Hacking Humans

Jim Ducharme, COO of Outseer joins Dave to discuss buy now pay later scams, Joe and Dave share some listener follow up, Joe has an interesting story about an Unchained Capital partner and how they were hit with a social engineering attack, and Dave's story is on the FIDO alliance, our catch of the day comes from listener Matt, who shares how he won 20.5 million and why he wasn't falling for it.Links to stories: A Big Bet to Kill the Password for Good Unchained Capital partner hit with social engineering attack Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A cyber threat intelligence best practice of assigning arbitrary labels to collections of hacker activity across the intrusion kill chain.

UK Correspondent Carole Theriault returns talking with guest David Ruiz from Malwarebytes about parents spying on their kids, Joe and Dave share some listener follow up, Joe's shares a story about the top 5 strangest social engineering tactics, Dave's got a story from one of our listeners, Ricky, about best gift card sales practices at retail chains, and our Catch of the Day comes from listener Michael with a well-crafted email full of red flags when you read into it.Links to stories:Rounding up the Past Year's Strangest Social Engineering TacticsHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops. 

Guest Justin Reilly, the CEO of Impero, stops by to talk with Dave Bittner about the mental health of kids in the digital age, Dave's got a story about large-scale phishing campaigns targeting the Indian Electric Vehicle consumers and businesses, Joe's story is from Vade sharing the top 20 most impersonated brands in phishing, and our Catch of the Day comes from Bob, a friend and former coworker of Joe's who received a smishing attempt via text from a "friend" and how he expertly turned the tables on the scammer.Links to stories: Unearthing the Million Dollar Scams Targeting the Indian Electric Vehicle Industry Vade Releases 2021 Phishers’ Favorites Report Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Software libraries, frameworks, packages, and other components, and their dependencies (third-party code that each component uses) that have inherent security weaknesses, either through newly discovered vulnerabilities or because newer versions have superseded the deployed version. 

Guest Jeff Nathan, the Director of Threat research at Norton Labs, joins Dave to discuss their most recent Consumer Cyber Safety Pulse Report, Joe and Dave share some follow up from listeners Daniel and Neville who helped the guys with a phrase from a recent Catch of the Day, Joe shares a story about getting around MFA using remote access software, Dave's story is about a jobfishing scam from a fake design firm, and our Catch of the Day is from listener Randy about an unsubscribe email he received.Links to stories: Devious phishing method bypasses MFA using remote access software Jobfished: the con that tricked dozens into working for a fake design agency Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Code and data repositories that don't protect against unauthorized changes.

Guest Joshua Neil, the Chief Data Scientist for SecurOnix, joins Dave to talk about evasive techniques and identifying nation-state kill chains, Joe shares an update on his identity theft experience, the guys share some follow up from listener Benji who shares experiences of scammers changing the name on gmail accounts at the synagogue where he works saying they are the rabbi and emailing congregants asking for gift cards, Dave's story is about Apple's AirTags and how they led to the discovery of a German intelligence agency, Joe's got a story about the City of Baltimore falling victim to a phishing scam, and our Catch of the Day is from listener G about a compressed file attachment he received, but did not open.Links to stories: Apple's AirTag uncovers a secret German intelligence agency Inspector General: Baltimore victimized in 376,213 phishing scam last year Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.