This week on Hacker And The Fed we discuss another zero-click exploit attacking iPhones via the iMessage app, millions of PC motherboards may be downloading malware, the FTC slams another company for violations, security researchers find a vulnerability in Gmail's checkmark system that is already being abused. And the Dutch government now mandates an easy way to contact website administrators.Links from the episode:Operation Triangulation: iOS devices targeted with previously unknown malwaresecurelist.com/operation-triangulation/109842/thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html Millions of PC motherboards were sold with a firmware backdoorarstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ringthehackernews.com/2023/06/ftc-slams-amazon-with-308m-fine-for.htmlBug in Gmailtwitter.com/chrisplummer/status/1664075886545575941twitter.com/ChristopheDary/status/1664907465924681728linkedin.com/posts/christophe-dary-85330561_spf-dmarc-bimi-activity-7070510499196489728-pPTh?utm_source=share&utm_medium=member_desktopSecurity.txt now mandatory for Dutch government websitesnetherlands.postsen.com/trends/198695/Securitytxt-now-mandatory-for-Dutch-government-websites.htmlsecuritytxt.org--Support our sponsors:Go to HelloFresh.com/hatf16 and use code hatf16 for 16 free meals plus free shipping!Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off--For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.Follow Hector @hxmonsegur

This week on Hacker And The Fed we dive into the world of ransomware. An insider exploits a ransomware attack for personal gain and a CISO's biggest lessons from quarterbacking a ransomware attack. We discuss AI generated photos and what happened to the stock market. And then we answer listener questions about geopolitics, Hector's hack on the Indonesian government and victims keeping their hacks a secret. Links from the episode:IT employee impersonates ransomware gang to extort employerbleepingcomputer.com/news/security/it-employee-impersonates-ransomware-gang-to-extort-employer/AI Generated Photostwitter.com/jsrailton/status/1660679743266607105Suspicion stalks Genesis Market’s competitors following FBI takedowntherecord.media/genesis-market-russian-market-2easy-shop-cybercrime-fraudFBI releases warning about fake crypto job advertisementsic3.gov/Media/Y2023/PSA230522Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinkingdarkreading.com/ics-ot/bridgestone-ciso-lessons-ransomware-attack-acting-thinking

This week on Hacker And The Fed we speak with Erin West, a Santa Clara County Deputy District Attorney, Founder of the “Crypto Coalition”, an over 800-member group of active law enforcement partners sharing cryptocurrency crime-fighting techniques, and the very tip of the spear for Pig Butchering – the latest online romance scam. We learn about the incredible work Erin is doing via Operation Shamrock and how we can protect ourselves and our loved ones from being victimized.Links from the episode:SCARS: Society of Citizens Against Relationship Scamsagainstscams.orgAdvocating Against Romance Scammersadvocatingforu.comThis podcast is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month.--For more information on Chris and his current work visit naxo.com and follow him on LinkedIn at inkedin.com/in/chris-tarbell-20b129278/.Follow Hector @hxmonsegur

This week on Hacker And The Fed, up to 10 years of your location data may have been exposed if you’ve driven vehicles from a certain manufacturer, stolen private keys may lead to insecure boot ups of your computer, Congress gets another notification of a US government breach, and we answer more listener questions about failed hacks and intentional exploits. And we talk about D. B. Cooper!Links from the episode:Toyota: Car location data of 2 million customers exposed for ten yearsbleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Securitysecurityonline.info/intel-oem-private-key-leak-a-blow-to-uefi-secure-boot-security/Data of 237,000 US government employees breachedreuters.com/world/us/data-237000-us-government-employees-breached-2023-05-12/Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prisonustice.gov/opa/pr/uk-citizen-extradited-and-pleads-guilty-cyber-crime-offensesT-Mobile Worker Joked About Adding Extra Phone Lines and Tablet to a Customer’s Account Without Them Knowingtwistedsifter.com/2023/05/a-t-mobile-worker-joked-about-adding-2-extra-phone-lines-and-a-tablet-to-a-customers-account-without-them-knowing/Google Cybersecurity Certificategrow.google/certificates/cybersecurity/#?modal_active=none--For more information on Chris and his current work visit naxo.com and follow him on LinkedIn.Follow Hector @hxmonsegur

This week on Hacker And The Fed we discuss private data leaking due to a misconfiguration, and no one is listening to the researchers. We are shown the mindset of hackers during a ransom negotiation, a cell phone provider is hacked for the 9th time in 6 years, there are 50 Chinese state hackers for every FBI cyber agent, and using AI to help hack. And finally, we answer listener questions about .xyz, pen testing tools, and possible Hacker And The Fed swag.Links from the episode:Many Public Salesforce Sites are Leaking Private Datakrebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/Hackers Claim Vast Access to Western Digital Systemstechcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/T-Mobile Discloses 2nd Data Breach of 2023, This One Leaking Account PINs and Morearstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/Chinese Hackers Outnumber FBI Cyber Personnel 'By At Least 50 to 1,' Wray Testifiesfoxnews.com/politics/chinese-hackers-outnumber-fbi-cyber-personnel-wray-testifiesCapturing the Flag with GPT-4micahflee.com/2023/04/capturing-the-flag-with-gpt-4/The Cyber Police Exposed an Attacker in the Sale of Databases with Personal Data of Citizens of Ukraine and the EUcyberpolice.gov.ua/news/kiberpolicziya-vykryla-zlovmysnyka-u-zbuti-baz-iz-personalnymy-danymy-gromadyan-ukrayiny-ta-yes-6598/--For more information on Chris and his current work visit naxo.comFollow Hector @hxmonsegur

This week on Hacker And The Fed we sit down with Michele Chia, Head of Cyber Insurance at Zurich North America. We ask a number of questions including what is cyber insurance? Who needs it? And How much coverage is needed? Does cyber insurance cover an insider threat attack? What does a ransomware attack look like when you have cyber insurance? And finally, we find out how our guest cultivated such a successful career in cyber insurance.Link from the episode:zurichna.com/knowledge/experts/michelle-chia--For more information on Chris and his current work visit naxo.comFollow Hector @hxmonsegur

This week on Hacker And The Fed security researchers find a vulnerability allowing them to run code on Search Engine computers, ghost tokens could be used to totally control Search Engine Workplace accounts, we let you know what a Pumpkin Sandstorm and a Spandex Tempest are, how long does it take to crack your password in 2023, we answer listener questions about the FBI and diversity in cyber security appliances, and we talk about Anna Kournikova.Links from the episode:Remote Code Execution Vulnerability in Google They Are Not Willing To Fixgiraffesecurity.dev/posts/google-remote-code-execution/'GhostToken' Opens Google Accounts to Permanent Infectiondarkreading.com/remote-workforce/-ghosttoken-opens-google-accounts-to-permanent-infectionHacker Group Names Are Now Absurdly Out of Controlwired.com/story/hacker-naming-schemes-spandex-tempest/ampHow Long It Would Take A Hacker To Brute Force Your Password In 2023hivesystems.io/blog/are-your-passwords-in-the-greenSupport this episode's sponsors:DeleteMe: Visit JoinDeleteMe.com/FED and use promo code FED20 BetterHelp: Visit BetterHelp.com/HATF and get 10% off your first month--For more information on Chris and his current work visit naxo.comFollow Hector @hxmonsegur

This week on Hacker And The Fed internet videos may be able to silently hack your phone with a "Near Ultrasound Inaudible Trojan” (NUIT). Companies have more access to your data than you may know, including pictures of you. We also discuss how better access controls may have prevented the recent classified documents leak and share a story about a hacker getting hacked.Links from the episode:Hey Siri, use this ultrasound attack to disarm a smart-home systemhttps://www.theregister.com/2023/04/04/siri_alexa_cortana_google_nuit/Tesla workers shared sensitive images recorded by customer carshttps://www.reuters.com/technology/tesla-workers-shared-sensitive-images-recorded-by-customer-cars-2023-04-06/Hacked: Russian GRU officer wanted by the FBI, leader of the hacker group APT 2https://informnapalm.org/en/hacked-russian-gru-officer/Support this episode's sponsors:DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20--For more information on Chris and his current work visit naxo.comFollow Hector @hxmonsegur

This week on Hacker And The Fed a researcher gains access to millions of Office 365 accounts, cyber criminals are stealing and selling your internet bandwidth, and now hackers can remotely open your garage door and start your car in order to steal it.Links from the episode:Researcher gained access to millions of Office365 accounts:https://twitter.com/hillai/status/1641146508639600646https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration Cybercriminals may be stealing and selling your Internet bandwidth:https://sysdig.com/blog/proxyjacking-attackers-log4j-exploited/And now hackers can remotely open your garage and start your car in order to steal it:https://www.vice.com/en/article/pkadqy/hackers-can-remotely-open-smart-garage-doors-across-the-world-simpaltekhttps://kentindell.github.io/2023/04/03/can-injection/Finally the FBI has taken down another hacking forum full of stolen credentials:https://finance.yahoo.com/news/fbi-seizes-genesis-market-notorious-123039527.html?guccounter=1--For more information on Chris and his current work visit naxo.comFollow Hector @hxmonsegur

This week on Hacker And The Fed we speak with Kelly Moan, who serves as the Chief Information Security Officer (CISO) of New York City. We talk trends and cyber threats against the city. She also details the significant volume of attacks against the city on a weekly basis and gives us tips for getting into cyber security.Links from the episode:nyc.gov/content/oti/pages/meet-the-team/cyber-commandnyc.gov/jobsMore info on the JSOC + Cyber Command’s authorities via Executive Order 10: nyc.gov/office-of-the-mayor/news/088-22/mayor-adams-governor-hochul-joint-security-operations-center-combat-cybersecurity#/0 nyc.gov/office-of-the-mayor/news/010-002/executive-order-10 Support this episode's sponsor:HelloFresh: Visit HelloFresh.com/hatf50 and use code hatf50 for 50% off, plus your first box ships free!--For more information on Chris and his current work visit naxo.comFollow Hector @hxmonsegur