Hacking Humans

NDR tools provide anomaly detection and potential attack prevention by collecting telemetry across the entire intrusion kill chain on transactions across the network, between servers, hosts, and cloud-workloads, and running machine learning algorithms against this compiled and very large data set. NDR is an extension of the EDR, or endpoint detection and response idea that emerged in 2013. 

Frank Riccardi sits down to discuss how cybercriminals exploit people’s fondness for reused passwords to launch credential stuffing attacks. Dave and Joe share a bit of follow up, one from a listener named Steve who shares some push back from the 23andMe story from last week, and the other from a listener named Michael who shares a story of unpaid toll scams. Joe shares the story of a Utah exchange student and how he fell victim to a cybersecurity kidnapping, and now authorities are trying to figure out how it happened. Dave shares a scam about tragic fake posts that lead to a "win now" website, that has been flooding his Facebook feed. Our catch of the day comes from Jon who writes in to share a suspicious email that made it through the spam filter in Google. Links to the stories:After Utah exchange student cyber kidnapping, we're looking at how the scam worksHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Technology, software and hardware deployed without explicit organizational approval. In the early days of the computer era from the 1980s through the 2000s security and information system practitioners considered shadow IT as completely negative. Those unauthorized systems were nothing more than a hindrance that created more technical debt in organizations that were already swimming in it with the known and authorized systems. 

Alethe Denis from Bishop Fox is talking with Dave and Joe with her take on the 23AndMe breach. Dave and Joe share some follow up from listener Michael, who writes in to share thoughts on our catch of the day from last episode, regarding the voice mail from Spectrum. Dave shares a story on email security, and how human factors have a heavy influence on it, especially with people's vulnerability to phishing and social engineering. Joe has two stories this week, his first story is a good wrap on the holiday's and gift card scams. Joe's second story is a jump on tax season quickly approaching, and how the IRS is helping taxpayers by providing penalty relief. Our catch of the day is a good example of what not to do when phishing/scamming people, luckily the receiver was smarter than the sender. Links to the stories: How Human Elements Impact Email Security "Vanilla Gift" card issuer faces lawsuit over card-draining scam risk IRS helps taxpayers by providing penalty relief on nearly 5 million 2020 and 2021 tax returns; restart of collection notices in 2024 marks end of pandemic-related pause News Insights: 23AndMe with Alethe Denis, Security Expert - Red Team Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

This podcast explores how cybercriminals can use AI conversations to decode personalities and launch targeted attacks. It also discusses holiday shopping scams, Zelle refunding scam victims, and new crypto-theft attacks. The hosts debate the proposal for cybersecurity labeling on smart devices and share a personal story about a gift card scam. They also highlight the risks of unauthorized access to chat GPT accounts and the importance of securing sensitive accounts and protecting privacy.

Thanks for joining us again for another episode of a fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Hacking Humans co-host Dave Bittner is joined by Rick Howard in this series where they view clips from their favorite movies and television shows with examples of the social engineering scams and schemes you hear Dave and co-host Joe Carrigan talk about on Hacking Humans. In this episode, Dave and Rick watch some holiday classics, describe the on-screen action for you, and then they deconstruct what they saw. Grab your Christmas cookies and join us for some fantastic scams and frauds.Links to this episode's clips if you'd like to watch along: How The Grinch Stole Christmas (2000) How The Grinch Stole Christmas (Cartoon) The Greening of the Grinch (magazine)

Adam Bateman, Co-Founder & CEO at Push Security, is sharing some of the latest phishing trends his team has been observing. Dave and Joe share some listener follow up from Michael, who writes in with a new idea, calling it "eDeception." With the holiday season practically here, Joe shares a story about gift card scams, reminding everyone to be safe this holiday season. Dave's story follows a new iPhone update regarding stolen device protection in an upcoming version of iOS. Our catch of the day comes from listener Van who sent in an audio catch about Spectrum users. Links to the stories: Amid holiday shopping, thieves utilize new scam eliminating gift card balances iOS 17.3, Now in Beta, Includes New ‘Stolen Device Protection’ Feature Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

The resilience discipline of controlled stress test experimentation in continuous integration/continuous delivery environments, CI/CD environments, to uncover systemic weaknesses.CyberWire Glossary link: https://thecyberwire.com/glossary/chaos-engineeringAudio reference link: Farnam Street, 2009. Richard Feynman Teaches you the Scientific Method [Website]. Farnam Street. URL https://fs.blog/mental-model-scientific-method/

Seth Blank, CTO of Valimail, joins to discuss the implications on email security on behalf of DMARC. Joe and Dave share some follow up regarding Meta, who is the parent company to Facebook and Instagram, and how they are now in a lawsuit over steering predators to children in New Mexico. Joe shares how he was almost hacked, as scammers used Peacock to lure him in. Dave's story continues with popular streaming apps being impersonated, this time with Disney+ falling victim. Joe's story follows the U.S. Attorney’s Office, the FBI, and State and Local Law Enforcement Officials sharing another "Don't click December" PSA. Our catch of the day comes from listener Mauricio, who writes in sharing a phishing email, from "PayPal," saying he has an invoice of almost $600. Links to the stories: Facebook and Instagram Steer Predators to Children, New Mexico Attorney General Alleges in Lawsuit Threat actors impersonate Disney+ with considerable guile U.S. Attorney’s Office, the FBI, and State and Local Law Enforcement Officials Release Second “Don’t Click December” PSA Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

From the intrusion kill chain model, a program that provides command and control services for an attack campaign. While the first ever deployed RAT is unknown, one early example is Back Orifice made famous by the notorious hacktivist group called “The Cult of the Dead Cow,” or cDc, Back Orifice was written by the hacker, Sir Dystic AKA Josh Bookbinder and released to the public at DEFCON in 1998.