Hacking Humans

Please enjoy this encore of Word Notes. A zero trust security technique that isolates application workloads from each other, allowing each one to be protected individually. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/microsegmentation⁠ Audio reference link: “⁠Micro-Segmentation Masterpieces⁠,” PJ Kirner, Illumio CTO and Co-Founder, Tech Field Day, YouTube, 13 December 2020.

This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with another chicken update for everyone. Dave’s got the story of a Monotype font-licensing shakedown that totally backfired — automated claims, mass messages, and scary warnings that all unraveled when a typography-savvy employee proved every allegation was wrong, leaving Monotype empty-handed. Joe’s story is on a massive Walmart robocall scam targeting millions of customers. Fake calls, using AI voices claiming a pricey PlayStation 5 order, tricked people into giving personal info. The FCC is cracking down on SK Teleco, the U.S. voice provider behind the calls, threatening to cut them off from U.S. networks if they don’t act fast to stop the scam. Maria has the story on TSA warnings for travelers: avoid plugging phones into public USB ports and skip unsecured airport Wi-Fi. Hackers can sneak malware through USBs or intercept data over open networks, so TSA and the FCC recommend using portable chargers, charging-only cables, or a VPN to stay safe while traveling. Our catch of the day comes from a Microsoft looking email which says the user has been flagged. Resources and links to stories: ⁠Monotype font licencing shake-down Millions of Walmart customers victims of major scam FCC Demands Cessation of Walmart-Impersonation Robocalls VIA ELECTRONIC DELIVERY AND CERTIFIED MAIL - RETURN RECEIPT REQUESTED Is charging your phone at the airport safe? An Open Letter Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Please enjoy this encore of Word Notes. The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/homograph-phishing⁠ Audio reference link: “⁠Mission Impossible III 2006 Masking 01⁠,” uploaded by DISGUISE MASK, 28 July 2018.

This week, a humorous tale of a fish committing credit card fraud kicks things off. AI chatbots capable of generating phishing emails targeting seniors are scrutinized, revealing alarming click rates. There’s a discussion on Myanmar's military raids on scam centers and the shocking scale of fraud involving $233 million in Affordable Care Act subsidies. To wrap it up, tips to dodge holiday scams are shared, alongside a laughable phishing text from Reddit, leaving listeners entertained and more informed about the world of scams.

Welcome in! You’ve entered, Only Malware in the Building. Wrap yourself in a warm blanket, pour your favorite mug of tea, and join us each month as we unwrap the season’s juiciest cyber mysteries. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore Remote access, real cargo: cybercriminals targeting trucking and logistics. From clever schemes to protect shipments to the tools cybercriminals use, our guests discuss how organizations can safeguard physical goods in an increasingly connected world—because even during the season of hustle and bustle, the threats don’t take a holiday.

Please enjoy this encore of Word Notes. Software designed to prevent cheating in video games.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/anti-cheat-software⁠ Audio reference link: “⁠The BIG Problem with Anti-Cheat⁠,” by Techquickie, YouTube, 5 June 2020

The discussion kicks off with the intriguing idea of diamonds as the original cryptocurrency. A heart-wrenching tale reveals how a 66-year-old woman lost her $2 million retirement savings to a romance scam. The hosts dissect the controversial PayPal Honey extension, accused of hijacking affiliate links. Listeners get valuable warnings about seasonal scams and the Madoff Victim Fund's staggering $4.3 billion payout. Finally, a hilarious take on a romance scam chat offers insights into classic scamming tactics.

This discussion dives into the intriguing world of pseudoransomware, a form of malware that obliterates data instead of encrypting it. Explore why cybercriminals often neglect recovery efforts, and how nation-state actors employ this tactic as a smokescreen for misdirection. Discover the implications of North Korea's cyber campaigns against financial institutions and the notorious NotPetya attack, which led to monumental corporate losses. Ultimately, the podcast raises chilling insights into the motivations behind chaos-driven cyberattacks.

This week, the hosts dive into alarming social engineering scams, including China's crackdown on a violent fraud gang and the extradition of a key scam figure. They discuss an unsettling sextortion method involving AI-generated images from unsolicited FaceTime calls. A debate erupts around the legitimacy of an AI-driven cyber-espionage claim by Anthropic amid skepticism from researchers. Plus, there's a warning about phishing attacks using lost iPhone contact info and mobile shopping threats during the holiday season.

Delve into the world of Trusted Platform Modules (TPM), where cryptographic magic happens! Discover how these chips secure private keys and enable safer computing through asymmetric encryption. Explore the historical roots of key exchange methods and learn why TPM became essential. Find out about TPM's role in Windows 11 and its specifications. Intrigued? You'll also hear examples illustrating how TPMs work and enhance security in everyday devices!