Podcasts about Phishing

Google dismantles a huge residential proxy network. Did the FBI take down the notorious RAMP cybercrime forum? A long running North Korea backed cyber operation has splintered into three specialized threat groups. U.S. military cyber operators carried out a covert operation to disrupt Russian troll networks ahead of the 2024 elections. Phishing campaigns target journalists using the Signal app. SolarWinds patches vulnerabilities in its Web Help Desk product. Amazon found CSAM in its AI training data. Initial access brokers switch up their preferred bot. China executes scam center kingpins. Our guest is Tom Pace, CEO of NetRise, explaining how open-source vulnerabilities are opening doors for nation-states.  An unsecured webcam peers into Pyongyang.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Tom Pace, former DOE cyber analyst and CEO of NetRise, joins the show to explain how open-source vulnerabilities are opening doors for nation-states and why visibility into who maintains code repositories matters. Selected Reading Google Disrupted World's Largest IPIDEA Residential Proxy Network (Cyber Security News) Notorious Russia-based RAMP cybercrime forum apparently seized by FBI (The Record) Long-running North Korea threat group splits into 3 distinct operations (CyberScoop) Secret US cyber operations shielded 2024 election from foreign trolls, but now the Trump admin has gutted protections (CNN Politics) Phishing attack: Numerous journalists targeted in attack via Signal Messenger (Netzpolitik.org) Signal president warns AI agents are making encryption irrelevant (Cyber Insider) SolarWinds Patches Critical Web Help Desk Vulnerabilities (SecurityWeek)  Amazon Found ‘High Volume' Of Child Sex Abuse Material in AI Training Data (Bloomberg) Initial access hackers switch to Tsundere Bot for ransomware attacks (Bleeping Computer) China Executes 11 People Linked to Cyberscam Centers in Myanmar   (Bloomberg) North Korean Hackers' Daily Life Leaked in Video (The Chosun) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Phishing didn't get smarter, it got better at looking normal. What used to be obvious scams now blend directly into the platforms, workflows, and security controls people trust every day. In this episode, Ron sits down with Yaamini Barathi Mohan, 2024 DMA Rising Star and Co-Founder & CPO of Secto, to break down how modern phishing attacks bypass MFA, abuse trusted services like Microsoft 365, and ultimately succeed inside the browser. Together, they examine why over-reliance on automation creates blind spots, how zero trust becomes practical at the browser layer, and why human judgment is still the deciding factor as attackers scale with AI. Impactful Moments 00:00 - Introduction 02:44 - Cloud infrastructure powering crime at scale 07:45 - What phishing 2.0 really means 12:10 - How MFA gets bypassed in real attacks 15:30 - Why the browser is the final control point 18:40 - AI reducing SOC alert fatigue 23:07 - Mentorship shaping cybersecurity careers 27:00 - Thinking like attackers to defend better 31:15 - When trust becomes the attack surface   Links Connect with our guest, Yaamini Barathi Mohan, on LinkedIn: https://www.linkedin.com/in/yaamini-mohan/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/    

professorjrod@gmail.comData protection didn't fail because encryption was weak; it faltered when trust was broken. In this episode of Technology Tap: CompTIA Study Guide, we explore how scattered systems, third-party vendors, and cloud replication complicate the question, “Where is our data right now?” We discuss why the true solution starts with people, not just technology. Whether you're a professor leading a study group, an IT professional preparing for your CompTIA exam, or anyone invested in IT skills development, this episode offers a practical map to not just pass tech exams but to uphold your promises in data security. Tune in for expert insights on technology education and effective tech exam prep strategies.We break down the crucial difference between data types and classifications, showing why labels don't override laws and how sensitivity should drive controls. You'll hear how data inventories, retention policies, and deletion-by-default strategies reduce both breach blast radius and legal exposure. We get specific about data states—at rest, in motion, in use—and the matching controls that actually hold up under pressure. Then we confront data sovereignty: how cross‑region replicas can quietly violate GDPR and how region‑restricted storage, geofencing, and vendor due diligence keep you on the right side of the border and the law.Privacy takes center stage as we clarify the roles of data subject, controller, and processor, and why documentation beats intention when regulators come calling. We outline what changes when a privacy breach occurs: tight timelines, mandated notifications, and the high cost of silence. Finally, we center the human layer with policies that guide behavior—acceptable use, social media, BYOD, clean desk—and an awareness training lifecycle that adapts to roles and evolving threats. Phishing drills, password hygiene, insider threat cues, and speak‑up culture turn security from slides into habits that stick.If this helped you think differently about compliance, data governance, and human risk, follow the show, share it with a teammate, and leave a quick review telling us which control you'll strengthen first. Your feedback helps more listeners protect what matters most.Support the showArt By Sarah/DesmondMusic by Joakim KarudLittle chacha ProductionsJuan Rodriguez can be reached atTikTok @ProfessorJrodProfessorJRod@gmail.com@Prof_JRodInstagram ProfessorJRod

What do you do if it's getting down to the wire to be in compliance with the IRS deadlines for sending vendors their 1099-NEC or 1099-MISC or filing both with the IRS, and you know you are going to be late.Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Extension Form:  Form 8809, Application for Extension of Time to File Information Returns  https://www.irs.gov/forms-pubs/about-form-8809IRS Extension Form:  Form 15397 Application For Extension of Time to Furnish Recipient Statements  https://www.irs.gov/forms-pubs/extension-of-time-to-furnish-statements-to-recipientsIRS Page:  Information Return Penalty Charthttps://www.irs.gov/payments/information-return-penalties Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Indignación por nuevo caso de maltrato animal en Naucalpan Dos detenidos por descarrilamiento del Tren Interoceánico: Sheinbaum  Sheinbaum y Trump dialogan sobre frontera, narcotráfico y comercioMás información en nuestro podcast  

Each week, the leading journalists in legal tech choose their top stories of the week to discuss with our other panelists.   00:00 Introductions 2:56 Law firm Phishing over christmas (Selected by Joe Patrice) 11:18 How much do legal leaders trust artificial intelligence in high-stakes decisions? New study sheds light (Selected by Victor Li) 18:06 Are mandatory hyperlinks a solution to the lawyers' hallucination problems? (Selected by Stephen Embry) 30:01 LawNext: From Roommates to Billionaires: Harvey's Founders Gabriel Pereyra and Winston Weinberg on Building AI Infrastructure for Law (Selected by Bob Ambrogi) 39:44 OpenAI wants your IP (Selected by Joe Patrice) 49:38 Alexi Fires Back at Fastcase Lawsuit with Counterclaims Alleging Anticompetitive Conduct Following Clio's $1B Acquisition (Selected by Bob Ambrogi)

Don't forget to still do your tax reporting research at the State level, even if that State participates in the Combined Federal/State Filing (CF/SF) Program.  For two reasons you still need to check and a process to do it….Keep listening.Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Publication 1220: Specifications for Electronic Filing of Forms 1097, 1098, 1099, 3921, 3922, 5498,IRS Publication 5717: Information Returns Intake System (IRIS) Taxpayer Portal User Guide Vendor Process Training Center > Resource Library: State Sites for Business/Tax ResearchCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Rob Hughes — CISO at RSA and Champion of a Passwordless FutureNo Password Required Season 7:  Episode 1 - Rob HughesRob Hughes, the CISO at RSA, has more than 25 years of experience leading security and cloud infrastructure teams. In this episode, he reflects on his unconventional career path, from co-founding the original Geek.com and serving as its Chief Technologist during the early days of the internet, to leading security and systems design at Philips Home Monitoring.Jack Clabby of Carlton Fields, P.A. and Kayley Melton welcome Rob for a wide-ranging conversation on identity, leadership, and the realities of modern cybersecurity. Rob currently leads RSA's Security and Risk Office, overseeing cybersecurity, information security governance, and risk across both RSA's products and corporate environment.Rob explains his dream for a passwordless future. He unpacks why passwords remain one of the largest sources of cyber risk, how real-world incidents and password-spraying attacks have accelerated change, and why phishing-resistant technologies like passkeys may finally be reaching a tipping point.  The episode wraps with the Lifestyle Polygraph, where Rob lightens the conversation with stories about gaming with his kids, underrated horror films, and classic cars.Follow Rob on LinkedIn: https://www.linkedin.com/in/robert-hughes-816067a4/Chapters: 00:00 Introduction to No Password Required01:43 Meet Rob Hughes, CISO at RSA02:05 The Role of a CISO in a Security Company05:09 Transitioning to the CISO Role08:00 The Early Days of Geek.com12:14 Launching a Startup During the Dot Com Boom14:30 The Push for a Passwordless Future18:21 Tipping Point for Passwordless Adoption20:20 Ongoing Learning in Cybersecurity26:09 Managing Stress in High-Pressure Environments33:46 The Lifestyle Polygraph Begins34:15 Career Insights in Cybersecurity36:08 Dream Cars and Personal Preferences39:58 Underrated Horror Films41:19 Creating a Cybersecurity Monster

In this episode, James sits down with Tim Chase, Principal Technical Evangelist at Orca Security and 20-year cybersecurity veteran. He shares stories from his early days: learning from "Hacking Exposed" books at Barnes & Noble, getting caught with hacking tools an hour after installing them, and how dropping out of college after designing one trebuchet led him from functional testing to CISO roles.But Tim isn't dwelling on the past. He reveals the nation state that manipulated open source binaries because diplomatic channels failed, explains why security awareness training is fundamentally broken, and demonstrates why AI will actually favor defenders over attackers—a refreshingly optimistic take. From acronym overload to the "Negative Nelly" problem, Tim shows why cybersecurity desperately needs a positive mindset shift.

My head is starting to hurt as clients, subscribers and others reach out to ask about the impact of the IRS draft form W-9.  More and more questions are arising and I have 5 that you should start thinking about….Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Form W-9:  https://www.irs.gov/pub/irs-pdf/fw9.pdf Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com 

This week in Bitcoin and global current events:SAYLOR VS KNOWLESWhat Bitcoin Did Got HOT When Saylor Couldn't Handle a Basic Question - Is Saylor Cooked?

This week in Bitcoin and global current events:SAYLOR VS KNOWLESWhat Bitcoin Did Got HOT When Saylor Couldn't Handle a Basic Question - Is Saylor Cooked?

Hey Strangers, #crypto #scam #coin Is bags.fm safe?— Unfortunately, not likely.

In this episode of Cybersecurity Today, host David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to the infamous Black Acts crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead developer. Stay informed with the latest in cybersecurity news and learn how to protect yourself and your organization from emerging threats. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:20 FBI Warns of QR Code Phishing 04:44 Europol's Major Crackdown on Black Acts 07:11 Uncertainty Over Ransomware Alerts Program 09:41 US Withdraws from Cybersecurity Organizations 10:25 Conclusion and Final Thoughts

On this episode of the Power Up Wealth podcast, James Derrick sits down with Brandi Romero to share practical steps to protect your personal information and clean up your inbox. They discuss why it only takes one click to cause major damage, how decluttering your email helps you spot threats faster, and the biggest red flags to watch for—urgency, odd language, suspicious links, and sender addresses that don't match.Their top advice: slow down, hover before you click, never trust links you weren't expecting, and when in doubt, go directly to the source or pick up the phone. A cleaner inbox and a cautious approach can go a long way in keeping your financial life secure. 

A phishing campaign with QR codes rendered using an HTML table Phishing emails are bypassing filters by encoding QR codes as HTML tables. https://isc.sans.edu/diary/A%20phishing%20campaign%20with%20QR%20codes%20rendered%20using%20an%20HTML%20table/32606 n8n vulnerabilities In recent days, several new n8n vulnerabilities were disclosed. Ensure that you update any on-premises installations and carefully consider what to use n8n for. https://www.cyera.com/research-labs/ni8mare-unauthenticated-remote-code-execution-in-n8n-cve-2026-21858 https://github.com/n8n-io/n8n/security/advisories/GHSA-v4pr-fm98-w9pg Power bank feature creep is out of control Simple power banks are increasingly equipped with advanced features, including networking, which may expose them to security risks. https://www.theverge.com/tech/856225/power-banks-are-the-latest-victims-of-feature-creep

In the digital modern age, how can we protect our data from falling into the hands of scammers? This week on the Justice Team Podcast, Bob sits down with the Simon Law Group's CTO (that is, Chief Technology Officer), Matt Rhoads! Join us to hear how he protects and educates his law firm on the dangers of phishing, and the safety steps that you can take as well. And remember: ANYONE can fall victim to a scam. If you enjoy this video, like, subscribe, and share with a friend! This episode is brought to you by CallRail, a powerful lead engagement platform that helps law firms understand which campaigns are driving inbound leads—whether it's calls, texts, forms, or chats. Visit callrail.com/jtn for more! Attorney Share lets you track your co-counsel cases with automation, and turn cases you can't take into revenue for your firm with the public marketplace. You can sign up now for a free account at www.attorneyshare.com. Justice HQ community subscriptions are open to all starting at $20 a month. Go to www.justicehq.com or download the mobile app today! Have a legal need or question? Call our law firm, the Justice Team at 844-THE-TEAM, or visit justiceteam.com!

My guest is Jason Dinesen, and he and I discuss the IRS draft version of the IRS Form W9 with a revision date of January 2026.  We address questions such as will it really be published in January? What you should do before it's published, what you should do after, including why this revision may require action for the vendor team that was not required with recent revisions….  Keep listening.  Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to reduce the potential for fraudulent payments, compliance fines or bad vendor data. Check out the Vendor Process Training Center for 173+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Jason Dinesen YouTube Channel:  Accounting in the Wild Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links Vendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

Das Anlagejahr 2025 war anstrengend, volatil und voller Überraschungen – vor allem bei den Top- und Flop-Werten im Depot. Welche Aktien das konkret waren, wie ich mit den Rücksetzern umgehe und welche Lehren ich ziehe, erfährst du in diesem Depotrückblick. Wie gewohnt stelle ich alle meine Asset-Klassen vor, nenne meine Fehler offen und zeige die größten Gewinner und Verlierer des Jahres. Außerdem gehe ich auch noch auf den Finanzrocker-Podcast und meine Learnings ein.Weiterführende InformationenZum ausführlichen BlogartikelPräsentiert von IncogniWusstest du, dass deine persönlichen Daten – wie Name, Adresse oder Telefonnummer – im Internet massenhaft verteilt sind? Vor allem bei sogenannten Datenbrokern, die sie oft ohne dein Wissen handeln oder veröffentlichen. Die Folgen können gravierend sein: Identitätsdiebstahl, Spam, Phishing, sogar Kreditbetrug. Und die Zahl der Datenlecks steigt jedes Jahr weiter an.Incogni schickt automatisiert Löschanfragen an hunderte Datenbroker und Webseiten und deine Daten entfernen lässt. So senkt Incogni durch Datenlöschung das Risiko für Scam und Identitätsdiebstahl. Und es ist schnell, unkompliziert und risikofrei: Du kannst 30 Tage testen und bekommst eine Geld-zurück-Garantie. Als Podcast-Hörer erhältst du mit dem Code FINANZROCKER satte 60 % Rabatt auf den Jahresplan.Hier geht es direkt zum Angebot von Incogni Hosted on Acast. See acast.com/privacy for more information.

Notes:Julia Prümmer describes her transition from legal psychology into cybersecurity research and how psychological methods shape her approach to cybersecurity training.The discussion explores the role of systematic reviews in mapping what a research field actually knows, rather than relying on highly visible or frequently cited studies.Findings from a large-scale systematic review of cybersecurity training methods are discussed, highlighting the diversity of training approaches used across the literature.The episode examines results from a meta-analysis assessing the overall effectiveness of cybersecurity training and the gap between improvements in precursors such as knowledge and intentions versus observable behaviour.Julia explains why many cybersecurity training programmes lack explicit behavioural theory and rely on trial-and-error design choices.A key theme is the distinction between cybersecurity behaviours that require active engagement, such as phishing detection, and behaviours that may benefit from habit formation, such as screen locking or password management.The conversation draws on research into email habits and phishing susceptibility to illustrate how habitual behaviour can increase vulnerability in certain contexts.Julia discusses the use of psychological theory, including habit formation and implementation intentions, to design and evaluate cybersecurity training interventions.The episode concludes with reflections on the future of cybersecurity training research and the need for behaviour-specific, theory-informed models.About our Guest:Julia Prümmerhttps://www.universiteitleiden.nl/medewerkers/julia-prummer#tab-1https://www.linkedin.com/in/julia-prümmer-376778159/Papers or resources mentioned in this episode Prümmer, J., van Steen, T., & van den Berg, B. (2024). A systematic review of current cybersecurity training methods. Computers & Security, 136, 103585.https://doi.org/10.1016/j.cose.2023.103585Prümmer, J. (2024). The role of cognition in developing successful cybersecurity training programs: Passive vs. active engagement. In D. D. Schmorrow & C. M. Fidopiastis (Eds.), Augmented cognition. HCII 2024 (Lecture Notes in Computer Science, Vol. 14695, pp. 185–199). Springer.https://scholarlypublications.universiteitleiden.nl/handle/1887/4093101Prümmer, J., van Steen, T., & van den Berg, B. (2025). Assessing the effect of cybersecurity training on end-users: A meta-analysis. Computers & Security, 150, 104206.https://doi.org/10.1016/j.cose.2024.104206Vishwanath, A. (2015). Examining the distinct antecedents of e-mail habits and its influence on the outcomes of a phishing attack. Journal of Computer-Mediated Communication, 20(5), 570–584.https://doi.org/10.1111/jcc4.12126Other If this topic of training as an intervention to reduce susceptibility to cybercrime, you might also enjoy the recent Episodes 123, 116, 110, 106, 60, and 59 that are all on related topics. If you are brave you can even go right back to Episodes 6, 7 and 8, there is a lot to listen to.  

While our team is out on winter break, please enjoy this episode of Word Notes. A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/simulated-phishing⁠ Audio reference link: ⁠“Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.”⁠ YouTube, YouTube, 19 Apr. 2017.

While our team is out on winter break, please enjoy this episode of Word Notes. A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/simulated-phishing⁠ Audio reference link: ⁠“Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.”⁠ YouTube, YouTube, 19 Apr. 2017. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chris and Hector break down how trust itself has become the attack vector. From AI powered SEO poisoning that tricks users into infecting their own machines, to a leaked GitHub token that exposed Home Depot systems for nearly a year, they unpack the latest breaches, indictments, and regulatory failures shaping the cyber landscape. They talk community, accountability, and why copying random terminal commands might be the most dangerous habit in tech right now. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

Holidays are the best times for cybercriminals – they know we are busy trying to get out of the office and all they need is the information we typically include in an Out of Office automated email reply.  Don't give it to them – use these best practices to not let your absence lead to payment fraud. Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:     Mailguard Article: 

Send us a textCheck us out at:  https://www.cisspcybertraining.com/Get access to 360 FREE CISSP Questions:  https://www.cisspcybertraining.com/offers/dzHKVcDB/checkoutGet access to my FREE CISSP Self-Study Essentials Videos:  https://www.cisspcybertraining.com/offers/KzBKKouvHeadlines say the talent shortage is easing, yet nearly half of UK businesses still lack basic cyber skills. That disconnect sets the stage for a frank, practical tour through what actually reduces risk—no buzzwords required. We open with real takeaways from the UK's international cyber skills initiatives and move quickly to the daily decisions that shape resilience: encryption in the cloud, least privilege by default, and how to keep role-based access control from collapsing under credential creep.We make the identity layer tangible. Single sign-on can simplify life and lower password reuse, but it also centralizes risk. We share how to counterbalance SSO with MFA, conditional access, and strong monitoring. Cloud-based IAM accelerates deployment and gives flexibility, yet brings ongoing costs and integration challenges with legacy systems; outsourcing introduces a loss of control that must be offset by airtight requirements, auditability, and vendor transparency. Phishing remains the most reliable social engineering vector, so security awareness training isn't optional—it's the routine that turns policy into behavior.Zero trust becomes manageable when you stop treating it like a switch and start treating it like a program. We outline a phased path: define protect surfaces, segment by sensitivity, apply continuous verification where the impact is highest, and expand deliberately. Vendor access deserves the same precision: NDAs for legal guardrails, least privilege for scope, monitoring for assurance, and scheduled reviews to remove stale permissions. Along the way, we talk mentorship, pro bono work, and competitions as concrete ways to grow talent while delivering real security outcomes.We also road-test your knowledge with a focused Domain 1.9 CISSP question set, reinforcing the core ideas with scenario-based reasoning. If you're preparing for the CISSP or leading a security program, you'll walk away with a clear playbook: encrypt by default, minimize access, verify continuously, and measure what matters. If this resonates, subscribe, share with a teammate, and leave a review so others can find the show.Gain exclusive access to 360 FREE CISSP Practice Questions at FreeCISSPQuestions.com and have them delivered directly to your inbox! Don't miss this valuable opportunity to strengthen your CISSP exam preparation and boost your chances of certification success. Join now and start your journey toward CISSP mastery today!

In this episode of Cybersecurity Today, host Jim Love discusses a range of pressing cybersecurity threats. The show covers the escalating React2Shell vulnerability, which has led to widespread automated exploitation campaigns involving crypto miners and back doors. Additionally, Jim reports on the Black Force phishing kit, which bypasses multifactor authentication and is gaining traction among cybercriminals. Microsoft OAuth consent attacks are also highlighted, with users being tricked into granting access to their accounts. Finally, the episode touches on PornHub's data breach involving the Shiny Hunters cybercrime group and the importance of patching vulnerabilities and being cautious during the holiday season. 00:00 Introduction and Sponsor Message 00:22 React2Shell Vulnerability Deep Dive 03:46 Black Force Phishing Toolkit 05:44 Microsoft OAuth Consent Phishing 07:29 PornHub Data Breach by Shiny Hunters 10:21 Holiday Cybersecurity Tips and Final Thoughts

How has GenAI turned phishing Into a speed war? And what should we do about it? Let's find out with your hosts are Kip Boyle, CISO with Cyber Risk Opportunities, and Jake Bernstein, Partner with K&L Gates.

US turns to private firms in cyber offensive Microsoft updates cause queuing failures Phishing campaign delivers Phantom stealer Huge thanks to our sponsor, Adaptive Security This episode is brought to you by Adaptive Security, the first cybersecurity company backed by OpenAI. Attackers don't need malware anymore; they need trust. Tip: set a simple passphrase for high-risk actions, like wire requests or "urgent" account recovery – especially within finance teams and families. If the caller can't answer it, pause and verify. Adaptive runs deepfake and vishing simulations so employees practice this before it's real. Learn more at adaptivesecurity.com.  

Farms today run more digital systems than ever before — GPS-guided equipment, grain accounting software, cloud-connected records, automated livestock and irrigation controls, and online financial tools. And that shift has put agriculture squarely into the Top 10 most-targeted industries for cyberattacks.In this episode, we sit down with Chris Sherman, founder of TechSupport.Farm, who specializes in helping farmers and ag businesses protect their operations from online threats. Chris breaks down why farms are becoming major hacker targets, the attacks he sees most often, and the simple ways producers can safeguard their data, their money, and their equipment.We explore real farm-level risks such as:Phishing emails disguised as invoices, USDA notices, or dealer updatesRansomware that locks up grain software, field maps, GPS data, or entire farm serversExtortion scams demanding bitcoinAttempts to infiltrate connected systems like grain dryers, feed mills, and irrigation controlsChris explains where farm data actually lives — on equipment, in cloud systems, or in software platforms — and what farmers need to understand about data ownership, platform security, and privacy.Then we move into practical, easy-to-apply cybersecurity steps every farm can start today:Creating strong password policies (12+ characters)Using password managersTurning on two-factor authenticationUpgrading email security with spam and phishing filtersSeparating home WiFi from business and equipment WiFiTracking who has login accessKeeping offline backups of critical filesTraining your family and employees to spot digital red flagsChris also shares real-world stories from farms he's helped — the scams that worked, the ones that were caught in time, and the mistakes he sees repeated across operations of all sizes.Whether you run a large operation or a small family farm, cybersecurity is now part of running the business. This episode will help you protect what you've built, stay ahead of threats, and keep hackers out of your data, your money, and your equipment. Want Farm4Profit Merch? Custom order your favorite items today!https://farmfocused.com/farm-4profit/ Don't forget to like the podcast on all platforms and leave a review where ever you listen! Website: www.Farm4Profit.comShareable episode link: https://intro-to-farm4profit.simplecast.comEmail address: Farm4profitllc@gmail.comCall/Text: 515.207.9640Subscribe to YouTube: https://www.youtube.com/channel/UCSR8c1BrCjNDDI_Acku5XqwFollow us on TikTok: https://www.tiktok.com/@farm4profitllc Connect with us on Facebook: https://www.facebook.com/Farm4ProfitLLC/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

This might be obvious, but security is not all domain admin dancing and maximum pwnage. Sometimes, despite my best efforts, a security project does a faceplant. Today's episode focuses on a phishing campaign that had plenty of "bites" but got immediately shut down – for reasons I still don't understand.

"Spear phishing is a direct attack." Connect With Our SponsorsGreyFinch - https://greyfinch.com/jillallen/A-Dec - https://www.a-dec.com/orthodonticsSmileSuite - https://getsmilesuite.com/ Summary In this conversation, Gary Salman, CEO of Black Talon Security, discusses the critical importance of cybersecurity in the dental and orthodontic fields. He shares insights on the evolution of cyber threats, particularly focusing on social engineering and phishing attacks. Gary emphasizes the need for comprehensive training for dental staff to recognize and prevent these threats. He also highlights the significance of understanding cyber risk ratings and the role of AI in enhancing cybersecurity measures. The discussion concludes with practical advice for practices to safeguard patient data and navigate the complexities of modern cybersecurity challenges. Connect With Our Guest Black Talon Security - https://www.blacktalonsecurity.com/ Takeaways Gary has over 33 years of experience in dental technology.He emphasizes the importance of cybersecurity in practices.Social engineering is a major threat, often leading to phishing attacks.Training staff is crucial as 60% of cyber attacks result from human error.Spear phishing is a targeted attack that can compromise email accounts.Antivirus software may not detect legitimate software used by hackers.Cybersecurity requires a proactive approach, similar to healthcare.Understanding cyber risk ratings is essential for practices.AI can enhance cybersecurity but requires due diligence.Practices must be aware of their vulnerabilities and take action.Chapters 00:00 Introduction02:02 Gary Salman's Background and Black Talon Security06:33 Understanding Social Engineering Attacks14:14 Preventative Measures and Training25:58 Understanding Cyber Risk in Dental Practices27:52 The Importance of Cyber Risk Ratings28:19 Known Exploitable Vulnerabilities and Network Security33:13 AI in Healthcare: Benefits and Risks36:09 Best Practices for Using AI in Practices38:49 Final Thoughts and Contact Information Episode Credits:  Hosted by Jill AllenProduced by Jordann KillionAudio Engineering by Garrett LuceroAre you ready to start a practice of your own? Do you need a fresh set of eyes or some advice in your existing practice?Reach out to me- www.practiceresults.com.    If you like what we are doing here on Hey Docs! and want to hear more of this awesome content, give us a 5-star Rating on your preferred listening platform and subscribe to our show so you never miss an episode.    New episodes drop every Thursday!   

If you are getting ready for tax reporting for Tax Year 2025 and need the important things to know or do regarding the 1099-NEC, the 1099-MISC and the 1042-S – this podcast episode is for you! Starting with two that you don't have to worry about (yet) then three that you do.  Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    IRS Draft Forms:  https://www.irs.gov/draft-tax-formsIRS Published Forms:  https://www.irs.gov/forms-instructions-and-publications IRS Publication 5903: IRIS App for TCC Tutorial and IRIS Application for TCCIRS Publication 5911: IR App for TCC Tutorial and IR Application for TCCCustomized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

nanoKVM Vulnerabilities The nanoKVM device updates firmware insecurely; however, the microphone that the authors of the advisory referred to as undocumented may actually be documented in the underlying hardware description. https://www.tomshardware.com/tech-industry/cyber-security/researcher-finds-undocumented-microphone-and-major-security-flaws-in-sipeed-nanokvm Ghostframe Phishing Kit The Ghostframe phishing kit uses iFrames and random subdomains to evade detection https://blog.barracuda.com/2025/12/04/threat-spotlight-ghostframe-phishing-kit WatchGuard Advisory WatchGuard released an update for its Firebox appliance, fixing ten vulnerabilities. Five of these are rated as High. https://www.watchguard.com/wgrd-psirt/advisories

Please enjoy this encore of Word Notes. The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/homograph-phishing⁠ Audio reference link: “⁠Mission Impossible III 2006 Masking 01⁠,” uploaded by DISGUISE MASK, 28 July 2018.

Please enjoy this encore of Word Notes. The use of similar-looking characters in a phishing URL to spoof a legitimate site. CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/homograph-phishing⁠ Audio reference link: “⁠Mission Impossible III 2006 Masking 01⁠,” uploaded by DISGUISE MASK, 28 July 2018. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dr. Steve Mancini: https://www.linkedin.com/in/dr-steve-m-b59a525/Marco Ciappelli: https://www.marcociappelli.com/Nothing Has Changed in Cybersecurity Since War Games — And That's Why We're in Trouble"Nothing has changed."That's not what you expect to hear from someone with four decades in cybersecurity. The industry thrives on selling the next revolution, the newest threat, the latest solution. But Dr. Steve Mancini—cybersecurity professor, Homeland Security veteran, and Italy's Honorary Consul in Pittsburgh—wasn't buying any of it. And honestly? Neither was I.He took me back to his Commodore 64 days, writing basic war dialers after watching War Games. The method? Dial numbers, find an open line, try passwords until one works. Translate that to today: run an Nmap scan, find an open port, brute force your way in. The principle is identical. Only the speed has changed.This resonated deeply with how I think about our Hybrid Analog Digital Society. We're so consumed with the digital evolution—the folding screens, the AI assistants, the cloud computing—that we forget the human vulnerabilities underneath remain stubbornly analog. Social engineering worked in the 1930s, it worked when I was a kid in Florence, and it works today in your inbox.Steve shared a story about a family member who received a scam call. The caller asked if their social security number "had a six in it." A one-in-nine guess. Yet that simple psychological trick led to remote software being installed on their computer. Technology gets smarter; human psychology stays the same.What struck me most was his observation about his students—a generation so immersed in technology that they've become numb to breaches. "So what?" has become the default response. The data sells, the breaches happen, you get two years of free credit monitoring, and life goes on. Groundhog Day.But the deeper concern isn't the breaches. It's what this technological immersion is doing to our capacity for critical thinking, for human instinct. Steve pointed out something that should unsettle us: the algorithms feeding content to young minds are designed for addiction, manipulating brain chemistry with endorphin kicks from endless scrolling. We won't know the full effects of a generation raised on smartphones until they're forty, having scrolled through social media for thirty years.I asked what we can do. His answer was simple but profound: humans need to decide how much they want technology in their lives. Parents putting smartphones in six-year-olds' hands might want to reconsider. Schools clinging to the idea that they're "teaching technology" miss the point—students already know the apps better than their professors. What they don't know is how to think without them.He's gone back to paper and pencil tests. Old school. Because when the power goes out—literally or metaphorically—you need a brain that works independently.Ancient cultures, Steve reminded me, built civilizations with nothing but their minds, parchment, and each other. They were, in many ways, a thousand times smarter than us because they had no crutches. Now we call our smartphones "smart" while they make us incrementally dumber.This isn't anti-technology doom-saying. Neither Steve nor I oppose technological progress. The conversation acknowledged AI's genuine benefits in medicine, in solving specific problems. But this relentless push for the "easy button"—the promise that you don't have to think, just click—that's where we lose something essential.The ultimate breach, we concluded, isn't someone stealing your data. It's breaching the mind itself. When we can no longer think, reason, or function without the device in our pocket, the hackers have already won—and they didn't need to write a single line of code.Subscribe to the Redefining Society and Technology podcast. Stay curious. Stay human.My Newsletter? Yes, of course, it is here: https://www.linkedin.com/newsletters/7079849705156870144/ Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Chinese threat actors deploy Brickstorm malware. The critical React2Shell vulnerability is under active exploitation. Cloudflare's emergency patch triggered a brief global outage. Phishing kits pivot to fake e-commerce sites. The European Commission fines X(Twitter) €120 million for violating the Digital Services Act. Predator spyware has a new bag of tricks. A Russian physicist gets 21 years in prison for cybercrimes. Twin brothers are arrested for allegedly stealing and destroying government data. Our guest is Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography. Smart toilet encryption claims don't hold water.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, we are joined by Blair Canavan, Director of Alliances - PKI & PQC Portfolio from Thales, discussing post quantum cryptography (PQC). Listen to Blair's full conversation here. Selected Reading Chinese hackers used Brickworm malware to breach critical US infrastructure (TechRadar) React2Shell critical flaw actively exploited in China-linked attacks (BleepingComputer) Cloudflare blames today's outage on emergency React2Shell patch (Bleeping Computer) SMS Phishers Pivot to Points, Taxes, Fake Retailers (Krebs on Security) Threat Spotlight: Introducing GhostFrame, a new super stealthy phishing kit (Barracuda) EU issues €120 million fine to Elon Musk's X under rules to tackle disinformation  (The Record) Predator spyware uses new infection vector for zero-click attacks (Bleeping Computer) Russian scientist sentenced to 21 years on treason, cyber sabotage charges (The Record) Twins with hacking history charged in insider data breach affecting multiple federal agencies (Cyberscoop) ‘End-to-end encrypted' smart toilet camera is not actually end-to-end encrypted (TechCrunch)- kicker Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Gregor MacGregor verkauft seinen Landsleuten einen Traum: Grundstücke im paradiesischen "Poyais" in Südamerika - das aber ein unbewohnbarer Sumpf ist. Der dreiste Betrüger stirbt am 4.12.1845. Von Christoph Tiemann.

As you are busy with year-end and increased volumes of vendor adds and changes – you may be ready to reduce your vendor process activities by outsourcing your vendor payments next year, with a bonus of reducing payment fraud risk.  How?Keep listening. Check out my website www.debrarrichardson.com if you need help implementing authentication techniques, internal controls, and best practices to prevent fraudulent payments, regulatory fines or bad vendor data. Check out the Vendor Process Training Center for 116+ hours of weekly live and on-demand training for the Vendor team. Links mentioned in the podcast + other helpful resources:    Customized Vendor Validations Session: https://debrarrichardson.com/vendor-validation-sessionFree Download:  Vendor Validation Reference List with Resource Links https://debrarrichardson.com/vendor-validation-downloadVendor Process Training Center - https://training.debrarrichardson.comCustomized Fraud Training:  https://training.debrarrichardson.com/customized-fraud-training Free Live and On-Demand Webinars: https://training.debrarrichardson.com/webinarsVendor Master File Clean-Up:  https://www.debrarrichardson.com/cleanupYouTube Channel:  https://www.youtube.com/channel/UCqeoffeQu3pSXMV8fUIGNiw More Podcasts/Blogs/Webinars www.debrarrichardson.comMore ideas?  Email me at debra@debrarrichardson.com Music Credit:  www.purple-planet.com

European authorities take down an illegal cryptomixer. An Australian man is sentenced for running an airport evil twin WiFi campaign. Researchers unmask a Scattered LAPSUS$ Hunters impresario. CISA flags a cross-site scripting flaw in OpenPLC ScadaBR. A major South Korean retailer suffers a data breach affecting over 33 million customers. Threat actors abuse digital calendar subscription features. New York's new hospital cybersecurity mandates may raise the bar nationwide. Scammers target Cyber Monday shoppers. Monday business brief. Ann Johnson speaks with Microsoft's Amy Hogan-Burney on the Afternoon Cyber Tea segment. Google gets caught reheating someone else's holiday recipe.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, ⁠Daily Briefing⁠, and you'll never miss a beat. And be sure to follow CyberWire Daily on ⁠LinkedIn⁠. Afternoon Cyber Tea segment Afternoon Cyber Tea host Ann Johnson speaks with Amy Hogan-Burney, Corporate Vice President of Customer Trust and Security at Microsoft, about how Microsoft Is redefining global cyber defense. Ann and Amy discuss Microsoft's evolving approach to combating global cybercrime and the importance of collaboration across the private and public sectors. You can listen to their full conversation here and catch new episodes of Afternoon Cyber Tea every other Tuesday on your favorite podcast app.  Selected Reading Cryptomixer crypto laundering service taken down by law enforcement (Help Net Security) Man behind in-flight Evil Twin WiFi attacks gets 7 years in prison (Bleeping Computer) Meet Rey, the Admin of ‘Scattered Lapsus$ Hunters' (Krebs on Security) U.S. CISA adds an OpenPLC ScadaBR flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) Data breach hits 'South Korea's Amazon,' potentially affecting 65% of country's population (The Record) Threat Actors Exploit Calendar Subscriptions for Phishing and Malware (Infosecurity Magazine) New York Hospital Cyber Rules to 'Raise the Bar' Nationwide (GovInfo Security) Over 2,000 Fake Shopping Sites Spotted Before Cyber Monday (Hackread) Guardio secures $80 million in new funding. (N2K Pro Business Briefing) Google deletes X post after getting caught using a ‘stolen' AI recipe infographic (Bleeping Computer) Share your feedback.What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show.   Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple Podcasts App = Latest Phishing Method! by Nick Espinosa, Chief Security Fanatic

The Intersection of Espionage Techniques and Cybersecurity Threats This episode explores the parallels between espionage and cybersecurity, particularly focusing on social engineering tactics used in both domains. Hosted by Jim Love, the podcast features insights from Neil Bisson, a retired intelligence officer from CSIS, and David Shipley, CEO of Beauceron Security. They discuss the vulnerabilities in human behavior that can be exploited, the similarity between human intelligence operations and phishing attacks, and how AI is transforming the landscape of social engineering. Practical advice on recognizing and mitigating these threats is also provided. The episode underscores the importance of empathy, skepticism, and continuous education in defending against sophisticated cyber threats. 00:00 Introduction and Sponsor Message 00:25 Linking Espionage and Cybersecurity 01:06 The Role of Social Engineering in Cyber Attacks 02:25 Guest Introductions: Neil Bisson and David Shipley 03:24 Recruitment Tactics in Intelligence 05:56 Phishing vs. Intelligence Recruitment 07:48 AI's Role in Modern Social Engineering 10:45 Building Trust and Rapport in Intelligence 16:19 Ethical Considerations in Intelligence Work 20:01 Future of Cybersecurity and Social Engineering 24:31 The Art of Subtle Manipulation 26:01 Clandestine Tactics and Voluntary Information 26:24 Incremental Trust Building 26:46 Psychological Manipulation and Cult Recruitment 27:34 Human Connection and Vulnerability 28:53 AI and Social Engineering 30:25 The Threat of AI in Recruitment 33:20 Emotional Manipulation in Espionage 36:19 Defending Against Manipulation 38:12 Empathy and Information as Defense 45:49 Final Thoughts and Audience Engagement

Our digital lives are under attack from every direction. Cyber Crisis author Eric Cole breaks down the threats and shows how to stay one step ahead!Full show notes and resources can be found here: jordanharbinger.com/1247What We Discuss with Dr. Eric Cole:Cyberattacks now happen constantly as AI automates phishing and vulnerability scanning against individuals, small businesses, and major institutions.Criminal operations abroad run like full corporations — thousands of employees, millions in revenue, and no risk of prosecution due to weak or nonexistent extradition.Critical infrastructure often uses outdated, insecure systems, allowing adversaries inside power grids and networks long before an attack becomes visible.Devices, apps, and "free" tools routinely track conversations and behavior — even smart speakers have been used as evidence after recording private moments.You can dramatically reduce your risk by treating security like investing: assess the benefit vs. the exposure, minimize downside, and adopt simple, deliberate habits.And much more...And if you're still game to support us, please leave a review here — even one sentence helps! Sign up for Six-Minute Networking — our free networking and relationship development mini course — at jordanharbinger.com/course!Subscribe to our once-a-week Wee Bit Wiser newsletter today and start filling your Wednesdays with wisdom!Do you even Reddit, bro? Join us at r/JordanHarbinger!This Episode Is Brought To You By Our Fine Sponsors: Momentous: 20% off first order: livemomentous.com, code JORDAN20Signos: $10 off select programs: signos.com, code JORDANFactor: 50% off first box: factormeals.com/jordan50off, code JORDAN50OFFProgressive Insurance: Free online quote: progressive.comHomes.com: Find your home: homes.comSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Use of CSS stuffing as an obfuscation technique? Phishing sites stuff their HTML with benign CSS code. This is likely supposed to throw of simple detection engines https://isc.sans.edu/diary/Use%20of%20CSS%20stuffing%20as%20an%20obfuscation%20technique%3F/32510 Critical Oracle Identity Manager Flaw Possibly Exploited as Zero-Day Early exploit attempts for the vulnerability were part of Searchlight Cyber s research effort https://www.securityweek.com/critical-oracle-identity-manager-flaw-possibly-exploited-as-zero-day/ ClamAV Cleaning Signature Database ClamAV will significantly clean up its signature database https://blog.clamav.net/2025/11/clamav-signature-retirement-announcement.html

Jessica Wynn uncovers Black Friday's dark secrets — fake discounts, cheaper products, and manufactured urgency — on this week's Skeptical Sunday.Welcome to Skeptical Sunday, a special edition of The Jordan Harbinger Show where Jordan and a guest break down a topic that you may have never thought about, open things up, and debunk common misconceptions. This time around, we're joined by writer and researcher Jessica Wynn!Full show notes and resources can be found here: jordanharbinger.com/1245On This Week's Skeptical Sunday:Black Friday "deals" are often illusions. Many retailers quietly raise prices weeks before, then discount back to regular prices, creating fake savings that trigger dopamine responses rather than actual financial benefits.Tiered manufacturing means bargains are literally inferior products. Companies create cheaper versions of items specifically for Black Friday sales, using plastic instead of metal parts and downgraded components you won't notice until they fail.The shopping frenzy is engineered chaos. Retailers deliberately create urgency and scarcity to exploit loss aversion, where the pain of missing a discount feels greater than the pleasure of getting the item itself.Scammers weaponize Black Friday urgency. Phishing sites, fake URLs, and fraudulent sellers exploit the fast-paced nature of Black Friday sales to steal personal information and payment details from rushed shoppers.You can outsmart the system by planning ahead. Create a wishlist of genuinely needed items before sales begin, compare model numbers, check price histories with tools like CamelCamelCamel, and only buy what you already planned to purchase.Connect with Jordan on Twitter, Instagram, and YouTube. If you have something you'd like us to tackle here on Skeptical Sunday, drop Jordan a line at jordan@jordanharbinger.com and let him know!Connect with Jessica Wynn at Instagram and Threads, and subscribe to her newsletters: Between the Lines and Where the Shadows Linger!And if you're still game to support us, please leave a review here — even one sentence helps! Sign up for Six-Minute Networking — our free networking and relationship development mini course — at jordanharbinger.com/course!Subscribe to our once-a-week Wee Bit Wiser newsletter today and start filling your Wednesdays with wisdom!Do you even Reddit, bro? Join us at r/JordanHarbinger!This Episode Is Brought To You By Our Fine Sponsors: Uncommon Goods: 15% off: uncommongoods.com/jordanUplift: Special offer: upliftdesk.com/jordanApretude: Learn more: Apretude.com or call 1-888-240-0340Land Rover Defender: landroverusa.comSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

You thought phishing was just an email problem? Oh sweet summer child. This episode dives into the new frontier of cyber shenanigans: LinkedIn. That's right — the land of business jargon, inspirational posts, and awkward endorsements is now a playground for scammers sliding into your DMs like they're networking for the dark web. Get ready to learn why accepting that too-good-to-be-true board invitation from "a company in South America" might end with malware, not margaritas. More info at HelpMeWithHIPAA.com/536

Is there anything real left on the internet? Neil deGrasse Tyson and co-hosts Chuck Nice and Gary O'Reilly explore deepfakes, scams, and cybercrime with the Director of Threat Research at Bitdefender, Bogdan Botezatu. ​​Scams are a trillion-dollar industry; keep your loved ones safe with Bitdefender: https://bitdefend.me/90-StarTalkNOTE: StarTalk+ Patrons can listen to this entire episode commercial-free here: https://startalkmedia.com/show/deepfakes-and-the-war-on-truth-with-bogdan-botezatu/Thanks to our Patrons Bubbalotski, Oskar Yazan Mellemsether, Craig A, Andrew, Liagadd, William ROberts, Pratiksha, Corey Williams, Keith, anirao, matthew, Cody T, Janna Ladd, Jen Richardson, Elizaveta Nikitenko, James Quagliariello, LA Stritt, Rocco Ciccolini, Kyle Jones, Jeremy Jones, Micheal Fiebelkorn, Erik the Nerd, Debbie Gloom, Adam Tobias Lofton, Chad Stewart, Christy Bradford, David Jirel, e4e5Nf3, John Rost, cluckaizo, Diane Féve, Conny Vigström, Julian Farr, karl Lebeau, AnnElizabeth, p johnson, Jarvis, Charles Bouril, Kevin Salam, Alex Rzem, Joseph Strolin, Madelaine Bertelsen, noel jimenez, Arham Jain, Tim Manzer, Alex, Ray Weikal, Kevin O'Reilly, Mila Love, Mert Durak, Scrubbing Bubblez, Lili Rose, Ram Zaidenvorm, Sammy Aleksov, Carter Lampe, Tom Andrusyna, Raghvendra Singh Bais, ramenbrownie, cap kay, B Rhodes, Chrissi Vergoglini, Micheal Reilly, Mone, Brendan D., Mung, J Ram, Katie Holliday, Nico R, Riven, lanagoeh, Shashank, Bradley Andrews, Jeff Raimer, Angel velez, Sara, Timothy Criss, Katy Boyer, Jesse Hausner, Blue Cardinal, Benjamin Kedwards, Dave, Wen Wei LOKE, Micheal Sacher, Lucas, Ken Kuipers, Alex Marks, Amanda Morrison, Gary Ritter Jr, Bushmaster, thomas hennigan, Erin Flynn, Chad F, fro drick, Ben Speire, Sanjiv VIJ, Sam B, BriarPatch, and Mario Boutet for supporting us this week. Subscribe to SiriusXM Podcasts+ to listen to new episodes of StarTalk Radio ad-free and a whole week early.Start a free trial now on Apple Podcasts or by visiting siriusxm.com/podcastsplus. Hosted by Simplecast, an AdsWizz company. See pcm.adswizz.com for information about our collection and use of personal data for advertising.

Today's tour tries to clarify some myths and legends. Order the official Cabinet of Curiosities book by clicking here today, and get ready to enjoy some curious reading!See omnystudio.com/listener for privacy information.