Hacking Humans N2K Networks

Brandon Kovacs, a Senior Red Team Consultant at Bishop Fox, is talking about how Artificial Intelligence is shaping the future of social engineering. Listener Adina wrote in to share their thoughts on an earlier episode on Google. Dave share's listener Tony's write in for his story this week. Joe and Dave discuss some questions Tony shared about preparing for an overseas trip when his bank account was locked due to security measures triggered by setting up a backup phone and using a VPN. Joe has two stories for this week, one from Blair Young at WBAL, where Maryland Lottery is warning the public about a phone scam claiming Powerball winnings. The second comes from listener Don who shares a story on people who hold posters up saying they need money for children's funerals. Our catch of the day comes from a listener that found a "task scam" on Reddit.
Please take a moment to fill out an audience survey! Let us know how we are doing!
Links to the stories:

Maryland Lottery warns public about phone scam claiming Powerball winnings

‘It’s a scam’: Poster-holders aren’t really raising money for a child’s funeral


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. Maria's story covers the escalating efforts of pro-Russian propagandists to tarnish the Paris Summer Olympics and erode Western support for Ukraine, employing bold tactics like using AI to mimic Tom Cruise's voice. Joe and Dave share quite a bit of listener follow up, the first on is regarding the AirBnB story from a few weeks ago, the second one is from listener Lawrence who wrote in to verify dave’s comments about American Express, and the last one is from listener Tait, who shares some info on how they stay safe with banking. Joe has two stories for this week, the first one is on how the FBI is investigating the city of Gooding after they sent $1 million to a contractor for a wastewater project but later learned it was the victim of a scam. Joe's second story follows how a scammer dupes a Las Vegas woman out of $9,000 using a simple trick after turning up on her doorstep. Dave shares Avast's Q1, 2024 threat report. Our catch of the day comes from listener Clinton who wrote in to share and invoice he received from Apple Global requesting almost $1400.
Please take a moment to fill out an audience survey! Let us know how we are doing!
Links to the stories:

City of Gooding scammed out of $1 million, officials say

Scammer dupes Las Vegas woman out of $9,000 using a simple trick after turning up on her doorstep... so can you spot it?

Avast Q1/2024 Threat Report

Russians target Olympics with fake AI-generated Tom Cruise video


You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.

This week, we are joined by Dr. Chris Pierson CEO at Black Cloak, and he is talking about some of the social engineering attacks his team is tracking. Joe's story follows how Microsoft Threat Intelligence has observed the financially motivated cybercriminal group Storm-1811 misusing the client management tool Quick Assist in social engineering attacks. Dave share's the story of the lure of a free baby grand piano to deceive over 125,000 email recipients, mainly targeting North American university students and faculty, earning at least $900,000. Our catch of the day comes from listener Chuck who writes in to share some of his junk mail he has been receiving recently, and shares concerns for other listeners.
Please take a moment to fill out an audience survey! Let us know how we are doing!
Links to the stories:

Threat actors misusing Quick Assist in social engineering attacks leading to ransomware

Free Piano phish targets American university students, staff


Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. 
Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID."
IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023.
Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off.
Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape.