OWASP broken access control (noun) [Word Notes]

Hacking Humans

Player FM - Internet Radio Done Right

1,257 subscribers

اضافه شده در seven سال پیش

محتوای ارائه شده توسط N2K Networks, Inc. and N2K Networks. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط N2K Networks, Inc. and N2K Networks یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

Ask Grumpy

1
Helpless Hydrangea 6:24

14 روز پیش6:24

پخش در آینده

لیست ها

پسندیدن

دوست داشته شد

6:24

Grumpy helps a reader choose the best hydrangea for their hometown. Plus, Grumpy’s gripe of the week. You can find us online at southernliving.com/askgrumpy Ask Grumpy Credits: Steve Bender aka The Grumpy Gardener - Host Nellah McGough - Co-Host Krissy Tiglias - GM, Southern Living Lottie Leymarie - Executive Producer Michael Onufrak - Audio Engineer/Producer Isaac Nunn - Recording Tech Learn more about your ad choices. Visit podcastchoices.com/adchoices…

22 روز پیش 7:30

MP3•خانه قسمت

Please enjoy this encore of Word Notes.

Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.

667 قسمت

#Security #Software Development #Tech News #Cyber #Deception #Engineering #Social #Tech #News #N2K Networks, Inc #CyberWire

Hacking Humans

OWASP broken access control (noun) [Word Notes]

Hacking Humans

1,257 subscribers

published 22 روز پیش

اشتراک گذاری

MP3•خانه قسمت

Please enjoy this encore of Word Notes.

Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.

667 قسمت

#Security #Software Development #Tech News #Cyber #Deception #Engineering #Social #Tech #News #N2K Networks, Inc #CyberWire

All episodes

Hacking Humans

1
OWASP security logging and monitoring failures (noun) [Word Notes] 6:04

24 hours پیش6:04

6:04

Please enjoy this encore of Word Notes. The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.

Hacking Humans

1
Scam me once. 58:06

۶ روز پیش58:06

58:06

This week, our three hosts ⁠⁠Dave Bittner⁠⁠ , ⁠⁠Joe Carrigan⁠⁠ , and ⁠⁠Maria Varmazis⁠⁠ (also host of the ⁠⁠T-Minus⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Jim notes that money launderers and couriers mentioned in recent episodes are often scam victims themselves, unknowingly processing fraudulent payments or delivering items, sometimes with tragic consequences like an innocent Uber driver being shot. Dave shares two close calls with scams this week: one where a bank employee saved a 75-year-old customer from losing $9,000 to a Facebook crypto scam, and another where a scammer impersonating “Officer Shane Kitchens” nearly tricked his mom into sending $3,500 for fake bail and ankle monitor fees after a family member was arrested. Joe's got three short stories this week—one is on how someone tried scamming his wife, another about a DoorDash driver who admitted to stealing $2.5 million in a delivery scam, and the last on a warning to billions of Gmail users to remain vigilant over a terrifying new phishing scheme. Maria sits down with Alex Hall , Trust and Safety Architect at Sift , to discuss the rise of job scams. Our catch of the day comes from Jonathan who writes in with a fake PayPal invoice. Resources and links to stories: You all saved my customer today Loved one got arrested, next day got a call from a “Sergeant” at the county jail. DoorDash driver admits to stealing $2.5M in delivery scam Billions of Gmail users warned to 'remain vigilant' over terrifying scam Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠ .…

Hacking Humans

1
OWASP identification and authentication failures (noun) [Word Notes] 5:58

۸ روز پیش5:58

5:58

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “ ⁠Mr. Robot Hack - Password Cracking - Episode 1⁠ .” YouTube Video. YouTube, September 21, 2016.…

Hacking Humans

1
The band is finally back together. 43:33

13 روز پیش43:33

43:33

And....we're back! This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are all back to share the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. The team shares three bits of follow-up and then breaks into their stories. Joe starts off sharing some stories about influencer fakery on fake private jet sets and a scam taking advantage of the RealID requirements coming into effect. Maria talks about "Scam Survivor Day" (it's a real thing). She also talks about a former Facebooker's tell-all "Careless People." Dave shares a story about fake Social Security statements. Our Catch of Day comes from Richard about a truck win. Resources and links to stories: Private Executive Jet Private Jet Set for exhibitions, events and photo opportunities REAL ID scams surge with arrival of deadline Wednesday Don't Blame the Victim: 'Fraud Shame' and Cybersecurity Facebook Allegedly Detected When Teen Girls Deleted Selfies So It Could Serve Them Beauty Ads Beware of Fake Social Security Statement That Tricks Users to Install Malware Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠ .…

Hacking Humans

1
Log4j vulnerability (noun) [Word Notes] 9:16

15 روز پیش9:16

9:16

Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/log4j⁠ Audio reference link: “ ⁠CISA Director: The LOG4J Security Flaw Is the ‘Most Serious’ She’s Seen in Her Career⁠ ,” by Eamon Javers (CNBC) and Jen Easterly (Cybersecurity and Infrastructure Security Director) YouTube, 20 December 20 2021.…

Hacking Humans

1
What’s inside the mystery box? Spoiler: It’s a scam! 46:13

20 روز پیش46:13

46:13

As Dave Bittner is at the RSA Conference this week, our hosts ⁠⁠ Maria Varmazis and ⁠⁠Joe Carrigan⁠⁠ , are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from José on episode 335, sharing how UK banking features like Faster Payments and the “Check Payee” function might have helped prevent a scam involving fake banking apps—and he even tells a wild tale of someone using a fake app to reverse-scam a bike thief. Joe covers the House’s overwhelming passage of the SHIELD Act to ban revenge porn—including deepfakes—and why critics say it could threaten encryption. He also shares a strong warning about trust and the real risks of sharing intimate images. Maria has the story of a surge in sophisticated subscription scams, where cybercriminals use fake “mystery box” websites, social media ads, and influencer impersonations to trick users into handing over credit card data and signing up for hidden recurring payments. Bitdefender researchers warn these polished scams are part of a broader evolution in social engineering, designed to bypass skepticism and evade detection. Our Catch of the Day comes from listener Rick, who received a suspicious email that appears to be from Harbor Freight—a popular U.S. retailer known for affordable tools and equipment—offering a “free gift” to the recipient… classic bait for a likely scam. Resources and links to stories: ⁠ House Passes Bill to Ban Sharing of Revenge Porn, Sending It to Trump TAKE IT DOWN Act Trump’s hasty Take It Down Act has “gaping flaws” that threaten encryption Congress Passes TAKE IT DOWN Act Despite Major Flaws Mystery Box Scams Deployed to Steal Credit Card Data Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠hackinghumans@n2k.com⁠⁠ .…

Hacking Humans

1
The RMM protocol: Remote, risky, and ready to strike. [OMITB] 41:40

22 روز پیش41:40

41:40

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠Selena Larson⁠ , ⁠Proofpoint⁠ intelligence analyst and host of their podcast ⁠DISCARDED⁠ . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by ⁠N2K Networks⁠ ⁠Dave Bittner⁠ and our newest co-host, Keith Mularski , former FBI cybercrime investigator and now Chief Global Ambassador at Quintel . Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss the growing trend of cybercriminals using legitimate remote monitoring and management (RMM) tools in email campaigns as a first-stage payload. They explore how these tools are being leveraged for data theft, financial fraud, and lateral movement within networks. With the decline of traditional malware delivery methods, including loaders and botnets, the shift toward RMMs marks a significant change in attack strategies. Tune in to learn more about this evolving threat landscape and how to stay ahead of these tactics.…

Hacking Humans

1
OWASP broken access control (noun) [Word Notes] 7:30

22 روز پیش7:30

7:30

Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.

Hacking Humans

1
The prince, the pretender, and the PSA. 28:35

27 روز پیش28:35

28:35

As Maria is on vacation this week, our hosts ⁠Dave Bittner⁠ and ⁠Joe Carrigan⁠ , are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe and Dave are joined by guest Rob Allen from ThreatLocker who shares a story on how a spoofed call to the help desk unraveled into a full-blown cyber siege on MGM Resorts. Joe’s story is on a new FBI warning: scammers are impersonating the Internet Crime Complaint Center (IC3), the very site where people go to report online fraud. Dave's got the story of a so-called “Nigerian prince” scammer who turned out to be a 67-year-old man from Louisiana, now facing 269 counts of wire fraud for helping funnel money to co-conspirators in Nigeria. Our catch of the day comes from a scams subreddit, and is on a message received from the Department of Homeland Security reaching out to a user to share that they are a victim of fraud. Resources and links to stories: Investigating the MGM Cyberattack – How social engineering and a help desk put the whole strip at risk. Brian Krebs LinkedIn FBI Warns of Scammers Impersonating the IC3 IC3 2024 Report 'Nigerian prince' scammer was 67-year-old from Louisiana, police say Have a Catch of the Day you'd like to share? Email it to us at ⁠hackinghumans@n2k.com⁠ .…

Hacking Humans

1
OWASP security misconfiguration (noun) [Word Notes] 7:03

29 روز پیش7:03

7:03

Please enjoy this encore of Word Notes. The state of a web application when it's vulnerable to attack due to an insecure configuration. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-security-misconfiguration⁠ Audio reference link: ⁠“What Is the Elvish Word for Friend?”⁠ Quora, 2021.…

Hacking Humans

1
When AI lies, hackers rise. 42:37

۵ weeks پیش42:37

42:37

This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. This week Joe's got some follow up about his chickens. Joe's story is on LLM-powered coding tools, and how they are increasingly hallucinating fake software package names, opening the door for attackers to upload malicious lookalike packages—a practice dubbed "slopsquatting"—that can compromise software supply chains when developers unwittingly install them. Dave’s story is on Cisco Talos uncovering a widespread toll road smishing campaign across multiple U.S. states, where financially motivated threat actors—using a smishing kit developed by “Wang Duo Yu”—impersonate toll services to steal victims' personal and payment information through spoofed domains and phishing sites. Maria's got the story of how scammers are using fake banking apps to fool sellers with phony payment screens—and walking away with thousands in goods. Our catch of the day comes from listener John who writes in to share a suspicious text message he received. Resources and links to stories: LLMs can't stop making up software dependencies and sabotaging everything Unraveling the U.S. toll road smishing scams 'Scammers used fake app to steal from me in person' Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…

Hacking Humans

1
OWASP insecure design (noun) [Word Notes] 8:19

۵ weeks پیش8:19

8:19

Please enjoy this encore episode of Word Notes. A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-insecure-design Audio reference link: “ Oceans Eleven Problem Constraints Assumptions .” by Steve Jones, YouTube, 4 November 2015.…

Hacking Humans

1
Phishing in the tariff storm. 34:57

۶ weeks پیش34:57

34:57

This week, our hosts Dave Bittner and Joe Carrigan , are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines, while our other host, Maria Varmazis is at a conference. We begin with some follow-up, as Joe reflects on the density of gold. Then, Dave shares some heartfelt and moving words about the recent passing of his father. Dave's story follows how confusion sparked by Trump's erratic tariff policies is fueling a global surge in cyber scams, phishing sites, and crypto cons, as threat actors exploit the chaos to mislead, defraud, and manipulate online users. Joe has two stories this week, the first is about the "blessing scam," a con that targets older Chinese women with promises of spiritual cleansing that ends in financial ruin. The second covers a new FTC rule requiring companies to make subscription cancellations as easy as sign-ups, cracking down on deceptive practices. Our catch of the day this week comes from MontClair University, as they are warning of a phishing scam offering a “free 2014 Airstream Sport 16′ Travel Trailer.” Resources and links to stories: Trump Tariff Confusion Fuels Online Scams Oklahoma woman charged with laundering $1.5M from elderly women in online romance scam A new ‘jackpotting’ scam has drained more than $236,000 from Texas ATMs — but who foots the loss? Opportunity To Own A Free 2014 Airstream Sport 16′ Travel Trailer Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…

Hacking Humans

1
OWASP injection (noun) [Word Notes] 6:32

۶ weeks پیش6:32

6:32

Please enjoy this encore of Word Notes. A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-injection Audio reference link: “ APPSEC Cali 2018 - Taking on the King: Killing Injection Vulnerabilities ” YouTube Video. YouTube, March 19, 2018.…

Hacking Humans

1
You get a million dollars, and you get a million dollars! 37:12

۷ weeks پیش37:12

37:12

This week, while Dave Bittner is out, Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus ), are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with a lot of follow up on listener feedback this week! Justin shares a thought about how to track gold deliveries with a simple sting operation involving an AirTag. Xray Specs offers a fun response to a theory about scanning plates and running Python scripts, stating they receive similar emails despite not owning a car. Jim Gilchrist recounts his experience with E-ZPass and unpaid tolls, explaining how a failed transponder led to a replacement and noting the prevalence of scam toll messages. Joe shares two gripping stories this week, one being on how the FBI is seizing $8.2 million from a massive romance scam involving cryptocurrency, and second is on a Maryland woman losing millions in a growing "pig butchering" scheme, with the FBI warning that many more victims are at risk. Maria's story is on an East Hartford woman caught up in a federal sweepstakes scam targeting the elderly. The suspects, including one local resident, allegedly stole millions. What did they do, and how did they get caught? Our catch of the day comes from a user on Reddit who shares a message they got from billionaire, and owner of Tesla, Elon Musk. Resources and links to stories: FBI Cracks 'Pig Butchering' Scam on Dating Sites Maryland woman loses millions in crypto "pig butchering" scam as FBI warns of more targets East Hartford Woman Bilked Elderly In Fake Sweepstakes Scam: Feds Elon Musk Vows To Hand Out $1 Million Checks This Weekend: What To Know Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.