Épisodes

  • Malware metamorphosis: 2024 reflections and 2025 predictions. [Only Malware in the building]

    Malware metamorphosis: 2024 reflections and 2025 predictions. [Only Malware in the building]
    Jan 7 2025
    Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what’s next in 2025.
    Afficher plus Afficher moins
    55 min
  • common vulnerabilities and exposures (CVE) (noun) [Word Notes]

    common vulnerabilities and exposures (CVE) (noun) [Word Notes]
    Jan 7 2025
    A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world.
    Afficher plus Afficher moins
    7 min
  • The intersection of hackers, scammers, and false collaborations.

    The intersection of hackers, scammers, and false collaborations.
    Jan 2 2025
    On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First off, our hosts share some follow up, Asher wrote in to discuss follow up on the AI granny. Maria's story covers a "new QR code scam" involving unsolicited packages and brushing tactics, where scammers lure victims into scanning malicious QR codes to steal personal and financial information. Joe's story highlights how the FBI and CISA urge Americans to secure their text messages using end-to-end encryption to combat sophisticated hacking campaigns linked to China's government, which target telecom networks and user data. Dave's story highlights how pallet liquidation scams target buyers with offers of discounted merchandise, warning against red flags like unrealistic prices and unverified sellers. Our Catch of the Day comes from Jim, who shares a suspicious email he received offering a collaboration under the guise of a business partnership, which included overly generic language and an unusual sign-off from "Robert De Niro." Resources and links to stories: New warning about ‘brushing’ scam as victims are reported in Colorado FBI warns Americans to keep their text messages secure: What to know Pallet liquidation scams and how to recognize them Mobile Communications Best Practice Guidance You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Afficher plus Afficher moins
    42 min
  • dead-box forensics (noun) [Word Notes]

    dead-box forensics (noun) [Word Notes]
    Dec 31 2024
    A forensic technique where practitioners capture an entire image of a system and analyze the contents offline.
    Afficher plus Afficher moins
    6 min
  • New tools, old problems.

    New tools, old problems.
    Dec 26 2024
    Please enjoy this encore episode of Hacking Humans. This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She discusses how AI is being used as a possible solution to one of the oldest scams in the book in Japan. Dave and Joe share some listener follow up, one from listener Alan and one from Clinton, who both write in about a recent episode and they share their thoughts on the story of Charlotte Cowles being scammed out of $50,000. Dave shares a story about calendar meeting links, from Calendly, a popular application for scheduling appointments and meetings, being used to spread mac malware. Joe shares write ins from several listeners, some writing in to share experiences with scams they have come across, others writing to warn others on scams they have seen used in the real world. Our catch of the day comes from Zach with an oddity, getting scammed by mail! Please take a moment to fill out an audience survey! Let us know how we are doing! Links to the stories: Japan’s new ATMs automatically play anti-fraud videos to people talking on mobile phones【Video】 Fraudsters in Japan use foreigners' bank accounts in cash grab 【警察庁】ATMで携帯電話…AIで検知し警告表示 特殊詐欺の被害増受け Calendar Meeting Links Used to Spread Mac Malware IDcare You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com.
    Afficher plus Afficher moins
    49 min
  • cybersecurity maturity model certification (CMMC) (noun) [Word Notes]

    cybersecurity maturity model certification (CMMC) (noun) [Word Notes]
    Dec 24 2024
    Please enjoy this encore episode of Word Notes. A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025.
    Afficher plus Afficher moins
    7 min
  • Gold bars and bold lies.

    Gold bars and bold lies.
    Dec 19 2024
    On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First we start off with some follow up, our hosts share some more information on VIN swapping, and a clarification on bank participation in FinCEN. Maria shares a telling tale about a Bethesda couple loosing $367,000 in gold bars to a sophisticated scam involving fake officials and elaborate deceptions, but a police sting led to the arrest of a suspect, highlighting a growing nationwide trend of elderly victims targeted by gold bar fraud. Joe's story comes from KnowBe4 and is on DavidB, their VP of Asia Pacific, thwarting a sophisticated social engineering attack via WhatsApp by recognizing inconsistencies in the impersonator’s behavior and verifying directly with the colleague they claimed to be. Dave's story comes from the FBI on how criminals are exploiting generative AI to enhance fraud schemes, including using AI-generated text, images, audio, and video to create convincing social engineering attacks, phishing scams, and identity fraud, while offering tips to protect against these threats. Our catch of the day comes from a listener who received an urgent email from someone claiming to be an FBI agent with a rather dramatic tale about intercepted consignment boxes, missing documents, and a ticking clock—but let's just say this "agent" might need some better training in both law enforcement and grammar. Resources and links to stories: “VIN swap scam costs Las Vegas man $50K, new truck" FinCEN Gold bar scammers claimed hackers could fund Russian missiles, police say Real Social Engineering Attack on KnowBe4 Employee Foiled Criminals Use Generative Artificial Intelligence to Facilitate Financial Fraud You can hear more from the T-Minus space daily show here. Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@n2k.com.
    Afficher plus Afficher moins
    46 min
  • incident response (noun) [Word Notes]

    incident response (noun) [Word Notes]
    Dec 17 2024
    Please enjoy this encore episode of Word Notes. A collection of people, process, and technology that provides an organization the ability to detect and respond to cyber attacks.
    Afficher plus Afficher moins
    8 min