Hacking Humans

A qualitative public framework for rating the severity of security vulnerabilities in software.CyberWire Glossary link: https://thecyberwire.com/glossary/common-vulnerability-scoring-systemAudio reference link: Peter Silva, 2020. What is Common Vulnerability Scoring System (CVSS) [Video]. YouTube. URL https://www.youtube.com/watch?v=rR63F_lfKf0

The podcast discusses topics such as romance scams, social media as a breeding ground for scammers, Google-hosted malvertising leading to a fake Keepass site, an email from the National Security Department as the catch of the day, and the impact of scouting attacks and chat GPT in enabling attackers to gather information and launch larger-scale attacks.

A discussion on the definition and usage of anagrams, including examples from the movie 'Sneakers' to depict encryption-decryption mechanisms.

On this special edition of Hacking Humans, Dave and Rick discuss scams and schemes in cinema and TV clips, share their opinions on Halloween and scary movies, analyze the horror film 'Get Out' and its shocking plot, explore horror movie themes and memorable scenes, and share personal experiences with scary movies while mentioning their sponsor, Collide.

Consumer investigative reporter Mallory Sofastaii from WMAR TV joins Dave and Joe to discuss recent scams. Topics covered include fake browser scams, obituary pirates on YouTube, and a catch of the day email scam.

This podcast discusses the concept of 'zero day' vulnerabilities in software security, where network defenders race against hackers to fix flaws. It provides a clear explanation and a memorable example, making it easy to understand.

Joe Oregon, Chief of Cybersecurity at CISA, discusses a tabletop exercise conducted with the NFL in preparation for Super Bowl LVIII. They also talk about a heartbreaking tech scam story, a humorous email scam caught by a listener, and the importance of securing large events like the Super Bowl.

The podcast discusses extended detection response (XDR), a unified platform that connects to multiple security tools and collects data for threat detection. It also explores government surveillance, encrypted communication, conspiracy theories, and the podcast's production team.

Brett Johnson, Chief Criminal Officer at Arkose Labs, sits down with Dave to discuss his history & ways to make fraud efforts less lucrative for bad actors. Dave and Joe share some listener follow up from Graham about one way that helps him stay safe against fake URLs. Dave's story is about bomb email attacks, in which someones email is spammed with hundreds to thousands of emails in hopes of hiding important information contained in one of the thousands of emails, perhaps from a financial institute. Joe's story is on how the FBI is warning the public to beware of tech support scammers and how they are targeting financial accounts using remote desktop software. Our catch of the day comes from listener Norman, who shares a story about how his Steam account got hijacked and how a hacker impersonating a Steam employee was trying to help him.Links to stories: New Registration Bomb Email Attack Distracts Victims of Financial Fraud FBI Warns Public to Beware of Tech Support Scammers Targeting Financial Accounts Using Remote Desktop Software Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The art of convincing a person or persons to take an action that may or may not be in their best interests. Social engineering in some form or the other has been around since the beginning of time. The biblical story of Esau and Jacob might be considered one of the earliest written social engineering stories. As applied to cybersecurity, it usually involves hackers obtaining information illegitimately by deceiving or manipulating people who have legitimate access to that information. Common tactics involve phishing attacks and watering hole attacks.