Hosted by cybersecurity and privacy professionals Tom Eston and Scott Wright, Shared Security is a weekly show that explores the trust you put in people and technology. We bring you news, tips, advice, and interviews with cybersecurity and privacy experts to help you live more secure and private in our connected world.
Donate to The Shared Security Show
Join us as we explore the concept of smart cities—municipalities enhanced by connected technology like sensors, cameras, and automated systems to improve services and infrastructure. We discuss the inherent vulnerabilities that come with these advancements, including cybersecurity threats and real-life incidents such as hacked crosswalk signals featuring voices of tech moguls. Our discussion covers how […] The post Cities of the Future or Hacker's Paradise? The Cybersecurity Risks of Smart Cities appeared first on Shared Security Podcast.
Join us as we discuss the long-awaited implementation of the REAL ID Act in the U.S. We cover the essentials you need to fly, the potential benefits of using your passport, and how new mobile IDs fit into the TSA's plans. We also discuss the broader implications for identity surveillance and who truly benefits from […] The post Do You Really Need a REAL ID to Fly in the US? Breaking Down the Myths appeared first on Shared Security Podcast.
Ever worried about hidden cameras in Airbnb rentals? You're not alone! In this episode, we explore the unsettling rise of hidden cameras in personal spaces, the inadequacy of current laws, and practical tips to detect surveillance devices. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they share insights and discuss the implications of […] The post Invasion of Privacy: The Hidden Camera Dilemma appeared first on Shared Security Podcast.
In this episode, we explore an incident where Anthropic's AI, Claude, didn't just resist shutdown but allegedly blackmailed its engineers. Is this a glitch or the beginning of an AI uprising? Along with co-host Kevin Johnson, we reminisce about past episodes, discuss AI safety and ethics, and examine the implications of AI mimicking human behaviors […] The post When AI Fights Back: Threats, Ethics, and Safety Concerns appeared first on Shared Security Podcast.
In this episode, we explore Mark Zuckerberg's bold claim that AI friends will replace human friendships, and discuss the potential implications of a world where technology mediates our connections. We also update listeners on the recent developments in the 23andMe bankruptcy case and what it means for former customers. Joining the conversation is co-host Scott […] The post Mark Zuckerberg's Vision: AI Companions and the Loneliness Epidemic appeared first on Shared Security Podcast.
Join hosts Tom Eston, Scott Wright, and Kevin Johnson in a special best-of episode of the Shared Security Podcast. Travel back to 2009 with the second-ever episode featuring discussions on early Facebook bugs, cross-site scripting vulnerabilities, and a pivotal Canadian privacy ruling involving Facebook. Gain insights into social media security from the past and see […] The post Facebook Flaws and Privacy Laws: A Journey into Early Social Media Security from 2009 appeared first on Shared Security Podcast.
Join us as we explore the transformative changes in software development and cybersecurity due to AI. We discuss new terminology like ‘vibe coding' — a novel, behavior-focused development approach, and ‘MCP' (Model Context Protocol) — an open standard for AI interfaces. We also address the concept of ‘slopsquatting,' a new type of threat involving AI-generated […] The post What Vibe Coding, MCP, and Slopsquatting Reveal About the Future of AI Development appeared first on Shared Security Podcast.
What would happen if the US government halted funding for the CVE program? In this episode, we explore the controversies surrounding the funding of the CVE program, the role of CVEs in the cybersecurity industry, and the recent launch of the CVE Foundation. We also discuss the Trump Administration's executive order that revoked the security […] The post The Impact of Politics on Cybersecurity: CVE's and the Chris Krebs Executive Order appeared first on Shared Security Podcast.
Welcome to part three of our series with PlexTrac where we address data overload in vulnerability remediation. Join us as we preview the latest PlexTrac capabilities, including new ways to centralize asset and findings data, smarter workflow automation, and enhanced analytics. Guest speakers Dan DeCloss, CTO and founder of PlexTrac, and Sarah Foley, VP of […] The post Centralizing Data and Enhancing Workflows: Inside PlexTrac's New Capabilities appeared first on Shared Security Podcast.
Planning to travel to the United States? This episode covers recent travel advisories regarding US border agents searching electronic devices, regardless of your citizenship status. Learn essential tips on smartphone security and how to protect your personal information, especially when attending protests. Scott Wright joins the discussion to provide valuable insights on safeguarding your data. […] The post US Border Searches and Protesting in the Surveillance Age appeared first on Shared Security Podcast.
In this episode, we discuss the urgent need to delete your DNA data from 23andMe amid concerns about the company's potential collapse and lack of federal protections for your personal information. Kevin joins the show to give his thoughts on the Signal Gate scandal involving top government officials, emphasizing the potential risks and lack of […] The post The 23andMe Collapse, Signal Gate Fallout appeared first on Shared Security Podcast.
In this episode, host Tom Eston discusses recent privacy changes on eBay related to AI training and the implications for user data. He highlights the hidden opt-out feature for AI data usage and questions the transparency of such policies, especially in regions without strict privacy laws like the United States. The host also explores how […] The post Understanding Privacy Changes: eBay's AI Policy and The Future of Data Privacy appeared first on Shared Security Podcast.
In this special episode of the Shared Security Podcast, join Tom Eston and Dan DeCloss, CTO and founder of PlexTrac, as they discuss the challenges of data overload in vulnerability remediation. Discover how PlexTrac addresses these issues by integrating various data sources, providing customized risk scoring, and enhancing remediation workflows. The episode offers an insightful […] The post From Spreadsheets to Solutions: How PlexTrac Enhances Security Workflows appeared first on Shared Security Podcast.
In part one of our three part series with PlexTrac, we address the challenges of data overload in vulnerability remediation. Tom hosts Dahvid Schloss, co-founder and course creator at Emulated Criminals, and Dan DeCloss, CTO and founder of PlexTrac. They share their expertise on the key data and workflow hurdles that security teams face today. […] The post Tackling Data Overload: Strategies for Effective Vulnerability Remediation appeared first on Shared Security Podcast.
In this episode, we discuss whether the Trump administration ordered the U.S. Cyber Command and CISA to stand down on the Russian cyber threat. We also touch on the Canadian tariff situation with insights from Scott Wright. Additionally, we discuss the recent changes to Firefox's privacy policy and what it means for user data. ** […] The post Trump Administration and the Russian Cyber Threat, Firefox Privacy Changes appeared first on Shared Security Podcast.
In this episode, Kevin and Tom discuss current events including the latest developments with DOGE and the significant changes happening at the Cybersecurity and Infrastructure Security Agency (CISA). They also touch on Apple's decision to refuse creating backdoors for encryption, setting a new precedent in digital security. Tune in for an insightful discussion on the […] The post Cybersecurity Impact of DOGE, Apple's Stand Against Encryption Backdoors appeared first on Shared Security Podcast.
In this episode, we welcome cybersecurity researcher and YouTube legend John Hammond. John shares insights from his career at Huntress and his popular YouTube channel, where he creates educational content on cybersecurity. He introduces his new platform, Just Hacking Training, aimed at providing affordable, high-quality training. John also discusses current trends in cybercrime, the role […] The post Cybersecurity Insights with John Hammond: YouTube Legend and Security Researcher appeared first on Shared Security Podcast.
In this episode, we discuss the UK government's demand for Apple to create a secret backdoor for accessing encrypted iCloud backups under the Investigatory Powers Act and its potential global implications on privacy. We also discuss the first known case where AI chatbots were used in a stalking indictment, highlighting the dangers of technology misuse […] The post UK's Secret Apple Backdoor Request, AI Chatbots Used For Stalking appeared first on Shared Security Podcast.
In this episode we welcome Kathleen Smith, CMO of ClearedJobs.net, to discuss the current state of the cybersecurity job market. Kathleen shares her extensive experience in the field, recounting her tenure in various cybersecurity events and her contributions to job market research and recruiting. She discusses challenges such as distinguishing between genuine workforce shortages and […] The post Careers in Cybersecurity: Myths and Realities with Kathleen Smith appeared first on Shared Security Podcast.
In this episode, we explore the rollout of digital driver's licenses in states like Illinois and the potential privacy issues that come with them. Can digital IDs truly enhance convenience without compromising your privacy? We also discuss the new Chinese AI model, DeepSeek, which is affecting U.S. tech companies' stock prices. Join us as we […] The post Privacy Concerns with Digital Driver's Licenses, The Rise of DeepSeek AI appeared first on Shared Security Podcast.
In this episode, we discuss the latest issues with data brokers, focusing on a breach at Gravy Analytics that leaked 30 million location data points online. We also explore a vulnerability in Subaru's Starlink system that allows unrestricted access to vehicle controls and customer data using just a last name and license plate number. Co-host […] The post Gravy Analytics Breach, Subaru Starlink Vulnerability Exposed appeared first on Shared Security Podcast.
In this episode, we explore Meta's recent decision to replace traditional fact-checking with community notes and its potential impact on misinformation. We also discuss the implications of a TikTok ban in the U.S., with users migrating to similar apps like RedNote. The conversation covers the challenges of maintaining reliable information in social media and the […] The post Meta Ditches Fact-Checking for Community Notes, RedNote and the TikTok Ban appeared first on Shared Security Podcast.
Do you ever read the privacy policy of your favorite AI tools like ChatGPT, Gemini, or Claude? In this episode, Scott Wright and Tom Eston discuss the critical aspects of these policies, comparing how each AI engine handles your personal data. They explore the implications of data usage, security, and privacy in AI, with insights […] The post AI Privacy Policies: Unveiling the Secrets Behind ChatGPT, Gemini, and Claude appeared first on Shared Security Podcast.
Join us as we reminisce about Y2K, the panic, the preparations, and the lessons learned 25 years later. We also discuss the implications for future technology like AI and potential cybersecurity crises. Plus, in our ‘Aware Much' segment, Scott shares tips on protecting your data if your phone is stolen. Happy New Year and welcome […] The post Reflecting on Y2K: Lessons for the Next Tech Crisis and AI Safety appeared first on Shared Security Podcast.
In the final episode of the Shared Security Podcast for 2024, join us as we recap our predictions for the year, discuss what we got right and wrong, and highlight our top episodes on YouTube. We also extend a heartfelt thank you to our Patreon supporters and special guests. Plus, stay tuned for our predictions […] The post 2024 Year in Review: What We Got Right and Looking to 2025 appeared first on Shared Security Podcast.
In this episode Tom, Scott, and Kevin discuss the vulnerabilities of digital license plates and the potential for hackers to exploit them. They explain what digital license plates are and how they work. The ‘Aware Much?' segment covers the topic of suspicious text messages and why you should avoid responding to unknown senders. The team […] The post Digital License Plate Vulnerabilities, How to Avoid New Text Message Scams appeared first on Shared Security Podcast.
In Episode 359 of the Shared Security Podcast, the team examines a shocking hack-for-hire operation alleged to target over 500 climate activists and journalists, potentially involving corporate sponsorship by ExxonMobil. They explore the intricate layers of this multifaceted campaign and the broader implications on security risk assessments. Additionally, Scott discusses the massive Salt Typhoon hacking […] The post Hack-for-Hire Campaign Targeting Climate Activists, Government Hypocrisy on Encryption appeared first on Shared Security Podcast.
Join us for an insightful episode of the Shared Security Podcast as Tanya Janca returns for her fifth appearance. Discover the latest on her new book about secure coding, exciting updates in Application Security, and the use of AI in security. Learn how her new book goes deeper into secure coding practices, backed by her […] The post Tanya Janca on Secure Coding, AI in Cybersecurity, and Her New Book appeared first on Shared Security Podcast.
In this episode, we discuss Australia's new legislation banning social media for users under 16 and its potential impact. Our hosts also explore the issue of vishing (voicemail phishing), why it's escalating, particularly during the holiday season, and how to protect yourself against these scams. Plus, we celebrate a milestone on our YouTube channel and […] The post Australia Bans Social Media for Kids, Holiday Vishing Scams appeared first on Shared Security Podcast.
In Episode 356, Tom and Kevin discuss the increasing role of deepfake technology in bypassing biometric checks, accounting for 24 percent of fraud attempts. The show covers identity fraud issues and explores the controversial practices of data brokers selling location data, including tracking US military personnel. The conversation shifts to social media platforms Twitter, Blue […] The post Deepfake Fraud, Data Brokers Tracking Military Personnel appeared first on Shared Security Podcast.
In episode 355, Tom discusses his decision to deactivate his Twitter accounts due to privacy concerns with Twitter's new AI policy and changes in the blocking features. He outlines the steps for leaving Twitter, including how to archive and delete tweets, and evaluates alternative platforms such as Bluesky, Mastodon, and Threads for cybersecurity professionals seeking […] The post Why It's Time to Leave Twitter appeared first on Shared Security Podcast.
In episode 354, we discuss the emergence of the term ‘Advanced Persistent Teenagers' (APT) as a “new” cybersecurity threat. Recorded just before the election, the hosts humorously predict election outcomes while exploring the rise of teenage hackers responsible for major breaches. The episode also covers a notable Okta vulnerability that allowed someone to login without […] The post Advanced Persistent Teenagers, Okta Bug Allowed Logins Without a Correct Password appeared first on Shared Security Podcast.
In episode 353, we discuss the February 2024 ransomware attack on Change Healthcare, resulting in the largest data breach of protected health information in history. Notifications have been sent to 100 million Americans, including hosts Tom and Kevin. We explore the implications of this significant breach and whether paying ransoms is a viable solution. In […] The post Fallout from the Change Healthcare Breach, Mortgage Wire Fraud What You Need To Know appeared first on Shared Security Podcast.
In this episode, we discuss the significant data breach at the Internet Archive, affecting 33 million users. We also examine the introduction of an AI-integrated toilet camera by Throne, designed for health monitoring by analyzing bodily waste, and the ensuing privacy concerns. We explore these technological advancements alongside other unusual tech innovations, touching upon security […] The post Internet Archive Hacked, Introducing The AI Toilet Camera appeared first on Shared Security Podcast.
In episode 351, hosts Tom and Scott explore an unusual incident where robot vacuums were hacked to shout obscenities, exposing significant IoT security issues. The discussion includes the mechanics of the Bluetooth hack and its broader cybersecurity implications. Additionally, the ‘Aware Much?' segment reveals the world of hidden printer tracking dots, used for tracing document […] The post Hacked Robot Vacuums, Secret Printer Tracking Dots appeared first on Shared Security Podcast.
In the milestone 350th episode of the Shared Security Podcast, the hosts reflect on 15 years of podcasting, and the podcast's evolution from its beginnings in 2009. They discuss the impact of a current hurricane on Florida, offering advice on using iPhone and Android satellite communication features during emergencies. The ‘Aware Much' segment focuses on […] The post Emergency Satellite Messaging, Stagnation in User Cybersecurity Habits appeared first on Shared Security Podcast.
In this episode, the hosts discuss a significant vulnerability found in Kia's web portal that allows remote control of various car features via their app, potentially enabling unauthorized unlocking and tracking. The conversation highlights the broader issue of web vulnerabilities in the automotive industry. Also covered are NIST's updated password guidelines, eliminating complexity rules and […] The post Kia Security Flaw Exposed, NIST's New Password Guidelines appeared first on Shared Security Podcast.
In episode 348, Tom and Scott discuss Discord's new end-to-end encryption for audio and video calls, involving the DAVE Protocol, third-party vetting by Trail of Bits, and its impact on users. They also address LinkedIn's controversial move to automatically opt users into using their data to train AI models without initial consent, suggestions for opting […] The post Discord's New End-to-End Encryption, LinkedIn Using Your Data for AI Training appeared first on Shared Security Podcast.
In Episode 347, we discuss the recent alarming incidents involving exploding pagers targeting Hezbollah operatives in Lebanon, which resulted in multiple casualties. We clarify why this is not a cyber attack and should not cause widespread panic about personal device safety. Additionally, we cover Instagram's new policies to default teen accounts to private and the […] The post Supply Chain Sabotage: The Exploding Pager Incident, Instagram's New Teen Privacy Measures appeared first on Shared Security Podcast.
In episode 346, we discuss new AI-driven voicemail scams that sound convincingly real and how to identify them. We also explore recent research on the privacy concerns surrounding donations to political parties through their websites. Additionally, we celebrate the 15th anniversary of the podcast and share some reflections and fun facts about the journey. Join […] The post The Rise of AI Voicemail Scams, Political Donation Privacy Concerns appeared first on Shared Security Podcast.
This week, we discuss a critical SQL injection vulnerability discovered in an app used by the TSA, raising ethical questions about responsible disclosure. Plus, we shed light on the alarming rise of Bitcoin ATM scams exploiting older adults, providing essential tips to protect your loved ones from these devious schemes. Tune in for unique insights […] The post Shocking SQL Injection in TSA App, Bitcoin ATM Scams Targeting Seniors appeared first on Shared Security Podcast.
In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app's encryption claims. Is Telegram truly an encrypted messaging app? Joining the conversation is co-host Kevin Johnson, bringing his trademark opinions. We also talk about some intriguing documentaries, including ‘LulaRich' about the LuLaRoe leggings company and ‘Class […] The post Telegram is NOT an Encrypted Messaging App, Must-See Documentaries appeared first on Shared Security Podcast.
This week, we discuss Google's recent accusation by the U.S. Justice Department for being a monopoly and its implications for privacy and cybersecurity. We also cover essential privacy settings for Alexa smart speakers and their importance. Join the hosts, Tom, Kevin, and Scott, for an engaging conversation on these topics, along with a segment from […] The post Google's Monopoly: The Debate Heats Up, Amazon Alexa Privacy Tips appeared first on Shared Security Podcast.
In episode 342, we discuss the effectiveness of people-search removal tools like DeleteMe and Reputation Defender, based on a study by Consumer Reports. We also cover how almost every American's social security number has potentially been stolen by hackers and shared on the dark web. Scott and Tom talk about the importance of protecting your […] The post The Inefficiency of People-Search Removal Tools, Massive Data Breach Impacting U.S. Citizens appeared first on Shared Security Podcast.
Join us for this special live edition of the Shared Security Podcast, recorded in scorching Las Vegas at Black Hat 2024. Host Tom Eston is joined by Shourya Pratap Singh, Principal Software Engineer at SquareX. They discuss highlights from Black Hat 2024, emerging themes in cybersecurity such as AI-based threats, compliance, and cloud security. The […] The post Exploring Cybersecurity Trends at Black Hat 2024 with Shourya Pratap Singh from SquareX appeared first on Shared Security Podcast.
In episode 341, we cover the unprecedented global IT outage caused by a CrowdStrike update crash, affecting 8.5 million Windows machines. We discuss whether it's the largest outage in history and discuss the intricacies of internet accessibility and responses from key stakeholders like Microsoft. Also, in our Aware Much segment, we explore Japan's AI system, […] The post The Great CrowdStrike Crash, AI's Role in Employee Smiles appeared first on Shared Security Podcast.
In this episode, Tom Eston hosts Jeswin Mathai, Chief Architect at SquareX. This episode is part two of a series featuring SquareX, and Jeswin takes a deeper look into their cybersecurity solutions. Jeswin shares his extensive experience in the field and details how SquareX offers innovative protections at the browser level to guard against phishing […] The post How SquareX is Redefining Web Security: An In-Depth Discussion with Chief Architect Jeswin Mathai appeared first on Shared Security Podcast.
In this episode, host Tom Eston welcomes Dan DeCloss, founder and CTO of PlexTrac. They exchange insights about their history at Veracode and explore Dan's journey in cybersecurity. Dan shares his experience in penetration testing, the origins of PlexTrac, and the need to streamline reporting processes. The conversation also covers the state of the cybersecurity […] The post Deepfakes, AI, and the Future of Cybersecurity: Insights from Dan DeCloss of PlexTrac appeared first on Shared Security Podcast.
In episode 339, hosts Tom Eston and Scott Wright discuss the massive AT&T data breach affecting 110 million customers, which is larger than a previous breach from March affecting 73 million customers. They also talk about the importance of reading privacy policies on sites like Facebook and Instagram, as these platforms may use user data […] The post Massive AT&T Data Breach Impact, Meta's Privacy Policy Updates appeared first on Shared Security Podcast.
In episode 338, we discuss the recent breach of the two-factor authentication provider Authy and its implications for users. We also explore a massive password list leak titled ‘Rock You 2024' that has surfaced online. Find out why this file may not be as significant as it seems and the importance of avoiding password reuse. […] The post Authy Breach: What It Means for You, RockYou 2024 Password Leak appeared first on Shared Security Podcast.
In episode 337, we cover “broken” news about the new SSH vulnerability ‘regreSSHion‘ highlighting the vulnerability discovered in the OpenSSH protocol by Qualys and its implications. We then discuss the Detroit Police Department's new guidelines on facial recognition technology following a lawsuit over a wrongful arrest due to misidentification, shedding light on the broader issues […] The post Critical SSH Vulnerability, Facial Recognition Flaws, How to Safely Dispose of Old Devices appeared first on Shared Security Podcast.