Hacking Humans

Guest Jane Lee, Trust and Safety Architect at Sift, joins Dave to talk about the Digital Trust and Safety Index, Joe and Dave share some follow up from a listener, Ben, with a suggestion as an alternative to prevent clicking on those bonus phishing scams, Joe's story is about fake ticket scams for the Kansas City Chiefs NFL playoff game against the Pittsburgh Steelers, Dave's got a story about scams on Apple's App Store, and our Catch of the Day is from an anonymous listener about an email they received from their "IT department" requesting credentials (including password) when getting a new laptop. (Note: This is our first COTD that is not a scam, rather a bad policy.)Links to stories: Kansas City police warn Chiefs fans about ticket scams APPLE’S $64 BILLION-A-YEAR APP STORE ISN’T CATCHING THE MOST EGREGIOUS SCAMS Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures.

Guest Tom Tovar, CEO and Co-Creator of AppDome, joins Dave and Joe to discuss the results of a recent consumer survey, Dave's story is based on a tweet where the user's child's middle school had some unintended consequences of a phishing scam training, Joe has two stories: one on QR code scammers on parking kiosks, and one about a book publishing phishing scam, and our Catch of the Day is a message that purports to come from the USPS sent in by listener William about a missed package delivery.Links to stories: Tweet about phishing simulation gone wrong. QR code scammers hitting on-street parking in Texas cities -- including Houston, officials say; This is what you need to know FBI Arrests Suspect in Unpublished Book Manuscript Phishing Scam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. 

Guest Adam Flatley, Director of Threat Intelligence at Redacted, talks with Dave about "the only way to truly disrupt the ransomware problem is to target the actors themselves," Joe shares some statistics that will help you stay up-to-date on recent cybersecurity trends, Dave's story is about criminal indictments in a case of a Maryland company buying lead paint victims’ settlements for a fraction of their value, and our Catch of the Day comes from listener Brady about a slick mail campaign they received from "Amazon."Links to stories: 22 cybersecurity statistics to know for 2022 Criminal indictments filed against Maryland company that targeted Baltimore lead paint victims’ settlements Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. 

Thanks for joining us for Episode 5 of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Dave's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us for a trip to the movies.Links to this episode's clips if you'd like to watch along: Joe's clip from "Identity Thief" Rick's pick from "The Flim-Flam Man"

A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more. 

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect!The 12 Days of Malware lyricsOn the first day of Christmas, my malware gave to me:A keylogger logging my keys.On the second day of Christmas, my malware gave to me:2 Trojan Apps...And a keylogger logging my keys.On the third day of Christmas, my malware gave to me:3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the fourth day of Christmas, my malware gave to me:4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the fifth day of Christmas, my malware gave to me:5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the sixth day of Christmas, my malware gave to me:6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the seventh day of Christmas, my malware gave to me:7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the eighth day of Christmas, my malware gave to me:8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the ninth day of Christmas, my malware gave to me:9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the tenth day of Christmas, my malware gave to me:10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days! (Bah-dum-dum-dum!)4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the eleventh day of Christmas, my malware gave to me:11 Phishers phishing...10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days! (Bah-dum-dum-dum!)4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.On the twelfth day of Christmas, my malware gave to me:12 Hackers hacking...11 Phishers phishing...10 Darknet markets...9 Rootkits rooting...8 Worms a wiping...7 Scripts a scraping...6 Passwords spraying...5 Zero Days!4 Crypto scams...3 Web shells...2 Trojan Apps...And a keylogger logging my keys.

Thanks for joining us for Episode 4 of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us for a trip to the movies.Links to this episode's clips if you'd like to watch along: Joe's clip from "The Fresh Prince Of Bel-Air: Pool Hall Hustle" scene Rick's pick from "Lock, Stock and Two Smoking Barrels"