Hacking Humans

N2K Networks
  • 0.0 (0)
  • NOTICIAS TECNOLÓGICAS
  • CADA SEMANA

Deception, influence, and social engineering in the world of cyber crime.

  1. HACE 2 DÍAS

    Tap, pay…and prey.

    This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some big chicken news from Joe! Dave’s story is on Meta’s internal documents revealing it projected up to 10% of its 2024 revenue, worth billions, would come from fraudulent or banned ads across its platforms. Maria has the story on how Howler Cell at Cyderes uncovered a systemic “Bring Your Own Updates” risk in Windows updaters, where attackers can hijack trusted, signed update clients like Advanced Installer to deliver malicious code that evades detection and could lead to large-scale supply-chain attacks. Joe has the story on a new scam called “ghost tapping,” where fraudsters use near-field communication devices to secretly charge tap-to-pay cards and mobile wallets in crowded places. Victims often don’t notice until small, unauthorized withdrawals add up, prompting the BBB to warn consumers to use RFID-blocking wallets, verify charges before tapping, and monitor accounts for suspicious activity. Our catch of the day is on an application to the Council of the Ecliptic. Resources and links to stories: ⁠Meta is earning a fortune on a deluge of fraudulent ads, documents show Ghost-tapping scam targets tap-to-pay users ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

    53 min
  2. Private Network Access (PNA) (noun) [Word Notes]

    HACE 4 DÍAS · CONTENIDO EXTRA

    Private Network Access (PNA) (noun) [Word Notes]

    Please enjoy this encore of Word Notes. A browser configuration control that prevents accessing resources within a private network. CyberWire Glossary ⁠link⁠. Audio reference link: “⁠Chrome Limits Access to Private Networks⁠,” by Daniel Lowrie, ITProTV, YouTube, 19 January 2022.

    6 min

  3. 6 NOV

    Seniors in scam crosshairs.

    This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up, listener Jay shared how Robinhood tackled a $25.4 billion phone scam problem with a simple fix—a bright yellow in-call banner that warns users, “We’re not calling you. If the caller says they’re from Robinhood, they’re not—hang up.” Meanwhile, Myanmar’s military blew up a major online scam center at KK Park, forcing over 1,500 people to flee into Thailand. Listener JJ reminds us it’s “CAC cards,” not just “CAC,” and Shannon reports from Scooter’s Coffee, where customers are now bringing chickens for pup cups—proving some pets really do rule the roost. Maria’s story is on Bitdefender and NETGEAR’s 2025 IoT Security Report, which found smart homes now face triple the attacks of last year—about 29 a day. Dave’s story is on a cloud architect who exposed his AWS keys online, letting attackers hijack his account for crypto-mining and phishing. His takeaway: secure keys, limit privileges, and assume it can happen to you. Joe’s got the story of scammers posing as banks or the FTC, using fake security alerts to trick older adults into draining their savings. The FTC says losses are skyrocketing—so don’t move money or trust surprise calls or pop-ups. Our catch of the day comes from the Scams SubReddit, where a scammer got way more than what they signed up for in a text chain. Resources and links to stories: Robinhood LinkedIn post. Stragglers from Myanmar scam center raided by army cross into Thailand as buildings are blown up My AWS Account Got Hacked - Here Is What Happened False alarm, real scam: how scammers are stealing older adults’ life savings Trying to scam the scammer ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

    50 min
  4. Web 3.0 (noun) [Word Notes]

    4 NOV · CONTENIDO EXTRA

    Web 3.0 (noun) [Word Notes]

    Please enjoy this encore of Word Notes. The potential next evolution of the worldwide web that decentralizes interaction between users and content away from the big silicon valley social media platforms like Twitter, Facebook, and YouTube, and towards peer-to-peer interaction using blockchain as the underlying technology.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/web-30⁠ Audio reference link: “⁠What Elon Musk Just Said about Metaverse, Web3 and Neuralink⁠,” By Clayton Morris, Crypto News Daily, YouTube. 2 December 2021.

    7 min
  5. Pass the intel, please. [OMITB]

    4 NOV

    Pass the intel, please. [OMITB]

    Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠, ⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠ ⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠ and ⁠⁠⁠Keith Mularski⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠Qintel⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we explore what makes information sharing actually work. From public-private partnerships to actionable intelligence, our guests discuss how organizations can prioritize, process, and operationalize shared cyber threat data to stay ahead of emerging risks. Plus, catch Dave, Selena, and Keith on their road trip adventure in our video on ⁠YouTube⁠ — full of laughs, unexpected detours, and plenty of sleuthing!

    38 min
  6. The Malware Mash!

    31 OCT · CONTENIDO EXTRA

    The Malware Mash!

    Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video ⁠here⁠. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight  for my malware threat score began to rise  and suddenly to my surprise... It did the Mash  It did the Malware Mash  The Malware Mash  It was a botnet smash  It did the Mash  It caught on 'cause of Flash  The Malware Mash  It did the Malware Mash From the Stuxnet worm squirming toward the near east  to the dark web souqs where the script kiddies feast  the APTs left their humble abodes  to get installed from rootkit payloads.  They did the Mash  They did the Malware Mash  The Malware Mash  It was an adware smash  They did the Mash  It caught on 'cause of Flash  The Malware Mash  They did the Malware Mash The botnets were having fun  The DDoS had just begun  The viruses hit the darknet,  with ransomware yet to come.  The keys were logging, phishing emails abound,  Snowden on chains, backed by his Russian hounds.  The Shadow Brokers were about to arrive  with their vocal group, "The NotPetya Five." They did the Mash  They played the Malware Mash The Malware Mash  It was a botnet smash  They did the Mash  It caught on 'cause of Flash  The Malware Mash  They played the Malware Mash Somewhere in Moscow Vlad's voice did ring  Seems he was troubled by just one thing.  He opened a shell then shook his fist  and said, "Whatever happened to my Turla Trojan twist."  It's now the Mash  It's now the Malware Mash  The Malware Mash  And it's a botnet smash  It's now the Mash  It caught on 'cause of Flash  The Malware Mash  It's now the Malware Mash Now everything's cool, Vlad's a part of the band  And the Malware Mash is the hit of the land.  For you, defenders, this mash was meant to  when you get to my door, tell them Creeper sent you. Then you can Mash  Then you can Malware Mash  The Malware Mash  And be a botnet smash  It is the Mash  Don't you dare download Flash  The Malware Mash  Just do the Malware Mash

    3 min

  7. 30 OCT

    Beware the boo-gus giveaway.

    This week, our hosts ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. In our follow up, our hosts respond to a listener who wrote in with an insightful question about the role of wealth in scam susceptibility. Joe's story covers how a fake AI recruiter lures developers with a GitHub “technical assessment” that, when run, unleashes a five-stage malware chain to steal credentials, wallets, and install persistent backdoors. Maria has the story on a Halloween-themed phishing scam that lured victims with a fake Home Depot giveaway, using obfuscated code, stolen email threads, and tracking pixels to trick users into handing over personal and payment information. Dave’s story is on a convincing phishing email claiming Dashlane was hacked, showing how fear and urgency—even in obvious scams—can make anyone second-guess before thinking twice. Our catch of the day is from the scams sub-Reddit thread, and is how one user received a message from their "aunt" who wanted to be nice and grab the user a present. Resources and links to stories: ⁠How a fake AI recruiter delivers five staged malware disguised as a dream job Home Depot Halloween phish gives users a fright, not a freebie Why the Obviously Fake Dashlane Hack Phishing Email Still Made Me Jump ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

    40 min
  8. Identity access management (IAM) (noun) [Word Notes]

    28 OCT · CONTENIDO EXTRA

    Identity access management (IAM) (noun) [Word Notes]

    Please enjoy this encore of Word Notes. A set of solutions for ensuring that the right users can only access the appropriate resources. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/identity-and-access-management⁠ Audio reference link: “⁠The Wrath of Khan (1982) ‘Kirk’s Response⁠,’” by Russell, YouTube, 16 May 2017.

    12 min
Ver todo (717)

Tráiler

Anfitriones e invitados

Acerca de

Deception, influence, and social engineering in the world of cyber crime.

Información

  • Creador
    N2K Networks
  • Años de actividad
    2018 - 2025
  • Episodios
    717
  • Clasificación
    Apto
  • Copyright
    © 2024 N2K Networks, Inc. 706761
  • Mostrar sitio web
    Hacking Humans

También te podría interesar