Podcasts about account takeover

  • 69PODCASTS
  • 140EPISODES
  • 31mAVG DURATION
  • 1EPISODE EVERY OTHER WEEK
  • May 13, 2025LATEST

POPULARITY

20172018201920202021202220232024


Best podcasts about account takeover

Latest podcast episodes about account takeover

The Purposeful Banker
Fighting Account Takeover and Email Compromise in Business Banking

The Purposeful Banker

Play Episode Listen Later May 13, 2025 25:45


Listeners, give us your feedback to help us make The Purposeful Banker more meaningful for you! Take our brief, 10-question survey at q2.com/podsurvey  In this episode of The Purposeful Banker, Sara Seguin from Alloy joins Jim Young to talk about the increasing threat of account takeover and email compromise and how financial institutions can help their business customers fight back. Related Links Sarah's LinkedIn https://www.linkedin.com/in/saraseguin/ Ongoing Fraud Monitoring from Q2 https://hub.q2.com/product-overview/ongoing-fraud-monitoring    

Hacking Humans
account takeover prevention (noun) [Word Notes]

Hacking Humans

Play Episode Listen Later Apr 1, 2025 6:23


Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim.  CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention

Word Notes
account takeover prevention (noun)

Word Notes

Play Episode Listen Later Apr 1, 2025 6:23


Enjoy this encore of Word Notes. The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim.  CyberWire Glossary link: https://thecyberwire.com/glossary/account-takeover-prevention Learn more about your ad choices. Visit megaphone.fm/adchoices

The Voice of Retail
Transform Your Fraud Prevention Strategy: Yale Holder, VP of Customer Experience at Moneris, Shares Trends & Expert Tips

The Voice of Retail

Play Episode Listen Later Mar 21, 2025 30:01


In the latest episode of The Voice of Retail, host Michael LeBlanc speaks with Yale Holder, Vice President of Customer Experience at Moneris, about emerging retail fraud prevention trends and strategies for payment security. Drawing on Moneris' extensive transaction data—covering billions of annual payments—Yale explains how fraud cases in 2024 dropped by 15% overall, primarily due to increased awareness and more widespread adoption of secure payment technologies. Despite this good news, he notes that the real challenge lies in underreported incidents, signalling that fraud may still be more prevalent than official numbers suggest.Moneris Fraud Resourceshttps://www.moneris.com/en/solutions/fraud-prevention/resourcesA key issue is mail order and telephone order (MOTO) fraud, which accounts for 62% of reported cases. According to Yale, criminals gravitate toward the easiest targets, and card-not-present transactions remain especially vulnerable. He recommends that retailers of all sizes adopt secure online gateways for phone or email orders rather than manually keying in credit card numbers. Yale also highlights how modern point-of-sale systems, such as Moneris' new generation of devices, have built-in tools—like secure payment links—that help small businesses reduce fraud exposure.While online fraud decreases thanks to built-in multi-factor authentication and centralized security measures, in-person fraud rises through “crimes of opportunity.” One growing concern is refund fraud involving stolen terminals, representing nearly a third of reported cases. Yale urges retailers to implement strong password protection on every terminal and to store portable devices securely. He underscores that these simple, often-overlooked steps can dramatically reduce refund fraud and terminal theft.Regional insights reveal that Ontario leads with around 40% of reported fraud due to higher transaction volumes, followed by Quebec at 30%. Saskatchewan stands out for its high incidence of employee refund fraud, emphasizing the need for tighter controls and individual employee logins. Meanwhile, Alberta shows an uptick in account takeover, underscoring the importance of guarding personal and business information against phishing attacks.Throughout the conversation, Yale returns to a central theme: proactive fraud prevention is far less costly than remedial action. He stresses immediate reporting of suspicious activity and diligent monitoring of transactions, enabling acquirers like Moneris to reverse or block fraudulent payments. From robust password protocols to leveraging secure e-commerce gateways, Yale's guidance provides retailers with clear, actionable strategies to safeguard revenue and maintain consumer trust. Ultimately, the episode serves as both a wake-up call and a resource for merchants seeking to stay ahead in the evolving world of retail fraud. Michael LeBlanc is the president and founder of M.E. LeBlanc & Company Inc, a senior retail advisor, keynote speaker and now, media entrepreneur. He has been on the front lines of retail industry change for his entire career. Michael has delivered keynotes, hosted fire-side discussions and participated worldwide in thought leadership panels, most recently on the main stage in Toronto at Retail Council of Canada's Retail Marketing conference with leaders from Walmart & Google. He brings 25+ years of brand/retail/marketing & eCommerce leadership experience with Levi's, Black & Decker, Hudson's Bay, CanWest Media, Pandora Jewellery, The Shopping Channel and Retail Council of Canada to his advisory, speaking and media practice.Michael produces and hosts a network of leading retail trade podcasts, including the award-winning No.1 independent retail industry podcast in America, Remarkable Retail with his partner, Dallas-based best-selling author Steve Dennis; Canada's top retail industry podcast The Voice of Retail and Canada's top food industry and one of the top Canadian-produced management independent podcasts in the country, The Food Professor with Dr. Sylvain Charlebois from Dalhousie University in Halifax.Rethink Retail has recognized Michael as one of the top global retail experts for the fifth year in a row, the National Retail Federation has designated Michael as on their Top Retail Voices for 2025, Thinkers 360 has named him on of the Top 50 global thought leaders in retail, RTIH has named him a top 100 global though leader in retail technology and Coresight Research has named Michael a Retail AI Influencer. If you are a BBQ fan, you can tune into Michael's cooking show, Last Request BBQ, on YouTube, Instagram, X and yes, TikTok.Michael is available for keynote presentations helping retailers, brands and retail industry insiders explaining the current state and future of the retail industry in North America and around the world.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast
SANS Stormcast Wednesday Mar 5th: SMTP Credential Hunt; mac-robber.py update; ADSelfService Plus Account Takeover; Android Patch Day; PayPal Scams; VMWare Escape Fix

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

Play Episode Listen Later Mar 5, 2025 6:11


Romanian Distillery Scanning for SMTP Credentials A particular attacker expanded the scope of their leaked credential file scans. In addition to the usual ".env" style files, it is not looking for specific SMTP related credential files. https://isc.sans.edu/diary/Romanian%20Distillery%20Scanning%20for%20SMTP%20Credentials/31736 Tool Updates: mac-robber.py This update of mac-robber.py fixes issues with symlinks. https://isc.sans.edu/diary/Tool%20update%3A%20mac-robber.py/31738 CVE-2025-1723 Account takeover vulnerability in ADSelfService Plus CVE-2025-1723 describes a vulnerability caused by session mishandling in ADSelfService Plus that could allow unauthorized access to user enrollment data when MFA was not enabled for ADSelfService Plus login. https://www.manageengine.com/products/self-service-password/advisory/CVE-2025-1723.html Android March Update Google released an update for Android addressing two already exploited vulnerabilities and several critical issues. https://source.android.com/docs/security/bulletin/2025-03-01 PayPal's no-code-checkout Abuse Attackers are using PayPal's no-code-checkout feature is being abused by scammers to host PayPal tech support scam pages right within the PayPal.com domain. https://www.malwarebytes.com/blog/scams/2025/02/paypals-no-code-checkout-abused-by-scammers Broadcom Fixes three VMWare VCenter Vulnerabilities https://github.com/vmware/vcf-security-and-compliance-guidelines/tree/main/security-advisories/vmsa-2025-0004

Cybercrime Magazine Podcast
Cybercrime News For Feb. 12, 2025. Hacker Pleads Guilty in SEC Account Takeover. WCYB Digital Radio.

Cybercrime Magazine Podcast

Play Episode Listen Later Feb 12, 2025 2:38


The Cybercrime Magazine Podcast brings you daily cybercrime news on WCYB Digital Radio, the first and only 7x24x365 internet radio station devoted to cybersecurity. Stay updated on the latest cyberattacks, hacks, data breaches, and more with our host. Don't miss an episode, airing every half-hour on WCYB Digital Radio and daily on our podcast. Listen to today's news at https://soundcloud.com/cybercrimemagazine/sets/cybercrime-daily-news. Brought to you by our Partner, Evolution Equity Partners, an international venture capital investor partnering with exceptional entrepreneurs to develop market leading cyber-security and enterprise software companies. Learn more at https://evolutionequity.com

IBS Intelligence Podcasts
EP796: Solving cybersecurity – how cyber fusion centres can help

IBS Intelligence Podcasts

Play Episode Listen Later Dec 11, 2024 12:23


Ravi Yadav, Global Head, Cybersecurity Business Unit, Tata Consultancy Services (TCS)Banks and financial services firms are turning to next-gen security solutions to better protect themselves and their customers. Ravi Yadav of TCS reviews the biggest cyber threats banks are now facing and tells Robin Amlôt of IBS Intelligence how cyber fusion centres, merging security and fraud staff, processes and technologies, may provide an answer.

Out of the Woods: The Threat Hunting Podcast
S3 Ep11: Attack Away, Same Tricks Will Stay

Out of the Woods: The Threat Hunting Podcast

Play Episode Listen Later Dec 10, 2024 37:00


Top Headlines: Embrace The Red | DeepSeek AI: From Prompt Injection to Account Takeover: https://embracethered.com/blog/posts/2024/deepseek-ai-prompt-injection-to-xss-and-account-takeover/ Huntress | Cleo Software Actively Being Exploited in the Wild: https://www.huntress.com/blog/threat-advisory-oh-no-cleo-cleo-software-actively-being-exploited-in-the-wild Zscaler | Unveiling RevC2 and Venom Loader: https://www.zscaler.com/blogs/security-research/unveiling-revc2-and-venom-loader Cyble | Threat Actor Targets Manufacturing Industry with Malware: https://cyble.com/blog/threat-actor-targets-manufacturing-industry-with-malware/?&web_view=true ---------- Stay in Touch! Twitter: https://twitter.com/Intel471Inc LinkedIn: https://www.linkedin.com/company/intel-471/ YouTube: https://www.youtube.com/channel/UCIL4ElcM6oLd3n36hM4_wkg Discord: https://discord.gg/DR4mcW4zBr Facebook: https://www.facebook.com/Intel471Inc/

CarahCast: Podcasts on Technology in the Public Sector
Safeguarding Public Sector Data with Trusona Passkey Authentication

CarahCast: Podcasts on Technology in the Public Sector

Play Episode Listen Later Sep 9, 2024 22:08


Listen to the Trusona passkey authentication podcast to learn from cybersecurity experts as they discuss robust phishing defense tactics and passwordless authentication solutions. Explore how your organization can leverage advanced password security software to enhance sign-in processes, effectively mitigating the evolving risks of GenAI by detecting impersonation fraud and account takeover attacks early.

Category Visionaries
Ori Eisen, CEO & Founder of Trusona: $38 Million Raised to Power the Future of Account Takeover Prevention

Category Visionaries

Play Episode Listen Later Aug 18, 2024 39:20


Welcome to another episode of Category Visionaries — the show that explores GTM stories from tech's most innovative B2B founders. In today's episode, we're speaking with Ori Eisen, CEO & Founder of Trusona, an account takeover prevention platform that has raised $38 Million in funding. Here are the most interesting points from our conversation: Persistence Pays Off: Ori's relentless pursuit of Frank Abagnale for mentorship and his insistence on John Doerr's presence at a crucial pitch meeting exemplify his "never take no for an answer" attitude. Creative Marketing Strategies: Ori emphasizes the importance of standing out in the crowded cybersecurity market by using unconventional and memorable marketing tactics. First-Party Data Focus: Trusona's strength lies in using first-party data to verify user identities, which Ori believes is crucial in the age of AI-driven fraud. Real Vacation Culture: Ori advocates for founders to take real vacations to recharge and avoid burnout, providing a detailed process for effectively disconnecting from work. Security Through Innovation: Ori's development of computer fingerprinting and other technologies showcases his innovative approach to solving complex security problems. Challenging Conventional Wisdom: Ori often goes against traditional Silicon Valley advice, focusing instead on what he believes will truly benefit his company and its mission.   //   Sponsors: Front Lines — We help B2B tech companies launch, manage, and grow podcasts that drive demand, awareness, and thought leadership. www.FrontLines.io The Global Talent Co. — We help tech startups find, vet, hire, pay, and retain amazing marketing talent that costs 50-70% less than the US & Europe.  www.GlobalTalent.co

IBS Intelligence Podcasts
EP741: Fraud is not just a nuisance but a significant economic threat!

IBS Intelligence Podcasts

Play Episode Listen Later Aug 15, 2024 8:26


Liran Amrany, Partner, Team8Fraud is projected to exceed $250 billion by 2031. The FinTech sector faces a crucial challenge in advancing its fraud prevention strategies. Evolving market dynamics offer fertile ground for emerging fraud tech unicorns. Liran Amrany, a Partner at Team8's FinTech foundry, helps portfolio companies launch new products and businesses. Robin Amlôt of IBS Intelligence speaks to him about the challenges posed by fraud in financial services. 

Cyber Morning Call
601 - 0.0.0.0 Day flaw, Earth Baku e PoC público pra vuln crítica no Cisco SSM ON-PREM

Cyber Morning Call

Play Episode Listen Later Aug 9, 2024 5:41


[Referências do Episódio] 0.0.0.0 Day: Exploiting Localhost APIs From the Browser - https://www.oligo.security/blog/0-0-0-0-day-exploiting-localhost-apis-from-the-browser  A Dive into Earth Baku's Latest Campaign - https://www.trendmicro.com/en_us/research/24/h/earth-baku-latest-campaign.html  CVE-2024-20419 - Cisco Smart Software Manager On-Prem Password Change Vulnerability - https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cssm-auth-sLw3uhUy  Best Practices for Cisco Device Configuration - https://www.cisa.gov/news-events/alerts/2024/08/08/best-practices-cisco-device-configuration  REPLAY: Revisiting Play Ransomware Anti-Analysis Techniques - https://www.netskope.com/blog/replay-revisiting-play-ransomware-anti-analysis-techniques  Unmasking the Overlap Between Golddigger and Gigabud Android Malware - https://cyble.com/blog/unmasking-the-overlap-between-golddigger-and-gigabud-android-malware/  Double Trouble: Latrodectus and ACR Stealer observed spreading via Google Authenticator Phishing Site - https://cyble.com/blog/double-trouble-latrodectus-and-acr-stealer-observed-spreading-via-google-authenticator-phishing-site/  Black Hat USA 2024: AWS ‘Bucket Monopoly' Flaw Led to Account Takeover - https://hackread.com/black-hat-usa-2024-aws-bucket-monopoly-account-takeover/ Black Hat USA 2024: Chip Flaw ‘GhostWrite' Steals Data from CPU Memory - https://hackread.com/black-hat-usa-2024-chip-flaw-ghostwrite-data-cpu-memory/  Roteiro e apresentação: Carlos Cabral e Bianca Oliveira Edição de áudio: Paulo Arruzzo Narração de encerramento: Bianca Garcia

Criminal Thoughts
Account Takeover Protection and the Latest in Cybersecurity (ft. Ori Eison)

Criminal Thoughts

Play Episode Listen Later Jul 9, 2024 66:59


Today, we sit down with Ori Eisen, CEO of Trusona, to explore the cutting-edge world of cybercrime and account takeovers. Ori shares his journey from early fraud prevention to pioneering innovative security solutions.Discover how Trusona's ATO Protect revolutionizes ID verification by directly accessing DMV records, making it almost impossible for fraudsters to succeed. Watch as we demonstrate this powerful tool in real-time, showcasing its effectiveness against identity theft and sophisticated attacks.Learn about the evolving tactics of cybercriminals, the role of AI in creating fake identities, and practical tips to protect yourself and your business. Ori's insights and Trusona's technology offer a compelling glimpse into the future of cybersecurity.Join us for this eye-opening discussion, and don't forget to like, comment, and subscribe for more episodes of Criminal Thoughts! Follow more of Brett: https://www.thebrettjohnsonshow.com Watch Brett Johnson on the Lex Friedman Podcast: https://www.youtube.com/watch?v=cC1LFC0KFSw&t=3s Watch Brett Johnson on the Jordan B Peterson Podcast: https://www.youtube.com/watch?v=cz0GVLzzYlg ABOUT BRETT Brett Johnson. Former U.S. Most Wanted Cybercriminal. Now Good Guy. The United States Secret Service called Mr. Johnson "The Original Internet Godfather" for his role in refining modern financial cybercrime. Or to put it another way: Brett was convicted of 39 felonies, placed on the U.S. Most Wanted List, escaped from prison, and… he built the first organized cybercrime community, Shadowcrew was a precursor to today's darknet and darknet markets, and it laid the foundation for the way modern cybercrime channels operate today. Johnson was sentenced to 90 months in Federal Prison. End of story? Not hardly. Brett found redemption through his sister, his wife Michele, and finally the FBI. He was given the chance to turn his life around. He took it. Today, Brett is considered one of the leading authorities on cybercrime, identity theft, and cybersecurity on the planet. He works hard to protect businesses and consumers from the type of person he used to be.

The Lending Link
Founder and CEO of Kevari Shares Insights on Combating New Account and Account Takeover Fraud

The Lending Link

Play Episode Listen Later Jun 24, 2024 51:15


In this episode of The Lending Link, host Rich Alterman sits down with Adam Elliott, the CEO and Founder of Kevari, to delve into the critical issue of identity fraud and its evolving complexities. Adam begins by sharing his journey from holding senior roles at Check Systems to founding Kevari, a leading identity fraud prevention company that combines machine learning with consortium velocity and identity networks to detect fraud in real-time. He explains the reasoning behind rebranding from ID Insight to Kevari, aiming to convey strength and technological innovation. Adam also shares his optimistic outlook on the future of fraud prevention, emphasizing the potential of emerging technologies and data networks to turn the tide in the ongoing battle against fraud. Tune in now!

IBS Intelligence Podcasts
EP703: What are the top trends in payments for 2024/2025?

IBS Intelligence Podcasts

Play Episode Listen Later May 8, 2024 14:43


Romain Mazeries, Chief Executive Officer, MangopayPayments business Mangopay was launched in 2013. Two years later it was acquired by French bank Crédit Mutuel Arkéa and in 2022 was purchased by private equity firm Advent International. The takeover of Nethone followed, adding cybercrime protection to Mangopay's suite of services, and this was itself followed by the purchase of Irish payments startup WhenThen. Mangopay offers modular payments infrastructure for eCommerce platforms and online marketplaces. Robin Amlôt of IBS Intelligence speaks to Romain Mazeries, Chief Executive Officer of Mangopay about trends in payments for 2024 and 2025. 

Cyber Crime Junkies
Innovative Ways to Reduce Website Spoofing

Cyber Crime Junkies

Play Episode Listen Later Apr 25, 2024 60:14 Transcription Available


After years in the industry, inventing and exploring emerging technologies, Gideon Hazam, Co-Founder, COO and CSM at Memcyco, https://www.memcyco.com/home found a way to solve a problem outside the normal cybersecurity approaches. He joins us behind the scenes to discuss innovative ways to reduce website spoofing.  Key Topics:new ways to reduce cyber risks in financial institutions,ways to prevent account take overs,innovative ways to reduce website spoofing, latest types of phishing, dangers of website spoofing, social engineering attacks against financial institutions,Chapters01:09 The Importance of Brand Protection04:01 The Impact of COVID-19 on Cybercrime06:28 Methods of Website Spoofing08:37 Account Takeover and Phishing09:30 Current Solutions and Challenges20:13 Expanding to Other Industries24:38 Alerting the Original Brand and Customers26:19 Real-Time Detection of Spoofed Sites27:46 Customer Alerts and Integration with Security Operations Centers30:51 Introduction to Memsico and its Integration with Risk and Fraud33:25 Challenges Faced by Organizations in Impersonation Attacks35:38 Focus on Brand Reputation and Customer Trust36:34 The Need for Protection Against Spoofing Attacks46:15 Marking and Tracing Stolen Credentials48:04 Uniqueness of Memsico and Patented Technology49:14 The Three Parts of Memsico's Platform: Detection, Protection, and ActionTry KiteWorks today at www.KiteWorks.comDon't Miss our Video on this Exciting KiteWorks Offer! Try KiteWorks today at www.KiteWorks.comDon't miss this Video on it!The Most Secure Managed File Transfer System. Watch Video Episodes! And Please...Subscribe to our YouTube Channel. Want to help us out? Leave us a 5-Star review on Apple Podcast Reviews. Submit Your Questions Direct and Find out more www.CyberCrimeJunkies.com Stay up-to-date on Cybersecurity with VIGILANCE Newsletter. Want Gear? We love our Small Business Sponsor, BlushingIntrovert.com. has it all. Women's clothing, cool accessories supporting Mental Health Research. https://blushingintrovert.com

Mundo Financiero Seguro
Riesgos y Mitigación del Account Takeover

Mundo Financiero Seguro

Play Episode Listen Later Apr 1, 2024 29:55 Transcription Available


En este episodio exploraremos los riesgos del account takeover, un tipo de ataque que ha proliferado con el creciente papel de la digitalización en la sociedad moderna. Dado que el factor humano es crucial para prevenir este tipo de fraude, es fundamental utilizar de manera adecuada las tecnologías disponibles para mitigar y anticiparse a estos ataques. 

Day[0] - Zero Days for Day Zero
[bounty] A GitLab Account Takeover and a Coldfusion RCE

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Jan 16, 2024 34:36


A short bounty episode featuring some logical bugs in Apache OFBiz, a GitLab Account Takeover, and an unauthenticated RCE in Adobe Coldfusion. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/235.html [00:00:00] Introduction [00:00:20] SonicWall Discovers Critical Apache OFBiz Zero-day [00:11:40] [GitLab] Account Takeover via password reset without user interactions [00:24:05] Unauthenticated RCE in Adobe Coldfusion [CVE-2023-26360] [00:35:08] No new iPhone? No secure iOS: Looking at an unfixed iOS vulnerability [00:36:45] How we made $120k bug bounty in a year with good automation The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Golden 1 Credit Union - Financial Wellness
Cybersecurity Insights: Safeguarding Your Assets in a Digital World

Golden 1 Credit Union - Financial Wellness

Play Episode Listen Later Nov 8, 2023 26:24


In an increasingly connected world, the need for robust cybersecurity practices has never been more important. Join us as we discuss practical, up-to-date cybersecurity tips and best practices. Don't miss this opportunity to fortify your digital defenses and stay one step ahead of cyber threats. 

It's 5:05! Daily cybersecurity and open source briefing
Episode #260: Edwin Kwan: OAuth Implementation Flaw Allowing Account Takeover; Marcel Brown: This Day in Tech History; Katy Craig: HTTP/2 RapidReset Attack; Olimpiu Pop: HTTP/2 RapidReset: Zero-day Vulnerability; Shannon Lietz: RapidReset: How Critical is

It's 5:05! Daily cybersecurity and open source briefing

Play Episode Listen Later Oct 27, 2023 16:25


Free, ungated access to all 260+ episodes of “It's 5:05!” on your favorite podcast platforms: https://bit.ly/505-updates. You're welcome to

It's 5:05! Daily cybersecurity and open source briefing
Episode #210: LinkedIn Account Takeover Campaign; Amazon's palm-scanning tech - an entire universe of possibilities?; CRA: Save Open Source!;Cyber Resiliency Act: Impacts on Open Source; CRA: Why You Should Care

It's 5:05! Daily cybersecurity and open source briefing

Play Episode Listen Later Aug 18, 2023 14:26


It's 5:05! Daily cybersecurity and open source briefing
Episode #209: Cybercrime Forums Selling Personal Information of Hackers; Follow up to AI Red Team Hacking at Defcon; Zero-day in File Transfer Software Leaves Health Data Exposed; LinkedIn Compromised with Account Takeover Campaign

It's 5:05! Daily cybersecurity and open source briefing

Play Episode Listen Later Aug 17, 2023 9:19


IBS Intelligence Podcasts
EP619: Evolving fraud in the digital payments world

IBS Intelligence Podcasts

Play Episode Listen Later Aug 7, 2023 12:25


Gopal Sharma, Chief Product and Technology Officer, Clari5Increasing adoption of digital payments solutions by banks and financial institutions has, inevitably led to rising levels of attempted fraudulent behaviour. We review the precautions necessary – both on the part of the banks and by customers as the threat surface expands. Robin Amlôt of IBS Intelligence speaks to Gopal Sharma, Chief Product and Technology Officer at  financial crime management solutions provider Clari5. 

ITSPmagazine | Technology. Cybersecurity. Society
Anticipating The Next Decade of Bot-Enabled Threats | Exploring 10 Years of Imperva Bad Bot Reports | An Imperva Story With Karl Triebes

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 14, 2023 53:31


In this story on the ITSPmagazine podcast network, hosts Sean Martin and Marco Ciappelli invite guest Karl Triebes to take a look back at 10 years of Bad Bot Reports. Looking forward to the future, they discuss the increasing sophistication of bot attacks, the challenges in detecting them, and the potential damage to businesses and society.As they discuss the evolution of bot attacks in the last decade, they outline the increasing focus on API security, account takeover, and business logic attacks. They also discuss the challenges of detecting bot attacks with the rise of AI. The conversation raises philosophical questions about the future of humanity and the potential damage to businesses and society caused by bot attacks.Note: This story contains promotional content. Learn more.GuestKarl Triebes, SVP and General Manager, Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/karltriebes/On Twitter | https://twitter.com/TriebesResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Download the 2023 Imperva Bad Bot Report: https://itspm.ag/impervv0sgAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Redefining CyberSecurity
Anticipating The Next Decade of Bot-Enabled Threats | Exploring 10 Years of Imperva Bad Bot Reports | An Imperva Brand Story With Karl Triebes

Redefining CyberSecurity

Play Episode Listen Later Jun 14, 2023 53:31


In this story on the ITSPmagazine podcast network, hosts Sean Martin and Marco Ciappelli invite guest Karl Triebes to take a look back at 10 years of Bad Bot Reports. Looking forward to the future, they discuss the increasing sophistication of bot attacks, the challenges in detecting them, and the potential damage to businesses and society.As they discuss the evolution of bot attacks in the last decade, they outline the increasing focus on API security, account takeover, and business logic attacks. They also discuss the challenges of detecting bot attacks with the rise of AI. The conversation raises philosophical questions about the future of humanity and the potential damage to businesses and society caused by bot attacks.Note: This story contains promotional content. Learn more.GuestKarl Triebes, SVP and General Manager, Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/karltriebes/On Twitter | https://twitter.com/TriebesResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Download the 2023 Imperva Bad Bot Report: https://itspm.ag/impervv0sgAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Total Information AM
Social Media Account Takeover

Total Information AM

Play Episode Listen Later May 18, 2023 7:51


Eva Valasquez, Internet Theft Resource Center CEO joins Megan Lynch talking about social media takeovers.   (Photo illustration by Christopher Furlong/Getty Images)

ITSPmagazine | Technology. Cybersecurity. Society
Artificial Intelligence and Machine Learning: The Double-Edged Swords in Fraud Wars | A Conversation with Cem Dilmegani | Redefining CyberSecurity Podcast With Sean Martin

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Apr 4, 2023 52:34


Guest: Cem Dilmegani, Principal Analyst at AIMultiple [@aimultiple]On LinkedIn | https://www.linkedin.com/in/cem-dilmegani/On Twitter | http://twitter.com/dilmegani____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesIn this podcast episode, Cem Dilmegani and Sean Martin discuss the various types of fraud that exist and how machine learning can be utilized by both fraudsters and companies to outsmart each other.The conversation delves into the world of fraud and its impact across various domains, from financial systems to advertising and even healthcare. The discussion highlights how fraudsters are using sophisticated techniques, such as machine learning and automation, to bypass rules-based systems and carry out illicit transactions or manipulate user behavior.The conversation shifts to the financial services industry, where Cem explains how illicit actors might use automation to transfer funds through smaller transactions to avoid detection or bypass sanctions. They also discuss the challenges faced by banks in identifying fraudulent transactions and the complexities involved when dealing with nation-state actors.Sean brings up the concept of open-source intelligence (OSINT) in the cybersecurity world and wonders if there's a similar database for fraud rules and vulnerabilities in the financial world. Cem explains that while OSINT might not be as powerful in the world of fraud, fraudsters can still find ways to exploit systems and bypass controls.Throughout the conversation, intriguing use cases are presented, such as ad fraud in the B2B tech industry, where competitors employ machine-generated clicks and utilize bots to drain marketing budgets, or the concept of "feature fraud," where malicious actors manipulate user feedback to drive companies in the wrong direction.The episode also delves into the challenges faced by the healthcare industry, including insurance fraud, where patients are overcharged for services or billed for therapies they never received. In the financial services realm, fraudsters resort to account takeovers, complex transaction models, and even shell entities to bypass security measures.The discussion also highlights the ever-evolving world of fraud, emphasizing the need for businesses and industries to leverage advanced technologies, like AI and machine learning, to stay ahead of the curve and protect themselves from these sophisticated threats. This episode is a must-listen for anyone interested in understanding the simple complexities of fraud and the countermeasures that can be employed to mitigate its impact.Tune in now and stay ahead of the curve!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist

Redefining CyberSecurity
Artificial Intelligence and Machine Learning: The Double-Edged Swords in Fraud Wars | A Conversation with Cem Dilmegani | Redefining CyberSecurity Podcast With Sean Martin

Redefining CyberSecurity

Play Episode Listen Later Apr 4, 2023 52:34


Guest: Cem Dilmegani, Principal Analyst at AIMultiple [@aimultiple]On LinkedIn | https://www.linkedin.com/in/cem-dilmegani/On Twitter | http://twitter.com/dilmegani____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Episode NotesIn this podcast episode, Cem Dilmegani and Sean Martin discuss the various types of fraud that exist and how machine learning can be utilized by both fraudsters and companies to outsmart each other.The conversation delves into the world of fraud and its impact across various domains, from financial systems to advertising and even healthcare. The discussion highlights how fraudsters are using sophisticated techniques, such as machine learning and automation, to bypass rules-based systems and carry out illicit transactions or manipulate user behavior.The conversation shifts to the financial services industry, where Cem explains how illicit actors might use automation to transfer funds through smaller transactions to avoid detection or bypass sanctions. They also discuss the challenges faced by banks in identifying fraudulent transactions and the complexities involved when dealing with nation-state actors.Sean brings up the concept of open-source intelligence (OSINT) in the cybersecurity world and wonders if there's a similar database for fraud rules and vulnerabilities in the financial world. Cem explains that while OSINT might not be as powerful in the world of fraud, fraudsters can still find ways to exploit systems and bypass controls.Throughout the conversation, intriguing use cases are presented, such as ad fraud in the B2B tech industry, where competitors employ machine-generated clicks and utilize bots to drain marketing budgets, or the concept of "feature fraud," where malicious actors manipulate user feedback to drive companies in the wrong direction.The episode also delves into the challenges faced by the healthcare industry, including insurance fraud, where patients are overcharged for services or billed for therapies they never received. In the financial services realm, fraudsters resort to account takeovers, complex transaction models, and even shell entities to bypass security measures.The discussion also highlights the ever-evolving world of fraud, emphasizing the need for businesses and industries to leverage advanced technologies, like AI and machine learning, to stay ahead of the curve and protect themselves from these sophisticated threats. This episode is a must-listen for anyone interested in understanding the simple complexities of fraud and the countermeasures that can be employed to mitigate its impact.Tune in now and stay ahead of the curve!____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist

Day[0] - Zero Days for Day Zero
[bounty] Facebook Account Takeovers and a vBulletin RCE

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Feb 7, 2023 40:59


Is it possible to escalate a self-XSS into an account takeover? Perhaps, we take a look at some potential options by abusing single-sign on. Then we take a look at a few Facebook/Meta authentication issues, and a deserialization trick to increase the usable classes in PHP. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/185.html [00:00:00] Introduction [00:00:21] Single-Sign On Gadgets: Escalate (Self-)XSS to Account Takeover [00:11:11] Account takeover of Facebook/Oculus accounts due to First-Party access_token stealing [00:14:00] DOM-XSS in Instant Games due to improper verification of supplied URLs [00:18:55] Account Takeover in Canvas Apps served in Comet due to failure in Cross-Window-Message Origin validation [00:29:33] Unserializable, but unreachable: Remote code execution on vBulletin [00:34:54] Lexmark MC3224adwe RCE exploit The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Day[0] - Zero Days for Day Zero
[bounty] CSS Injection and a Google Cloud Project Takeover Bug

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Jan 31, 2023 28:04


Starting off the week strong we have a CSS injection turned full-read SSRF, and a MyBB exploit chain from XSS to server-side code injection. And we've got a couple auth token disclosures to end off the episode. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/183.html [00:00:00] Introduction [00:00:22] Unleashing the power of CSS injection: The access key to an internal API [00:06:50] MyBB

IAFCI Presents... The Protectors
Gone in 60 Seconds: Protect Yourself from Bank Account Takeover Schemes!

IAFCI Presents... The Protectors

Play Episode Listen Later Jan 18, 2023 36:49


In this episode of The Protectors, Mike and Mark delve into the dark world of financial fraud. From sophisticated phishing schemes to insider collusion, we examine the various methods criminals use to steal from banks and their customers. Chris, a subscriber to the podcast, shares his personal story of how he almost became a victim of an attempted bank takeover. Join us as we uncover the secrets of illegal bank takeovers and learn how to protect yourself and your money*** This episode was previously recorded on 11/11/22GUEST CONTACT INFO:Website: IAFCIProtectorspodcast@gmail.comFederal Trade Commission: www.ftc.gov

Day[0] - Zero Days for Day Zero
[bounty] Web Hackers vs. Cars and a Facebook Account Takeover

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Jan 10, 2023 62:33


First episode of the new year, and we've got some cool stuff. Several authentication issues and "class pollution" in Python. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/177.html [00:00:00] Introduction [00:00:31] ReDoS "vulnerabilities" and misaligned incentives [00:17:14] Web Hackers vs. The Auto Industry [00:37:19] Prototype Pollution in Python - Correction: We discuss a bit of a disagreement regarding calling the issue "Prototype Pollution" in Python, turns out we missed the fact the author calls it "Class Pollution" in the actual article which is a more fitting name. [00:50:26] [MK8DX] Improper verification of Competition creation allows to create "Official" competitions [00:56:36] 0 click Facebook Account Takeover and Two-Factor Authentication Bypass [01:01:18] How SAML works and some attacks on it The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Day[0] - Zero Days for Day Zero
[bounty] Pwn2Own Bugs and WAF Bypasses

Day[0] - Zero Days for Day Zero

Play Episode Listen Later Dec 13, 2022 60:30


Is Pwn2Own worth it for bug bounty hunters? A handful of trivial command injections, and some awesome WAF bypasses. Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/175.html [00:00:00] Introduction [00:00:34] Pwn2Own Toronto 2022 - Results [00:10:31] Cool vulns don't live long - Netgear and Pwn2Own [00:15:03] The Last Breath of Our Netgear RAX30 Bugs - A Tragic Tale before Pwn2Own Toronto 2022 [00:26:54] Abusing JSON-Based SQL to Bypass WAF [00:26:54] RCE via SSTI on Spring Boot Error Page with Akamai WAF Bypass [00:37:25] Abusing JSON-Based SQL to Bypass WAF [00:46:47] OTP Leaking Through Cookie Leads to Account Takeover [00:50:47] ChatGPT bid for bogus bug bounty is thwarted The DAY[0] Podcast episodes are streamed live on Twitch twice a week: -- Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities -- Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. We are also available on the usual podcast platforms: -- Apple Podcasts: https://podcasts.apple.com/us/podcast/id1484046063 -- Spotify: https://open.spotify.com/show/4NKCxk8aPEuEFuHsEQ9Tdt -- Google Podcasts: https://www.google.com/podcasts?feed=aHR0cHM6Ly9hbmNob3IuZm0vcy9hMTIxYTI0L3BvZGNhc3QvcnNz -- Other audio platforms can be found at https://anchor.fm/dayzerosec You can also join our discord: https://discord.gg/daTxTK9

Crucial Tech
Episode 6.18 - Account takeover attacks are inevitable

Crucial Tech

Play Episode Listen Later Dec 8, 2022 20:08


A personal bank account was hacked this week, but because I was getting regular alerts from my bank we kept the damage at a minimum. As luck would have it, I had scheduled this interview with Bruno Farinelli of Clearsale who explained how even when you do everything you can to keep your finances safe, criminals have a way to get around your protections. --- Send in a voice message: https://anchor.fm/crucialtech/message Support this podcast: https://anchor.fm/crucialtech/support

Wake Up Memphis Podcast
BBB Warns of Account Takeover Fraud

Wake Up Memphis Podcast

Play Episode Listen Later Nov 16, 2022 8:39


Over 20 percent of US adults have been the victims of Account Takeover Fraud.Here's how you can avoid becoming one of them.See omnystudio.com/listener for privacy information.

To Catch a Fraudster
New data shows how consumers react to account takeover attacks. And the results aren't pretty.

To Catch a Fraudster

Play Episode Listen Later Aug 2, 2022 39:38


We dive into the lessons of Refinitiv's new report: US Identity Theft in 2021. We discuss the shocking responses consumers gave about their attitudes towards account takeover, including their willingness to change financial institutions that allow their personal information to be compromised. We also cover new findings about fraud in buy now pay later programs, peer-to-peer (P2P) payments, and more.An interview with James Mirfin, Global Head of Digital Identity and Fraud Solutions at Refinitiv, an LSEG business.

The CU2.0 Podcast
CU 2.0 Podcast Episode 210 Abrar Ahmed on id-go to prevent account takeover attacks

The CU2.0 Podcast

Play Episode Listen Later Jul 27, 2022 33:59


There has to be a better way. A safer way. There has to be a way to swiftly let  a member re-set a password to gain entry to his/her accounts and to also defeat the account take-over criminals who specialize in seizing control of others' accounts and swiftly draining them.Know this: the criminals who do this are an industry.  They are professional.  And they work fulltime at this.Case in point: in the podcast Abrar Ahmed, CEO of Cozera Solutions, relates that criminal gangs will patiently call the same credit union, failing to win entry to the accounts they lust after but what they are doing is gathering intel. Pretty soon they know all the challenge questions and that means they also can know the answers.A credit union needs to know how to fight back.  id-go, a Cozera Solutions' tool, is one such way.Cozera Solutions explains how it works its magic: "id-go replaces discoverable secrets like passwords and one-time passcodes with strong passwordless biometric authentication so there are no secrets for attackers to steal. To protect privacy, authentication is executed with device based biometrics that never leave the consumer's device."In the podcast, Ahmed says that deployment of this tool to members is fast and seamless and can proceed with essentially no tech heavy lifting on the credit union's part..The company is still in start-up mode but has already implemented its tools at four credit unions, a sector Ahmed is focused on.Listen up.Like what you are hearing? Find out how you can help sponsor this podcast here. Very affordable sponsorship packages are available. Email rjmcgarvey@gmail.comAnd like this podcast on whatever service you use to stream it. That matters.Find out more about CU2.0 and the digital transformation of credit unions here. It's a journey every credit union needs to take. Pronto

ITSPmagazine | Technology. Cybersecurity. Society
From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | Part 1 | An Imperva Story With Ryan Windham

ITSPmagazine | Technology. Cybersecurity. Society

Play Episode Listen Later Jun 27, 2022 30:46


A new year and a new Bad Bot Report from Imperva. How is it looking? Well, this year, we see an increase in the sophistication level of bad bots compared to last year, with advanced bad bots accounting for 25.9% of all bad bot traffic in 2021, compared to 16.7% in 2020. In addition, evasive bad bots are on the rise, no industry is immune, and Account Takeover attacks are more prevalent than ever.The good news is that not all bots are Superbad — they go from Simple to Moderate, Advanced, and, Evasive — and we are getting better at finding them.During our conversation this year, we take a quick look back in time to last year's report to see what some of the changes are. Sadly, the team at Imperva is seeing more of the advanced bots we discussed during this conversation. Unfortunately, their ability to emulate human behavior makes them much more difficult to detect.What's driving a lot of this rise in bad bots? More and more services are moving online.We hope you enjoy this Part 1 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.About the 2022 Imperva Bad Bot ReportLeveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.Bot attacks are often the first indicator of fraudulent activity online, whether it's validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.Note: This story contains promotional content. Learn more.GuestRyan WindhamVP of Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/rwindham/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Bad Bot Report 2022: https://itspm.ag/impervwurdWant the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-storyBe sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Redefining CyberSecurity
From Enrolling In College To Gambling, Traveling, And Shopping, Evasive Bad Bots Are A Major Source Of Online Fraud | The Bad Bot Report 2022 | Part 1 | An Imperva Brand Story With Ryan Windham

Redefining CyberSecurity

Play Episode Listen Later Jun 27, 2022 30:46


A new year and a new Bad Bot Report from Imperva. How is it looking? Well, this year, we see an increase in the sophistication level of bad bots compared to last year, with advanced bad bots accounting for 25.9% of all bad bot traffic in 2021, compared to 16.7% in 2020. In addition, evasive bad bots are on the rise, no industry is immune, and Account Takeover attacks are more prevalent than ever.The good news is that not all bots are Superbad — they go from Simple to Moderate, Advanced, and, Evasive — and we are getting better at finding them.During our conversation this year, we take a quick look back in time to last year's report to see what some of the changes are. Sadly, the team at Imperva is seeing more of the advanced bots we discussed during this conversation. Unfortunately, their ability to emulate human behavior makes them much more difficult to detect.What's driving a lot of this rise in bad bots? More and more services are moving online.We hope you enjoy this Part 1 of 2 conversations as we explore and uncover the consequences of bad bots for our business and society.About the 2022 Imperva Bad Bot ReportLeveraging data from its global network, Imperva Threat Research investigates the rising volume of automated attacks occurring daily, evading detection while wreaking havoc and committing online fraud. The 9th annual Imperva Bad Bot Report is based on data collected from the Imperva global network throughout 2021. The data is composed of hundreds of billions of blocked bad bot requests, anonymized over thousands of domains. The goal of this report is to provide meaningful information and guidance about the nature and impact of these automated threats.Bot attacks are often the first indicator of fraudulent activity online, whether it's validating stolen user credentials and credit card information to later be sold on the dark web, or scraping proprietary data to gain a competitive advantage. Often bots are used to surveil applications and APIs in an attempt to discover vulnerabilities or weak security. Online fraud from automated bot attacks is not only a threat to the business, but it is first and foremost a risk to customers. Bad bot attacks might cause customers to be unable to access their accounts or have sensitive information stolen from them due to successful account takeover fraud.Bad bots mask themselves and attempt to interact with applications in the same way a legitimate user would, making them harder to detect and block. They enable high-speed abuse, misuse, and attacks on your websites, mobile apps, and APIs. They allow bot operators, attackers, unsavory competitors, and fraudsters to perform a wide array of malicious activities.Such activities include web scraping, competitive data mining, personal and financial data harvesting, brute-force login, digital ad fraud, denial of service, denial of inventory, spam, transaction fraud, and more.Note: This story contains promotional content. Learn more.GuestRyan WindhamVP of Application Security at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/rwindham/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Imperva Bad Bot Report 2022: https://itspm.ag/impervwurdWant the Bad Bot 101 Story? Check out the Imperva 2021 Bad Bot Report Podcast Series here: https://www.itspmagazine.com/their-stories/the-good-the-bad-and-the-ugly-the-bad-bot-report-2021-an-imperva-storyBe sure to listen to Part 2 of this conversation here: https://itspmagazine.com/their-stories/how-bots-fake-human-behavior-to-conduct-online-fraud-the-bad-bot-report-2022-part-1-an-imperva-story-with-ryan-windhamAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

ShadowTalk by Digital Shadows
Weekly: AlphV Publishes Victims' Data, 'BidenCash' Website Sells Credit Card Info, ATO Paper

ShadowTalk by Digital Shadows

Play Episode Listen Later Jun 24, 2022 36:05


ShadowTalk host Chris alongside Stefano and Kim bring you the latest in threat intelligence. This week they cover: * AlphV breaching victims' data in open source * 'BidenCash' website sells your credit card information for only 15 cents * Account Takeover paper ***Resources from this week's podcast*** POLONIUM: Proxy Warfare And Iran's Cyber Strategy https://www.digitalshadows.com/blog-and-research/polonium-proxy-warfare-and-irans-cyber-strategy/ Vulnerability Intelligence Roundup: Leveraging The OODA Loop For Vulnerability Management https://www.digitalshadows.com/blog-and-research/vulnerability-intelligence-roundup-leveraging-the-ooda-loop-for-vulnerability-management/ Credential Stuffing: What Is It, Are You At Risk? https://www.digitalshadows.com/blog-and-research/credential-stuffing-what-is-it-are-you-at-risk/ ALPHV/BlackCat ransomware gang starts publishing victims' data on the clear web https://securityaffairs.co/wordpress/132339/malware/blackcat-ransomware-clear-web.html New 'BidenCash' site sells your stolen credit card for just 15 cents https://www.bleepingcomputer.com/news/security/new-bidencash-site-sells-your-stolen-credit-card-for-just-15-cents/ The Anatomy of a Cyberattack https://www.wsj.com/articles/anatomy-cyberattack-11654543046 Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - shadowtalk@digitalshadows.com - if you have any questions, comments, or suggestions for the next episodes.

SELDERS.TV - Komplexes einfach verkaufen [Audio]
Tech-Startup-Positionierung: Fallbeispiel Identeco mit Matthias Wübbeling und Rene Neff

SELDERS.TV - Komplexes einfach verkaufen [Audio]

Play Episode Listen Later Jun 18, 2022 35:25


# 159 Show-Notes In dieser Episode von ‚Positionierung statt Wettbewerb‘ spreche ich mit Matthias Wübbeling und Rene Neff von Identeco. Identeco schützt Unternehmen vor Account Takeover durch geleakte Zugangsdaten und verhindert so, dass Kriminelle die digitalen Identitäten der Kunden und Mitarbeiter ihrer Kunden übernehmen können. Und das ohne personenbezogene Daten ihrer Kunden zu sammeln oder zu verarbeiten. Wie das funktioniert und warum dieser Schutz so wichtig ist, erklären sie in diesem Gespräch. Außerdem geben sie einen Einblick, wie wir im Positionierungs-Coaching zusammengearbeitet und welche Positionierung wir für die Marke Identeco herausgearbeitet haben. Du findest mehr Informationen zu ihrem Unternehmen auf ihrer Website unter https://www.identeco.de Matthias und Rene erreichst Du über kontakt@identeco.de Außerdem findest Du die beiden auf LinkedIn: Matthias Wübbeling: https://www.linkedin.com/in/matthias-wübbeling/ Rene Neff: https://www.linkedin.com/in/rene-neff-a8265713a/ Einen kostenlosen Lagebericht, der Dir zeigt, ob Konten Deiner Mitarbeiter betroffen sind, erhältst Du wie besprochen, wenn Du eine kurze Mail an kontakt@identeco.de schreibst. Bitte gib einen kurzen Hinweis darauf, dass Du in meinem Podcast davon erfahren hast und gib auch die Domain an, unter der die E-Mail-Adressen Deines Unternehmens zu finden sind. Wenn Du einen Online-Service anbietest und die Accounts Deiner Kunden und Benutzer schützen willst, schreibe ebenfalls an kontakt@identeco.de, um den kostenfreien Testaufbau zu erhalten. Wenn Du mit mir arbeiten möchtest, findest Du die Möglichkeiten hier: https://www.selders.com/arbeite-mit-mir/ Wenn das Thema Positionierung völlig neu für Dich ist, empfehle ich Dir mir meinen Artikel „Positionierung: Alles, was Du wissen musst“: https://www.selders.com/positionierung-marketing/ Alle Podcast-Episoden findest Du hier: https://www.selders.com/podcast/

FINRA Unscripted
AML Update: The Latest Trends and Effective Practices

FINRA Unscripted

Play Episode Listen Later May 31, 2022 26:06


Money laundering looks different in the securities industry and that poses its own challenges. But add to that a landscape of constantly evolving threats and it is a lot to keep up with. On this episode, Jason Foye, Senior Director of the National Cause and Finance Crimes Detection Program's Special Investigative Unit joins us once again to tell us about the latest trends, emerging threats and how firms can ensure their AML program remains strong and effective. How are we doing? Take the FINRA Unscripted survey today. Resources mentioned in this episode:Episode 33: Beyond Hollywood: Money Laundering in the Securities IndustryEpisode 34: Beyond Hollywood, Part II: AML Priorities and Best PracticesEpisode 71: Overlapping Risks, Part 1: Anti-Money Laundering and CybersecurityEpisode 72: Overlapping Risks, Part 2: Anti-Money Laundering and Elder ExploitationEpisode 86: FINRA's Financial Intelligence Unit: Connecting the Dots2022 Report on FINRA's Exam and Risk Monitoring Program: Cybersecurity2022 Report on FINRA's Exam and Risk Monitoring Program: AMLFinancial Crimes Enforcement Network (FinCEN) PrioritiesFinCEN Alert: Potential Russian Sanctions Evasion AttemptsSEC Staff Bulletin: Risks Associated with Omnibus Accounts Transacting in Low-Priced SecuritiesRegulatory Notice 20-32: Fraudulent Options Trading in Connection with Potential Account Takeovers and New Account FraudRegulatory Notice 22-06: U.S. Imposes Sanctions on Russian Entities and IndividualsRegulatory Notice 21-18: Practices Firms Use to Protect Customers From Online Account Takeover AttemptsFINRA Key Topics: Cybersecurity

Omni Talk
Spotlight Series | Battling Account Takeover Fraud With Signifyd CMO Indy Guha

Omni Talk

Play Episode Listen Later May 23, 2022 32:37


In the latest edition of the Omni Talk Retail Spotlight Video Series, Chris Walton and Anne Mezzenga sit down with Signifyd's CMO Indy Guha to learn all they can about the latest fiendish effort being used to defraud consumers, aka Account Takeover (or AKO, if you are in the know). Together they discuss: The rise of e-commerce and the increasing strain placed on fraud prevention What account takeover is and why it is so much more sinister than just using someone's credit card number And why a networked approach may be the only way to solve the problem To access Signifyd's pulse reports, head here: http://www.signifyd.com/ecommerce-pul... Music by hooksounds.com *Sponsored Content*

Day[0] - Zero Days for Day Zero
[bounty] Deleting Rubygems, BIG-IP Auth Bypass, and a Priceline Account Takeover

Day[0] - Zero Days for Day Zero

Play Episode Listen Later May 17, 2022 34:23


Links and vulnerability summaries for this episode are available at: https://dayzerosec.com/podcast/yanking-rubygems-big-ip-auth-bypass-and-a-priceline-account-takeover.html A lot of cool little bugs this week with some solid impact, Facebook and Priceline account takeovers, F5 iControl Authentication Bypass, and a couple other logic bugs. [00:01:55] rubygems CVE-2022-29176 explained [00:06:09] Multiple bugs chained to takeover Facebook Accounts which uses Gmail [00:15:16] [curl] curl removes wrong file on error [CVE-2022-27778] [00:18:33] [Priceline] Account takeover via Google OneTap [00:22:14] F5 iControl REST Endpoint Authentication Bypass Technical Deep Dive [00:29:02] The Underrated Bugs, Clickjacking, CSS Injection, Drag-Drop XSS, Cookie Bomb, Login+Logout CSRF… [00:30:20] Hunting evasive vulnerabilities The DAY[0] Podcast episodes are streamed live on Twitch (@dayzerosec) twice a week: Mondays at 3:00pm Eastern (Boston) we focus on web and more bug bounty style vulnerabilities Tuesdays at 7:00pm Eastern (Boston) we focus on lower-level vulnerabilities and exploits. The Video archive can be found on our Youtube channel: https://www.youtube.com/c/dayzerosec You can also join our discord: https://discord.gg/daTxTK9 Or follow us on Twitter (@dayzerosec) to know when new releases are coming.

Expresso - Money Money Money
Estamos condenados a ser burlados na Internet?

Expresso - Money Money Money

Play Episode Listen Later Apr 27, 2022 24:49


Phishing, smishing e account takeover são fraudes online habituais. Neste episódio, falamos sobre segurança, sobre as burlas mais frequentes e sobre a melhor forma de se proteger, com Jaime Ferreira, VP de Global Data Science da Feedzai. See omnystudio.com/listener for privacy information.

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/

SANS Internet Stormcenter Daily Network/Cyber Security and Information Security Stormcast

A Good Old Equation Editor Vulnerablity Deliverying Malware https://www.welivesecurity.com/2022/02/22/teenage-cybercrime-stop-kids-wrong-path/ Horde Webmail 5.2.22 - Account Takeover via Email https://blog.sonarsource.com/horde-webmail-account-takeover-via-email NoVNC Phishing https://mrd0x.com/bypass-2fa-using-novnc/

To Catch a Fraudster
The $9,000,000 Account Takeover Fraud Scam (Pt. 2)

To Catch a Fraudster

Play Episode Listen Later May 21, 2021 21:33


Melissa Solis is Head of GIACT Systems, and Brett Petersen is GIACT Executive Vice President of Sales. Read GIACT's report on Account Takeover Fraud here.Merchant Fraud Journal's 'To Catch a Fraudster' Podcast is supported by Sift, the leader in Digital Trust & Safety. Sift empowers companies to stop fraud and grow without risk. Sift's Trust and Safety Architects -- industry experts who have decades of fraud-fighting experience at companies like Facebook, Square, and Google -- can help you create a custom plan for your business with an emphasis on technology, organizational structure, and process. To schedule an assessment, click here.

To Catch a Fraudster
The $9,000,000 Account Takeover Fraud Scam (Pt. 1)

To Catch a Fraudster

Play Episode Listen Later May 4, 2021 26:07


Melissa Solis is Head of GIACT Systems, and Brett Petersen is GIACT Executive Vice President of Sales. Read GIACT's report on Account Takeover Fraud here.Merchant Fraud Journal's 'To Catch a Fraudster' Podcast is supported by Sift, the leader in Digital Trust & Safety. Sift empowers companies to stop fraud and grow without risk. Sift's Trust and Safety Architects -- industry experts who have decades of fraud-fighting experience at companies like Facebook, Square, and Google -- can help you create a custom plan for your business with an emphasis on technology, organizational structure, and process. To schedule an assessment, click here.

Task Force 7 Cyber Security Radio
Ep: 90: Everything You Need To Know About Account Takeover Fraud

Task Force 7 Cyber Security Radio

Play Episode Listen Later Jul 1, 2019 55:45


The Vice President of Security Research for SpyCloud, Eric Murphy, joins Episode #90 of TF7Radio to talk about the underground world of Account Takeover Fraud, how criminals collaborate to take control of your online accounts, and what can be done to protect yourself and your company from this ever increasing risk to your money, your loyalty rewards/points, your PII and identity information, and your access to your employer's network. Murphy unpacks account takeover fraud in a way that everyone can understand what it means to you and the consequences it could have on your daily life. He also advises our audience what it really means to get a notification letter from a retailer that your identity has been compromised and explains the difference between account takeover (ATO) and identity theft. Murphy also breaks down ATO prevention methods that can be used on the enterprise front using comprehensive intelligence gathering methods and proactive security models.