Hacking Humans N2K Networks

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria's story covers the escalating efforts of pro-Russian propagandists to tarnish the Paris Summer Olympics and erode Western support for Ukraine, employing bold tactics like using AI to mimic Tom Cruise's voice. Joe and Dave share quite a bit of listener follow up, the first on is regarding the AirBnB story from a few weeks ago, the second one is from listener Lawrence who wrote in to verify dave’s comments about American Express, and the last one is from listener Tait, who shares some info on how they stay safe with banking. Joe has two stories for this week, the first one is on how the FBI is investigating the city of Gooding after they sent $1 million to a contractor for a wastewater project but later learned it was the victim of a scam. Joe's second story follows how a scammer dupes a Las Vegas woman out of $9,000 using a simple trick after turning up on her doorstep. Dave shares Avast's Q1, 2024 threat report. Our catch of the day comes from listener Clinton who wrote in to share and invoice he received from Apple Global requesting almost $1400.
Please take a moment to fill out an audience survey! Let us know how we are doing!
Links to the stories:

City of Gooding scammed out of $1 million, officials say

Scammer dupes Las Vegas woman out of $9,000 using a simple trick after turning up on her doorstep... so can you spot it?

Avast Q1/2024 Threat Report

Russians target Olympics with fake AI-generated Tom Cruise video


You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.

This week, we are joined by Dr. Chris Pierson CEO at Black Cloak, and he is talking about some of the social engineering attacks his team is tracking. Joe's story follows how Microsoft Threat Intelligence has observed the financially motivated cybercriminal group Storm-1811 misusing the client management tool Quick Assist in social engineering attacks. Dave share's the story of the lure of a free baby grand piano to deceive over 125,000 email recipients, mainly targeting North American university students and faculty, earning at least $900,000. Our catch of the day comes from listener Chuck who writes in to share some of his junk mail he has been receiving recently, and shares concerns for other listeners.
Please take a moment to fill out an audience survey! Let us know how we are doing!
Links to the stories:

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Free Piano phish targets American university students, staff


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. 
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID."
IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023.
Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off.
Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape.

The process of stealing ATM customer credentials by means of physically and covertly installing one or more devices onto a public ATM machine.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria shares an interesting story from a listener, who writes in on an AirBnB debacle he was dealing with. Joe shares the newly released 2024 Data Breach Investigations Report from Verizon. Dave shares a story From the New York Magazine, written by Ezra Marcus, on a college sophomore from University of Miami who was found to be tangled up in a refund fraud scam that granted him a lavish lifestyle. Our catch of the day comes from Joe's mother this week. She happened to receive an email with the subject line being "your order is confirmed," coming from what looks to be "McAfee."
Please take a moment to fill out an audience survey! Let us know how we are doing!
Links to the stories:

The Package King of Miami

2024 Data Breach Investigations Report


You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.