Shared Security Podcast

Former Twitter users are migrating en masse to Mastodon so what is Mastodon and what do you need to know about Mastodon from a security and privacy perspective? Twitter was flooded by a wave of imposter accounts after the $8 “verification” label fiasco, and details about the largest multi-state privacy settlement in the US where Google has agreed to pay $391 million to resolve an investigation into how the company tracked users’ locations. Plus you don’t want to miss Tom’s Canadian dad jokes! ** Links mentioned on the show ** Mastodon: What you need to know for your security and privacy https://grahamcluley.com/mastodon-what-you-need-to-know-for-your-security-and-privacy/ Twitter Blue signups unavailable after raft of fake accounts https://abcnews.go.com/Technology/wireStory/twitter-blue-signups-unavailable-raft-fake-accounts-93124759 https://www.reuters.com/legal/transactional/would-twitter-get-online-publisher-immunity-fake-blue-check-suits-2022-11-14/ Google will pay $392m to 40 states in largest ever US privacy settlement https://www.theguardian.com/technology/2022/nov/14/google-settlement-40-states-user-location-tracking Apple faces new lawsuit over its data collection practices in first-party apps, like the App Store https://techcrunch.com/2022/11/14/apple-faces-new-lawsuit-over-its-data-collection-practices-in-first-party-apps-like-the-app-store/ Follow us on Mastodon! https://infosec.exchange/@sharedsecurity https://infosec.exchange/@agent0x0 https://infosec.exchange/@scottwright https://infosec.exchange/@secureideas ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Rise of Mastodon, Twitter in Trouble, Largest Privacy Settlement in US History appeared first on Shared Security Podcast.

Matt Scheurer, host of the ThreatReel Podcast and Assistant Vice President of Computer Security and Incident Response in a large enterprise environment, joins us to discuss starting a career in digital forensics and incident response (DFIR). Matt discusses how he got started, his advice to anyone that wants to pursue a career in DFIR, and what the future may hold for the DFIR industry. Thanks to NordLayer for sponsoring this episode! Secure your business network with NordLayer. As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity. ** Links mentioned on the show ** Follow DFIR Matt on Twitter https://twitter.com/c3rkah Follow Matt on LinkedIn https://www.linkedin.com/in/mattscheurer/ https://twitter.com/c3rkah Subscribe to the ThreatReel Podcast https://threatreel.com/ https://www.youtube.com/channel/UCq18YQ9jZdcWX2Er6d1fOCw Matt’s Slides and Workshops https://github.com/cerkah/ ** Watch this episode on YouTube ** https://youtu.be/EuDfT2TFZ-E ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post How to Break Into a Cybersecurity Career – Digital Forensics and Incident Response (DFIR) appeared first on Shared Security Podcast.

Katie Teitler, Senior Cybersecurity Strategist at Axonius and co-host on the popular Enterprise Security Weekly podcast, joins us to discuss the role of cybersecurity in combating midterm election disinformation. We discuss the difference is between misinformation and disinformation, how we can combat disinformation and what are some things about disinformation, private platforms, and free speech we all need to think about during the midterm election. Plus, you don’t want to miss the story about how co-host Kevin Johnson was knocked out unconscious on an airplane! ** Links mentioned on the show ** Cybersecurity’s Role in Combating Midterm Election Disinformation – Article by Katie Teitler https://thereformedanalyst.substack.com/p/disinformation-and-election-security https://www.darkreading.com/vulnerabilities-threats/cybersecurity-s-role-in-combating-midterm-election-disinformation- Connect with Katie https://www.linkedin.com/in/katherineteitler/ ** Watch this episode on YouTube ** https://youtu.be/X8HOxW5gqLU ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Cybersecurity’s Role in Combating Midterm Election Disinformation appeared first on Shared Security Podcast.

Rafal Los, host of the popular Down the Security Rabbithole Podcast, joins us to discuss CISO liability risk and the ongoing discussion in the cybersecurity community about CISOs going to jail. Plus, details on the recent (ISC)2 bylaw vote (why you should vote no) and a discussion about the value of cybersecurity certifications. ** Links mentioned on the show ** After the Sullivan Verdict: A CISO’s Guide to Avoiding Jail https://www.bankinfosecurity.com/after-sullivan-verdict-cisos-guide-to-avoiding-jail-a-20285 What the Uber Breach Verdict Means for CISOs in the US https://www.darkreading.com/attacks-breaches/what-the-uber-breach-verdict-means-for-cisos-in-the-us ISC2 bylaw drama So here's a summary of what ISC2 is changing in its Bylaws and why you should vote NO in the upcoming Bylaws vote. Hold on to your wigs: — Wim Remes (@wimremes) October 14, 2022 Down the Security Rabbithole Podcast with host Rafal Los https://podcast.wh1t3rabbit.net/ ** Watch this episode on YouTube ** https://youtu.be/HAfjHZaA4AA ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post CISO Liability Risk and Jail Time, (ISC)2 Bylaw Vote and the Value of Cybersecurity Certifications appeared first on Shared Security Podcast.

Two modified wi-fi enabled drones were found on the top of a financial firm’s building and used to intercept a employee’s credentials, a fun discussion about the best way to physically destroy data on electronics that no longer work, and details about Signal removing SMS support for Android users. ** Links mentioned on the show ** How Wi-Fi spy drones snooped on financial firm https://www.theregister.com/2022/10/12/drone-roof-attack/ How to wipe out data from things that don’t turn on? https://www.reddit.com/r/privacy/comments/y6535n/how_to_wipe_out_data_from_things_that_doesnt_turn/ Signal will remove support for SMS text messages on Android https://www.bleepingcomputer.com/news/technology/signal-will-remove-support-for-sms-text-messages-on-android/ ** Watch this episode on YouTube ** https://youtu.be/KJ9kfMGXebg ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Watch and Subscribe on Odysee (YouTube alternative) https://odysee.com/@SharedSecurity:c Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Attack of the Wi-Fi Spy Drones, How to Destroy Your Old Electronics, Signal Removes SMS Support appeared first on Shared Security Podcast.

Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for LinkedIn. ** Links mentioned on the show ** Guilty verdict in the Uber breach case makes personal liability real for CISOs https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html https://www.linkedin.com/posts/stuart-w-techsecscot_uberbreach-uberciso-uberhack-activity-6984057144438325248-gg1s/ Is mandatory password expiration helping or hurting your password security? https://www.helpnetsecurity.com/2022/10/04/mandatory-password-expiration-helping-or-hurting-password-security/ Glut of Fake LinkedIn Profiles Pits HR Against the Bots https://krebsonsecurity.com/2022/10/glut-of-fake-linkedin-profiles-pits-hr-against-the-bots/ This person does not exist. AI generated profile pictures. https://thispersondoesnotexist.com/ The Capture on BBC https://www.bbc.co.uk/programmes/m00085sx/episodes/player ** Watch this episode on YouTube ** https://youtu.be/IdQ0xW4yNHU ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn appeared first on Shared Security Podcast.

A recent survey of ethical hackers by Bishop Fox and SANS shows that once a vulnerability or weakness is found about 58% of ethical hackers can break into an environment in less than five hours, SMS phishing and text message scams appear to be changing tactics taking a more “urgent” tone, and a discussion about strange ways employees can accidentally expose data. ** Links mentioned on the show ** More Than 60% Of Hackers Can Exfiltrate Data In Less Than Five Hours https://bishopfox.com/news/sans-hacking-survey-report-pr https://www.darkreading.com/attacks-breaches/attackers-less-than-ten-hours-find-weaknesses Scam nation: Why living with grifters is our new normal https://mashable.com/article/constant-texting-scams YSK: you shouldn’t reply “stop” to spam text messages https://www.reddit.com/r/YouShouldKnow/comments/x2q37p/ysk_you_shouldnt_reply_stop_to_spam_text_messages 8 strange ways employees can (accidentally) expose data https://www.csoonline.com/article/3675542/8-strange-ways-employees-can-accidently-expose-data.html ** Watch this episode on YouTube ** https://youtu.be/oqIo5yeHMIA ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Hackers Need 5 Hours or Less to Break In, SMS Phishing Tactics, Strange Ways Employees Expose Data appeared first on Shared Security Podcast.

Passkeys are coming soon to Apple iOS 16 so what are passkeys and why are they an eventual replacement for passwords? Researchers have discovered a new attack that uses mouse movement in Microsoft PowerPoint to deploy malware, and details on how the 2K Games help desk support platform was compromised to push malware through fake support tickets. ** Links mentioned on the show ** Passkeys coming to iOS 16. What are Passkeys? https://developer.apple.com/passkeys/ https://www.cnet.com/tech/mobile/passkeys-more-secure-than-passwords-arrive-on-ios-16-iphone-14/ https://developer.apple.com/videos/play/wwdc2022/10092/ Hackers Using PowerPoint Mouseover Trick to Infect System with Malware https://thehackernews.com/2022/09/hackers-using-powerpoint-mouseover.html 2K Games says hacked help desk targeted players with malware https://www.bleepingcomputer.com/news/security/2k-games-says-hacked-help-desk-targeted-players-with-malware/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post What are Passkeys, PowerPoint Mouseover Attack, 2K Games Support Hacked appeared first on Shared Security Podcast.

Uber got hacked by an 18 year old using social engineering and a multi-factor authentication fatigue attack, Morgan Stanley has been auctioning off hard drives holding sensitive client data since 2015, and why is it so hard for social networks to remove personal data when deleting your user account. ** Links mentioned on the show ** Uber was breached to its core, purportedly by an 18-year-old. Here’s what’s known https://arstechnica.com/information-technology/2022/09/uber-was-hacked-to-its-core-purportedly-by-an-18-year-old-here-are-the-basics/ MITRE ATT&CK Mapping of the Uber breach https://twitter.com/MichalKoczwara/status/1571432800787759104/photo/1 Same hacker also claims he hacked Rockstar Games https://www.esquire.com/entertainment/a41292914/gta-6-leak-videos-rockstar-hacker/ Multi-factor Authentication Fatigue Attack – How to prevent being a victim https://sharedsecurity.net/2022/08/22/multi-factor-authentication-fatigue-attack-signal-account-twilio-hack-facebook-and-instagram-in-app-browser/ https://attack.mitre.org/techniques/T1621/ ‘Astonishing.’ Morgan Stanley hard drives holding sensitive client data got auctioned off online https://www.cnn.com/2022/09/20/business/morgan-stanley-fine-customer-data/index.html 35 Best Free Data Destruction Software Programs https://www.lifewire.com/free-data-destruction-software-programs-2626174 Why deleting something from the internet is ‘almost impossible’ https://www.cnn.com/2022/09/18/tech/deleting-data/index.html ** Watch this episode on YouTube ** https://youtu.be/hKateSJO3s0 ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Uber Hacked by 18 Year Old, Morgan Stanley Hard Drives Got Auctioned, Deleting Your Data is Hard appeared first on Shared Security Podcast.

In recent court testimony two Facebook engineers were asked what information, precisely, does Facebook store about us, and where is it? Surprisingly they said, they don’t know. Details on how brand new employees of companies are being “spearmished” (hat tip to @ErinInfosec and @RachelTobac via Twitter), and how thousands of Colorado residents found themselves locked out of their smart thermostats to help prevent the power grid from failing. ** Links mentioned on the show ** Facebook Engineers: We Have No Idea Where We Keep All Your Personal Data https://theintercept.com/2022/09/07/facebook-personal-data-no-accountability/ New Hire SMS Phish Attack Method – Spearmishing? https://twitter.com/RachelTobac/status/1568656397637947392 A utility company locked thousands of customers out of their smart thermostats in Colorado https://www.theverge.com/2022/9/5/23337864/xcel-locked-out-customers-smart-thermostats-colorado-heatwave https://www.reddit.com/r/privacy/comments/xbj024/a_utility_company_locked_thousands_of_customers/ Click Armor’s Cyber Security Awareness Forum https://clickarmor.ca/live-cyber-security-awareness-forum/ ** Watch this episode on YouTube ** https://youtu.be/plNV4pvZZ3o ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Facebook Doesn’t Know Where Your Data Is, New Hire Spearmishing Attack, Smart Thermostat Lock Out appeared first on Shared Security Podcast.