Hacker And The Fed

Follow Hacker And The Fed
Share on
Copy link to clipboard

NAXO co-founder and former FBI Special Agent, Chris Tarbell, and ex-Anonymous/LulzSec blackhat hacker turned network penetration tester, Hector Monsegur (aka Sabu), once faced off as adversaries in cyberspace before becoming close friends and now podcast co-hosts. Whether you are a legal professional, cybersecurity practitioner, or forensic investigator, Chris and Hector will bring you their unique perspectives on the latest developments in cybersecurity. Each month, Chris and Hector will sit down to discuss: Recent cyber attacks and key takeaways Regulatory developments that impact how companies and individuals guard their data New attack vectors and capabilities, including breakdowns of how they can be protected against Techniques to keep you, your family, and your company safe from cyber attacks Subscribe to be the first to hear about new Hacker and the Fed episodes. Contact us at hatf@naxo.com if you have a topic you’d like Chris and Hector to discuss on the podcast. Find out more about NAXO: www.naxo.com Follow us on LinkedIn: https://www.linkedin.com/company/81891840 Follow Chris on LinkedIn: https://www.linkedin.com/in/chris-tarbell-20b129278/ Follow Hector on LinkedIn: https://www.linkedin.com/in/hxmonsegur/ ----------------- By accessing this podcast, you acknowledge that the Hacker and the Fed podcasts and any information, opinions or recommendations contained therein are for general informational purposes only, and are not intended to provide legal, tax, financial, or investment advice. Listeners should consult their own advisors before making these types of decisions. NAXO has no responsibility or liability for any decision made or any other acts or omissions in connection with your use of this material and any reliance upon the information provided in the Hacker and the Fed podcast is done at your own risk. NAXO makes no warranty, guarantee or representation as to the accuracy, sufficiency, completeness, timeliness, suitability or validity of the information in this podcast and will not be responsible for any claim attributable to errors, omissions, or other inaccuracies of any part of such material. Unless specifically stated otherwise, NAXO does not endorse, approve, recommend or certify any information, product, process, service or organization presented or mentioned in this podcast, and information from this podcast should not be referenced in any way to imply such approval or endorsement. The views expressed by guests are their own and their appearance on this podcast does not imply an endorsement of them or any entity they represent. Views and opinions expressed by NAXO employees are those of the employees and do not necessarily reflect the views of NAXO. The third-party materials or content of any third-party site referenced in this podcast do not necessarily reflect the opinions, standards or policies of NAXO. NAXO assumes no responsibility or liability for the accuracy or completeness of the content contained in third-party materials or on third-party sites referenced in this podcast or the compliance with applicable laws of such materials and/or links referenced herein. Moreover, NAXO makes no warranty that this podcast, or the server that makes it available, is free of viruses, worms or other elements or codes that manifest contaminating or destructive properties. NAXO EXPRESSLY DISCLAIMS ANY AND ALL LIABILITY OR RESPONSIBILITY FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, CONSEQUENTIAL OR OTHER DAMAGES ARISING OUT OF ANY INDIVIDUAL'S USE OF, REFERENCE TO, RELIANCE ON, OR INABILITY TO USE, THIS PODCAST OR THE INFORMATION PRESENTED IN THIS PODCAST.

NAXO


    • May 15, 2025 LATEST EPISODE
    • weekly NEW EPISODES
    • 57m AVG DURATION
    • 80 EPISODES

    Ivy Insights

    The Hacker and The Fed podcast is a captivating and informative show that delves into the world of cybersecurity and cybercrime. Hosted by Chris, a hacker, and Hector, a federal agent, this dynamic duo brings a unique perspective to the table with their real-world experiences and expertise.

    One of the best aspects of this podcast is the entertaining factor. Unlike other technology sector talk formats that can be droning and monotonous, The Hacker and The Fed keeps listeners engaged with its witty banter and interesting stories. Chris and Hector have a great rapport that shines through in their conversations, making it enjoyable to listen to each episode. Additionally, they strike a perfect balance between providing facts about cybersecurity feats and digging into the "how" behind them. This combination of entertainment and education makes for an engaging listening experience.

    Furthermore, the hosts' different backgrounds add depth to the show. Chris brings his hacker perspective while Hector contributes insights from his work as a federal agent. This allows for a well-rounded discussion about cybersecurity that covers various angles and aspects of the field. It also offers valuable insights into how to protect devices from bad actors and navigate potential threats.

    On the downside, one aspect that could be improved is the audio quality. While both hosts are clear and easy to understand, it is evident that Hector could benefit from upgrading his microphone. His current setup sometimes comes across as less professional compared to Chris's audio quality.

    In conclusion, The Hacker and The Fed podcast is an exceptional show for anyone interested in cybersecurity or wanting to learn more about protecting their devices from cyber threats. Chris and Hector's knowledge and experience make them credible hosts who provide valuable insights into this complex field while keeping things entertaining along the way. Despite minor audio quality issues, this podcast has all the ingredients for success, making it one worth subscribing to for those looking to expand their knowledge of cybersecurity topics in an engaging format.



    Search for episodes from Hacker And The Fed with a specific topic:

    Latest episodes from Hacker And The Fed

    LulzSec, LockBit & the Price of Weak Security

    Play Episode Listen Later May 15, 2025 46:34


    Chris and Hector dive into the recent breach of the LockBit ransomware gang and what it reveals about operational security failures—even among hackers. They discuss the fallout from the Pegasus spyware scandal, with NSO Group ordered to pay $168 million, and explore the troubling reliance on vulnerable federal contractors. Plus, Hector delivers one of his signature rants—this time on who's really watching the watchers. Join our new Patreon! ⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠ Send HATF your questions at ⁠⁠⁠questions@hackerandthefed.com

    Joe Rogan, Ross Ulbricht, and the $1 Billion Disney Hack

    Play Episode Listen Later May 8, 2025 45:29


    Chris and Hector react to Joe Rogan's take on the Ross Ulbricht case, break down the $1B Disney Slack data breach, and explain why passkeys are the next big thing in cybersecurity. Join our new Patreon! ⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠ Send HATF your questions at ⁠⁠questions@hackerandthefed.com

    Credential Theft, InfoStealers, and the Rise of Cyber Snake Oil

    Play Episode Listen Later May 1, 2025 54:24


    Chris and Hector break down the 2025 Mandiant threat report, expose rising cyberattack trends, rant about bad CISOs, and discuss a wild case of a cybersecurity CEO caught installing malware in a hospital. Join our new Patreon! ⁠https://www.patreon.com/c/hackerandthefed⁠ Send HATF your questions at ⁠questions@hackerandthefed.com

    DOGE Drama, Digital Grit, and CVE Chaos

    Play Episode Listen Later Apr 24, 2025 51:49


    Chris Tarbell and Hector Monsegur dive into the near-shutdown of the CVE system, a whistleblower's wild claims about the Doge agency and Russian logins, and why the future of cybersecurity depends on more entrepreneurs stepping up. Sharp takes, tech insights, and signature banter throughout. Join our new Patreon! https://www.patreon.com/c/hackerandthefed Send HATF your questions at questions@hackerandthefed.com

    Starlink Bugs, Bank Regulator Breach, and the LastPass Fallout

    Play Episode Listen Later Apr 17, 2025 40:47


    Hector's back from Miami, rubber ducky giveaways in tow, and diving deep into a wild week of cyber news—from Elon Musk's Starlink bug bounty to a stealthy year-long breach of U.S. bank regulators. The guys unpack major incidents including a Stuxnet-style espionage campaign in Ukraine, AI-powered spear phishing, and yet another haunting update in the LastPass hack saga. But the real fireworks come in Hector's rant, where he slams the cybersecurity industry's political silence and calls out its leaders for cowardice. Join our new Patreon! https://www.patreon.com/c/hackerandthefed

    Oracle Breach, MGM Hacker Busted, North Korean IT Scams

    Play Episode Listen Later Apr 10, 2025 37:34


    This week on Hacker in the Fed, Chris Hector dive into the chaos of the last few weeks in cybersecurity. From Oracle's alleged breach cover-up and legal trouble to the ongoing threat of North Korean IT infiltration, the guys break down the biggest stories making waves. They also reveal new details behind the infamous Caesars and MGM ransomware attacks — including how one hacker was caught — and share updates on changes coming to the podcast, including a new Patreon!

    Telecom Hacks, AI Fears, and the Quantum Threat – Plus, Hector Rants!

    Play Episode Listen Later Mar 20, 2025 51:26


    This week on Hacker in the Fed, Hector shares his recent travels, including a trip to Chicago, while Chris discusses his AI presentation and the evolving concerns around artificial intelligence. They break down the security risks in telecom networks, the dangers of unsecured cloud storage, and the legal gray areas of independent security research. Plus, a special listener shoutout, a discussion on quantum computing's impact on cybersecurity, and Hector's weekly rant on the confusing jargon in the cybersecurity industry. Send HATF your questions at questions@hackerandthefed.com.

    Hacks, Heists, and the Rise of Digital Deception

    Play Episode Listen Later Mar 13, 2025 53:55


    In this episode of Hacker in the Fed, Chris Tarbell and Hector Monsegur discuss their recent travels, major cybersecurity threats, and the dangers of disinformation. Topics include a Bluetooth backdoor affecting a billion devices, a $150M crypto heist linked to the LastPass hack, and malware spreading via GitHub. Plus, Hector's take on propaganda and narrative warfare. Send HATF your questions at questions@hackerandthefed.com.

    Smart Bed Backdoor, Crypto Heists, Router Hacks, and U.S. Cyber Command's Stand Down

    Play Episode Listen Later Mar 6, 2025 54:58


    In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss GrayNoise's 2025 Mass Internet Exploitation Report, revealing how attackers are exploiting vulnerabilities faster than ever, particularly targeting home routers. The two also cover a shocking backdoor discovery in the Eight Sleep smart mattress, the rising trend of violent crypto-related attacks, and the recent Bybit hack. Hector wraps up with a deep dive into the U.S. Cyber Command's recent decision to halt cyber operations against Russia and what it means for national security. Send HATF your questions at questions@hackerandthefed.com.

    Inside a Ransomware Gang, Leaked Logs, a $1.4B Crypto Heist & Signal Under Attack

    Play Episode Listen Later Feb 27, 2025 48:28


    In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss the leaked Black Basta ransomware logs, a $1.4 billion crypto heist, and new threats targeting Signal Messenger. They also share insights from their latest speaking events, the role of AI in cybersecurity, and the pros and cons of IT centralization in government. Send HATF your questions at questions@hackerandthefed.com.

    School Cyberattacks, Swatting as a Service, and Hector Rants on the Broken Cybersecurity Job Market

    Play Episode Listen Later Feb 20, 2025 53:32


    In this episode of Hacker in the Fed, former FBI special agent Chris Tarbell and ex-black hat hacker turned cybersecurity expert Hector Monsegur discuss alarming trends in school cyberattacks and the lack of transparency in reporting breaches, a disturbing case of "swatting as a service," and the ongoing challenges in the cybersecurity job market. Hector delivers a passionate rant on hiring issues in the industry, highlighting unrealistic job requirements and outsourcing concerns. Send HATF your questions at questions@hackerandthefed.com.

    SSH Backdoors, the Decline of Ransomware Payments, and Hector Rants on a MASSIVE Insider Threat

    Play Episode Listen Later Feb 13, 2025 54:40


    This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discussdiscuss a newly discovered SSH backdoor used by Chinese cyber spies, the alarming rise of insider threats in critical U.S. infrastructure, and the significant drop in ransomware payments in 2024. Hector also delivers a passionate rant about government security oversight and the risks posed by unvetted personnel in federal systems. Plus, the duo shares insights on bypassing corporate security with SSH tunneling, the evolution of cybercrime tactics, and why cybersecurity resilience is more crucial than ever. Send HATF your questions at questions@hackerandthefed.com.

    Hacked Healthcare, Hacked Cars & The Hidden Risks of Modern Tech

    Play Episode Listen Later Feb 6, 2025 49:13


    This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss a shocking backdoor found in healthcare patient monitors linked to China, a major vulnerability in Subaru's Starlink system allowing remote vehicle control, and the ongoing concerns over modern cars collecting unnecessary user data. They also discuss cybersecurity career paths—Blue Team vs. Red Team—and how to build a well-rounded skillset. Plus, plenty of laughs, from muscle car nostalgia to an unexpected debate about pole vs. stripper dancing. Send HATF your questions at questions@hackerandthefed.com.

    ROSS ULBRICHT PARDONED, Plus Insider Threats, Corporate Security Risks, and A High-Profile Crypto Kidnapping

    Play Episode Listen Later Feb 1, 2025 48:49


    This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur talk hector's much-needed vacation in the rainforest, and onto the major cybersecurity stories they missed while away. They discuss the recent pardon of Ross Ulbricht, second chances in life, and the complexities of law enforcement and the justice system. The conversation covers everything from insider threats, corporate security risks, personal attack surface reduction and even a recent high-profile crypto kidnapping. Send HATF your questions at questions@hackerandthefed.com.

    Holiday Reflections: Cybersecurity, Careers, and Christmas Cheer

    Play Episode Listen Later Dec 26, 2024 45:32


    This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur celebrate the holidays with heartfelt reflections alongside their standard cybersecurity insights. Hector shares a touching story about family, gratitude, and his journey to providing new opportunities for others. The duo answers listener questions on topics like DDoS attacks, Windows migrations, and breaking into the cybersecurity field, offering practical advice for newcomers and seasoned professionals alike. Send HATF your questions at questions@hackerandthefed.com.

    Yahoo Red Team Layoffs, North Korea Infiltrating U.S. Companies, Data Breaches, and Protecting your Medical History

    Play Episode Listen Later Dec 19, 2024 47:04


    This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss Yahoo's controversial decision to lay off its red team, the rise of North Korean IT workers infiltrating U.S. companies, and the ethical dilemmas around hacking. They also reflects on the desensitization to data breaches, debate the significance of protecting medical history, and share candid moments about their personal lives and experiences in the industry. Send HATF your questions at questions@hackerandthefed.com.

    Telecom Hacks, Ransomware Fallout, Encrypted Chats, and a Diss Track Challenge

    Play Episode Listen Later Dec 12, 2024 46:00


    Cybersecurity Chaos: Encrypted Chats, Ransomware Woes, and a Diss Track Challenge This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss the largest U.S. telecom hack in history attributed to Chinese state-sponsored attackers, the FBI's surprising push for encrypted communications, and the takedown of an encrypted messaging service used by criminals. They also tackle the bankruptcy of vodka giant Stoli following a devastating ransomware attack and share actionable advice for cybersecurity resilience. Send HATF your questions at questions@hackerandthefed.com.

    DB Cooper, ExxonMobil & Corporate Espionage, and Ross Ulbricht's Potential Pardon

    Play Episode Listen Later Dec 5, 2024 44:55


    This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss their obsession with the DB Cooper case and the latest potential break in the decades-old mystery. Hector shares stories about his early days as a hacker and the challenges of trust in loosely connected cybercriminal groups. They also tackle corporate espionage and the ethics of hackers-for-hire in light of ExxonMobil's alleged involvement in a hacking scandal. Wrapping up, they address listener questions about second chances, with Hector reflecting on his journey of redemption, and weigh in on the contentious debate around Ross Ulbricht's potential pardon.

    A THANKSGIVING SPECIAL: Phishing Failures, Red Team Career Advice, and Cybersecurity Ethics

    Play Episode Listen Later Nov 28, 2024 47:12


    This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur discuss key cybersecurity challenges, from the effectiveness of phishing training to the ethical dilemmas of vulnerability disclosure. They explore how technical controls and employee education can work together to defend against increasingly sophisticated attacks, including SMS and social media phishing. They also dive into career advice for transitioning from Blue Team to Red Team roles and the complexities of the cybersecurity job market. And to close out, a heartfelt Thanksgiving message.

    Italian Hacking Scandal, NSA Best Practices, Insider Threats & a Former Anonymous Hacker?

    Play Episode Listen Later Nov 21, 2024 40:19


    This week on Hacker And The Fed former FBI agent Chris Tarbell and ex-black hat hacker Hector Monsegur dive into a massive hacking scandal targeting Italian political elites, revealing insider threats and international intrigue. They break down NSA mobile device security best practices and share their own successes (and failures) in following them. Plus, updates on their personal lives, community work, and how ethical hacking can prevent breaches like this. Send HATF your questions at questions@hackerandthefed.com.

    We're Back!

    Play Episode Listen Later Nov 14, 2024 29:46


    Hacker And The Fed is back. Finally rebooting after a temporary hiatus. Former FBI Special Agent, Chris Tarbell, and ex-Anonymous/LulzSec blackhat hacker turned network penetration tester, Hector Monsegur (aka Sabu), once faced off as adversaries in cyberspace before becoming close friends and now podcast co-hosts. Whether you are a legal professional, cybersecurity practitioner, or forensic investigator, Chris and Hector will bring you their unique perspectives on the latest developments in cybersecurity. Send HATF your questions at questions@hackerandthefed.com.

    The Colonial Pipeline Hack, the SEC's X Account, and Special Agent Aron Mann on Homeland Security and Cyber

    Play Episode Listen Later Jan 31, 2024 93:38


    On this episode of Hacker And The Fed we interview Special Agent Aron Mann with Homeland Security Investigations (HSI) Cyber Crime Center about their cyber role and career opportunities. We break down the Colonial Pipeline hack, how the dark web is intensifying the insider threat, and dig into the mother of all breaches. And finally, the SEC's X account was hacked. Links from the episode:  https://www.ice.gov/about-ice/homeland-security-investigations https://www.ice.gov/partnerships-centers/cyber-crimes-center https://www.usajobs.gov/ https://www.usajobs.gov/Search/?k=homeland%20security%20investigator   Colonial Pipeline Hack - May 2021 https://www.justice.gov/opa/speech/dag-monaco-delivers-remarks-press-conference-darkside-attack-colonial-pipeline https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside https://www.justice.gov/media/1159701/dl From Loyal Employees to Cybercriminals https://thesun.my/opinion_news/from-loyal-employees-to-cybercriminals-AC12012406 Mother of All Breaches Reveals 26 Billion Records: What We Know So Far https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/ SECGov X Account https://www.sec.gov/secgov-x-account Support our sponsors: NAXO is a premier cybersecurity and investigations firm, including blockchain forensics, whose mission to fight cybercrime aligns perfectly with Hacker and the Fed's content. Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

    A Train Hack, $80M Pig Butchering Scheme, and Greg Van Houten of Haynes Boone on the SEC's New Cybersecurity Disclosure Rules

    Play Episode Listen Later Dec 21, 2023 85:30


    This week on Hacker And The Fed we interview Greg Van Houten of Haynes Boone and policyholderplaybook.com, a seasoned civil litigator who focuses on insurance recovery. We talk to Greg about the SEC's new cybersecurity disclosure rules, which went into effect this month. We also discuss a massive hack that went unreported, a train hack due to a vendor's geofencing feature, indictments in an 80-million-dollar pig butchering scheme, and a MongoDB security breach. Links from the episode:  Greg Van Houten of Haynes Boone policyholderplaybook.com   SEC's cyber disclosure rules: Key considerations for the board, C-suite and risk managers. Authored by Greg Van Houten (Haynes Boone), David Franzel (NAXO), and Chris Tarbell (NAXO) https://www.cybersecuritydive.com/news/secs-cyber-disclosure-rules-tips/700550/   The Biggest Hack Over the Last Few Years Has Gone Unreported https://twitter.com/mattjay/status/1735046508242780575   Train Hack Due to Vendor Geofencing Feature https://social.hackerspace.pl/@q3k/111528165627522619   Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/   Four Men Indicted in $80 million ‘Pig Butchering' Scheme https://www.cnbc.com/2023/12/14/pig-butchering-scam-results-in-four-indictments-two-arrests-doj.html   MongoDB Suffers Security Breach, Exposing Customer Data https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html Support our sponsors: NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed's content. Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

    The FBI Shares Tactics of a Ransomware Gang, a Ransom Payment Fail, and Cyber Law with Lance Taubin

    Play Episode Listen Later Nov 30, 2023 84:17


    This week on Hacker And The Fed we speak with Lance Taubin of Alston & Bird about being a cyber lawyer, the FBI shares the tactics of the ransomware gang Scattered Spider, a company pays a ransom and their data is exposed anyway, Alpha BlackCat uses government regulations to further pressure a victim to pay, and the FCC is trying to make SIM swapping more difficult. Links from the episode:  FBI Shares Tactics of Notorious Scattered Spider Hacker Collective https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/   Dolly.com Pays Ransom, Attackers Release Data Anyway https://cybernews.com/security/dolly-data-breach-ransomware-attack/#google_vignette   Ransomware Gang Files SEC Complaint Over Victim's Undisclosed Breach https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/   FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html   Lance Taubin | Technology and Privacy Attorney | Alston & Bird Support our sponsors: NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed's content. Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

    The SolarWinds hack, North Korea IT Workers, Hackers Targeting a Data Company, and Listener Questions

    Play Episode Listen Later Oct 26, 2023 85:00


    This week on Hacker And The Fed we break down the SolarWinds hack, there are 8 new vulnerabilities found in SolarWinds, thousands of remote IT workers have been working for North Korea, hackers are targeting a company that handles data requests for law enforcement, and we answer listener questions about VPN services, password managers and patch management. Links from the episode:  Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover   Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program, FBI Says https://apnews.com/article/north-korea-weapons-program-it-workers-f3df7c120522b0581db5c0b9682ebc9b?taid=6531b8b29c11a80001ef2a28   Hackers Target Company That Vets Police Data Requests for Tech Giants https://www.404media.co/hackers-target-kodex-accounts-edrs/   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Go to Cloudsolvers.com and tell them "Hacker and the Fed sent you" for a free assessment of your current environment Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

    MOVEit and MGM Resorts Hacks, U.S. Senate's Email System Melts Down, Cisco Can't Stop Using Static Passwords, and Listener Questions

    Play Episode Listen Later Oct 19, 2023 84:49


    This week on Hacker And The Fed we offer updates on the MOVEit and MGM Resorts hacks, the US State Department has no idea if its IT security actually works, the Senate's email system melts down in the face of a security test, Cisco can't stop using static passwords, and we answer listener questions about Single Sign-on, circumventing company IT rules, and LinkedIn profiles. Links from the episode: MOVEit Maker Announces New Critical Vulnerability Affecting a Different File Transfer Tool https://therecord.media/progress-new-file-transfer-vulnerability   MGM Resorts Hack Update https://x.com/brettforrest89/status/1711885567695433765   US State Dept has No Idea if its IT Security Actually Works, Say Auditors https://www.theregister.com/2023/10/02/us_state_security_gao/ https://endoflife.date/windows   The Senate's Email System Melted Down in the Face of Security Test https://www.politico.com/minutes/congress/09-8-2023/senate-reply-all-mess/   Cisco Can't Stop Using Static Passwords https://www.schneier.com/blog/archives/2023/10/cisco-cant-stop-using-hard-coded-passwords.html Support our sponsors: Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

    Are Paying Ransoms Illegal? Ransomware Shuts Down a 158 Year Old Company, Fido2 Security Keys, and Hacktivist Rules

    Play Episode Listen Later Oct 12, 2023 74:42


    This week on Hacker And The Fed Microsoft releases their 2023 digital defense report, are paying ransoms illegal in the United States? The NSA and CISA red and blue teams share top 10 cyber security misconfigurations, a 158 year old company shuts down because of a ransomware attack, and we answer listener questions about fido2 security keys and "hacktivist" rules. Links from the episode: Microsoft Releases Its Yearly Digital Defense Report https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023   Are Paying Ransoms Illegal in the U.S.? https://www.huntonprivacyblog.com/2022/07/26/florida-enacts-law-prohibiting-state-agencies-from-paying-cyber-ransoms/   NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a   Zero-days for Hacking WhatsApp are Now Worth Millions of Dollars https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/   Lazarus Impersonated Meta Recruiter to Breach Spanish Aerospace Firm https://www.helpnetsecurity.com/2023/10/02/lazarus-lightlesscan/   Kettering logistics firm enters administration with 730 jobs lost https://www.bbc.com/news/uk-england-northamptonshire-66927965   FDA Cyber Mandates for Medical Devices Goes into Effect https://cyberscoop.com/fda-cybersecurity-medical-devices/   City of Dallas Suffers a Ransomware Attack https://dallascityhall.com/DCH%20Documents/dallas-ransomware-incident-may-2023-incident-remediation-efforts-and-resolution.pdf   International Committee of the Red Cross Published Rules of Engagement for Civilian Hackers Involved in Conflicts https://www.bbc.co.uk/news/technology-66998064 https://www.theregister.com/2023/10/04/red_cross_hacktivist_rules/   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off   Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

    Artificial Intelligence Doxxing in Viral Videos, Billions of Usernames and Passwords Exposed, and a HATF Contest

    Play Episode Listen Later Oct 5, 2023 72:12


    This week on Hacker And The Fed the end of privacy with AI being used to dox people in viral videos, billions of usernames and passwords are exposed, nationstate hackers are hiding in router firmware updates, we answer listener questions about working with the FBI, setting up a cyber security business, and safely using data sent to you be others. Finally, we announce Hacker And The Fed's first contest for cyber security awareness month. Links from the episode: The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech https://www.404media.co/the-end-of-privacy-is-a-taylor-swift-fan-tiktok-account-armed-with-facial-recognition-tech/   Darkbeam Leaks Billions of Email and Password Combinations https://securityaffairs.com/151566/security/darkbeam-data-leak.html   FBI Hacker Dropped Stolen Airbus Data on 9/11 https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/   People's Republic of China-Linked Cyber Actors Hide in Router Firmware https://media.defense.gov/2023/Sep/27/2003309107/-1/-1/0/CSA_BLACKTECH_HIDE_IN_ROUTERS_TLP-CLEAR.PDF   Russian Exploit Marketplace offering $20M for a Full Chain Mobile Exploit https://twitter.com/opzero_en/status/1706762507631677760   McDonalds Point of Sale System Hacked https://twitter.com/vxunderground/status/1706508703745151211   Support our sponsors: Go to HelloFresh.com/50hatf and use the code 50hatf for 50% off plus free shipping Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

    Equifax Breach, a Hack of 27 Crypto Companies, and the Arrest of a Department of State IT Contractor

    Play Episode Listen Later Sep 28, 2023 73:06


    This week on Hacker And The Fed we break down how Equifax was breached, is Google Authenticator MFA Cloud Sync feature responsible for a hack into 27 crypto companies? Google's Threat Analysis Group announces an in-the-wild 0-day exploit chain for iPhones, the year of the insider threat continues with the arrest of a Department of State IT Contractor on espionage charges. Links from the episode: How Equifax Was Breached in 2017 https://blog.0x7d0.dev/history/how-equifax-was-breached-in-2017/ https://twitter.com/vxunderground/status/1700335482440204521   Retool Blames Breach on Google Authenticator MFA Cloud Sync feature https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/   0-days Exploited by Commercial Surveillance Vendor in Egypt https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/   Department of State IT Contractor Arrested on Espionage Charges https://fedscoop.com/department-of-state-it-contractor-arrested-on-espionage-charges/   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

    Finding out our Relative is a Hacker, Working for the FBI, Prepping for a Technical Interview, and More Listener Questions

    Play Episode Listen Later Sep 21, 2023 70:52


    This week on Hacker And The Fed we answer listener questions about finding out our relative is a hacker, applying for a cyber security job as a chemical engineer, preparing you for a technical interview, the FBI being a great place to work, is MFA once every 24 hours too much, and much more. Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

    Your Car and Your Sex Life, US Departments of State and Commerce Compromised, Iran and North Korea Hacking Crews, and Victories Over Russian Hackers

    Play Episode Listen Later Sep 14, 2023 65:21


    This week on Hacker And The Fed your car may know all the details about your sex life, the Swiss fined an insurer 3 million dollars for horrible cyber security practices, the US Departments of State and Commerce were compromised because of a two-year-old Windows crash report, Iran and New Korea hacking crews have active campaigns against security researchers, and two victories over Russian hackers for the US government. Links from the episode: Insurer Fined $3M for Exposing Data of 650k Clients for Two Years https://www.bleepingcomputer.com/news/security/insurer-fined-3m-for-exposing-data-of-650k-clients-for-two-years/   If You've Got a New Car, It's a Data Privacy Nightmare https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416 https://arstechnica.com/cars/2023/09/connected-cars-are-a-privacy-nightmare-mozilla-foundation-says/   Microsoft Finally Explains Cause of Azure Breach: An Engineer's Account Was Hacked https://arstechnica.com/security/2023/09/hack-of-a-microsoft-corporate-account-led-to-azure-breach-by-chinese-hackers/ https://twitter.com/0xdabbad00/status/1699596048392736812   Hacker Group Disguised as Marketing Company to Attack Enterprise Targets https://gbhackers.com/hacker-group-disguised-as-marketing/   Active North Korean Campaign Targeting Security Researchers https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/   Russian Infosec Boss Gets Nine Years for $100M Insider-Trading Caper Using Stolen Data https://www.theregister.com/AMP/2023/09/08/russian_insider_training_prison/   United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang https://home.treasury.gov/news/press-releases/jy1714   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

    The FBI's Operation "Duck Hunt" Takes Down a Botnet, NYC Subway Allows Users to be Tracked Online, and Why Chris Left the FBI

    Play Episode Listen Later Sep 7, 2023 89:19


    This week on Hacker And The Fed the FBI's Operation "Duck Hunt" takes down a ransomware botnet, we disclose the secret weapon hackers use for doxing, the New York City subway system allows its users to be tracked online, and we answer listener questions about leaving the FBI, getting jobs in cyber security, and Hector's detailed description of a red teamer. Links from the episode: How the FBI Took Down the Notorious Qakbot Botnet https://techcrunch.com/2023/09/01/fbi-qakbot-takedown-operation-duck-hunt/   The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15 https://www.404media.co/the-secret-weapon-hackers-can-use-to-dox-nearly-anyone-in-america-for-15-tlo-usinfosearch-transunion/   I Tracked an NYC Subway Rider's Movements with an MTA ‘Feature' https://www.404media.co/i-tracked-nyc-subway-rider-home-omny-mta/   Paramount Discloses Data Breach Following Security Incident https://www.bleepingcomputer.com/news/security/paramount-discloses-data-breach-following-security-incident/   Hacking Campaign Bruteforces Cisco VPNs to Breach Networks https://www.bleepingcomputer.com/news/security/hacking-campaign-bruteforces-cisco-vpns-to-breach-networks/   Big Ass Data Broker Opt Out List https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List   Support Our Sponsors HelloFresh! Go to hellofresh.com/50hatf use code 50hatf for 50% off plus 15% off the next 2 months!   Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

    Hacking Through a Fire Stick, a Danish Cloud Provider Loses all Their Customer Data, an Active Hacker Becoming a White Hat

    Play Episode Listen Later Aug 31, 2023 89:06


    This week on Hacker And The Fed a Danish cloud provider loses all of their customer's data, a hacker in custody continues hacking through a fire stick, there are two great write ups about a zero day vulnerability and HTML smuggling, cyber security entry jobs should be just that, entry into the industry, and we answer listener questions that include an ongoing dialogue with an active hacker about becoming a white hat. Links from the episode: Criminals Go Full Viking on CloudNordic, Wipe All Servers and Customer Data https://www.theregister.com/AMP/2023/08/23/ransomware_wipes_cloudnordic/   GTA 6 Hacker Found to be Teen with Amazon Fire Stick in Small Town Hotel Room https://hackaday.com/2023/08/26/gta-6-hacker-found-to-be-teen-with-amazon-fire-stick-in-small-town-hotel-room/   Traders' Dollars in Danger: Zero-Day Vulnerability in WinRAR Exploited by Cybercriminals to Target Traders https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/   HTML Smuggling Leads to Domain Wide Ransomware https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/   Cybersecurity Hiring Gap: Time to Rethink Who Can Contribute https://www.csoonline.com/article/649166/cybersecurity-hiring-gap-time-to-rethink-who-can-contribute.html https://twitter.com/CyberWarship/status/1692239445188120950   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off   Get your Hacker and the Fed merchandise at hackerandthefed.com

    Demystifying Internet Honeypots and Getting into Cyber Security with Andrew Morris, Founder and CEO of GreyNoise

    Play Episode Listen Later Aug 24, 2023 50:44


    This week on Hacker And The Fed we have Andrew Morris, CEO and founder of GreyNoise on the show. GreyNoise is a cybersecurity company that collects and analyzes mass internet data to remove pointless security alerts, find compromised devices, or identify emerging threats. We talk internet honeypots, how to get into the cyber security industry and much more. Links from the episode: Andrew Morris, CEO & Founder of GreyNoise https://www.greynoise.io/ https://twitter.com/Andrew___Morris https://twitter.com/GreyNoiseIO   Support our sponsor: Go to JoinDeleteMe.com/FED code FED20 for 20% off all consumer plans   Get your Hacker and the Fed merchandise at hackerandthefed.com

    Zoom and AI, the NSA and DARPA Presenting Challenges to the Cyber Security Community and Listener Questions

    Play Episode Listen Later Aug 17, 2023 94:12


    This week on Hacker And The Fed Zoom wanted to use your calls to train artificial intelligence, the NSA and DARPA are presenting challenges to the cyber security community, and we answer listener questions from a US military chaplain about justice, a former black hat about a career in cyber security, and even a hacker who used a compromised email account to ask us how to stop hacking. Links from the episode: Zoom walks back controversial privacy policy https://www.thestreet.com/technology/zooms-latest-move-may-make-you-reconsider-using-the-service   Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html   Hackers to compete for nearly $20 million in prizes by using A.I. for cybersecurity, Biden administration announces https://www.cnbc.com/2023/08/09/biden-admin-launches-hacking-challenge-to-use-ai-for-cybersecurity.html https://aicyberchallenge.com/rules/   NSA: Codebreaker Challenge Helps Drive Cybersecurity Education https://www.darkreading.com/attacks-breaches/nsa-talks-codebreaker-challenge-success-influence-on-education   Lil Tay Meta Helped Get Account Back from Hacker https://www.tmz.com/2023/08/12/lil-tay-dead-dies-hacker-meta-instagram-hacked-account-hoax/   CISCO Launches a FREE 120-Hour Ethical Hacking Training https://cursin.net/en/cisco-launches-a-free-120-hour-ethical-hacking-training/   Support our sponsor: Go to JoinDeleteMe.com/FED code FED20 for 20% off all consumer plans   Get your Hacker and the Fed merchandise at hackerandthefed.com

    Chinese Malware, a Year in Review of Zero-day Exploits, a Ransomware Study, and Listener Questions

    Play Episode Listen Later Aug 10, 2023 78:53


    This week on Hacker And The Fed the US hunts Chinese malware that could disrupt American Military operations, a year in review of zero-day exploits, a study finds no evidence that ransomware victims with cyber insurance pay up more often, there's fighting words between Tenable CEO and Microsoft, and we answer listener questions from a listener in Greece, Holland, and a new minted NSA hacker. Links from the episode: U.S. Hunts Chinese Malware That Could Disrupt American Military Operations https://dnyuz.com/2023/07/29/u-s-hunts-chinese-malware-that-could-disrupt-american-military-operations/   The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022 https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html   No evidence ransomware victims with cyber insurance pay up more often https://therecord.media/ransomware-cyber-insurance-payments-uk-report   Tenable CEO accuses Microsoft of negligence in addressing security flaw https://cyberscoop.com/tenable-microsoft-negligence-security-flaw/ https://twitter.com/MalwareJake/status/1686869818912202755 https://www.wired.com/2002/01/bill-gates-trustworthy-computing/   SMS Traffic Pumping Fraud https://support.twilio.com/hc/en-us/articles/8360406023067-SMS-Traffic-Pumping-Fraud   New acoustic attack steals data from keystrokes with 95% accuracy https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/   Get your Hacker and the Fed merchandise at hackerandthefed.com

    Authentication Attacks, US Government Domains, and New Cyber Incident Disclosure Guidelines

    Play Episode Listen Later Aug 3, 2023 73:09


    This week on Hacker And The Fed what authentication attacks might look like in a phishing resistant future, the SEC now requires companies to disclose cyber attacks, there are many more US government domains in the .com world than you might think, and other news stories from this week in cyber security. Links from the episode: What might authentication attacks look like in a phishing-resistant future? https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/ The Messaging Layer Security (MLS) Protocol https://datatracker.ietf.org/doc/html/rfc9420 List of public government managed domains that exist outside of the top-level .gov and .mil domains https://github.com/GSA/govt-urls/blob/main/1_govt_urls_full.csv Top level domain operator wants out of the business https://domainnamewire.com/2023/07/26/top-level-domain-operator-wants-out-of-the-business/ Network giants unite to fight security risks https://www.networkworld.com/article/3703233/network-giants-unite-to-fight-security-risks.html Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html Norwegian government IT systems hacked using zero-day flaw https://www.bleepingcomputer.com/news/security/norwegian-government-it-systems-hacked-using-zero-day-flaw/ https://www.dss.dep.no/aktuelle-saker/departementer-utsatt-for-dataangrep/ https://www.wsj.com/articles/critical-infrastructure-companies-warned-to-watch-for-ongoing-cyberattack-76508d83 Satellites Are Rife With Basic Security Flaws https://www.wired.com/story/satellites-basic-security-flaws/   Support our sponsors: Go to hellofresh.com/50hatf code 50hatf for 50% off plus free shipping Get your Hacker and the Fed merchandise at hackerandthefed.com Get your Hacker and the Fed merchandise at hackerandthefed.com

    Thousands of Intelligence and Defense Employees Exposed, a Hacker Infects His Own Computer, Google Accuses Apple Employee of Not Reporting a Zero-day

    Play Episode Listen Later Jul 27, 2023 87:20


    This week on Hacker And The Fed new cyber security labels proposed by the US government could help us buy our new devices, an employee exposes thousands of intelligence and defense employees, Google may be restricting internet access to some employees to reduce their cyber attack risk, a hacker infects his own computer, and Google says an Apple employee found a zero-day but didn't report it, and we answer listener questions about our phones getting searched and email encryption. Links from the episode:  White House teams with Amazon, Google and Qualcomm on cybersecurity labels for gadgets https://www.cnbc.com/2023/07/18/us-cyber-trust-labels-will-help-consumers-pick-safer-smart-devices.html   Google exposes intelligence and defense employee names in VirusTotal leak https://therecord.media/virustotal-user-email-addresses-leaked-google-military-intelligence   Google restricting internet access to some employees to reduce cyberattack risk https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html   Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware https://www.securityweek.com/black-hat-hacker-exposes-real-identity-after-infecting-own-computer-with-malware/   IT Security Analyst Jailed for Impersonating as a Hacker in Own Company https://cybersecuritynews.com/it-security-analyst-jailed/   Google says Apple employee found a zero-day but did not report it https://techcrunch.com/2023/07/20/google-says-apple-employee-found-a-zero-day-but-did-not-report-it/ https://news.ycombinator.com/item?id=36803537   Microsoft Cybersecurity Analyst Professional Certificate https://www.coursera.org/professional-certificates/microsoft-cybersecurity-analyst   Cybersecurity Expert Kevin David Mitnick died https://www.dignitymemorial.com/obituaries/las-vegas-nv/kevin-mitnick-11371668   Listener Questions: https://www.theverge.com/2021/8/18/22630439/apple-csam-neuralhash-collision-vulnerability-flaw-cryptography   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees   Get your Hacker and the Fed merchandise at hackerandthefed.com

    The Dangers of Googling Phone Numbers, an Attack on a Security Platform, and Typo Squatting on US Military Domains

    Play Episode Listen Later Jul 20, 2023 83:24


    This week on Hacker And The Fed you can't always count on Google for the right telephone number for an airline, an American cloud based directory as a service platform announces that they were hacked by a state sponsored threat actor, millions of US military emails may be ending up in the wrong hands, a new ransomware looks like a windows update, we answer listener questions, and Hector tells a fascinating story about a hacking methodology. Links from the episode: Airline Fake Contact Number on Google Maps https://twitter.com/Shmuli/status/1680669938468499458 https://twitter.com/SwiftOnSecurity/status/1680926780599812098   JumpCloud discloses breach by state-backed APT hacking group https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/ JumpClouds IOCs - https://jumpcloud.com/support/july-2023-iocs   Domains like army․ml, pentagon․ml, navy․ml and af․ml all have Mail Exchange records pointing to 'handle․catchemail․ml' https://twitter.com/mikko/status/1680947795862200325   Watch out for this new malicious ransomware disguised as Windows updates https://www.foxnews.com/tech/watch-out-new-malicious-ransomware-disguised-windows-updates https://www.trendmicro.com/en_id/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html   Listener Questions https://www.lsu.edu/mediacenter/news/2023/06/13-cyber-clinic.php   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees Get your Hacker and the Fed merchandise at hackerandthefed.com

    Are Your Lightbulbs a Security Risk? Voice Authentication May be Broken, and Logistics Security

    Play Episode Listen Later Jul 13, 2023 71:11


    This week on Hacker And The Fed your lightbulbs may be giving away the location of your house, could Microsoft end ransomware right now? Also, voice authentication may be broken, the latest ransomware attack shows us the important of logistics security, convenience has once again jeopardized Google authenticator security, and a listener shares a wild car theft story. Links from the episode: Your lightbulbs may be giving out your exact location twitter.com/haxrob/status/1676416949499338752   Microsoft Can Fix Ransomware Tomorrow darkreading.com/vulnerabilities-threats/microsoft-can-fix-ransomware-tomorrow   Cybercriminals can break voice authentication with 99% success rate helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/   INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cybercrime thehackernews.com/2023/07/interpol-nabs-hacking-crew-opera1ers.html   Japan's biggest port, Nagoya, hit by suspected cyberattack asia.nikkei.com/Business/Technology/Japan-s-biggest-port-Nagoya-hit-by-suspected-cyberattack   Raising concerns over Google Authenticator's new features techradar.com/pro/raising-concerns-over-google-authenticators-new-features   Trinidad and Tobago facing outages after cyberattack therecord.media/trinidad-tobago-hit-with-cyberattack   Listener Questions ksltv.com/563455/police-release-images-of-suspect-who-broke-into-familys-car-at-airport-then-their-home/   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

    Your Car's Data Might Be For Sale, a New Malware Payload Vector Using DNS, and Listener Questions

    Play Episode Listen Later Jul 6, 2023 79:28


    This week on Hacker And The Fed your car may be collecting up to 25 GB per hour of data about you and a new malware payload vector is using DNS, what is “encryptionless ransomware”. We also answer listener questions about a variety of topics, including how to prepare for a cybersecurity career in the US government, banking security, and hack-backs. Links from the episode: How Your New Car Tracks You https://www.wired.com/story/car-data-privacy-toyota-honda-ford/   DNS TXT Records Can Be Used by Hackers to Execute Malware https://cybersecuritynews.com/dns-txt-records-to-execute-malware/?amp Encryption-less ransomware: Warning issued over emerging attack method for threat actors https://www.itpro.com/security/ransomware/encryption-less-ransomware-warning-issued-over-emerging-attack-method-for-threat-actors   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

    A Hack-Back Lands a CEO in Prison, Repo Jacking, and When to Use a VPN

    Play Episode Listen Later Jun 30, 2023 72:32


    This week on Hacker And The Fed a CEO did a hack back and was sentenced to prison, Reddit hackers demanded a price roll back, repo jacking and fake Github repositories, and we answer listener questions about Hector's old hacks and VPNs. Links from the episode: I Was Sentenced to 18 Months in Prison for Hacking Back - My Story twitter.com/silascutler/status/1671144482769608705 -> https://hackernoon.com/i-was-sentenced-to-18-months-in-prison-for-hacking-back-my-story   Reddit hackers demand $4.5 million ransom and API pricing changes theverge.com/2023/6/19/23765895/reddit-hack-phishing-leak-api-pricing-steve-huffman   GitHub Dataset Research Reveals Millions Potentially Vulnerable to RepoJacking blog.aquasec.com/github-dataset-research-reveals-millions-potentially-vulnerable-to-repojacking   Attackers Create Synthetic Security Researchers to Steal IP darkreading.com/attacks-breaches/attackers-create-synthetic-security-researchers   Google announces $20 million investment for cyber clinics cyberscoop.com/google-investment-cyber-clinics/   Listener Questions https://fidoalliance.org/   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

    A Massive Ongoing Ransomware Attack, Google Claims to Catch Chinese Hackers, and the Feds Arrest a Russian Hacker in Arizona

    Play Episode Listen Later Jun 22, 2023 69:50


    This week on Hacker And The Fed a ransomware group hacked a widely used file transfer software and began leaking stolen data, Google claims it caught Chinese government hackers red-handed breaking into hundreds of networks, the Feds arrest a ransomware perpetrator in Arizona, and we nerd out on security researchers taking over various countries domains. Links from the episode: MOVEit Cyber Attack: Personal Data Of Millions Stolen From Oregon, Louisiana, U.S. Agency forbes.com/sites/maryroeloffs/2023/06/16/moveit-cyber-attack-personal-data-of-millions-stolen-from-oregon-louisiana-us-agency/?sh=3cf2b1b46b05   US govt offers $10 million bounty for info on Clop ransomware bleepingcomputer.com/news/security/us-govt-offers-10-million-bounty-for-info-on-clop-ransomware/amp/ Google claims it caught China government hackers redhanded breaking into hundreds of networks around the world fortune.com/2023/06/15/china-hacking-networks-cybersecurity-google-mandiant/amp/   20-Year-Old Russian LockBit Ransomware Affiliate Arrested in Arizona thehackernews.com/2023/06/20-year-old-russian-lockbit-ransomware.html   Can I speak to your manager? hacking root EPP servers to take control of zones hackcompute.com/hacking-epp-servers/   Darknet Parliament is now a thing cybernews.com/security/darknet-parliament-killnet-hackers/ -- Support our sponsor: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off -- For more information on Chris and his current work visit naxo.com and follow him on LinkedIn. Follow Hector @hxmonsegur

    China's Tik Tok "God Credential" Allegation, a New Phishing and Email Takeover Campaign, and Listener Questions

    Play Episode Listen Later Jun 15, 2023 66:13


    This week on Hacker And The Fed we discuss the latest development in the Tik Tok controversy, how to detect and mitigate a new phishing and email takeover campaign, Google's new top-level domain, and some interesting statistics in the new Verizon breach investigation report. Links from the episode: Former exec at TikTok's parent company says Communist Party members had a 'god credential' that let them access Americans' data businessinsider.com/communist-party-god-credential-data-bytedance-tiktok-former-executive-alleges-2023-6   Detecting and mitigating a multi-stage AiTM phishing and BEC campaign microsoft.com/en-us/security/blog/2023/06/08/detecting-and-mitigating-a-multi-stage-aitm-phishing-and-bec-campaign/   America's Most Cybersecure Companies forbes.com/lists/most-cybersecure-companies   Hackers claim to have crippled Russia's banking system cybernews.com/cyber-war/infotel-hack-impacts-russian-banks/   Verizon 2023 Data Breach Investigations Report verizon.com/business/resources/reports/dbir/ -- Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off -- For more information on Chris and his current work visit naxo.com and follow him on LinkedIn. Follow Hector @hxmonsegur

    Zero-click Exploits Attacking iPhones, PC Motherboards Downloading Malware, and a New Dutch Mandate

    Play Episode Listen Later Jun 8, 2023 65:46


    This week on Hacker And The Fed we discuss another zero-click exploit attacking iPhones via the iMessage app, millions of PC motherboards may be downloading malware, the FTC slams another company for violations, security researchers find a vulnerability in Gmail's checkmark system that is already being abused. And the Dutch government now mandates an easy way to contact website administrators. Links from the episode: Operation Triangulation: iOS devices targeted with previously unknown malware securelist.com/operation-triangulation/109842/ thehackernews.com/2023/06/new-zero-click-hack-targets-ios-users.html  Millions of PC motherboards were sold with a firmware backdoor arstechnica.com/security/2023/06/millions-of-pc-motherboards-were-sold-with-a-firmware-backdoor/ FTC Slams Amazon with $30.8M Fine for Privacy Violations Involving Alexa and Ring thehackernews.com/2023/06/ftc-slams-amazon-with-308m-fine-for.html Bug in Gmail twitter.com/chrisplummer/status/1664075886545575941 twitter.com/ChristopheDary/status/1664907465924681728 linkedin.com/posts/christophe-dary-85330561_spf-dmarc-bimi-activity-7070510499196489728-pPTh?utm_source=share&utm_medium=member_desktop Security.txt now mandatory for Dutch government websites netherlands.postsen.com/trends/198695/Securitytxt-now-mandatory-for-Dutch-government-websites.html securitytxt.org -- Support our sponsors: Go to HelloFresh.com/hatf16 and use code hatf16 for 16 free meals plus free shipping! Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off -- For more information on Chris and his current work visit naxo.com and follow him on LinkedIn. Follow Hector @hxmonsegur

    An Insider Exploits A Ransomware Attack, AI Photos, And Hector's Indonesian Hack

    Play Episode Listen Later Jun 1, 2023 57:08


    This week on Hacker And The Fed we dive into the world of ransomware. An insider exploits a ransomware attack for personal gain and a CISO's biggest lessons from quarterbacking a ransomware attack. We discuss AI generated photos and what happened to the stock market. And then we answer listener questions about geopolitics, Hector's hack on the Indonesian government and victims keeping their hacks a secret.  Links from the episode: IT employee impersonates ransomware gang to extort employer bleepingcomputer.com/news/security/it-employee-impersonates-ransomware-gang-to-extort-employer/ AI Generated Photos twitter.com/jsrailton/status/1660679743266607105 Suspicion stalks Genesis Market's competitors following FBI takedown therecord.media/genesis-market-russian-market-2easy-shop-cybercrime-fraud FBI releases warning about fake crypto job advertisements ic3.gov/Media/Y2023/PSA230522 Bridgestone CISO: Lessons From Ransomware Attack Include Acting, Not Thinking darkreading.com/ics-ot/bridgestone-ciso-lessons-ransomware-attack-acting-thinking

    Pig Butchering And Crypto Crime-fighting With Erin West

    Play Episode Listen Later May 25, 2023 47:33


    This week on Hacker And The Fed we speak with Erin West, a Santa Clara County Deputy District Attorney, Founder of the “Crypto Coalition”, an over 800-member group of active law enforcement partners sharing cryptocurrency crime-fighting techniques, and the very tip of the spear for Pig Butchering – the latest online romance scam. We learn about the incredible work Erin is doing via Operation Shamrock and how we can protect ourselves and our loved ones from being victimized. Links from the episode: SCARS: Society of Citizens Against Relationship Scams againstscams.org Advocating Against Romance Scammers advocatingforu.com This podcast is sponsored by BetterHelp. Visit BetterHelp.com/HATF today to get 10% off your first month. -- For more information on Chris and his current work visit naxo.com and follow him on LinkedIn at inkedin.com/in/chris-tarbell-20b129278/. Follow Hector @hxmonsegur

    Vehicle Location Data Leaked For Over 2 million Drivers, Another US Government Breach, And D.B. Cooper

    Play Episode Listen Later May 18, 2023 60:05


    This week on Hacker And The Fed, up to 10 years of your location data may have been exposed if you've driven vehicles from a certain manufacturer, stolen private keys may lead to insecure boot ups of your computer, Congress gets another notification of a US government breach, and we answer more listener questions about failed hacks and intentional exploits. And we talk about D. B. Cooper! Links from the episode: Toyota: Car location data of 2 million customers exposed for ten years bleepingcomputer.com/news/security/toyota-car-location-data-of-2-million-customers-exposed-for-ten-years/ Intel OEM Private Key Leak: A Blow to UEFI Secure Boot Security securityonline.info/intel-oem-private-key-leak-a-blow-to-uefi-secure-boot-security/ Data of 237,000 US government employees breached reuters.com/world/us/data-237000-us-government-employees-breached-2023-05-12/ Mastermind Behind Twitter 2020 Hack Pleads Guilty and Faces up to 70 Years in Prison ustice.gov/opa/pr/uk-citizen-extradited-and-pleads-guilty-cyber-crime-offenses T-Mobile Worker Joked About Adding Extra Phone Lines and Tablet to a Customer's Account Without Them Knowing twistedsifter.com/2023/05/a-t-mobile-worker-joked-about-adding-2-extra-phone-lines-and-a-tablet-to-a-customers-account-without-them-knowing/ Google Cybersecurity Certificate grow.google/certificates/cybersecurity/#?modal_active=none -- For more information on Chris and his current work visit naxo.com and follow him on LinkedIn. Follow Hector @hxmonsegur

    Chinese State Hackers, Ransom Negotiation, And Listener Questions

    Play Episode Listen Later May 11, 2023 59:55


    This week on Hacker And The Fed we discuss private data leaking due to a misconfiguration, and no one is listening to the researchers. We are shown the mindset of hackers during a ransom negotiation, a cell phone provider is hacked for the 9th time in 6 years, there are 50 Chinese state hackers for every FBI cyber agent, and using AI to help hack. And finally, we answer listener questions about .xyz, pen testing tools, and possible Hacker And The Fed swag. Links from the episode: Many Public Salesforce Sites are Leaking Private Data krebsonsecurity.com/2023/04/many-public-salesforce-sites-are-leaking-private-data/ Hackers Claim Vast Access to Western Digital Systems techcrunch.com/2023/04/13/hackers-claim-vast-access-to-western-digital-systems/ T-Mobile Discloses 2nd Data Breach of 2023, This One Leaking Account PINs and More arstechnica.com/information-technology/2023/05/t-mobile-discloses-2nd-data-breach-of-2023-this-one-leaking-account-pins-and-more/ Chinese Hackers Outnumber FBI Cyber Personnel 'By At Least 50 to 1,' Wray Testifies foxnews.com/politics/chinese-hackers-outnumber-fbi-cyber-personnel-wray-testifies Capturing the Flag with GPT-4 micahflee.com/2023/04/capturing-the-flag-with-gpt-4/ The Cyber Police Exposed an Attacker in the Sale of Databases with Personal Data of Citizens of Ukraine and the EU cyberpolice.gov.ua/news/kiberpolicziya-vykryla-zlovmysnyka-u-zbuti-baz-iz-personalnymy-danymy-gromadyan-ukrayiny-ta-yes-6598/ -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

    Cyber Insurance With Michelle Chia, Head Of Cyber Insurance At Zurich North America

    Play Episode Listen Later May 4, 2023 47:02


    This week on Hacker And The Fed we sit down with Michele Chia, Head of Cyber Insurance at Zurich North America. We ask a number of questions including what is cyber insurance? Who needs it? And How much coverage is needed? Does cyber insurance cover an insider threat attack? What does a ransomware attack look like when you have cyber insurance? And finally, we find out how our guest cultivated such a successful career in cyber insurance. Link from the episode: zurichna.com/knowledge/experts/michelle-chia -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

    Search Engine Vulnerabilities, Ghost Tokens, Anna Kournikova

    Play Episode Listen Later Apr 27, 2023 58:24


    This week on Hacker And The Fed security researchers find a vulnerability allowing them to run code on Search Engine computers, ghost tokens could be used to totally control Search Engine Workplace accounts, we let you know what a Pumpkin Sandstorm and a Spandex Tempest are, how long does it take to crack your password in 2023, we answer listener questions about the FBI and diversity in cyber security appliances, and we talk about Anna Kournikova. Links from the episode: Remote Code Execution Vulnerability in Google They Are Not Willing To Fix giraffesecurity.dev/posts/google-remote-code-execution/ 'GhostToken' Opens Google Accounts to Permanent Infection darkreading.com/remote-workforce/-ghosttoken-opens-google-accounts-to-permanent-infection Hacker Group Names Are Now Absurdly Out of Control wired.com/story/hacker-naming-schemes-spandex-tempest/amp How Long It Would Take A Hacker To Brute Force Your Password In 2023 hivesystems.io/blog/are-your-passwords-in-the-green Support this episode's sponsors: DeleteMe: Visit JoinDeleteMe.com/FED and use promo code FED20  BetterHelp: Visit BetterHelp.com/HATF and get 10% off your first month -- For more information on Chris and his current work visit naxo.com Follow Hector @hxmonsegur

    Claim Hacker And The Fed

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel