There's a lot of cool techy stuff going down in cybersecurity, and we love it. But you can't deny that a lot of the time we humans get forgotten. Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg.
These weekly podcasts come in two main flavors. We’re either ranting about themes close to the heart of us security types, or we’re discussing threats and vulnerabilities that have hit headlines – or slipped under the radar – in recent weeks.
Join Chris Pace (tech advocate and keeper of the coloring pencils), Kev Breen (pro blue teamer, also known as 'Mr Nothing to CVE here...'), Max Vetter (former dark web detective and pretty cool guy), and Paul Bentham (ex-gov. type and Immersive Labs product guru) as they wend their way through the murky world of Cyber Humanity.
47: Drone Strikes and Cyber Heists
Next up, the raft of ransomware stories from this week: from the UK’s Labour Party to a…“cyber heist”?
We’ve also noticed a bit of a theme emerging with an increase in government and law enforcement involvement in disrupting ransomware and other cyber criminal enterprises. BlackMatter is our example here.
46: New Threats On The Block?
A plethora of articles have been lighting up our newsfeeds and letting us know that there are new threats on the block: killware, RansomCloud, and extortion.
Killware: the next thing we need to worry about. Apparently this is defined as anything that has an outcome resulting in death…Seems quite broad really, and ranges from hackers targeting a water treatment plant and poisoning the water flow to a ransomware attack that takes a hospital offline, forcing patients to be rerouted. It’s less about the technique and more about the outcome.
RansomCloud: Kev gets into a good ranty flow on this one. Kevin Mitnick coined the term “RansomCloud” in a video a few years ago – and honestly, Kev (*our* Kev) does the best job of explaining the “threat”, so we won’t try to explain it here. Just listen to the episode.
Extortion: the one comes off the back of the Twitch takedown, which highlighted the idea that it is as beneficial to a cyber criminal to access a trove of useful sensitive personal data and look to extort a company for that as it is to go through the effort of ransomware. Double extortion – which you can read about here – is already a thing, so this technique is almost a step back. Or is it?
So what does the team think? Are these threats, risks, or just a bit of good old-fashioned FUD? Is Ransomware a thing of the past – or is it still the big bad wolf of cyber?
45: Tales from the Crypto
First story is about someone who was “relieved” of their Bitcoin by some kids wielding malware back in 2018, when it was worth an awful lot less than it is now. There are some techie bits to this, as well as a few ethical and legal issues with the way the perps are being sued, so it’s a cracking story to get stuck into.
What do NFTs – non fungible tokens – and Banksy have in common? It’s pretty confusing as far as stories go, but our resident clearer-upperer, Kev, is on hand to help, leaving us to wonder if this is just Banksy himself having a bit of fun.
Sticking to the currency theme, we get knee deep in China’s digital Yuan in our next segment, and finally wrap up with a beautiful bit of OSINT from the Twitter Infosec community.
44: Rotten Apples or Privacy Nuts?
It's a tasty ransomware week this week! Conti face their own internal threat in the shape of a disgruntled affiliate and LockBit has its claws in Accenture.
Apple have been fiddling with their privacy settings again which is sending privacy advocates into a frenzy, and Kev tries very hard not to get ranty...
https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/ (https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/ )
43: Pegasus Project: Winged Horses for Spyware Courses
As you probably guessed from the title of this episode, this week is all about spyware and the Pegasus project.
This all kicked off when a consortium of 16 media outlets reported the alleged widespread and continuing abuse of NSO’s hacking spyware called Pegasus. The company insists that it is only used against criminals and terrorists – but is it? There’s a lot of depth to this story, and we cover it all.
42: Hey Ya Kaseya: MSPs as unwitting attackers
Kaseya, Kaseya, Kaseya... How could we release an episode this week WITHOUT talking about the calamity at Kaseya?
If you hadn't heard, the ransomware gang REvil has leveraged a vulnerability in Kaseya's VSA software against multiple MSPs and their clients. Oh dear. So what is it? Bog standard ransomware? Supply chain compromise? Zero-day exploit? It's all a bit murky, so Kev gets his 'Cyberattacks for Dummies' hat on.
Also featured is the news that audio-editing software Audacity has been accused of being 'possible spyware'.
Insightful and Hilarious!
These guys are great-! Smart, witty and filled with insight.