Shared Security Tom Eston, Scott Wright, Kevin Johnson

In episode 327 Tom, Scott, and Kevin discuss the findings from Mandiant's M-Trends 2024 report, highlighting a significant rise in traditional vulnerability exploitation by attackers while observing a decline in phishing. Despite phishing's decreased prevalence, it remains the second most popular method for gaining initial network access. Discussions include the impact of high-profile vulnerabilities and the potential reasons behind the shift in cyberattack tactics. The episode also explores the challenges of maintaining online privacy within relationships, especially when one partner prioritizes privacy more than the other. Tips on fostering understanding and cooperation on privacy and security practices within a relationship are also covered.

In this episode Erin Gallagher, cybersecurity awareness lead at Fastly, discusses her journey into the field of security awareness and her unique approach to enhancing cybersecurity within tech companies. Erin shares her unconventional path from a communication major to leading security awareness programs at IBM and a large insurance company, before joining Fastly. She highlights the challenges and strategies of tailoring security training to diverse roles within tech companies, emphasizing the importance of role-based training over traditional methods like phishing simulations. Erin also tackles the critical role of communication skills in security awareness, the need for empathetic engagement with employees, and the importance of demonstrating the value of security awareness programs, especially in uncertain economic times. The episode also touches on Erin's success in engaging with all levels of staff, including executives, and her thoughts on the future of security awareness in the tech industry.

In episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained commit access and inserted a backdoor. The episode further delves into a cybersecurity incident where hackers stole 340,000 social security numbers from a government consulting firm, emphasizing the implications and broader concerns related to data security in government contractors and the inefficacy of response mechanisms. Additionally, the hosts explore the negative influences of marketing in the cybersecurity industry, particularly following significant security breaches.

Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by TechCrunch. The episode also details the thread jacking phishing attack, emphasizing the importance of recognizing unexpected email threads and the potential dangers of malicious attachments. The episode concludes with a brief discussion on the upcoming solar eclipse, stressing the importance of using ISO-certified glasses for viewing.

In episode 323, the hosts discuss two prominent topics. The first segment discusses a significant vulnerability discovered in hotel locks, branded as 'Unsaflok,' affecting 3 million doors across 131 countries. The vulnerability allows attackers to create master keys from a regular key, granted access to all doors in a hotel. The co-hosts also discuss the vulnerability's relation to legacy systems and the implications for hotel security. The second segment shifts focus to Glassdoor, revealing that the popular company review site can no longer guarantee anonymity due to changes following its acquisition of Fishbowl, raising concerns about privacy and the potential misuse of personal data. Additionally, the hosts cover the importance of maintaining security in physical and information security systems and the challenges businesses face when upgrading these systems.

In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa's journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect of on-prem data centers. Alyssa also shares a personal story about encountering workplace discrimination, offering advice based on her experiences. Additionally, the discussion touches on upcoming conference talks Alyssa is giving, which link her passion for aviation with lessons for the cybersecurity field. The episode touches on critical InfoSec challenges for 2024, humorously dismissing the hype around generative AI and quantum computing as the main issues.