Hacking Humans

A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.

Brandon Kovacs from Bishop Fox discusses AI in social engineering. Listener shares overseas trip bank account lock due to VPN. Maryland Lottery warns of phone scam. Catch of the day about a Reddit task scam. Deep dive into deep fakes and software scams.

Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria's story covers the escalating efforts of pro-Russian propagandists to tarnish the Paris Summer Olympics and erode Western support for Ukraine, employing bold tactics like using AI to mimic Tom Cruise's voice. Joe and Dave share quite a bit of listener follow up, the first on is regarding the AirBnB story from a few weeks ago, the second one is from listener Lawrence who wrote in to verify dave’s comments about American Express, and the last one is from listener Tait, who shares some info on how they stay safe with banking. Joe has two stories for this week, the first one is on how the FBI is investigating the city of Gooding after they sent $1 million to a contractor for a wastewater project but later learned it was the victim of a scam. Joe's second story follows how a scammer dupes a Las Vegas woman out of $9,000 using a simple trick after turning up on her doorstep. Dave shares Avast's Q1, 2024 threat report. Our catch of the day comes from listener Clinton who wrote in to share and invoice he received from Apple Global requesting almost $1400. Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: City of Gooding scammed out of $1 million, officials say Scammer dupes Las Vegas woman out of $9,000 using a simple trick after turning up on her doorstep... so can you spot it? Avast Q1/2024 Threat Report Russians target Olympics with fake AI-generated Tom Cruise video You can hear more from the T-Minus space daily show here.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.

Dr. Chris Pierson, CEO at Black Cloak, discusses social engineering attacks like the misuse of Quick Assist by cybercriminals and a scam targeting university students with free pianos. The podcast delves into protecting high net worth individuals from scams and the evolving tactics used by scammers to target elite individuals, emphasizing the need for security awareness and vigilance.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape.

The process of stealing ATM customer credentials by means of physically and covertly installing one or more devices onto a public ATM machine.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from a listener, who writes in on an AirBnB debacle he was dealing with. Joe shares the newly released 2024 Data Breach Investigations Report from Verizon. Dave shares a story From the New York Magazine, written by Ezra Marcus, on a college sophomore from University of Miami who was found to be tangled up in a refund fraud scam that granted him a lavish lifestyle. Our catch of the day comes from Joe's mother this week. She happened to receive an email with the subject line being "your order is confirmed," coming from what looks to be "McAfee." Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: The Package King of Miami 2024 Data Breach Investigations Report You can hear more from the T-Minus space daily show here.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

A nation-state hacking group’s practice of funding its town activities through cybercrime or cyber mercenary work.