Act of attempting to acquire sensitive information by posing as a trustworthy entity
This week, Dr. Doug talks: Sinclair, Ransomware, angry governors, ISC-square, Tian Fu, Fake Government sites, robot umpires, along with the returning Expert Commentary of Jason Wood on this Edition of the Security Weekly News! Show Notes: https://securityweekly.com/swn159 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Firm regulatory risks and priorities don't exist in a vacuum. And that is perhaps nowhere clearer than when it comes to a firm's anti-money laundering responsibilities. A firm's AML risks can overlap with any number of other priorities. On this episode, we're looking at the intersection of a firm's AML and cybersecurity risks. Joining us are Jason Foye, a director with FINRA's Anti-Money Laundering Investigative Unit, and Dave Kelley, a director with FINRA's Cybersecurity Specialist Program, both with FINRA's National Cause and Financial Crimes Detection Program. Resources mentioned in this episode:Episode 60: Introducing Greg Ruppert and the NCFCEpisode 33: Money Laundering in the Securities IndustryEpisode 34: AML Priorities and Best Practices SWIFT: How Cyber Attackers ‘Cash Out' Following Large-Scale HeistsFinCEN October 2020 Advisory on Ransomware FinCEN July 2020 Advisory on CybercrimeFinCEN October 2016 Advisory on Cyber EventsFINRA Cybersecurity ResourcesRegulatory Notice 20-32 on Fraudulent Options TradingRegulatory Notice 20-13 on Fraud During the Coronavirus Pandemic
ShadowTalk host Stefano alongside Adam, Kim, and Chris bring you the latest in threat intelligence. This week they cover: * FIN12 targets healthcare sector and make extensive use of IAB * Google alerts 14,000 users about being targets of APT phishing campaign * APT41 use COVID-19 lures in latest phishing attacks * US Official resign over US-Chinese AI & cybersecurity difference Check out our latest Weekly Intelligence Summary: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-15th-oct ***Resources from this week's podcast*** NCSAM Week 2: Fight the Phish https://www.digitalshadows.com/blog-and-research/week-2-ncsam-fight-the-phish/ Strategic Treat Intelligence and You: What Does It All Mean? https://www.digitalshadows.com/blog-and-research/strategic-threat-intelligence-and-you-what-does-it-all-mean/ Subscribe to our threat intelligence email: https://info.digitalshadows.com/SubscribetoEmail-Podcast_Reg.html Also, don't forget to reach out to - email@example.com- if you have any questions, comments, or suggestions for the next episodes.
We continue our special series for National Cybersecurity Awareness Month by addressing everyone's worst nightmare: phish. Who among us hasn't gotten the call, “We're trying to reach out about your car's extended warranty?” In this Talos Takes, Jaeson Schultz, Talos' foremost spam and phish expert, breaks down spam emails, phone calls and messages for any user. We discuss new trends we're seeing from attackers in 2021, talk about the best software solutions available and give advice to Jon's 77-year-old grandmother.
Email is a great tool for communication. It is quick, simple, and it has the potential to reach so many people in so little time. But, it can also be an easy way for hackers to get their hands on your personal information if you're not being careful. Phishing scams are one of the most popular ways that hackers use email as a tool to steal your information and cause data breaches. Email is evil! More info at HelpMeWithHIPAA.com/326
Whitley Penn Talks is back with another episode of The Cyber Guys. John Williamson, RAS Partner, and Jesus Vega, RAS Senior Manager, kick off Cybersecurity Month with insight to social engineering and phishing.
Lenders using Candor produce a high-quality loan that requires only 1 underwriter touch on 70% of loans. Imagine the ROI by reducing fallout, improving hedge, slashing cycle time, and banishing repurchases.
On Security Now, Steve Gibson and Leo Laporte discuss Google's warning sent to more than 14,000 of its Gmail users warning that Government-backed attackers might be trying to steal their passwords. For this story and more, check out Security Now: https://twit.tv/sn/840 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
On Security Now, Steve Gibson and Leo Laporte discuss Google's warning sent to more than 14,000 of its Gmail users warning that Government-backed attackers might be trying to steal their passwords. For this story and more, check out Security Now: https://twit.tv/sn/840 Hosts: Steve Gibson and Leo Laporte You can find more about TWiT and subscribe to our podcasts at https://podcasts.twit.tv/
This week on the show, Why Window 11 is destined to fail, Facebook and associated apps were down not once but twice this week. Next, Holograms are "REAL" l as a startup creates objects out of light and thin air. Next, we cover EA's new COO, Laura Miele, in our segment [Things You Didn't Know]. Then, we are excited to have Gwen Way on our [Gadgets and Gear] segment. Finally, we have "Mike's Mesmerizing Moment" brought to us by StoriCoffee® along with our Whiskey Tastings, all on hour one of the show. "Welcome to TechTime with Nathan Mumm, the show that makes you go "Hummmm" technology news of the week for October 9th - 15th, 2021. The technology show for the everyday common person, that will impact your future with insightful segments, weeks ahead of the mainstream media."Episode 69: Hour 1 Starts at 3:22--- [Now on Today's Show]: Starts at 6:40--- [Loaded Question Of The Day]: Starts at 10:02--- [Top Stories in 5 Minutes]: Starts at 11:39Windows 11 is Released but you might have to wait to mid-2022 to get it for your PC. WHAT? - https://tinyurl.com/3k74vcsd If you own an AMD Processor on your computer "Do not load Window 11" - AMD Warns of 'Reduced Performance' for Ryzen Chips on Windows 11 - https://tinyurl.com/46c5bxe5 Holograms get real: Startup creates objects out of light and thin air - https://tinyurl.com/tc2uxx8b Facebook has apologized after again reporting problems with its services. --- [Pick of the Day - Whiskey Tasting Review]: Starts at 21:35W.L. Weller Special Reserve| 90 Proof | $125.00--- [Story's You Didn't Know]: Starts at 23:34EA promotes Laura Miele to COO, making her one of the most powerful women in gaming. We have a special highlight segment on her career at EA. --- [Gadgets and Gear]: Starts at 36:14Gwen Way talks about this new item- SPLAY that easily transforms between the largest portable display and the only ultra-short-throw pico projector. --- [Mike's Mesmerizing Moment brought to us by StoriCoffee®]: Starts at 51:12--- [Pick of the Day]: Starts at 54:23W.L. Weller Special Reserve| 90 Proof | $125.00Nathan: Thumbs Up | Mike: Thumbs UpEpisode 69: Hour 2 - Starts at 59:00 On the Second Hour, we have our [Letters] segment, which includes scams, phishing emails, and all-out mistruths disguised as legitimate emails sent to our host. We then move to [Ask the Experts] as we bring back one of our favorite guests, Nick Espinosa, the CSO and founder of Security Fanatics, who will talk with us about Facebook being down twice this week, and compromised Twitch Streamer accounts. Finally, we look at why Facebook is key to people worldwide, and we get a different perspective on the large company making a better society for all of us. --- [Now on Today's Show]: Starts at 1:01:32 --- [Love Shack Question]: Starts at 1:06:04--- [Letters]: Starts at 1:12:16Mike and Nathan read emails sent to him that include scams, phishing emails, and all-out mistruths disguised as legitimate emails sent to our host --- [Facebook, WhatsApp, and Instagram are Hero's in South America]: Starts at 1:22:21--- [Ask the Expert]: Starts at 1:26:59Facebook's official stance on the outage. Team Zuckerberg also claims there is "no evidence of user data [being] compromised as a result of this downtime." - but why do you need to say this if it was just a configuration issue? We have our expert Nick Espinosa, join us to explain all of this. --- [This Day in History]: Starts at 1:47:58
Cyber Security Episode #344 with Debi Carr (Covid Conference) You wouldn't give your keys, wallet, and phone to strangers — but you're giving personal information to strangers online! And you may be doing it unawares. Phishing emails, security questions, and even that game on Facebook could all compromise personal information. And to help you be proactive in protecting yourself, your patients, and your practice, Debi Carr is here to educate you on how to develop a culture of security, both in and out of the office. For expert advice and best practices for cyber security, listen to Episode 344 of The Best Practices Show! Main Takeaways: We are giving away more personal information than we realize. Always investigate when hit with ransomware. When buying supplies online, buy from reputable and known sites. If buying from lesser-known companies, investigate before giving your information. Be wary of links and be aware of what you are downloading and clicking on. Every practice should have a security manual, and a record of the training you've done. Always use two-factor authentication whenever it is available. Have an IT partner that fully understands security. For patients and employees, have guest Wi-Fi that is off your network. Be proactive and create a plan. Without a plan, it will take longer to recover. Security doesn't begin and end in the office. Practice this everywhere. Quotes: “While we've been living in fear, there is one group of people that have actually been thriving. This is their dream environment, because any time a hacker can create fear, can create chaos, they are going to profit. And they have done that. As we become desperate, they thrive.” (00:36—01:01) “In February alone, there were over 300,000 malicious websites that were listed with ICANN and with WHOIS. And this is where you claim your website domain — 300,000 of them. The FBI has identified, or actually, Google, has identified over 500,000 phishing emails, daily, being sent out. And over 200,000 of those have got malicious attachments with them. It's crazy, because they know that if they can create panic, if they can create fear, that we won't think. We'll just click, and we'll go with it.” (01:12—02:04) “We hear a lot about ransomware, but what we don't hear a lot about is the other viruses that can affect and infect a computer or a network system. And they are actually, as far as I'm concerned, do more damage. Because a ransomware attack, it's bad. I'm not going to lie to you. That can be a devastating attack. They get into your system with a ransomware, they encrypt your system, you know they're there.” (02:20—02:48) “Whenever you get hit with ransomware, you should always investigate, especially now. We've seen more sophistication in the attacks where not only are they attacking and encrypting the data, but they are actually exfiltrating the data now. So, it's really important that you have a forensic investigation and do the response to a ransomware attack in a methodical manner.” (02:52—03:21) “To me, the infection that is worse is infections such as keyloggers that sit in your system. We've seen LokiBot. That is a keylogger that sits in the system. And we know that it's coming from emails. There's a lot of talk and conversation out there about contact tracing. And so, the hackers have jumped on that bandwagon and they're sending emails out from the World Health Organization saying, ‘You've been around somebody who has been verified with COVID-19. Click here. Download this so you know what to do.'” (03:22—04:09) “What they're doing is they're allowing a keylogger, which is a type of virus that sits in your network, and it basically mimics everything and traces every time you hit a key on the keyboard. So, you go to your bank, you put in your password. You're putting in your username. You put in your password. You're giving that information away to the hacker that's sitting in your system watching everything you do.”...
On this week’s Cyber Security Brief, Brigid O Gorman and Dick O’Brien discuss how the UK and the U.S. are planning to increase their efforts to tackle cyber crime, ransomware being blamed in court for the death of a baby, and the arrests of some ransomware criminals in Ukraine. Also, the Conti ransomware gang makes some threats, evidence of the Pegasus spyware allegedly found on the phones of French cabinet ministers, and an interesting targeted phishing campaign.
In this episode of Managing Cyber Risk, Mark Sangster, VP Industry Security Strategy at eSentire joins host Hillarie McClure to discuss security awareness training and phishing testing, how these help improve business resiliency by reducing the risks associated with human-targeted attacks, and more. eSentire is the Authority in Managed Detection and Response. eSentire's mission is to hunt, investigate and stop cyber threats before they become business disrupting events. To learn more about our sponsor, visit https://esentire.com
In this episode, CSS's team of cybersecurity experts E.J. Yerzak and Mike Farrell kick off Cybersecurity Awareness Month discussing the importance of vendor due diligence and the role that service providers can play in cyber incidents.
A malware campaign offers bogus protection against Pegasus surveillance. A new APT, ChamelGang, is found active against targets in at least ten countries. A ransomware gang can't get its decryptor right. A proof-of-concept shows that charges can be made from a non-contact Visa card in an iPhone wallet. David Dufour from Webroot warns of potential perils in cyber insurance. Our guest is Shamla Naidoo from Netskope with advice for cyber innovators .And ransomware may be responsible for a child's death in an Alabama hospital. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/190
Phishing attacks, malware, and ransomware are just some of the major threats everyone connected to the internet faces. For companies, the stakes are especially high. Setting up a secure infrastructure is difficult. Your adversary only needs to find one flaw to get in. Vancord is a private cybersecurity company, based in Connecticut, that was founded The post Cybersecurity Threats with Jason Pufahl and Russell Jancewicz appeared first on Software Engineering Daily.
Napi ajánlat:crackelt szoftvernek álcázott malwareBlack Matter akik nem játszanak a szabályok szerint cikk1 cikk2Phishingek fajtáiOpen Source modulok bug bountyjahuntr: bug bounty Apple macOS path ami nem működik tökéletesen Xiaomi nem cenzúráz...nagyon!Kikerült kamera felvétel egy iráni börtönből Sharky blog ajánlója AI által generált képeket hogy lehet lebuktatni, vagy nemElérhetőségeink:TelegramTwitterInstagramFacebookMail: firstname.lastname@example.org
This Week in the Security News: The Side Eye Toddler, Zix, Clubhouse, VCenter redux, Auntie M, Safepal, Virgil Griffith, the FBI, & the Expert Commentary of Jason Wood! Show Notes: https://securityweekly.com/swn153 Visit https://www.securityweekly.com/swn for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Robert Wood (@holycyberbatman), CISO at Centers for Medicare & Medicaid Services. Thanks to our podcast sponsor, Living Security Traditional approaches to security communication are limited to one-off training sessions that fail to take customers, regulators, and other external stakeholders into account and rarely affect long-term behavioral change. This report lays out a four-step plan that CISOs should follow to manage the human risk. It provides design principles for creating transformational security awareness initiatives which will win the hearts and minds of senior executives, employees, the technology organization, and customers. In this episode: Will there be a day that phishing can be solved by technology? Does more training lower risk? Is it enough just to protect "inside" the environment? What can we do to change the culture?
Microsoft’s security team identifies a Phishing-as-a-Service organization called BulletProofLink, the European Commission will reportedly introduce a proposal for a common charger standard this week, and OnStar is coming to Amazon Echo devices. MP3 Please SUBSCRIBE HERE. You can get an ad-free feed of Daily Tech Headlines for $3 a month here. A special thanks toContinue reading "Microsoft Identifies a Phishing-as-a-Service Organization – DTH"
Cyber electioneering, in Hungary and Russia, the latter with some international implications. The Mirai botnet is exploiting the OMIGOD vulnerability. A shipping company deals with data extortion. Government websites have been serving up some oddly adult-themed ads. Malek Ben Salem from Accenture has thoughts on quantum security. Our guest is Padraic O'Reilly of CyberSaint to discuss concerns about the Defense Industrial Base. And no, there's no such thing as the Elon Musk Mutual Aid Society. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/181
Phishing 101: why depend on one suspicious message subject when you can use many https://isc.sans.edu/forums/diary/Phishing+101+why+depend+on+one+suspicious+message+subject+when+you+can+use+many/27842/ PrintNightmare Fix Breaks Network Printing https://www.bleepingcomputer.com/news/security/new-windows-security-updates-break-network-printing/ Malware Taking Advantage of Linux Subsystem for Windows https://blog.lumen.com/no-longer-just-theory-black-lotus-labs-uncovers-linux-executables-deployed-as-stealth-windows-loaders/ Travis CI Patch https://travis-ci.community/t/security-bulletin/12081 IBM System x IMM Vulnerability https://support.lenovo.com/es/en/product_security/len-66347 Fake iTerm installing Malware on OS X https://objective-see.com/blog/blog_0x66.html
https://murdycreative.co Learn more about how the Murdy Creative Co. came to be through our short podcast published Tuesdays and Thursdays. We will be sharing a unique behind the scenes look at our startup from the founder himself. Tune in daily to hear more. During the move there were little side quests that kept popping up and pulled me away from my normal duties. Listen in to learn more. As always if you are looking for the perfect gift for your boss, student, significant other, or frankly just looking to treat yourself get one of the best leather binders available, assembled in the USA, at https://murdycreative.co/ or follow us on Instagram if you just want to see amazing photos at https://www.instagram.com/murdycreative.co/ --- Support this podcast: https://anchor.fm/murdycreativeco/support
The award-winning #BanksNeverAskThat anti-phishing consumer education campaign is back with refreshed content for 2021. On the latest episode the ABA Banking Journal Podcast — sponsored by S&P Global Market Intelligence — bank marketer Megan Kenley discusses Bank of Utah's #BanksNeverAskThat experience, some of the results seen from participating (including helping a customer recognize and stop a money mule scam) and how Bank of Utah will adapt the campaign materials for its 2021 participation. This episode is sponsored by S&P Global Market Intelligence.
That Russian crackdown on ransomware gangs people thought they were seeing? Hasn't happened, at least according to the FBI. The Cyber Partisans take a virtual whack at President Lukashenka's government in Belarus. Operation Harvest is complicated and long-running. Phishing with a promise of infrastructure funding. The criminal market for bogus vaccine cards. Johannes Ullrich from SANS on dealing with image uploads - vulnerabilities in conversion libraries. Our UK correspondent Carole Theriault on Deepfakes - what you need to know now. And a deferred prosecution agreement in a “cyber mercenary” case. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/178
(00:00) The guys on the hour talking about notable athletes who had insane growth spurts in a short amount of time. (14:54) Alex Barth covers the New England Patriots for 985thesportshub.com and joins Toucher & Rich to talk about New England's sloppy loss to Miami, Mac Jones' strong performance and more. (32:43) Fred and Rich can't believe how dumb some people are on Facebook for falling for obvious phishing scams disguise as quizzes and games. Watch Toucher & Rich every morning on Twitch! Watch them live or whenever you want: Twitch.tv/thesportshub
Welcome to this week's episode of the PEBCAK Podcast! We've got four amazing stories this week so sit back, relax, and keep being awesome! Be sure to stick around for our Dad Joke of the Week. (DJOW) Follow us on Instagram @pebcakpodcast PEBCAK - Acronym of “problem exists between chair and keyboard.”
Do You Know How to Identify a Fake Web Page? The FBI's reporting that more than 70% of all business hacks are because of our employees. They're clicking on emails, they're going to websites, what can we do? How do we know if a website is legitimate or not? [Automated transcript] [00:00:19] There's a great little article that McAfee published now, McAfee is a company that's been in the cybersecurity business for quite a while. [00:00:28] I do not use their products. I use some competing products. I have not been impressed with their products. [00:00:35] Let me tell you this particular web post that they put up is fantastic and you'll see it in my newsletter this week. Make sure you get that. [00:00:45] Have you ever come across a website that didn't look quite right if you haven't, you haven't been on the internet very much because whether you're an individual at home or you are in a business environment, we are likely going to end up on websites that are not legitimate. Sometimes we'll see these things, that company logo might be wrong. There's not enough information on the page. You've been there before and this looks down page. The odds are that you were on a hack site, a site that's trying to get you to do something most of the time when you end up on these sites, they're trying to get you to put in your username and password. [00:01:31] Already that the bad guys have stolen your username and password from so many websites out there. So why would they try and do it this way? It's because if they're pretending to be your bank and you try and log in, They know this as your bank account, and many times they immediately try and get into your bank account or your phone account, whatever it might be. [00:01:56] This is a very long-standing tactic that's relied on by hackers everywhere. Usually it's a knockoff of a real page. They'll take it and they will recreate it. Then it's easy to do if you're in a web browser right now, when you go to your bank's website. You can just go to file, save as, and go ahead and save the entire webpage and you'll get everything. [00:02:23] You'll get all of the links that are on there. All of the graphics that are there, it'll pull it in for you all automatically. And that's all they do. That's what they use. Just a copy. How do they get in front of you in the first place? Typically the hackers will go ahead and send a phishing email. [00:02:43] They'll make the email sound legitimate. They'll make it look legitimate. They'll often even use a URL that looks a lot like it. B the real banks email. I've seen it before where the URL is bank of america.safe site.com. That sort of a thing. I'm not blaming safe site. They could be a great company. [00:03:04] I don't know. I just made it up as we're going, but that type of a URL where it's not really bank of america.com or it's a misspelling of bank of America, that's the sort of thing that gets to be pretty darn common and. Clicking on that link and then submitting your information. It hasn't been leading to credit card fraud, data extraction, wire transfers, identity theft, and a whole lot more. [00:03:34] Now with the COVID relief, that's been out there. All of these things from filing for unemployment claims through filing for PPP protection as a business, the whole. Industry has changed. I'm talking about the hacker industry here, because there are so many people who are falling for these scams and ransomware as well has gone up over 300%. [00:04:08] It's just absolutely amazing. Now, if you go online and you duck, duck, go. Fake login pages. And for those of you who don't know what I mean by that duck go is the search engine I've been recommending lately. It is a search engine that doesn't take politics into play like Google does. And it also does not track you. [00:04:31] And what you're looking at it is ad based. It gets its revenue from advertisement, but it's not selling your information just on the basic search. That you're doing. I think it's a very good alternative, but if you go ahead and your search for fake login pages, you're going to find thousands of guides on how to create websites. [00:04:53] And these bad guys can create these websites in absolutely no time at all. It just a minute or two in order to make one of them. Now it can be difficult nowadays to figure out if it's a fake site, because the, again, the hackers are constantly updating their techniques to be more sophisticated. So it's made it more difficult for consumers to really recognize when something's fraudulent. [00:05:22] Now I want to get it into a psychological term. In attentional, blindness. You've probably heard of this. I remember this from, I think it was college days for me, so a very long time ago, but there's a study that was done on inattentional blindness called the invisible gorilla test. If you go right now online and just search for invisible gorilla test, you'll see a bunch of these coming. [00:05:52] No, there's even a book called that the invisible gorilla test that came out about 11 years ago, 12 years ago, I think. But here's the bottom line on this? They tell you to do something in this study. What they did here is there's a video. People there's six people, three of them are dressed with white shirts and three of them have black shirts and they're passing basketballs back and forth. [00:06:20] The white shirts are only passing to the white shirts and the black shirts under the black shirts. And what they ask you to do is count the number of times the team in white past. Now, you're sitting there watching, knowing they're going to try and fool you, you're paying a whole lot of attention to it. [00:06:40] And then at the end, they ask you a question that may be not expecting the video. I just watched on this, that was called the monkey business. Illusion is the name of this. I counted and I counted carefully and I came up with 16 passes. So the monkey business, illusion, 16 times the people in the white shirts passed the basketball back and forth. [00:07:06] So I got that. But then they said did you notice the person in the gorilla costs? Who walked through the game. He didn't just walk through the game, walked in, beat on this chest and then walked out of the game. If you didn't know about this and okay. In chorus, all honesty, I always try and put everything upfront here. [00:07:29] I knew about it beforehand. I remember from college days. But eight, most people actually about 50% of people who did not know, there is a gorilla in the middle of this. Would not have noticed the gorilla walking through the game, but this monkey business illusion video, there's something else too. [00:07:52] And I've got to admit, I did not notice that. And that is the curtain color change. From red to gold, this curtain that was in the background of all of these players. And I didn't notice one other thing. I'm not going to tell you what that is. You'll have to watch the video of yourself too, to figure that out again, just go online and search for the monkey business illusion. [00:08:19] And I think you'll find it. So the reason I brought this up is because if you come across a well forged login page and you're not actively looking for signs of fraud, you're fairly likely to miss a cybercriminals gorilla. You're likely to miss that the logo's not quite right, or the placement isn't the same as I'm used to. [00:08:45] Because you're focused in, on doing what you're supposed to be doing. It's the whole concept as well of have tunnel vision. And I'm sure you're aware of that. We've all had that before, where we're really focused on this one little thing and we don't notice everything else going on. It particularly happens in high stress times. [00:09:08] So how do you steer clear of the fake login pages? We're going to talk about that when we get. But it's absolutely crucial for everyone, even if you've had phishing training and you are trying to be cautious, you could fall for this invisible gorilla and enter in your personal details, not something that you really want. [00:09:36] Hopefully you guys got my newsletter last weekend. I got a lot of comments on it. People are saving. In fact, that's the first thing I said in this email last week is don't lose this because it went through point by point on about 10 different things that you should be doing too. Yourself and your business safe during the holidays. [00:10:03] Now, of course we had labor day coming up. We're going to have more holidays, right? There's always more holidays in the future and less it's after the first of the year, then you got to wait a long time. Make sure you get it, make sure you dig it out. If he didn't notice it just search for email@example.com. [00:10:23] That's where the email comes from and have a look at that. I have links on how to do all of those things. It's very important. FBI warning out just last week. [00:10:33] I just told you about one of the biggest problems we are facing right now, when it comes to hackers and then has to do with fishing and going to fake login pages. Now I'm going to tell you exactly what to do. [00:10:47] How do you steer clear of these fake log-in pages and how do you protect yourself in case you accidentally do provide the bad guys with the information that you shouldn't have? [00:11:01] If they've got your email address or your login name and they have your password, it's pretty easy for them to log in. In most cases right into your bank account. So first of all, don't fall for phishing, but as we just described because of this whole inattentional blindness that we have, it's easy enough to fall, pray for this. [00:11:28] Beat yourself up too bad if you followed, if you fell for some of that stuff, but there is a great little website the Google has that you might want to check out. And that website gives you a real quick quiz, is the best way to. And it shows you some emails and you get to determine whether or not you think it's fishing and then it tells you what the reality of it is. [00:11:59] So go to fishing quiz. Dot with google.com. If you miss that, you can always email me M firstname.lastname@example.org and I'll send it off to, but phishing quiz dot with google.com. And of course, phishing is spelled P H I S H I N G fishing. Dot with google.com. So you can go there and right there on the screen, it says, take the quiz. [00:12:30] You can hit it and make up a name and an email address. So it doesn't have to be your real name or your real email address. Okay. It's not going to send you anything. It's not going to sign you up for stuff. It just wants to use it in. Phishing email examples. That's going to give you, so I put in a fake name and a fake email address and it is showing me an email. [00:13:00] So to me, from a Luke, John. And it says Luke Johnson shared a link to the following document, Tony 21 budget department dot doc. So if I click on that, I have now told them, Hey, I'm open to all that sort of stuff. It's so anyways, it's got the link and it's got the opening docs and you now up above say, is this phishing or is it. [00:13:27] Legitimate. Okay. So if we say fishing that says, correct, this is a phishing email. You might have spotted the look alike, you are out. And that is indeed exactly what it is cause it it wasn't legitimate. And remember when you mouse over a link, you can see down at the bottom. The URL that is going to open up for you. [00:13:51] So you can just go through this at your own speed at your own pace and figure it out again. If you didn't get that, you can always email me M E ed Craig peterson.com. And I'll be glad to get back to you. So that's a good way to learn about fishing. I want to con really warn, I should say businesses. If you are sending out phishing emails to your employees to see if they are opening fake phishing emails or not. [00:14:23] That's an okay. Practice. The problems really come in with the companies that are sending out phishing emails and are then following up in such a way that employee is punished in some places they are being punished by if you've opened three fake emails over the last year or whatever it might be. [00:14:47] But over the last year, you're. It's that bad. So we have to be careful. You're not going to increase the confidence of your employees by doing that. And what's, you're actually going to end up doing is slowing down the productivity of your employees. Because now they're going to be really worried about opening, any emails that look like they might be legitimate. [00:15:14] And so your business is going to slow right down. So having some more training about it. Okay. I can see that everyone makes mistakes and we've got to remember that as well, but watch free, man. But we really are trying to get you to move quickly, act fast, or I need this answer right away. Or one of the big ones is we've got this vendor and in fact, I'll, let me give you a real world example. [00:15:41] It's a manufacturing company and of course they. To buy product from vendors, as supplier. And then they use that product or whether it's copper or whatever it might be now to put it all together to make their products. And this one person, this one, hacker a lady again in Eastern Europe, she went and found out about this company. [00:16:08] Okay, great. Found on their website, who the CEO was, who the CFO was. Okay, great. And was able to find the CEO online on Facebook and on his Facebook account, he said, yeah, we're going to The Bahamas. Rear-ending a sailboat. We're going to be out there, the whole family for two weeks. This is going to be fantastic disconnected. [00:16:37] So she found all of that. Now what she had to do was she found out who it was. The CEO, what school he went to. So first she had to get around the restrictions. Cause he had said, don't share my posts with anyone other than friend. So she sent him a message because she found his LinkedIn profile. You see how easy this is to do. [00:16:59] She found his LinkedIn profile and that he went to Harvard and got his MBA. So she sent him. A little note saying, Hey, remember me Janie from X, Y, Z class at Harvard, and want to be friends catch up a little bit. And then he doesn't remember who she is, but the picture looks cute enough. I might as well say yes. [00:17:21] And now she had his contact information over on LinkedIn, send him a friend request over on Facebook as well. That's how she found out he was going to be gone for two weeks. And so now she knows when he's gone. And where he's going to be completely out of touch. So once he's gone about two or three days later, she sent an email off to the CFO inside the company and said, Hey. [00:17:49] We've got this new vendor they've been providing us with product for the last three months. We haven't paid them at all yet. I need you to wire. It was a little more than $40 million because she'd done her homework. She knew how much money the company made, what their expenses probably were. I need you to wire $40 million to this account, or they're going to stop. [00:18:17] All shipments to us. And instead of the CFO doing a little bit more homework into it and digging in and finding out because talking to the people in receiving that we've never received anything from that company. I don't know what you're talking about. And then talking with the guy on the manufacturing floor, the CFO didn't do any of that, just okay. This looks legit. And by the way, it is so easy for these hackers to also gain access to personal email accounts. And we're not going to spend time going into that right now. So he wired. Yes indeed. So there's an example of falling for fishing. A little bit of follow up on the part of the CFO would have shown him that this was not legitimate. [00:19:07] Even over on Shark Tank. Barbara Cochran. She fell prey to this, actually it was her assistant and who wired some $400,000 to a vendor that wasn't real. Now the good news is the assistant copied Barbara who saw the email right away and said, whoa, wait a minute. They called the bank and they put a stop on it.. [00:19:34] Doing a little training here on how to spot fake log-in pages. We just covered fishing and some real world examples of it, of some free quiz stuff that you can use to help with it. And now we're moving on to the next step. [00:19:50] The next thing to look for when it comes to the emails and these fake login pages is a spelling mistake or grammatical errors. [00:20:02] Most of the time, these emails that we get that are faking emails are, have really poor grammar in them. Many times, of course the commas are in the wrong place, et cetera, et cetera. But most of us weren't English majors. So we're not going to pick that up myself included. That's why I use Grammarly. [00:20:21] If you have to ever write anything or which includes anything from an email or a document you probably want to get Grammarly. There's a few out there, but that's the one I liked the best for making sure my grammar. So a tip, to the hackers out there, but the hackers will often use a URL that is very close to it. [00:20:45] Where are you want to go? So they might put a zero in place of an O in the domain, or they might make up some other domain. So it might be amazon-aws.com or a TD bank-account.com. Something like that. Sometimes the registrars they'll catch that sort of thing and kill it. Sometimes the business that they are trying to fake will catch it and let them know as well. [00:21:19] There's companies out there that watch for that sort of thing. But many times it takes a while and it's only fixed once enough people have reported it. So look at the URL. Make sure it's legitimate. I always advise that instead of clicking on the link in the email, try and go directly to the website. [00:21:41] It's like the old days you got a phone call and somebody saying, yo, I'm from the bank and I need your name and social security numbers. So I can validate the someone broke into your account. No, they don't. They don't just call you up like that nowadays. They'll send you a message in their app. [00:21:56] That's on your smart. But they're not going to call you. And the advice I've always given is look up their phone. And by the way, do it in the phone book, they remember those and then call them back. That's the safest way to do that sort of thing. And that's true for emails as well. If it's supposedly your bank and it's reporting something like someone has broken into your account, which is a pretty common technique for these fissures, these hackers that are out there, just type in the bank URL as it not what's in the email. [00:22:33] There will be a message there for you if it's legitimate, always. Okay. So before you click on any website, Email links, just try and go directly to the website. Now, if it's one of these deep links where it's taking new Jew, something specific within the site, the next trick you can play is to just mouse over the link. [00:22:58] So bring your mouse down to where the link is. And typically what'll happen is at the bottom left. Your screen or of the window. It'll give you the actual link. Now, if you look at some of them, for instance, the emails that I send out, I don't like to bother people. So if you have an open one of my emails in a while, I'll just automatically say, Hey, I have opened them in awhile, and then I will drop you off the list. [00:23:28] Plus if you hit reply to one of my newsletters, my show notes, newsletters. That's just fine, but it's not going to go to email@example.com and some people you listeners being the best and brightest have noticed that what happens is it comes up and it's some really weird URL that's so I can track. [00:23:51] Who responded to me. And that way I can just sit down and say, okay, now let me go through who has responded? And I've got a, kind of a customer relationship management system that lets me keep track of all of that stuff so that I know that you responded. I know you're interacting, so I know I'm not bothering you. [00:24:11] And I know I need to respond. Much the same thing is true with some of these links. When I have a link in my newsletter and I say, Hey, I'm linking to MIT's article. It is not going to be an MIT. Because again, I want to know what are you guys interested in? So anytime you click on a link, I'll know, and I need to know that, so I know why, Hey, wait a minute. [00:24:36] Now, 50% of all of the people that opened the emails are interested in identifying fake login pages. So what do I do? I do something like I'm doing right now. I go into depth on fake logs. Pages. I wouldn't have known that if I wasn't able to track it. So just because the link doesn't absolutely look legit doesn't mean it isn't legit, but then again, if it's a bank of it involves financial transactions or some of these other things be more cautious. [00:25:11] So double check for misspellings or grammatical errors. Next thing to do is to check the certificate, the security certificate on the site. You're on this gets a little bit confusing. If you go to a website, you might notice up in the URL bar, the bar that has the universal resource locator, that's part of the internet. [00:25:38] You might've noticed a. And people might've told you do check for the lock. That lock does not mean that you are safe. All it means is there is a secure VPN from your computer to the computer on the other side. So if it's a hacker on the other side, you're sending your data securely to the hacker, right? [00:26:05] That's not really going to do you a whole lot of good. This is probably one of the least understood things in the whole computer security side, that connect. May be secure, but is this really who you think it is? So what you need to do is click on their certificate and the certificate will tell you more detail. [00:26:29] So double check their certificate and make sure it is for the site. You really. To go to, so when it's a bank site, it's going to say, the bank is going to have the bank information on it. That makes sense. But if you go for instance on now, I'm going to throw a monkey wrench into this whole thing. [00:26:48] If you go to Craig peterson.com, for instance, it's going to. Connection is secure. The certificate is valid, but if you look at their certificate and the trust in the details, it's going to be issued by some company, but it's going to just say Craig peterson.com. It's not going to give a business name like it would probably do for a bank. [00:27:14] So you know, a little bit of a twist to it, but that's an important thing. Don't just count on the lock, make sure that the certificate is for the place you want to contact. Last, but not least is multi-factor authentication. I can't say this enough. If the bad guys have your username or email address and your password for a site, if you're using multifactor authentication, they cannot get in. [00:27:53] So it's going to prevent credential stuffing tactics, or they'll use your email and password combinations that have already been stolen for mothers sites to try and hack in to your online profile. So very important to set up and I advise against using two factor authentication with your, just a cell phone, as in a text message SMS, it is not secure and it's being hacked all of the time. [00:28:23] Get an authorization. Like one password, for instance, and you shouldn't be using one password anyways, for all of your passwords. And then Google has a free one called Google authenticator. Use those instead of your phone number for authentication. [00:28:40] You're listening to Craig Peterson, cybersecurity strategist, and firstname.lastname@example.org. [00:28:48] I've been warning about biometric databases. And I sat down with a friend of mine who is an attorney, and he's using this clear thing at the airport. I don't know if you've seen it, but it's a biometric database. What are the real world risks? [00:29:04] This clear company uses biometrics. [00:29:08] It's using your eye. Brent, if you will, it's using your Iris. Every one of us has a pretty darn unique Iris, and they're counting on that and they're using it to let you through TSA very quickly. And this attorney, friend of mine thinks it's the best thing since sliced bread, because he can just. On through, but the problem here is that we're talking about biometrics. [00:29:34] If your password gets stolen, you can change it. If your email account gets hacked, I have another friend who his account got hacked. You can get a new email account. If your Iris scan that's in this biometric database gets stolen. You cannot replace your eyes unless of course you're Tom cruise and you remember that movie, and it's impossible to replace your fingerprints. It's possible to replace your face print. I guess you could, to a degree or another, some fat injections or other things. Could be done to change your face sprint, but these Iris scans fingerprints and facial images are something I try not to provide any. [00:30:29] Apple has done a very good job with the security of their face print, as well as their fingerprint, because they do not send any of that information out directly to themselves or to any database at all. Period. They are stored only on the device itself. And they're in this wonderful little piece of electronics that can not be physically compromised. [00:30:59] And to date has not been electronically compromised either. They've done a very good job. Other vendors on other operating systems like Android, again, not so much, but there are also databases that are being kept out there by the federal government. I mentioned this clear database, which isn't the federal government, it's a private company, but the federal government obviously has its fingers into that thing. [00:31:29] The office of personnel. For the federal government, they had their entire database, at least pretty much the entire database. I think it was 50 million people stolen by the red, Chinese about six years ago. So the communists. Copies of all of the information that the officer personnel management had about people, including background checks and things. [00:31:55] You've probably heard me talk about that before. So having that information in a database is dangerous because it attracts the hackers. It attracts the cybercriminals. They want to get their hands on it. They'll do all kinds of things to try and get their hands. We now have completely quit Afghanistan. [00:32:20] We left in a hurry. We did some incredibly stupid things. I just, I can't believe our president of the United States would do what was done here. And now it's been coming out that president and Biden completely ignored. The advice that he was getting from various military intelligence and other agencies out there and just said, no, we're going to be out of there. [00:32:46] You have to limit your troops to this. And that's what causes them to close the air base battleground that we had for so many years. Apparently the Chinese are talking about taking it over now. Yeah. Isn't that nice. And whereas this wasn't an eternal war, right? We hadn't had anybody die in a year and a half. [00:33:05] It's crazy. We have troops in south Vietnam. We have troops in Germany. We have troops in countries all over the world, Japan, you name it so that we have a local forest that can keep things calm. And we were keeping things calm. It's just mind blowing. But anyhow, politics aside, we left behind a massive database of biometric database. [00:33:38] Of Afghanis that had been helping us over in Afghanistan, as well as a database that was built using us contractors of everyone in the Afghan military and the basically third genealogy. Who their parents were the grandparents blood type weight, height. I'm looking at it right now. All of the records in here, the sex ID nationality. [00:34:11] Date of exploration, hair color, favorite fruit, favorite vegetables, place of birth, uncle's name marker signature approval. Signature date, place of birth. Date of birth address, permanent address national ID number place of ISS. Date of ISS native language salary data salary, group of salary, police of salary education, father's name, graduation, date, weapon and service now. [00:34:41] These were all in place in Afghanistan. We put them in place because we were worried about ghost soldiers. A gold soldier was someone who we were paying the salary of taxpayers of the United States were paying the salaries of the Afghan military for quite some time. And we were thinking that about half of the. [00:35:06] Payroll checks. We were funding. We're actually not going to people who were in the military, but we're going to people who were high up within the Afghan government and military. So we put this in place to get rid of the ghost soldiers. Everybody had to have all of this stuff. In the database, 36 pieces of information, just for police recruitment. [00:35:39] Now this information we left behind and apparently this database is completely in the hand of the Taliban. Absolutely. So we were talking about Americans who helped construct Afghanistan and the military and the telephone. The looking for the networks of their Ponant supporters. This is just absolutely amazing. [00:36:07] So all of the data doesn't have clear use, like who cares about the favorite fruit or vegetable, but the rest of it does the genealogy. Does they now know who was in the police department, who was in the military, who their family is, what their permanent address is. Okay. You see the problem here and the biometrics as well in the biometrics are part of this us system that we were using called hide H I D E. [00:36:41] And this whole hide thing was a biometric reader. The military could keep with them. There were tens of thousands of these things out in the field. And when they had an encounter with someone, they would look up their biometrics, see if they were already in the database and in the database, it would say, yeah, they're friendly, they're an informant. [00:37:03] Or we found them in this area or w we're watching them. We have concern about them, et cetera, et cetera. All of their actions were in. Turns out that this database, which covered about 80% of all Afghans and these devices are now in the hands of the Taliban. Now, the good news with this is that a lot of this information cannot be easily extracted. [00:37:32] So you're not going to get some regular run of the mill Taliban guy to pick one of these up and start using. But the what's happening here is that we can really predict that one of these surrounding companies like Pakistan that has been very cooperative with the Taliban. In fact, they gave refuge to Saddam, not Saddam Hussein, but to a bin Ladin and also Iran and China and Russia. [00:38:04] Any of those countries should be able to get into that database. Okay. So I think that's really important to remember now, a defense department spokesperson quote here, Eric Fay on says the U S has taken prudent actions to ensure that sensitive data does not fall into the Tolo bonds. And this data is not at risk of misuse. [00:38:29] Misuse that's unfortunately about all I can say, but Thomas Johnson, a research professor at the Naval postgraduate school in Monterey, California says not so fast, the taller Bon may have used biometric information in the Coon dues. So instead of taking the data straight from the high devices, he told MIT technology review that it is possible that Tolo bond sympathizers in Kabul, provided them with databases of military personnel, against which they could verify prints. [00:39:07] In other words, even back in 2016, it may have been the databases rather than these high devices themselves pose the greatest risk. This is very concerning big article here in MIT technology review. I'm quoting from it a little bit here, but there are a number of databases. They are biometric. Many of these, they have geological information. [00:39:35] They have information that can be used to round up and track down. Now, I'm not going to mention world war two, and I'm not going to mention what happened with the government too, before Hitler took over, because to do that means you lose that government had registered firearms, that government had registered the civilians and the people and Afghanistan. [00:40:04] The government was also as part of our identification papers, registering your religion. If you're Christian, they're hunting you down. If you were working for the military, they're hunting you down. And this is scary. That's part of the reason I do not want biometric information and databases to be kept here in the U S Hey, make sure you get my show notes every week on time, along with free training, I try to help you guys out. [00:40:41] If you've never heard of the Carrington event, I really hope, frankly, I really do hope we never have to live through one of these. Again, there is a warning out there right now about an internet apocalypse that could happen because of the sun. [00:40:58] Solar storms are something that happens really all of the time. The sun goes through solar cycles. About every seven years, there are longer cycles as well. You might know. I have an advanced class amateur radio license I've had for a long time, and we rely a lot when we're dealing with short wave on the solar cycle. [00:41:22] You see what happens is that the sun charges, the atmosphere. That if you've ever seen the Northern light, that is. Part of the Sunzi missions, hitting our magnetic field and getting sucked into the core of the earth, if you will, as they get caught in that field. And the more charged the atmosphere is, the more bounce you get. [00:41:46] That's what we call it bounce. And the reason us hams have all these different frequencies to use is because of the bow. We can go different frequencies with different distances, I should say, using different frequencies. So think about it right now. You've got the earth and I want to talk from Boston to Chicago. [00:42:08] For instance, I know about how many miles it is, and I have to figure out in the ionosphere up in the higher levels of the atmosphere, what frequency. To use in order to go up into the atmosphere, bounce back, and then hit Chicago. That's the idea. It's not quite as simple or as complex in some ways, as it sounds, a lot of people just try different frequencies and a lot of hams just sit there, waiting for anybody anywhere to talk to, particularly if they are. [00:42:41] It's really quite fun. Now what we're worried about, isn't so much just the regular solar activity. We get worried when the sun spots increase. Now, the solar cycle is what has primary image. On the temperature on earth. So no matter what, you might've heard that isn't your gas, guzzling car or a diesel truck that causes the Earth's temperature to change. [00:43:10] Remember the only constant when it comes to the Earth's temperature has been changed over the millions of years. We had periods where the earth was much warmer than it is now had more common that carbon dioxide in the atmosphere than it does now had less. In fact, right now we are at one of the lowest levels of carbon dioxide in the atmosphere in earth long. [00:43:36] So the sun, if you might remember, comes up in the morning, warms things up, right? And then it cools down. When the sun disappears at nighttime, it has a huge impact. It's almost exclusively the impact for our temperatures. There's other things too, for instance. eruption can spew all to hold a lot of carbon dioxide. [00:44:01] In fact, just one, just Mount St. Helens wanted erupted, put more carbon dioxide into the atmosphere than man has throughout our entire existence. Just to give you an idea, right? So these alarms that are out there, come on, people. Really, and now we're seeing that in this last year, we had a 30% increase in the ice cap up in the, in, up in the north, up in Northern Canada, around the polls. [00:44:32] We also had some of these glaciers growing. It was so funny. I saw an article this year, or excuse me, this week that was showing a sign that was at one of our national parks. And it said this glacier will have disappeared by 2020. Of course it hasn't disappeared. In fact, it has grown now and it's past 2020. [00:44:54] Anyhow, the sun has a huge impact on us in so many ways. And one of the ways is. Something called a coronal mass ejection. This is seriously charged particles. That tend to be very directional. So when it happens, when there's one of these CMS coronal, mass ejections, it's not just sending it out all the way around the sun everywhere. [00:45:21] It's really rather concentrated in one. One particular spot. Now we just missed one not too long ago. And let me see if I can find it here. Just mast, a cm E near miss. Here we go. There a solar super storm in July, 2012, and it was a very close shave that we had most newspapers didn't mention it, but this could have been. [00:45:51] AB absolutely incredible. We'd be picking up the pieces for the next 50 years. Yeah. Five, zero years from this one particular storm. And what happens is these solar flares, if you will, are very extreme, the CME. You're talking about x-rays extreme UV, ultraviolet radiation, reaching the earth at the speed of light ionizes, the upper layers of atmosphere. [00:46:19] When that happens, by the way, it hurts our communications, but it can also have these massive effects where it burns out saddle. And then causes radio blackouts, GPS, navigation problems. Think about what happened up in Quebec. So let me just look at this back hit with an E and yeah, here we go. And March 13th, 1989. [00:46:50] Here we go. Here's another one. Now I remembered. And this is where Quill back got nailed. I'm looking at a picture here, which is looking at the United States and Canada from the sky and where the light is. And you can see Quebec is just completely black, but they have this massive electrical blackout and it's becomes. [00:47:13] Of this solar storm. Now they, these storms that I said are quite directional depending on where it hits and when it hits things can get very bad. This particular storm back in 1989 was so strong. We got to see their Rora Borealis, the Northern lights as far south, as Florida and cute. Isn't that something, when we go back further in time to this Carrington event that I mentioned, you could see the Northern lights at the eclipse. [00:47:50] Absolutely amazing. Now the problem with all of this is we've never really had an internet up online. Like we have today when we had one of the storms hit. And guess what we're about to go into right now, we're going into an area or a time where the sun's going to be more active, certainly on this 11 year cycle and possibly another bigger cycle too, that we don't really know much about. [00:48:22] But when this hit us back in the 1850s, what we saw was a a. Telegraph system that was brought to its knees. Our telegraphs were burned out. Some of the Telegraph buildings were lit. They caught on fire because of the charges coming in, people who were working the telegraphs, who are near them at the time, got electric shocks or worse than that. [00:48:48] Okay. 1859 massive Carrington event compass needles were swinging wildly. The Aurora Borealis was visible in Columbia. It's just amazing. So that was a severe storm. A moderate severity storm was the one that hit in Quebec here knocked out Quebec electric. Nine hour blackout of Northeast Canada. What we think would happen if we had another Carrington event, something that happened to 150 years ago is that we would lose power on a massive scale. [00:49:27] So that's one thing that would happen. And these massive transformers that would likely get burned out are only made in China and they're made on demand. Nobody has an inventory. So it would be at least six months before most of the country would get power back. Can you believe that would be just terrible and we would also lose internet connectivity. [00:49:52] In fact, the thinking that we could lose internet connectivity with something much less than a severe storm, maybe if the Quebec power grid solar, a massive objection here. Maybe if that had happened, when. The internet was up. They might have burned out internet in the area and maybe further. So what we're worried about is if it hits us, we're going to lose power. [00:50:20] We're going to lose transformers on the transmission lines and other places we're going to lose satellites and that's going to affect our GPS communication. We're going to lose radio communication, and even the undersea cables, even though they're now no longer. Regular copper cables. It's now being carried of course, by light in pieces of glass. [00:50:45] The, those cables need to have repeaters about every 15 miles or so under underwater. So the power is provided by. Copper cables or maybe some other sort of power. So these undersea cables, they're only grounded at extensive intervals, like hundreds or thousands of kilometers apart. So there's going to be a lot of vulnerable components. [00:51:12] This is all a major problem. We don't know when the next massive. Solar storm is going to happen. These coronal mass ejections. We do know they do happen from time to time. And we do know it's the luck of the draw and we are starting to enter another solar cycle. So be prepared. Of course, you're listening to Craig Peterson, cybersecurity strategist. [00:51:42] If you'd like to find out more and what you can do, just visit Craig peterson.com and subscribe to my weekly show notes. [00:51:52] Google's got a new admission and Forbes magazine has an article by Zach Dorfman about it. And he's saying you should delete Google Chrome now after Google's newest tracking admission. So here we go. [00:52:09] Google's web browser. It's been the thing for people to use Google Chrome for many years, it's been the fastest. Yeah, not always people leapfrog it every once in a while, but it has become quite a standard. Initially Microsoft is trying to be the standard with their terrible browser and yeah, I to Exploder, which was really bad and they have finally completely and totally shot it in the head. [00:52:42] Good move there on their part. In fact, they even got rid of their own browser, Microsoft edge. They shot that one in. They had to, I know I can hear you right now saying, oh, Craig, I don't know. I just use edge browser earlier today. Yeah. But guess what? It isn't edge browser. It's actually Google Chrome. The Microsoft has rebranded. [00:53:04] You see the guts to Google Chrome are available as what's called an open source project. It's called chromium. And that allows you to take it and then build whatever you want on top of. No, that's really great. And by the way, Apple's web kit, Kat is another thing that many people build browsers on top of and is part of many of these browsers we're talking about right now, the biggest problem with the Google Chrome. [00:53:35] Is they released it so they could track you, how does Google make its money? It makes us money through selling advertising primarily. And how does it sell advertising if it doesn't know much or anything about you? So they came out with the Google Chrome browser is a standard browser, which is a great. [00:53:55] Because Microsoft, of course, is very well known for not bothering to follow standards and say what they have is the actual standard and ignoring everybody else. Yeah. Yeah. I'm picking on Microsoft. They definitely deserve it. There is what is being called here in Forbes magazine, a shocking new tracking admission from. [00:54:17] One that has not yet made headlines. And there are about what 2.6 billion users of Google's Chrome worldwide. And this is probably going to surprise you and it's frankly, Pretty nasty and it's, I think a genuine reason to stop using it. Now, as you probably know, I have stopped using Chrome almost entirely. [00:54:42] I use it when I have to train people on Chrome. I use it when I'm testing software. There's a number of times I use it, but I don't use it. The reality is that Chrome is an absolute terror. When it comes to privacy and security, it has fallen way behind its rivals in doing that. If you have an iPhone or an iPad or a Mac, and you're using safari, apple has gone a long ways to help secure your data. [00:55:19] That's not true with Chrome. In fact, it's not protecting you from tracking and Dave data harvesting. And what Google has done is they've said, okay we're going to get these nasty third party cookies out of the whole equation. We're not going to do that anymore. And what they were planning on doing is instead of knowing everything specifically. [00:55:43] You they'd be able to put you in a bucket. So they'd say, okay, you are a 40 year old female and you are like driving fast cars and you have some kids with a grandkid on the way, and you liked dogs, not cats, right? So that's a bucket of people that may be a few hundred or maybe up to a thousand. As opposed to right now where they can tell everything about you. [00:56:12] And so they were selling that as a real advantage because they're not tracking you individually anymore. No, we're putting you in a bucket. It's the same thing. And in fact, it's easier for Google to put you in a bucket than to track everything about you and try and make assumptions. And it's easier for people who are trying to buy ads to place in front of you. [00:56:34] It's easier for them to not have to reverse engineer all of the data the Google has gathered in instead. To send this ad to people that are in this bucket and then that bucket. Okay. It makes sense to you, but I, as it turns out here, Google has even postponed of that. All right. They really have, they're the Google's kind of hiding. [00:56:59] It's really what's going on out there. They are trying to figure out what they should do, why they should do it, how they should do it, but it's going to be a problem. This is a bad habit. The Google has to break and just like any, anybody that's been addicted to something it's going to take a long time. [00:57:19] They're going to go through some serious jitters. So Firefox is one of the alternatives and to Google Chrome. And it's actually a very good one. It is a browser that I use. I don't agree with some of the stuff that Mozilla and Firefox does, but again, nobody agrees on everything. Here's a quote from them. [00:57:41] Ubiquitous surveillance harms individually. And society Chrome is the only major browser that does not offer meaningful protection against cross site tracking and Chrome will continue to leave users unprotected. And then it goes on here because. Google response to that. And they admit that this massive web tracking out of hand and it's resulted in, this is a quote from Google and erosion of trust, where 72% of people feel that almost all of what they do online is being. [00:58:19] By advertisers, technology firms or others, 81% say the potential risks from data collection outweigh the benefit by the way, the people are wrong. 72% that feel almost all of what they do on online is being tracked. No. The answer is 100% of what you do is probably being tracked in some way online. [00:58:41] Even these VPN servers and systems that say that they don't do logs. Do track you take a look at proton mail just last week. Proton mail it's in Switzerland. Their servers are in Switzerland. A whole claim to fame is, Hey, it's all encrypted. We keep it safe. We don't do logging. We don't do tracking guess what they handed over the IP addresses of some of the users to a foreign government. [00:59:09] So how can you do that? If you're not logging, if you're not tracking. Yeah, they are. And the same thing is true for every paid VPN service I can think of. So how can Google openly admit that their tracking is in place tracking everything they can, and also admit that it's undermining our privacy. [00:59:36] Their flagship browser is totally into it. It's really, it's gotta be the money. And Google does not have a plan B this anonymized tracking thing that they've been talking about, the buckets that I mentioned, isn't realistic, frankly. Google's privacy sandbox is supposed to Fitbit fix it. [00:59:56] I should say. The whole idea and the way it's being implemented and the way they've talked about it, the advertisers on happy. So Google is not happy. The users are unhappy. So there you go. That's the bottom line here from the Forbes article by Zach Dorfman, delete Google Chrome. And I said that for a long time, I do use some others. [01:00:20] I do use Firefox and I use. Which is a fast web browser. That's pretty good shape. Hey, if you sign up for my shows weekly newsletter, not only will you get all of my weekly tips that I send to the radio hosts, but you will get some of my special reports that go into detail on things like which browser you shouldn't be using. [01:00:46] Sign up right now. Craig peterson.com. [01:00:50] Many businesses have gone to the cloud, but the cloud is just another word for someone else's computer. And many of the benefits of the cloud just haven't materialized. A lot of businesses have pulled back and are building data centers. [01:01:07] Now, the reason I mentioned this thing about Microsoft again, and the cloud is Microsoft has a cloud offering. [01:01:17] It's called Microsoft Azure. Many people, many businesses use it. We have used it with some of our clients in the past. Now we have some special software that sits in front of it that helps to secure. And we do the same thing for Amazon web services. I think it's important to do that. And we also use IBM's cloud services, but Microsoft is been pitching for a long time. [01:01:45] Come use our cloud services and we're expecting here probably within the next month, a big announcement from Microsoft. They're planning on making it so that you can have your desktop reside in Microsoft's cloud, in the Azure cloud. And they're selling really the feature of it doesn't matter where you are. [01:02:11] You have your desktop and it doesn't matter what kind of computer you're on. As long as you can connect to your desktop, using some just reasonable software, you will be able to be just like you're in front of a computer. So if you have a Chromebook or a Mac, Or windows or tablet, whatever. And you're at the grocery store or the coffee shop or the office, you'll be able to get it, everything, all of your programs, all your files. [01:02:41] And we, Microsoft will keep the operating system up to date for you automatically a lot of great selling points. And we're actually looking into that, not too heavily yet. We'll give them a year before we really delve into it at all. Cause it takes them a while to get things right. And Microsoft has always been one that adds all kinds of features, but most of the time, most of them don't work and we can document that pretty easily, even in things like Microsoft. [01:03:11] The verge is now reporting that Microsoft has warned users of its as your cloud computing service, that their data has been exposed online for the last two years. Yeah, let me repeat that in case you missed it, you yeah. I'm I might've misspoken. Let me see, what does it say? It says users of Azure cloud competing service. [01:03:36] So that's their cloud. Microsoft's big cloud. Okay. Their data has been. Exposed online. Okay. So that means that people could get the data, maybe manipulate the data that's exposed means for the last two years. Are you kidding me? Microsoft is again, the verge. Microsoft recently revealed that an error in its Azure cosmos database product left more than 3,300 as your customer's data. [01:04:12] Completely exposed. Okay guys. So this is not a big thing, right? It can't possibly be big thing because you know who uses Azure, nobody uses a zer and nobody uses hosted databases. Come on, give me a break. Let me see, what else does this have to say? Oh, okay. It says that the vulnerability was reported, reportedly introduced into Microsoft systems in 2019, when the company added a data visualization feature called Jupiter notebook to cosmos DB. [01:04:46] Okay. I'm actually familiar with that one and let's see what small companies let's see here. Some Azure cosmos DB clients include Coca Cola. Liberty mutual insurance, Exxon mobile Walgreens. Let me see. Could any of these people like maybe Liberty mutual insurance and Walgreens, maybe they'd have information about us, about our health and social security numbers and account numbers and credit cards. Names addresses. That's again, why I used to get so upset when these places absolutely insist on taking my social security number, right? It, first of all, when it was put in place, the federal government guaranteed, it would never be used for anything other than social security. [01:05:34] And the law even said it could not be used for anything other than social security. And then the government started expanding it. And the IRS started using it. To track all of our income and that's one thing right there, the government computers, they gotta be secure. All of these breaches we hear about that. [01:05:52] Can't be true. So how about when the insurance company wants your personal information? Like your social security number? What business is it of? There's really no. Why do they have to have my social security number? It's a social security number. It's not some number that's tattooed on my forehead. That's being used to track me. [01:06:18] Is it this isn't a socialist country like China is, or the Soviet union was right. It's not social. So why are they tracking us like that? Walgreens? Why do they need some of that information? Why does the doctor that you go to that made the prescription for Walgreens? Why do they need that information? [01:06:40] And I've been all over this because they don't. Really need it. They want, it makes their life easier, but they don't really need it. However, it exposes us. Now, if you missed the email, I sent out a week ago, two weeks ago now, you missed something big because I, in my weekly newsletter went through and described exactly what you could do in order to keep your information private. [01:07:13] So in those cases where websites asking for information that they don't really need, right? You don't want to lie, but if they don't really need your real name, why you're giving them your real name? Why do you use a single email address? Why don't you have multiple addresses? Does that start make sense to you guys? [01:07:33] And now we find out that Microsoft Azure, their cloud services, where they're selling cloud services, including a database that can be used online, a big database 3,300 customers looks like some of them are actually big. I don't know. ExxonMobil pretty big. Yeah. I think so. Walgreens, you think that might be yeah. [01:07:57] Why. Why are we trusting these companies? If you have a lot of data, a lot of customers, you are going to be a major target of nation states to hack you and bat just general hackers, bad guys. But you're also if you've got all this information, you've also got to have a much higher level of security than somebody that doesn't have all of that information. [01:08:24] Does that make sense to you? Did I say that right? You don't need the information and I've got to warn anybody that's in a business, whether you're a business owner or you're an employee, do not keep more data than you need the new absolutely need to run your company. And that includes data about your customers. [01:08:48] And maybe it's even more specifically data about your customer. Because what can happen is that data can be stolen and we just found it. That? Yes, indeed. It could have been, it was exposed Microsoft the same. We don't know how much it was stolen. If anything was stolen. Yeah, Walgreens. Hey, I wonder if anyone's going to try and get some pain pills illegally through a, this database hack or a vulnerability anyways. [01:09:17] All right, everyone. Stick around. We'll be back. Of course, you listening to Craig Peterson. I am a cybersecurity strategist for business, and I'm here to help you as well. You can ask any question any time consumers are the people I help the most, I wish I got a dime for every time I answered a question. [01:09:38] Just email email@example.com and stick around. [01:09:44] Whether or not, you agree with the lockdown orders that were put in place over this COVID pandemic that we had. There are some other parts of the world that are doing a lot more. [01:10:00] Australia has. I don't know. I think that they went over the deep end that much, the same thing is true right next door to them. [01:10:11] And I am looking at a report of what they are doing with this new app. You might be aware that both apple and Google came out with an application programming interface. That could be used for contract tack tracking, contact tracking. There you go. It wasn't terribly successful. Some states put some things in place. [01:10:38] Of course you get countries like China. I love the idea because heaven forbid you get people getting together to talk about a Tannen square remembrance. Now you want to know who all of those people were, who were in close proximity, right? Good for China a while, as it turns out, Australia is putting something in place they have yet another COVID lockdown. [01:11:03] They have COVID quarantine orders. Now I think if you are sick, you should stay here. I've always felt that I, I had 50 employees at one point and I would say, Hey, if you're sick, just stay home. Never required a doctor's note or any of that other silliness, come on. People. If someone's sick, they're sick and let them stay home. [01:11:26] You don't want to get everybody else in the office, sick and spread things around. Doesn't that just make sense. They now in Australia, don't trust people to stay home, to get moving. Remember China, they were taking welders and we're going into apartments in anybody that tested positive. [01:11:42] They were welding them into their apartment for minimum of two weeks. And so hopefully they had food in there and they had a way to get fresh water. Australia is not going quite that far, but some of the states down under. Using facial recognition and geolocation in order to enforce quarantine orders and Canada. [01:12:07] One of the things they've been doing for very long time is if you come into the country from out of the country, even if you're a Canadian citizen, you have to quarantine and they'll send people by your house or you have to pay to stay for 10 days in a quarantine hope. So you're paying the, of course now inflated prices for the hotel, because they're a special quarantine hotel. [01:12:34] You have to pay inflated prices to have food delivered outside your door. And that you're stuck there for the 10 days, or if you're at home though, they, you're stuck there and they'll send people by to check up on you. They'll make phone calls to check up on you. They have pretty hefty fines. [01:12:54] What Australia has decided to do is in Australia is Charlene's even going from one state to another state are required to prove that they're obeying a 14 day quarantine. And what they have to do is have this little app on their phone and they, the app will ping them saying, prove it. And then they have to take a photo of themselves with geo location tag on it and send it up via the app to prove their location. [01:13:32] And they have to do all of that within 15 minutes of getting the notification. Now the premier of the state of south Australia, Steven Marshall said, we don't tell them how often or when on a random basis, they have to reply within 15 minutes. And if you don't then a police, officer's going to show up at the address you're supposed to be at to conduct an in-person check. [01:13:59] Very intrusive. Okay. Here's another one. This is an unnamed government spokesperson who was apparently speaking with Fox news quote. The home quarantine app is for a selected cohort of returning self Australians who have applied to be part of a trial. If successful, it will help safely ease the burden of travel restrictions associated with the pandemic. [01:14:27] So there you go. People nothing to worry about. It's just a trial. It will go away. Just for instance, income tax, as soon as rule, number one is over, it will be removed and it will never be more than 3% and it will only apply to the top 1% of wage-earners. So there you go. And we all know that world war one isn't over yet. [01:14:47] So that's why they still have it in somehow. Yeah, some of the middle class pays the most income tax. I don't know. Interesting. Interesting. So there you go. Little news from down under, we'll see if that ends up happening up here. News from China, China has China and Russia have some interesting things going on. [01:15:08] First of all, Russia is no longer. Country, they are. They aren't, they are a lot freer in many ways than we are here in the United States. Of course, China, very heavily socialist. In fact, they're so socialists, they are communist and China. And Russia both want their kids to have a very good education in science, engineering, and mathematics. [01:15:35] Not so much on history, not so much on, on politics. But definitely heavy on the sciences, which I can see that makes all the sense. I think everybody should be pretty heavily on the science. According to the wall street journal this week, gamers under the age of 18 will not be allowed to play online games between 8:00 PM and 9:00 PM on Friday, Saturdays and Sundays. [01:16:02] Okay. So basically what they're doing, I reverse that what they're doing is they're only allowing the kids three hours of gaming per week. In other words, they can play between eight and 9:00 PM, Friday, Saturday, and Sundays. I think that might overload some gaming servers. Cov gaming addiction has affected studies and normal lives. [01:16:23] And many parents have become miserable. That's China's press and public administration. Sedna state. Okay. There's going to be some relief during the school holidays. Children will be allowed 60 minutes per day for gaming hard to say how China plans didn't force it, but they have their ways, identity cards. By the way required for playing online. They've got a facial recognition system introduced in July by 10 cent. Remember all of the uproar around 10 cent and their apps and president Trump trying to get them blocked here in the U S yeah, there you go. Facial recognition bill right into the app, and it's proven effective at catching children pretending to be adults in order to get around government gaming curves. [01:17:12] So this goes on and on and Korea as well, South Korea has had some very big problems. You might remember it was headlines just a few years ago of some of these south Korean kids dying because they were playing video games four days straight with no sleep, no real food. Just taking all of these energy. [01:17:37] And we'll literally gaming themselves to death. So South Korea passed a law that prevented young people from playing online video games late at night. So that was introduced back in 2011 and it's targeted at players 16 or up. And south Korean miners were prevented from playing online PC games between midnight and six, 8:00 AM. [01:18:03] Now South Korea has scrapped that law. Interesting. So they're saying it's out of respect for younger citizens, right? They're going to abolish this law, replace it by. Permit system that allows players to request a permit per game and play during self-assigned hours that their parents will sign off on. [01:18:27] This is in an article from GameSpot, by the way, a gamespot.com. You might remember them too, the whole Robin hood scandal. But I think it's an interesting question. When my kids were young lo those many years ago I got this box that the, you took the TV wire, you ran it into the box and you could program. [01:18:51] So that each kid had their own code and you could specify how much time the kid could watch TV or how much time or when they could watch TV and how much time cumulative the kids could have. And it actually worked pretty well. And the kids certainly complained a lot about it. And a couple of them tried to work the way around it hard to when the plug is inside the box. [01:19:17] Yeah, ingenuity as they are. They were able to do that. They cut the wire off and put another power connector on the end of the TV wire. Anyhow Microsoft, we've been talking about them a lot. This show. I do not like Microsoft, that already the windows 11 is coming out and we talked about. [01:19:38] Before, because windows 11 is plying. Microsoft is planning on requiring you to have a very modern computer. You need to have a TPM in it, which is this special security module. You need to have a certain speed, et cetera, but the TPM is a big thing. That's going to make it. So most of your computers won't work. [01:20:04] Tons of pushback on that. I can see what Microsoft is trying to do it. They really would love to have a clean operating system that really wasn't getting hacked all the time. And this will help it won't solve their problem, but it will help. So that they're going to be doing now is they're going to over
BladeHawk cyberespionage campaign in progress. Microsoft warns of targeted attacks in progress. Hey--the hoods took a breather over Labor Day, but the straw hats are off now, and they're back at work. Someone is rummaging in REvil's unquiet grave. Bulletproof hosting services and the criminal marketplace. Mike Benjamin from Black Lotus Labs on ReverseRAT 2.0. Rick Howard checks in with Philip Reiner from the Ransomware Taskforce. And does a New Urgent Message Require Action? Maybe not. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/173
Charity Wright is a Cyber Threat Intelligence Analyst at Recorded Future who specializes in Chinese threats and disinformation. Charity is a Super Mario-loving extrovert who utilizes her research and inferencing skills in both of her full-time jobs; threat analyst and mom. Charity is a Chinese Linguist who often spends her workdays scrolling through social media searching for trolls and Chinese disinformation/propaganda. In this episode, Charity joins the No Password Required team to talk about how she came to be a linguist in the U.S. military, possibilities of where China will go in the future, and why curiosity has been one of the most essential aspects of her career. Ernie, Clabby, and Pablo talk about Clabby's “Yahoo! news rule” and the channels they use to stay informed in the ever-changing cyber industry. In the Positively Cyber segment, Pablo introduces the sophisticated, yet mysterious, Jay Gatsby as the Chief Financial Officer of our fictitious cybersecurity organization.
Security code flushes out security bugs. Recursion: see recursion. Phishing (and lots of it). And the Windows desktop that got so big it imploded. https://nakedsecurity.sophos.com/big-bad-decryption-bug-in-openssl https://nakedsecurity.sophos.com/skimming-the-cream-recursive-withdrawals https://news.sophos.com/phishing-insights-2021 With Paul Ducklin and Doug Aamoth. Original music by Edith Mudge (https://www.edithmudge.com) Got questions/suggestions/stories to share? Email: firstname.lastname@example.org Twitter: NakedSecurity (https://twitter.com/nakedsecurity) Instagram: NakedSecurity (https://instagram.com/nakedsecurity)
En nuestro ‘Mano a mano’ charlamos con Miss Cafeína. Hoy nos visitan Alberto Jiménez y Sergio Sánchez, miembros de la banda para darnos un adelanto de su nuevo disco y repasar su carrera en el mundo de la música. A continuación, tiramos del hilo con nuestro compañero Borja Díaz-Merry de Verifica RTVE. Hoy nos trae algunos ejemplos sobre el phishing y smishing, es decir, la suplantación de identidad y estafas por internet. Terminamos con María José Más y su ‘Neurodomingo’. Hoy hace homenaje a los abuelos. Escuchar audio
Today we're continuing our discussion on phishing campaigns - including a technical "gotcha" that might redirect your phishing emails into a digital black hole if you're not careful! As I mentioned last week, I've been heavy into spinning up and tearing down phishing campaigns, so I finally got around to documenting everything in episode 481. This week I ran into a bizarre issue where test phishes to myself suddenly disappeared from my Outlook altogether! After chatting with some folks on Slack I did a message trace in the Exchange Admin Center under: Mail flow > Message Trace > Start a trace then make the Sender field be the user you're sending phishing emails from. That showed me that my phishes were being quarantined! To get around the quarantine, I went into Mail flow > Rules and then created a new rule with the following properties: Apply this rule if > The sender's domain is > yourphishingdomain.com Then under Do the following: Set the spam confidence level (SCL) to...Bypass spam filtering Under And, click the drop-down and choose: Modify the message properties...set a message header...X-MS-Exchange-Organization-BypassClutter Then click where it says Enter text and change header value to True and click OK.
You have a fraud scare – or worse, a fraudulent payment. You put processes into place to prevent it from happening again. 4 years later no one is following the processes, and it happens again. This is a true story…Keep listening. Check out my website www.debrarrichardson.com if you need help cleaning your vendor master file or implementing authentication techniques, internal controls and best practices to prevent fraudulent payments. Subscribe today to be entered in the subscriber-only monthly drawing to win a free Putting the AP in hAPpy Coffee Mug. Links mentioned in the podcast: Blog: In 2017 A City Paid a Fraudster and In 2021 It Almost Happened Again – Here's WhyWebinar: Controls For AP Vendor Master Teams to Prevent Fraud in the Vendor Master FileToolkit: Done for Your Vendor Setup Forms, Company Branded ACH Form, Vendor Communication Templates, and Desktop Procedures in the Toolkit. Get ready for that AP Automation project with the 5 Day Vendor Master File Clean-Up.YouTube Channel: https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw Vendor Validation Reference List with Resources Links: www.debrarrichardson.com/vendor-validation-downloadDesktop Procedure Template: https://www.debrarrichardson.com/desktop-proceduresPrevent Fraudulent Payments. Get Your Own Copy of the 3 Step Vendor Setup and Maintenance Process eGuide.More Podcasts/Blogs www.debrarrichardson.comMore ideas? Email me at email@example.com Music Credit: www.purple-planet.com
Photo: An infographic cautioning against the threat of spear phishing. . CBS Eyes on the World with John Batchelor CBS Audio Network @Batchelorshow Taliban launch phishing attacks to wreck rescue communications.Patrick Tucker @DefTechPat HFN https://www.defenseone.com/technology/2021/08/how-one-tech-entrepreneur-scaling-veteran-led-evacuation-efforts/184813/
In this episode of the iCantCU Podcast, I talk about all of the obstacles around the house while having some home improvement work done. In this case, some were tricky and dangerous for me and some were dangerous for Ziggy. I also give updates to the All Blind Fantasy Football draft and the email scam that I was a victim of. Show notes at https://www.iCantCU.com/139 Treacherous Home Improvements When you are blind, just about any home improvement comes with potential issues. Moving furniture just a little could create a hazard navigating past it. When we had some electrical work done, I not only had to worry about myself, but Ziggy, too. Ziggy Eats Just About Anything Just because he shouldn't eat it, doesn't mean he leaves something on the floor alone. I didn't want him to eat bits of wiring, paper towels, screws, or whatever else may have ended up on the floor. We didn't want another unscheduled, expensive trip to the vet. Fantasy Football Draft In NYC I found out this week that our in-person, video produced All Blind Fantasy Football draft will be held in New York City. While I would've loved an all-expenses paid trip to LA, I wasn't comfortable going that distance with the conditions as they are now. I'll settle for the all-expenses paid trip to NYC, a short 90 minute train ride away. Phishing Scam Happy Ending I was stunned that we were able to recover all the money that I was scammed out of last week. I never thought it would end this way. I am thankful to the Ridley Township Police, TD Bank, and Venmo for making it happen. Reach Out On Social Media Twitter | Instagram | Facebook | LinkedIn Get In Touch If you've got questions, comments, or show ideas, I want to hear from you! Call (646) 926-6350 and leave a message. Include your name and town and let me know if it is okay to use your voice on an upcoming episode. You can also email the show at iCantCUPodcast@gmail.com
Today we're revisiting how to make a kick-butt cred-capturing phishing campaign with Gophish, Amazon Lightsail, LetsEncrypt, ExpiredDomains.net and a special little extra something that makes creating phishing landing pages waaaaaaayyyyyyyyyy easier! For some quicker review, you can check out part 1 and also the complementary YouTube video, but I wanted to revisit this kick-butt process and update a few items: First, this SingleFile extension is amaaaaaaaazing for making phishing landing pages with ease! The process to get GApps to let you generate an app-specific password for using with GoPhish is kinda annoying. The steps below should get you going: After domain registration, log into admin.google.com or click Manage Workspace button at checkout. At the next screen click Workspace Admin Console. Sign in with the person you'll be spoofing from, and the temporary password emailed to your backup email account during checkout. In the search bar search for Less Secure Apps, choose Allow users to manage their access to less secure apps. Now, in the upper right, hit Manage Your Google Account. Under Security, click Protect your account and click Add phone number. Finish that process, then click Continue to your Google account. Back at the main admin page, under Less secure app access, click Turn on access (not recommended). At the next screen click Allow less secure apps: ON Back at the main screen, click 2-Step Verification and set it to On. Back at the main screen again, a new option called App passwords should be there. Click it. Choose to generate a custom name like LOL and then then an app password will appear. Write it down as it only appears once! Finally, a quick reference for getting your LetsEncrypt cert to work with GoPhish. Get your LetsEncrypt cert generated, and then forge a .crt and .key file to use with GoPhish: cp /etc/letsencrypt/live/YOUR-DOMAIN/fullchain.pem ./domain.crt cp /etc/letsencrypt/live/YOUR-DOMAIN/privkey.pem ./domain.key Now go into the GoPhish .json config file and change the cert_path and key_path to the ones you just generated, and change use_tls to TRUE on both places in the config as well.
Live from the Showboat Resort in Atlantic City Glenn and his friends are pre gaming for a concert while Craig and Dave have to watch the mess unfold. Join us for some drinks and stories from seeing concerts on the road!
ShadowTalk hosts Sean, Ivan, Charles, and CISO Rick Holland bring you the latest in threat intelligence. This week they cover: - CISO Rick Holland touches on the latest news on AlphaBay - could the forum be back? - The team chat about LockBit's big hit on Accenture - Charles runs through Krebs Security run-in with a scammer who had been targeted by a phishing site for BriansClub - Ivan talks about the Chinese espionage group that pulled a false flag to Iran and Israel - Sean delves into the latest news on the $600 Million crypto hack Get this week's intelligence summary at: https://resources.digitalshadows.com/weekly-intelligence-summary/weekly-intelligence-summary-13th-august ***Resources from this week's podcast*** The State of APTs in 2021 https://www.digitalshadows.com/blog-and-research/the-nation-state-of-apts-in-2021/ Understanding Smishing Attacks https://www.digitalshadows.com/blog-and-research/understanding-smishing-attacks/ Krebs Security Run-in with Scammed Scammer https://krebsonsecurity.com/2021/08/phishing-sites-targeting-scammers-and-thieves/ Chinese Espionage Campaign in Israel https://www.fireeye.com/blog/threat-research/2021/08/unc215-chinese-espionage-campaign-in-israel.html $600 Million Crypto Hack https://www.bleepingcomputer.com/news/security/over-600-million-reportedly-stolen-in-cryptocurrency-hack/ Other Resources: https://www.bbc.com/news/business-58180692
APT31 casts its net into some waters that aren't yet phished out. Vulnerabilities in the NicheStack TCP/IP stack are reported. LemonDuck may be outgrowing its beginnings as a cryptojacking botnet. A large marketing database is found exposed. NSA and CISA offer advice on securing Kubernetes clusters. Adam Darrah from ZeroFox checks in from the floor at BlackHat. Our guests are Nic Fillingham and Natalia Godyla from Microsoft's Security Unlocked podcast. David Dufour from Webroot on the hidden costs of ransomware. And Huawei's CFO returns to court as her extradition hearings enter their endgame. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/149
An apparent ransomware attack hits Italy's online vaccine-scheduling service. A Chinese cyberespionage campaign hits Southeast Asian telcos enroute to high-value targets. Some strategic context for Beijing's espionage. FatalRAT is spreading by Telegram. Crafty phishing spoofs SharePoint. Joe Carrigan has thoughts on HP's latest Threat Insights Report. Our guest is Marc Gaffan of Hysolate who reveals the “Enterprise Security Paradox”. Plus, Conversations with BlackMatter, and a look at the inside of ransomware negotiations. For links to all of today's stories check out our CyberWire daily news briefing: https://www.thecyberwire.com/newsletters/daily-briefing/10/148