and DefCon29 events are back again in Las Vegas, Nevada. What are these events?Evan & Brad unravel everything you need to know about these two events in this week's UNSECURITY episode.They also touched on:LockBit ransomware: recruiting insiders to breach corporate networks https://www.bleepingcomputer.com/news...SolarWinds urges US judge to toss out crap info-sec sueball: We got pwned by actual Russia https://www.theregister.com/AMP/2021/...Bipartisan Senate report finds federal agencies continue to suffer cybersecurity shortcomings https://siliconangle.com/2021/08/03/b...Give episode 142 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com.Please like and subscribe!

Today, state and local government Chief Information Security Officers (CISO) are playing a game they can't win. CISOs are facing many obstacles and are losing focus of their roles and responsibilities. So, how do we change the way we play the game? Evan and Brad attempt to answer this question in this week's UNSECURITY episode.They also touched on:Apples recent IOS 14.7 and 14.7.1 and advisors listeners to get the update as soon as possible for their own good and safety. Give episode 141 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com. Please like and subscribe!

Recently, Amazon made changes to their terms of service. This sparked a conversation between Evan and Brad about terms and conditions, privacy, and what we tend to blindly agree to. Together Evan and Brad discuss:Amazon’s Conditions of Use https://www.amazon.com/gp/help/customer/display.html?nodeId=GLSBYFE9MGKKQXXMAmazon.com Privacy Notice https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJTerms of Service Didn’t Read https://tosdr.org (great resource!) They also touched on:Revealed: Leak Uncovers Global Abuse of Cyber-Surveillance Weapon https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus and https://securityaffairs.co/wordpress/120291/malware/pegasus-project-nso-pegasus-spywar.htmlUS Indicts Members of Chinese-Backed Hacking Group APT40 https://www.bleepingcomputer.com/news/security/us-indicts-members-of-chinese-backed-hacking-group-apt40/ andhttps://thehackernews.com/2021/07/us-and-global-allies-accuse-china-of.htmlGive episode 140 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com.

Evan is down in Mexico and took Ryan Cloutier (Head of SecurityStudio) and John Harmon (President at FRSecure) down with him. The two replace Brad this week, and together, the three break down what the first half of 2021 looked like in the security industry.Give this episode a listen and send questions, comments, and feedback to unsecurity@protonmail.com.

Kaseya VSA, a remote management software, experienced a breach over the holiday weekend that is already impacting a number of clients. It appears that this attack is connected to the Russian hacker gang known as REvil—but it has not been determined whether or not it is the work of REvil itself or an affiliate in their Ransomware as a Service (RaaS) program (and yes, that's a thing).Evan and Brad break down the attack on this week's UNSECURITY episode.Additionally, and flying under the radar because of Kaseya, news broke on June 30th about an impressive and potentially very damaging vulnerability in the Microsoft Print Spooler service. This has actually impacted a larger number of customers than Kaseya (millions of servers) and likely would have been bigger news had it not been for Kaseya.If you feel you've been impacted by the Kaseya attack directly, or would like more information, visit: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689Here is more information on the Microsoft bug: https://www.yahoo.com/entertainment/microsoft-sounds-urgent-warning-windows-022541397.html?Additionally, Evan was on KARE 11 discussing Kaseya yesterday (July 5): https://www.kare11.com/video/news/local/breaking-the-news/ransomware-crime-wave-keeps-us-on-edge/89-44bed2c8-bbb1-4572-abc9-53551c6c74fa?jwsource=clGive episode 138 a watch/listen and send questions, comments, and feedback to unsecurity@protonmail.com.

Between pirated games, customer support tools, SolarWinds group targeting customers, customer service systems being hacked, a malware supply chain fiasco, and a nasty Edge bug, Microsoft has a lot going on security-wise. Evan and Brad break down all the notable Microsoft security news surfacing recently on this episode of the UNSECURITY Podcast.Give episode 137 a watch/listen and send questions, comments, and feedback to unsecurity@protonmail.com.MicrosoftNew malware in pirated games disables Windows Updates, Defender:https://www.hackread.com/pirated-games-malware-disable-windows-defenderNobelium hackers accessed Microsoft customer support tools:https://www.bleepingcomputer.com/news/microsoft/nobelium-hackers-accessed-microsoft-customer-support-tools/amp/Microsoft Warns of Continued Attacks by the Nobelium Hacking Group:https://www.pcmag.com/news/microsoft-warns-of-continued-attacks-by-the-nobelium-hacking-group?amp=trueGroup Behind SolarWinds Attack Targeted Microsoft Customers - https://www.bankinfosecurity.com/group-behind-solarwinds-attack-targeted-microsoft-customers-a-16945Hackers hit Microsoft customer service system, make off with data:https://www.cnet.com/google-amp/news/hackers-hit-microsoft-customer-service-system-make-off-with-data/Microsoft admits to signing rootkit malware in supply-chain fiasco:https://www.bleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco/amp/Microsoft approved a Windows driver booby-trapped with rootkit malware:https://www.theregister.com/2021/06/28/microsoft_malware_signing/Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site: https://thehackernews.com/2021/06/microsoft-edge-bug-couldve-let-hackers.html OtherOne billion dollars lost by over-60s through online fraud in 2020, says FBI: https://hotforsecurity.bitdefender.com/blog/one-billion-dollars-lost-by-over-60s-through-online-fraud-in-2020-says-fbi-26049.htmlJohn McAffee's Death