Player FM - Internet Radio Done Right
1,267 subscribers
Checked 3d ago
اضافه شده در seven سال پیش
محتوای ارائه شده توسط N2K Networks, Inc. and N2K Networks. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط N2K Networks, Inc. and N2K Networks یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
OWASP software and data integrity failures (noun) [Word Notes]
Manage episode 487897995 series 2324004
محتوای ارائه شده توسط N2K Networks, Inc. and N2K Networks. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط N2K Networks, Inc. and N2K Networks یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Please enjoy this encore of Word Notes.
Code and data repositories that don't protect against unauthorized changes.
679 قسمت
Manage episode 487897995 series 2324004
محتوای ارائه شده توسط N2K Networks, Inc. and N2K Networks. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط N2K Networks, Inc. and N2K Networks یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
Please enjoy this encore of Word Notes.
Code and data repositories that don't protect against unauthorized changes.
679 قسمت
همه قسمت ها
×This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up, as Joe shares with us a complaint he has with Vanguard. Maria’s story is on McAfee’s latest research revealing that one in five Americans has fallen for a travel scam—often losing hundreds of dollars—despite many trying to stay vigilant, as scammers use fake websites, AI-altered photos, and phishing links to exploit deal-seeking travelers. Joe’s got two stories this week: the first one is from Rachel Tobac on LinkedIn, breaking down how attackers like Scattered Spider are using phone-based impersonation, fake domains, and social engineering to breach insurance companies, and the second is on Aflac confirming it was hit in a cyberattack believed to be part of a broader campaign targeting the insurance sector, likely tied to the same threat group. Dave’s story is on brushing scams, a scheme the United States Postal Service is warning about, where scammers send unordered packages—often low-cost items—to people’s addresses so they can fraudulently post fake “verified” reviews online using the recipient’s name and address to boost product rankings. Our catch of the day is from the scams sub-Reddit, where someone shared text messages from a scammer asking for only a small favor. Complete our annual audience survey before August 31. Resources and links to stories: New McAfee Report Finds Young Adults Fall for Travel Scams More Often Than Older Generations Rachel Tobac LinkedIn Aflac Latest Insurer to Suffer Cyberattack and Data Breach Brushing Scam - Unexpected Package US Postal Inspection Service Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…
H
Hacking Humans


Please enjoy this encore of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and our newest co-host, Keith Mularski , former FBI cybercrime investigator and now Chief Global Ambassador at Qintel . Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss the growing trend of cybercriminals using legitimate remote monitoring and management (RMM) tools in email campaigns as a first-stage payload. They explore how these tools are being leveraged for data theft, financial fraud, and lateral movement within networks. With the decline of traditional malware delivery methods, including loaders and botnets, the shift toward RMMs marks a significant change in attack strategies. Tune in to learn more about this evolving threat landscape and how to stay ahead of these tactics.…
H
Hacking Humans


Please enjoy this encore of Word Notes. A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops. CyberWire Glossary link: https://thecyberwire.com/glossary/bsimm Audio reference link: “ OWASP AppSecUSA 2014 - Keynote: Gary McGraw - BSIMM: A Decade of Software Security .” YouTube Video. YouTube, September 19, 2014.…
H
Hacking Humans


This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from listener Abdussobur, who wonders if a pair of suspicious text messages—one sent to his wife and another to him with a nearby address—could be the result of a data breach. Joe's story is on a surge of financial aid fraud where identity thieves, often using AI chatbots as “ghost students,” are enrolling in online college courses to steal federal funds—leaving real people like Heather Brady and Wayne Chaw with fake loans and months of bureaucratic cleanup. Dave's got the story on how the FIN6 cybercriminal group is posing as job seekers on LinkedIn to trick recruiters into opening malware-laced resumes, using deceptive tactics like fake portfolio sites and the MoreEggs backdoor to steal credentials and launch ransomware attacks. Maria's story is on a Pennsylvania woman who scammed over $800,000—nearly $466,000 from a Cedar Rapids church—by hacking emails and rerouting payments, claiming she did it under the direction of a famous British actor she was allegedly dating. Our catch of the day is on a convincing but bogus text claiming an overdue traffic fine under a fake regulation—complete with threats of license suspension and credit damage—all designed to trick recipients into clicking a malicious link. Resources and links to stories: How scammers are using AI to steal college financial aid FIN6 cybercriminals pose as job seekers on LinkedIn to hack recruiters Woman scams church out of over $450,000, says famous British actor told her to do it Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…
Please enjoy this encore of Word Notes. Software libraries, frameworks, packages, and other components, and their dependencies (third-party code that each component uses) that have inherent security weaknesses, either through newly discovered vulnerabilities or because newer versions have superseded the deployed version. Audio reference Link: " The Panama Papers: A Closer Look ," Late Night with Seth Meyers, YouTube, 12 April 2016…
H
Hacking Humans


Please enjoy this encore of Hacking Humans. On Hacking Humans, Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. Maria shares a telling tale about a Bethesda couple loosing $367,000 in gold bars to a sophisticated scam involving fake officials and elaborate deceptions, but a police sting led to the arrest of a suspect, highlighting a growing nationwide trend of elderly victims targeted by gold bar fraud. Joe's story comes from KnowBe4 and is on DavidB, their VP of Asia Pacific, thwarting a sophisticated social engineering attack via WhatsApp by recognizing inconsistencies in the impersonator’s behavior and verifying directly with the colleague they claimed to be. Dave's story comes from the FBI on how criminals are exploiting generative AI to enhance fraud schemes, including using AI-generated text, images, audio, and video to create convincing social engineering attacks, phishing scams, and identity fraud, while offering tips to protect against these threats. Our catch of the day comes from a listener who received an urgent email from someone claiming to be an FBI agent with a rather dramatic tale about intercepted consignment boxes, missing documents, and a ticking clock—but let's just say this "agent" might need some better training in both law enforcement and grammar. Resources and links to stories: “VIN swap scam costs Las Vegas man $50K, new truck" FinCEN Gold bar scammers claimed hackers could fund Russian missiles, police say Real Social Engineering Attack on KnowBe4 Employee Foiled Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud You can hear more from the T-Minus space daily show here . Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…
This week, our hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start off with some more chicken follow up, this week, delving into malware-related chicken names. Dave’s got the story of Brevard-based Health First Health Plans teaming up with the FBI to warn consumers about a nationwide medical insurance scam where victims pay upfront for fake coverage and end up stuck with huge medical bills. Maria shares the story on how a recent April 2025 survey reveals that while most US consumers feel confident identifying scams and rely on traditional security measures like strong passwords and two-factor authentication, many still experience scam attempts and data breaches, with real-time threat detection emerging as the most valued feature in security products. Joe shares a personal story about how he was mildly got, got—tricked, that is—he thought he was filling out a quick survey for a waiter, but it actually ended up as a Google review. It's a reminder of how AI and tech are blurring the lines in everyday interactions, and how easily people can get tripped up by these evolving processes. The catch of the day this week is from the Scams sub-Reddit, and Dave reads a text from a scammer claiming to have information on his doing drugs at his old work place. Resources and links to stories: ALERT! Brevard-Based Health First Health Plans Joins FBI to Expose Medical Insurance Scam Scams and Protections US Report: April 2025 We make building an app so easy, anyone can do it '700 Indian engineers posed as AI': The London startup that took Microsoft for a ride Artificial Intelligence stories Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…
Please enjoy this encore of Word Notes. Code and data repositories that don't protect against unauthorized changes.
This week, our hosts Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow-up from a listener on class action settlements: they’re a class action attorney and shared that the best way to verify a notice is to contact the law firm listed in the court documents—plus, unclaimed funds don’t go to the attorneys, but are redistributed to claimants. Maria's story is on a listener dealing with phishing calendar invites that auto-add to their calendar—she shares tips like avoiding the “decline” button, adjusting settings to prevent automatic invite processing, and contacting email admins to help block these pesky requests. Joe's got the story on a film made almost entirely with AI tools like Google Veo and Runway—while the results are stunning, the process was chaotic, proving that human creativity, direction, and a lot of trial and error are still essential behind the scenes. Our cluck of the day is from listener Clayton, who writes in with a scam email sharing a fake job about a virtual interview. Resources and links to stories: We Made a Film With AI. You’ll Be Blown Away—and Freaked Out. AI Will Smith eating spaghetti pasta (AI footage and audio) Just got access to Veo 3 and the first thing I did was try the Will Smith spaghetti test. AI video just took a startling leap in realism. Are we doomed? Impossible Challenges (Google Veo 3 ) Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…
Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson , Proofpoint intelligence analyst and host of their podcast DISCARDED . Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts N2K Networks Dave Bittner and Keith Mularski , former FBI cybercrime investigator and now Chief Global Ambassador at Qintel . Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our hosts discuss Chinese-speaking threat actors are targeting Japan with a massive phishing campaign using a sneaky new kit called CoGUI, which has hit organizations with over 170 million messages in a single month. The campaign mimics trusted brands like Amazon, PayPay, and Rakuten to steal login and payment info—lining up with warnings from Japan’s Financial Services Agency about attackers cashing out and buying Chinese stocks. While the CoGUI kit is slick with its evasion tricks and browser profiling, your hosts are hot on its trail with new detections to help stop the phishing frenzy.…
Please enjoy this encore of Word Notes. An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers.
H
Hacking Humans


This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a bit of follow up, one from listener Aaron, who shares some safety tips for chickens, and from listener Shannon, who writes in with a new fashion statement. Maria’s got the story on how Trump’s sweeping new tariffs are creating the “perfect storm” for scams, as cybercriminals exploit consumer confusion with fake fee requests, shady links, and urgent messages—three red flags experts say to watch for. Joe shares the story of a new FBI warning about an AI-driven phone scam targeting iPhone and Android users, where scammers impersonate senior U.S. officials through fake texts and voice messages to steal personal information via malicious links. Dave shares the story of a classic Hollywood pitch deck scam, where fake agents from bogus production companies like "Hollywood Talent Agency" and "Writer’s Edge Production" lure authors into paying for useless film services with promises of big-screen adaptations. We have our new Cluck of the Day, and this week, Jonathan Webster shares a classic scam attempt: a fake PayPal invoice PDF designed to trick recipients into calling a fraudulent support number or paying a bogus charge. Resources and links to stories: Trump tariffs create the ‘perfect storm’ for scams, cybersecurity expert says — 3 red flags to watch out for FBI warns of new phone scam targeting iPhone, Android users, advises not to answer these messages Senior US Officials Impersonated in Malicious Messaging Campaign The Hollywood Talent Agency / Writers Edge Production Scam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…
Please enjoy this encore of Word Notes. The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system.
H
Hacking Humans


This week, our three hosts Dave Bittner , Joe Carrigan , and Maria Varmazis (also host of the T-Minus Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. Listener Jim notes that money launderers and couriers mentioned in recent episodes are often scam victims themselves, unknowingly processing fraudulent payments or delivering items, sometimes with tragic consequences like an innocent Uber driver being shot. Dave shares two close calls with scams this week: one where a bank employee saved a 75-year-old customer from losing $9,000 to a Facebook crypto scam, and another where a scammer impersonating “Officer Shane Kitchens” nearly tricked his mom into sending $3,500 for fake bail and ankle monitor fees after a family member was arrested. Joe's got three short stories this week—one is on how someone tried scamming his wife, another about a DoorDash driver who admitted to stealing $2.5 million in a delivery scam, and the last on a warning to billions of Gmail users to remain vigilant over a terrifying new phishing scheme. Maria sits down with Alex Hall , Trust and Safety Architect at Sift , to discuss the rise of job scams. Our catch of the day comes from Jonathan who writes in with a fake PayPal invoice. Resources and links to stories: You all saved my customer today Loved one got arrested, next day got a call from a “Sergeant” at the county jail. DoorDash driver admits to stealing $2.5M in delivery scam Billions of Gmail users warned to 'remain vigilant' over terrifying scam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com .…
Please enjoy this encore of Word Notes. Ineffectual confirmation of a user's identity or authentication in session management. CyberWire Glossary link: https://thecyberwire.com/glossary/owasp-identification-and-authentication-failure Audio reference link: “ Mr. Robot Hack - Password Cracking - Episode 1 .” YouTube Video. YouTube, September 21, 2016.…
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.