UNSECURITY: Information Security Podcast

It's finally here, the annual BlackHat and DefCon29 events are back again in Las Vegas, Nevada. What are these events?Evan & Brad unravel everything you need to know about these two events in this week's UNSECURITY episode.They also touched on:LockBit ransomware: recruiting insiders to breach corporate networks https://www.bleepingcomputer.com/news...SolarWinds urges US judge to toss out crap info-sec sueball: We got pwned by actual Russia https://www.theregister.com/AMP/2021/...Bipartisan Senate report finds federal agencies continue to suffer cybersecurity shortcomings https://siliconangle.com/2021/08/03/b...Give episode 142 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com.Please like and subscribe!

Today, state and local government Chief Information Security Officers (CISO) are playing a game they can't win. CISOs are facing many obstacles and are losing focus of their roles and responsibilities. So, how do we change the way we play the game? Evan and Brad attempt to answer this question in this week's UNSECURITY episode.They also touched on:Apples recent IOS 14.7 and 14.7.1 and advisors listeners to get the update as soon as possible for their own good and safety. Give episode 141 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com. Please like and subscribe!

Recently, Amazon made changes to their terms of service. This sparked a conversation between Evan and Brad about terms and conditions, privacy, and what we tend to blindly agree to. Together Evan and Brad discuss:Amazon’s Conditions of Use https://www.amazon.com/gp/help/customer/display.html?nodeId=GLSBYFE9MGKKQXXMAmazon.com Privacy Notice https://www.amazon.com/gp/help/customer/display.html?nodeId=GX7NJQ4ZB8MHFRNJTerms of Service Didn’t Read https://tosdr.org (great resource!) They also touched on:Revealed: Leak Uncovers Global Abuse of Cyber-Surveillance Weapon https://www.theguardian.com/world/2021/jul/18/revealed-leak-uncovers-global-abuse-of-cyber-surveillance-weapon-nso-group-pegasus and https://securityaffairs.co/wordpress/120291/malware/pegasus-project-nso-pegasus-spywar.htmlUS Indicts Members of Chinese-Backed Hacking Group APT40 https://www.bleepingcomputer.com/news/security/us-indicts-members-of-chinese-backed-hacking-group-apt40/ andhttps://thehackernews.com/2021/07/us-and-global-allies-accuse-china-of.htmlGive episode 140 a listen or watch and send any questions, comments, or feedback to unsecurity@protonmail.com.

Evan is down in Mexico and took Ryan Cloutier (Head of SecurityStudio) and John Harmon (President at FRSecure) down with him. The two replace Brad this week, and together, the three break down what the first half of 2021 looked like in the security industry.Give this episode a listen and send questions, comments, and feedback to unsecurity@protonmail.com.

Kaseya VSA, a remote management software, experienced a breach over the holiday weekend that is already impacting a number of clients. It appears that this attack is connected to the Russian hacker gang known as REvil—but it has not been determined whether or not it is the work of REvil itself or an affiliate in their Ransomware as a Service (RaaS) program (and yes, that's a thing).Evan and Brad break down the attack on this week's UNSECURITY episode.Additionally, and flying under the radar because of Kaseya, news broke on June 30th about an impressive and potentially very damaging vulnerability in the Microsoft Print Spooler service. This has actually impacted a larger number of customers than Kaseya (millions of servers) and likely would have been bigger news had it not been for Kaseya.If you feel you've been impacted by the Kaseya attack directly, or would like more information, visit: https://helpdesk.kaseya.com/hc/en-gb/articles/4403440684689Here is more information on the Microsoft bug: https://www.yahoo.com/entertainment/microsoft-sounds-urgent-warning-windows-022541397.html?Additionally, Evan was on KARE 11 discussing Kaseya yesterday (July 5): https://www.kare11.com/video/news/local/breaking-the-news/ransomware-crime-wave-keeps-us-on-edge/89-44bed2c8-bbb1-4572-abc9-53551c6c74fa?jwsource=clGive episode 138 a watch/listen and send questions, comments, and feedback to unsecurity@protonmail.com.

Between pirated games, customer support tools, SolarWinds group targeting customers, customer service systems being hacked, a malware supply chain fiasco, and a nasty Edge bug, Microsoft has a lot going on security-wise. Evan and Brad break down all the notable Microsoft security news surfacing recently on this episode of the UNSECURITY Podcast.Give episode 137 a watch/listen and send questions, comments, and feedback to unsecurity@protonmail.com.MicrosoftNew malware in pirated games disables Windows Updates, Defender:https://www.hackread.com/pirated-games-malware-disable-windows-defenderNobelium hackers accessed Microsoft customer support tools:https://www.bleepingcomputer.com/news/microsoft/nobelium-hackers-accessed-microsoft-customer-support-tools/amp/Microsoft Warns of Continued Attacks by the Nobelium Hacking Group:https://www.pcmag.com/news/microsoft-warns-of-continued-attacks-by-the-nobelium-hacking-group?amp=trueGroup Behind SolarWinds Attack Targeted Microsoft Customers - https://www.bankinfosecurity.com/group-behind-solarwinds-attack-targeted-microsoft-customers-a-16945Hackers hit Microsoft customer service system, make off with data:https://www.cnet.com/google-amp/news/hackers-hit-microsoft-customer-service-system-make-off-with-data/Microsoft admits to signing rootkit malware in supply-chain fiasco:https://www.bleepingcomputer.com/news/security/microsoft-admits-to-signing-rootkit-malware-in-supply-chain-fiasco/amp/Microsoft approved a Windows driver booby-trapped with rootkit malware:https://www.theregister.com/2021/06/28/microsoft_malware_signing/Microsoft Edge Bug Could've Let Hackers Steal Your Secrets for Any Site: https://thehackernews.com/2021/06/microsoft-edge-bug-couldve-let-hackers.html OtherOne billion dollars lost by over-60s through online fraud in 2020, says FBI: https://hotforsecurity.bitdefender.com/blog/one-billion-dollars-lost-by-over-60s-through-online-fraud-in-2020-says-fbi-26049.htmlJohn McAffee's Death

Ryan Cloutier joins this episode of the UNSECURITY Podcast. Ryan has taken a special interest and focus on cybersecurity in schools, so he and Evan talk all things K-12 security—including Ryan's "Awesome Top 5."Give episode 136 a listen/watch and send questions, comments, and feedback to unsecurity@protonmail.com.

Evan and Brad are back with episode 135 of the UNSECURITY Podcast. This week, they take a look at some of the issues stemming from the Colonial Pipeline attack—what the economic impact of cyber crime is, how attacks may begin to impact the power grid, and more.Give this episode a listen or watch and send comments, questions, and feedback to unsecurity@protonmail.com.US recovers most of Colonial Pipeline's $4.4M ransomware payment: https://www.bleepingcomputer.com/news/security/us-recovers-most-of-colonial-pipelines-44m-ransomware-payment/'Broader economy' at risk if US doesn't act on cybercriminals soon, GOP lawmaker says:https://www.foxnews.com/politics/broader-economy-at-risk-if-us-doesnt-act-soon-gop-lawmaker-saysHackers Could Shut Down the U.S. Power Grid, Energy Secretary Granholm Says:https://www.barrons.com/articles/hackers-could-shut-down-the-u-s-power-grid-energy-secretary-granholm-says-51623077337Amazon Sidewalk starts sharing your WiFi tomorrow, thanks:https://blog.malwarebytes.com/privacy-2/2021/06/amazon-sidewalk-will-share-your-wifi-unless-you-opt-out/Username and password breaches increase by 450 percent:https://betanews.com/2021/06/07/username-password-breaches-increase/

The UNSECURITY podcast is back with episode 134. There’s so much going on in the world around us, so Evan and Brad thought it would be good to focus on six news articles and discuss them. The topics of discussion include a CMMC review, the FBI sharing pwnd passwords, a Walmart phishing attack, JBS Foods cyberattack, a Nobelium attack on U.S government agencies, and the Army telling remote workers to switch off IoT devices.Give this episode a listen and send comments, questions, and feedback to unsecurity@protonmail.com.

On this week's episode of the UNSECURITY Podcast, Evan and Brad are joined by Gabriel Friedlander. Gabriel was looking for a way to bring security and awareness training to the masses. He used a similar concept to how marketing teams express complex concepts and sell using 30-second- and minute-long videos to build a training video platform called Wizer. Today, Wizer has free and paid training options and relies heavily on social media to promote good security practices for consumers and businesses alike.Give episode 133 a listen or watch and send questions, comments, and feedback to unsecurity@protonmail.com.