Hacking Humans

This discussion delves into the fascinating concept of sandboxes in cybersecurity. It explores how these controlled environments allow for the safe execution of potentially harmful code. The historical evolution of sandboxing is highlighted, showcasing its journey from educational tools to critical security measures. The importance of these systems in protecting sensitive information from cyber threats is emphasized, making it clear that sandboxes play a vital role in modern computing.

Maria Varmazis, host of N2K's T-Minus Space Daily podcast, dives into the alarming rise of sextortion on popular social media platforms, emphasizing its impact on vulnerable teens. Joe and Dave share listener stories about gift card scams and phishing tactics, revealing clever and deceptive methods used by scammers. They discuss the changing landscape of ransomware, noting companies are less inclined to pay ransoms and new reporting requirements. The conversation highlights the necessity of proactive measures to protect personal information in a rapidly evolving fraud environment.

Discover the fascinating world of Security Orchestration, Automation, and Response. Learn how SOAR enhances security operations by streamlining disparate tools into cohesive systems. The discussion dives into the shift from manual processes to automated solutions, addressing the need to keep pace with evolving security threats. Explore the journey of integrating pre-built automation playbooks that significantly bolster organizational defenses.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week, Joe shares a note from listener Michael before getting into stories, and Michael writes in to share that there are VIN cloning scams. Joe brings back the Iota discussion from last week. Joe's up first for stories and focuses on fraud. Dave informs us of the new human-like AI granny who is wasting scammers time. Finally Maria brings us the story of how BforeAI researchers analyzed over 6000 newly registered retail domains, revealing a surge in scam activity targeting shoppers with phishing websites, fake apps, and fraudulent offers, particularly during the holiday season, exploiting brand names, seasonal trends, and emerging technologies like AI and cryptocurrency. Our catch of the day comes from listener Kenneth who writes in about a fraudulent email claiming to be from Emirates Group, inviting a company to register as a vendor or contractor for upcoming projects in 2024/2025. The email emphasizes the company's experience in various sectors and urges a prompt response to initiate the registration process. It is signed by a supposed "Contractors Coordinator," Mr. Steve Ibrahim Ghandi, and includes fake contact details for the Emirates Group. Resources and links to stories: VIN cloning How Cybercriminals Use Vehicle Identification Numbers (VINs) to Hack Cars Yes, your car's Vehicle Identification Number can be used to steal from you Geolocation Resources for OSINT Investigations Person dressed in a bear costume to fake attacks on cars for insurance payout, California officials say U.S. Trustee Program Warns Consumers of Bankruptcy Fraud Alert Scam O2 unveils Daisy, the AI granny wasting scammers’ time 2024 Online Holiday Retail Threat Report You can hear more from the T-Minus space daily show here.Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.

A term of legal art that defines the types of data and circumstances that permits a third party to directly or indirectly identify an individual with collected data. 

Dive into the world of scams and vulnerabilities! Discover a heartbreaking tale of a WWE impersonator scamming an elderly man. Learn about a sophisticated phishing scheme exploiting DocuSign's API to send fake invoices. The Better Business Bureau reveals new twists in online shopping fraud, including alarming 'card declined' messages. Plus, hear crucial tips on email authentication and how to navigate the evolving landscape of social media scams. Stay informed and protect yourself from becoming the next victim!

Explore the innovative concept of Secure Access Service Edge (SASE) and its game-changing role in cybersecurity. Discover how it integrates cloud models and simplifies network security. Delve into the comparison with traditional methods and see why embracing cloud resources leads to greater efficiency and security. Learn about the importance of vendor-provided security stacks and network peering with major content providers. This insightful discussion offers a fresh perspective on safeguarding digital infrastructures.

Maria Varmazis, host of N2K's T-Minus, shares her unique insights as she explores the five types of social engineers she encountered while bartending. Each bar personality serves as a metaphor for common cybersecurity threats. The conversation also highlights the rise of tech support scams and the alarming tricks used to exploit the elderly. Additionally, there are hilarious anecdotes about car-selling scams and an analysis of a viral AI-generated hoax. It’s a lively mix of humor and caution, perfect for those curious about social engineering in everyday life.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about how threat actors are shifting tactics across the landscape, focusing more on advanced social engineering and refined initial access strategies than on sophisticated malware. We’ll dive into Proofpoint's latest blog detailing a transport sector breach that, while involving relatively standard malware, showcases this growing trend of nuanced techniques and toolsets.

Explore the fascinating origins of red teaming, tracing its roots from historical military tactics to modern cybersecurity practices. Discover how this collaborative approach enhances training and boosts incident response within security organizations. The discussion reveals how emulating adversary behavior has become crucial for organizations aiming to strengthen their defenses against evolving threats.