47 episodes

There's a lot of cool techy stuff going down in cybersecurity, and we love it. But you can't deny that a lot of the time we humans get forgotten. Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg.

These weekly podcasts come in two main flavors. We’re either ranting about themes close to the heart of us security types, or we’re discussing threats and vulnerabilities that have hit headlines – or slipped under the radar – in recent weeks.

Join Camille Mallon (tech advocate and keeper of the coloring pencils), Kev Breen (pro blue teamer, also known as 'Mr Nothing to CVE here...'), Emma Walker (), and other special guests as they wend their way through the murky world of Cyber Humanity.

Cyber Humanity Immersive Labs

    • Technology
    • 5.0 • 3 Ratings

There's a lot of cool techy stuff going down in cybersecurity, and we love it. But you can't deny that a lot of the time we humans get forgotten. Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg.

These weekly podcasts come in two main flavors. We’re either ranting about themes close to the heart of us security types, or we’re discussing threats and vulnerabilities that have hit headlines – or slipped under the radar – in recent weeks.

Join Camille Mallon (tech advocate and keeper of the coloring pencils), Kev Breen (pro blue teamer, also known as 'Mr Nothing to CVE here...'), Emma Walker (), and other special guests as they wend their way through the murky world of Cyber Humanity.

    47: Drone Strikes and Cyber Heists

    47: Drone Strikes and Cyber Heists

    NPM packages are getting hacked – so naturally we get Kev on the case to explain the whole thing. If you didn’t know, NPM is the official package manager for Node libraries, a JavaScript language. We’ve seen a big uptake in recent weeks, and some of those NPM packages have been compromised by hackers. They’re clearly targeting developers – and with a collective 28 million downloads every week, this is pretty big, wide-spread stuff.
    Next up, the raft of ransomware stories from this week: from the UK’s Labour Party to a…“cyber heist”? 

    We’ve also noticed a bit of a theme emerging with an increase in government and law enforcement involvement in disrupting ransomware and other cyber criminal enterprises. BlackMatter is our example here. 

    ***
    https://www.dailymail.co.uk/news/article-10148265/Massive-cyber-heist-rocks-high-society-jeweller-Graff.html
    https://www.bleepingcomputer.com/news/security/blackmatter-ransomware-claims-to-be-shutting-down-due-to-police-pressure/
    https://thehackernews.com/2021/10/popular-npm-package-hijacked-to-publish.html

    • 43 min
    46: New Threats On The Block?

    46: New Threats On The Block?

    A plethora of articles have been lighting up our newsfeeds and letting us know that there are new threats on the block: killware, RansomCloud, and extortion. 
    Killware: the next thing we need to worry about. Apparently this is defined as anything that has an outcome resulting in death…Seems quite broad really, and ranges from hackers targeting a water treatment plant and poisoning the water flow to a ransomware attack that takes a hospital offline, forcing patients to be rerouted. It’s less about the technique and more about the outcome. 

    RansomCloud: Kev gets into a good ranty flow on this one. Kevin Mitnick coined the term “RansomCloud” in a video a few years ago – and honestly, Kev (*our* Kev) does the best job of explaining the “threat”, so we won’t try to explain it here. Just listen to the episode. 

    Extortion: the one comes off the back of the Twitch takedown, which highlighted the idea that it is as beneficial to a cyber criminal to access a trove of useful sensitive personal data and look to extort a company for that as it is to go through the effort of ransomware. Double extortion – which you can read about here – is already a thing, so this technique is almost a step back. Or is it? 

    So what does the team think? Are these threats, risks, or just a bit of good old-fashioned FUD? Is Ransomware a thing of the past – or is it still the big bad wolf of cyber? 
    ***
    https://securityboulevard.com/2021/10/killware-hype-is-bigger-than-the-threat-for-now/
    https://techcrunch.com/2021/10/14/twitch-takedown-is-extortion-the-new-ransomware/
    https://research.nccgroup.com/2021/10/11/snapmc-skips-ransomware-steals-data/
    https://www.reuters.com/technology/exclusive-governments-turn-tables-ransomware-gang-revil-by-pushing-it-offline-2021-10-21/

    • 49 min
    45: Tales from the Crypto

    45: Tales from the Crypto

    First story is about someone who was “relieved” of their Bitcoin by some kids wielding malware back in 2018, when it was worth an awful lot less than it is now. There are some techie bits to this, as well as a few ethical and legal issues with the way the perps are being sued, so it’s a cracking story to get stuck into. 
    What do NFTs – non fungible tokens – and Banksy have in common? It’s pretty confusing as far as stories go, but our resident clearer-upperer, Kev, is on hand to help, leaving us to wonder if this is just Banksy himself having a bit of fun. 
    Sticking to the currency theme, we get knee deep in China’s digital Yuan in our next segment, and finally wrap up with a beautiful bit of OSINT from the Twitter Infosec community. 
    ***
    https://www.bbc.co.uk/news/technology-58399338 
    https://www.reuters.com/world/china/china-rolls-out-new-rules-minors-online-gaming-xinhua-2021-08-30/

    https://twitter.com/brechtcastel/status/1432642649312333829?s=20

    • 47 min
    44: Rotten Apples or Privacy Nuts?

    44: Rotten Apples or Privacy Nuts?

    It's a tasty ransomware week this week! Conti face their own internal threat in the shape of a disgruntled affiliate and LockBit has its claws in Accenture.
    Apple have been fiddling with their privacy settings again which is sending privacy advocates into a frenzy, and Kev tries very hard not to get ranty...
    ***
    https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/
    https://bgr.com/tech/apple-just-announced-a-major-change-that-has-privacy-advocates-totally-freaked-out/
    https://threatpost.com/affiliate-leaks-conti-ransomware-playbook/168442/

    • 45 min
    43: Pegasus Project: Winged Horses for Spyware Courses

    43: Pegasus Project: Winged Horses for Spyware Courses

    As you probably guessed from the title of this episode, this week is all about spyware and the Pegasus project. 
    This all kicked off when a consortium of 16 media outlets reported the alleged widespread and continuing abuse of NSO’s hacking spyware called Pegasus. The company insists that it is only used against criminals and terrorists – but is it? There’s a lot of depth to this story, and we cover it all. 
    ***
    https://www.theguardian.com/news/series/pegasus-project
    https://theconversation.com/how-does-the-pegasus-spyware-work-and-is-my-phone-at-risk-164781
    https://www.vice.com/en/article/n7b4gg/anom-phone-arcaneos-fbi-backdoor

    • 36 min
    42: Hey Ya Kaseya: MSPs as unwitting attackers

    42: Hey Ya Kaseya: MSPs as unwitting attackers

    Kaseya, Kaseya, Kaseya... How could we release an episode this week WITHOUT talking about the calamity at Kaseya?
    If you hadn't heard, the ransomware gang REvil has leveraged a vulnerability in Kaseya's VSA software against multiple MSPs and their clients. Oh dear. So what is it? Bog standard ransomware? Supply chain compromise? Zero-day exploit? It's all a bit murky, so Kev gets his 'Cyberattacks for Dummies' hat on.
    Also featured is the news that audio-editing software Audacity has been accused of being 'possible spyware'.
    ***
    https://www.youtube.com/watch?v=XfAyutRfy2A
    https://www.bbc.co.uk/news/technology-57721967
    https://www.proofpoint.com/us/blog/threat-insight/bazaflix-bazaloader-fakes-movie-streaming-service

    • 46 min

Customer Reviews

5.0 out of 5
3 Ratings

3 Ratings

JettyBplumpup ,

Insightful and Hilarious!

These guys are great-! Smart, witty and filled with insight.

Top Podcasts In Technology

Lex Fridman Podcast
Lex Fridman
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
No Priors: Artificial Intelligence | Machine Learning | Technology | Startups
Conviction | Pod People
Hard Fork
The New York Times
Acquired
Ben Gilbert and David Rosenthal
TED Radio Hour
NPR