OWASP identification and authentication failures (noun) [Word Notes]

Hacking Humans

Player FM - Internet Radio Done Right

1,263 subscribers

اضافه شده در seven سال پیش

محتوای ارائه شده توسط N2K Networks, Inc. and N2K Networks. تمام محتوای پادکست شامل قسمت‌ها، گرافیک‌ها و توضیحات پادکست مستقیماً توسط N2K Networks, Inc. and N2K Networks یا شریک پلتفرم پادکست آن‌ها آپلود و ارائه می‌شوند. اگر فکر می‌کنید شخصی بدون اجازه شما از اثر دارای حق نسخه‌برداری شما استفاده می‌کند، می‌توانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal

28 روز پیش 5:58

MP3•خانه قسمت

Please enjoy this encore of Word Notes.

Ineffectual confirmation of a user's identity or authentication in session management.

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠

Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016.

673 قسمت

#Security #Software Development #Tech News #Cyber #Deception #Engineering #Social #Tech #News #N2K Networks, Inc #CyberWire

OWASP identification and authentication failures (noun) [Word Notes]

Hacking Humans

1,263 subscribers

published 28 روز پیش

اشتراک گذاری

MP3•خانه قسمت

Please enjoy this encore of Word Notes.

Ineffectual confirmation of a user's identity or authentication in session management.

CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠

Audio reference link: “⁠Mr. Robot Hack - Password Cracking - Episode 1⁠.” YouTube Video. YouTube, September 21, 2016.

673 قسمت

#Security #Software Development #Tech News #Cyber #Deception #Engineering #Social #Tech #News #N2K Networks, Inc #CyberWire

همه قسمت ها

1
Managing online security throughout the decades. 43:09

۶ روز پیش43:09

43:09

This week, our hosts ⁠⁠⁠⁠⁠ Dave Bittner , ⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠ , and ⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with some more chicken follow up, this week, delving into malware-related chicken names. Dave’s got the story of Brevard-based Health First Health Plans teaming up with the FBI to warn consumers about a nationwide medical insurance scam where victims pay upfront for fake coverage and end up stuck with huge medical bills. Maria shares the story on how a recent April 2025 survey reveals that while most US consumers feel confident identifying scams and rely on traditional security measures like strong passwords and two-factor authentication, many still experience scam attempts and data breaches, with real-time threat detection emerging as the most valued feature in security products. Joe shares a personal story about how he was mildly got, got—tricked, that is—he thought he was filling out a quick survey for a waiter, but it actually ended up as a Google review. It's a reminder of how AI and tech are blurring the lines in everyday interactions, and how easily people can get tripped up by these evolving processes. The catch of the day this week is from the Scams sub-Reddit, and Dave reads a text from a scammer claiming to have information on his doing drugs at his old work place. Resources and links to stories: ⁠⁠⁠ ALERT! Brevard-Based Health First Health Plans Joins FBI to Expose Medical Insurance Scam Scams and Protections US Report: April 2025 We make building an app so easy, anyone can do it '700 Indian engineers posed as AI': The London startup that took Microsoft for a ride Artificial Intelligence stories ⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠ ⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠ .…

1
OWASP software and data integrity failures (noun) [Word Notes] 8:27

۷ روز پیش8:27

8:27

Please enjoy this encore of Word Notes. Code and data repositories that don't protect against unauthorized changes.

1
No cameras, no crew—just code. 46:33

13 روز پیش46:33

46:33

This week, our hosts ⁠⁠⁠ ⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠ , and ⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠T-Minus⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: they’re a class action attorney and shared that the best way to verify a notice is to contact the law firm listed in the court documents—plus, unclaimed funds don’t go to the attorneys, but are redistributed to claimants. Maria's story is on a listener dealing with phishing calendar invites that auto-add to their calendar—she shares tips like avoiding the “decline” button, adjusting settings to prevent automatic invite processing, and contacting email admins to help block these pesky requests. Joe's got the story on a film made almost entirely with AI tools like Google Veo and Runway—while the results are stunning, the process was chaotic, proving that human creativity, direction, and a lot of trial and error are still essential behind the scenes. Our cluck of the day is from listener Clayton, who writes in with a scam email sharing a fake job about a virtual interview. Resources and links to stories: ⁠ We Made a Film With AI. You’ll Be Blown Away—and Freaked Out. AI Will Smith eating spaghetti pasta (AI footage and audio) Just got access to Veo 3 and the first thing I did was try the Will Smith spaghetti test. AI video just took a startling leap in realism. Are we doomed? Impossible Challenges (Google Veo 3 ) Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠ .…

1
The great CoGUI caper. [OMITB] 36:20

14 روز پیش36:20

36:20

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠Selena Larson⁠⁠ , ⁠⁠Proofpoint⁠⁠ intelligence analyst and host of their podcast ⁠⁠DISCARDED⁠⁠ . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠N2K Networks⁠⁠ ⁠⁠Dave Bittner⁠⁠ and ⁠Keith Mularski⁠ , former FBI cybercrime investigator and now Chief Global Ambassador at ⁠Qintel⁠ . Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Chinese-speaking threat actors are targeting Japan with a massive phishing campaign using a sneaky new kit called CoGUI, which has hit organizations with over 170 million messages in a single month. The campaign mimics trusted brands like Amazon, PayPay, and Rakuten to steal login and payment info—lining up with warnings from Japan’s Financial Services Agency about attackers cashing out and buying Chinese stocks. While the CoGUI kit is slick with its evasion tricks and browser profiling, your hosts are hot on its trail with new detections to help stop the phishing frenzy.…

1
OWASP server-side request forgery (noun) [Word Notes] 7:38

14 روز پیش7:38

7:38

Please enjoy this encore of Word Notes. An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.

1
Lights, camera, scam! 41:49

20 روز پیش41:49

41:49

This week, our three hosts ⁠⁠⁠Dave Bittner⁠⁠⁠ , ⁠⁠⁠Joe Carrigan⁠⁠⁠ , and ⁠⁠⁠Maria Varmazis⁠⁠⁠ (also host of the ⁠⁠⁠T-Minus⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a bit of follow up, one from listener Aaron, who shares some safety tips for chickens, and from listener Shannon, who writes in with a new fashion statement. Maria’s got the story on how Trump’s sweeping new tariffs are creating the “perfect storm” for scams, as cybercriminals exploit consumer confusion with fake fee requests, shady links, and urgent messages—three red flags experts say to watch for. Joe shares the story of a new FBI warning about an AI-driven phone scam targeting iPhone and Android users, where scammers impersonate senior U.S. officials through fake texts and voice messages to steal personal information via malicious links. Dave shares the story of a classic Hollywood pitch deck scam, where fake agents from bogus production companies like "Hollywood Talent Agency" and "Writer’s Edge Production" lure authors into paying for useless film services with promises of big-screen adaptations. We have our new Cluck of the Day, and this week, Jonathan Webster shares a classic scam attempt: a fake PayPal invoice PDF designed to trick recipients into calling a fraudulent support number or paying a bogus charge. Resources and links to stories: Trump tariffs create the ‘perfect storm’ for scams, cybersecurity expert says — 3 red flags to watch out for FBI warns of new phone scam targeting iPhone, Android users, advises not to answer these messages Senior US Officials Impersonated in Malicious Messaging Campaign The Hollywood Talent Agency / Writers Edge Production Scam Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠ .…

1
OWASP security logging and monitoring failures (noun) [Word Notes] 6:04

21 روز پیش6:04

6:04

Please enjoy this encore of Word Notes. The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.

1
Scam me once. 58:06

27 روز پیش58:06

58:06

This week, our three hosts ⁠⁠Dave Bittner⁠⁠ , ⁠⁠Joe Carrigan⁠⁠ , and ⁠⁠Maria Varmazis⁠⁠ (also host of the ⁠⁠T-Minus⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Jim notes that money launderers and couriers mentioned in recent episodes are often scam victims themselves, unknowingly processing fraudulent payments or delivering items, sometimes with tragic consequences like an innocent Uber driver being shot. Dave shares two close calls with scams this week: one where a bank employee saved a 75-year-old customer from losing $9,000 to a Facebook crypto scam, and another where a scammer impersonating “Officer Shane Kitchens” nearly tricked his mom into sending $3,500 for fake bail and ankle monitor fees after a family member was arrested. Joe's got three short stories this week—one is on how someone tried scamming his wife, another about a DoorDash driver who admitted to stealing $2.5 million in a delivery scam, and the last on a warning to billions of Gmail users to remain vigilant over a terrifying new phishing scheme. Maria sits down with Alex Hall , Trust and Safety Architect at Sift , to discuss the rise of job scams. Our catch of the day comes from Jonathan who writes in with a fake PayPal invoice. Resources and links to stories: You all saved my customer today Loved one got arrested, next day got a call from a “Sergeant” at the county jail. DoorDash driver admits to stealing $2.5M in delivery scam Billions of Gmail users warned to 'remain vigilant' over terrifying scam Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠ .…

1
OWASP identification and authentication failures (noun) [Word Notes] 5:58

28 روز پیش5:58

5:58

Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure⁠ Audio reference link: “ ⁠Mr. Robot Hack - Password Cracking - Episode 1⁠ .” YouTube Video. YouTube, September 21, 2016.…

1
The band is finally back together. 43:33

۵ weeks پیش43:33

43:33

And....we're back! This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are all back to share the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. The team shares three bits of follow-up and then breaks into their stories. Joe starts off sharing some stories about influencer fakery on fake private jet sets and a scam taking advantage of the RealID requirements coming into effect. Maria talks about "Scam Survivor Day" (it's a real thing). She also talks about a former Facebooker's tell-all "Careless People." Dave shares a story about fake Social Security statements. Our Catch of Day comes from Richard about a truck win. Resources and links to stories: Private Executive Jet Private Jet Set for exhibitions, events and photo opportunities REAL ID scams surge with arrival of deadline Wednesday Don't Blame the Victim: 'Fraud Shame' and Cybersecurity Facebook Allegedly Detected When Teen Girls Deleted Selfies So It Could Serve Them Beauty Ads Beware of Fake Social Security Statement That Tricks Users to Install Malware Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠ .…

1
Log4j vulnerability (noun) [Word Notes] 9:16

۵ weeks پیش9:16

9:16

Please enjoy this encore of Word Notes. An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/log4j⁠ Audio reference link: “ ⁠CISA Director: The LOG4J Security Flaw Is the ‘Most Serious’ She’s Seen in Her Career⁠ ,” by Eamon Javers (CNBC) and Jen Easterly (Cybersecurity and Infrastructure Security Director) YouTube, 20 December 20 2021.…

1
What’s inside the mystery box? Spoiler: It’s a scam! 46:13

۶ weeks پیش46:13

46:13

As Dave Bittner is at the RSA Conference this week, our hosts ⁠⁠ Maria Varmazis and ⁠⁠Joe Carrigan⁠⁠ , are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from José on episode 335, sharing how UK banking features like Faster Payments and the “Check Payee” function might have helped prevent a scam involving fake banking apps—and he even tells a wild tale of someone using a fake app to reverse-scam a bike thief. Joe covers the House’s overwhelming passage of the SHIELD Act to ban revenge porn—including deepfakes—and why critics say it could threaten encryption. He also shares a strong warning about trust and the real risks of sharing intimate images. Maria has the story of a surge in sophisticated subscription scams, where cybercriminals use fake “mystery box” websites, social media ads, and influencer impersonations to trick users into handing over credit card data and signing up for hidden recurring payments. Bitdefender researchers warn these polished scams are part of a broader evolution in social engineering, designed to bypass skepticism and evade detection. Our Catch of the Day comes from listener Rick, who received a suspicious email that appears to be from Harbor Freight—a popular U.S. retailer known for affordable tools and equipment—offering a “free gift” to the recipient… classic bait for a likely scam. Resources and links to stories: ⁠ House Passes Bill to Ban Sharing of Revenge Porn, Sending It to Trump TAKE IT DOWN Act Trump’s hasty Take It Down Act has “gaping flaws” that threaten encryption Congress Passes TAKE IT DOWN Act Despite Major Flaws Mystery Box Scams Deployed to Steal Credit Card Data Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠hackinghumans@n2k.com⁠⁠ .…

1
The RMM protocol: Remote, risky, and ready to strike. [OMITB] 41:40

۶ weeks پیش41:40

41:40

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠Selena Larson⁠ , ⁠Proofpoint⁠ intelligence analyst and host of their podcast ⁠DISCARDED⁠ . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by ⁠N2K Networks⁠ ⁠Dave Bittner⁠ and our newest co-host, Keith Mularski , former FBI cybercrime investigator and now Chief Global Ambassador at Quintel . Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss the growing trend of cybercriminals using legitimate remote monitoring and management (RMM) tools in email campaigns as a first-stage payload. They explore how these tools are being leveraged for data theft, financial fraud, and lateral movement within networks. With the decline of traditional malware delivery methods, including loaders and botnets, the shift toward RMMs marks a significant change in attack strategies. Tune in to learn more about this evolving threat landscape and how to stay ahead of these tactics.…

1
OWASP broken access control (noun) [Word Notes] 7:30

۶ weeks پیش7:30

7:30

Please enjoy this encore of Word Notes. Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls.

1
The prince, the pretender, and the PSA. 28:35

۷ weeks پیش28:35

28:35

As Maria is on vacation this week, our hosts ⁠Dave Bittner⁠ and ⁠Joe Carrigan⁠ , are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Joe and Dave are joined by guest Rob Allen from ThreatLocker who shares a story on how a spoofed call to the help desk unraveled into a full-blown cyber siege on MGM Resorts. Joe’s story is on a new FBI warning: scammers are impersonating the Internet Crime Complaint Center (IC3), the very site where people go to report online fraud. Dave's got the story of a so-called “Nigerian prince” scammer who turned out to be a 67-year-old man from Louisiana, now facing 269 counts of wire fraud for helping funnel money to co-conspirators in Nigeria. Our catch of the day comes from a scams subreddit, and is on a message received from the Department of Homeland Security reaching out to a user to share that they are a victim of fraud. Resources and links to stories: Investigating the MGM Cyberattack – How social engineering and a help desk put the whole strip at risk. Brian Krebs LinkedIn FBI Warns of Scammers Impersonating the IC3 IC3 2024 Report 'Nigerian prince' scammer was 67-year-old from Louisiana, police say Have a Catch of the Day you'd like to share? Email it to us at ⁠hackinghumans@n2k.com⁠ .…

به Player FM خوش آمدید!

Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.

به بیش از 500 موضوع گوش کنید

1,263 subscribers

مشابه Hacking Humans

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

TERRO Ant Killer Bait Stations T300B - Liquid Bait to Eliminate Ants - 12 Count Stations for Effective Indoor Ant Control

Pluto TV - Watch Free Movies, Shows & Live TV

پادکست هایی که ارزش شنیدن دارند

Hacking Humans « » OWASP identification and authentication failures (noun) [Word Notes]

OWASP identification and authentication failures (noun) [Word Notes]

پادکست هایی که ارزش شنیدن دارند

به Player FM خوش آمدید!

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

Dad, I Want to Hear Your Story: A Father’s Guided Journal To Share His Life & His Love (Hear Your Story Books)

Peacock TV

The Let Them Theory: A Life-Changing Tool That Millions of People Can't Stop Talking About

مشابه Hacking Humans

راهنمای مرجع سریع

Hacking Humans « »
OWASP identification and authentication failures (noun) [Word Notes]