Shared Security Podcast

TikTok has denied reports that it was breached by a hacking group, after it claimed they have gained access to over 2 billion user records, the Los Angeles school district, the second-largest in the US, suffered a ransomware attack, and details on how one high school in Sydney Australia installed fingerprint scanners at the entrance to bathrooms to track student movements and prevent vandalism. ** Links mentioned on the show ** TikTok Denies Data Breach Reportedly Exposing Over 2 Billion Users’ Information https://thehackernews.com/2022/09/tiktok-denies-data-breach-reportedly.html The second-biggest school district in the US was hit with ransomware https://www.zdnet.com/article/the-second-biggest-school-district-in-the-us-was-hit-with-ransomware/ https://www.msn.com/en-us/news/us/feds-anticipate-ransomware-attacks-against-schools/ar-AA11yV3r Sydney school’s use of fingerprint scanners in toilets an invasion of privacy, expert says https://www.theguardian.com/australia-news/2022/sep/06/sydney-schools-use-of-fingerprint-scanners-in-toilets-an-invasion-of-privacy-expert-says ** Watch this episode on YouTube ** https://youtu.be/BrtFT2u_fdA ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post TikTok Denies Data Breach, Los Angeles School District Ransomware Attack, Fingerprint Scanners in School Bathrooms appeared first on Shared Security Podcast.

Popular password manager LastPass announced that some of their source code was stolen, but that no customer passwords were compromised in a recent data breach disclosure, an Israeli researcher has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards, and details about the Twitter whistleblower Peiter “Mudge” Zatko and his claims about how Twitter had poor security practices, misled federal regulators about safety, and failed to properly estimate the number of bots on Twitter. ** Links mentioned on the show ** LastPass Says No Passwords Stolen in Data Breach https://www.cnet.com/tech/services-and-software/lastpass-says-no-passwords-stolen-in-data-breach/ https://blog.lastpass.com/2022/08/notice-of-recent-security-incident/ ETHERLED: Air-gapped systems leak data via network card LEDs https://www.bleepingcomputer.com/news/security/etherled-air-gapped-systems-leak-data-via-network-card-leds/ Twitter’s former security chief says company lied about bots and safety https://www.theverge.com/2022/8/23/23317857/twitter-whistleblower-zatko-security-spam-safety https://en.wikipedia.org/wiki/L0pht https://en.wikipedia.org/wiki/Peiter_Zatko ** Watch this episode on YouTube ** https://youtu.be/EGJP7i3NUeE ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint appeared first on Shared Security Podcast.

Janet Jackson’s “Rhythm Nation” has been recognized as an exploit for a vulnerability after Microsoft reported it can crash the hard drives of certain old laptop computers, phishing attacks that compromise credentials using brand impersonation are on the rise, and details about a new privacy focused phone carrier that doesn’t track your location or web browsing activity. ** Links mentioned on the show ** Microsoft: Bug in Janet Jackson’s “Rhythm Nation” could crash a laptop https://therecord.media/microsoft-bug-in-janet-jacksons-rhythm-nation-could-crash-a-laptop/ https://www.theregister.com/2022/08/18/janet_jackson_video_crashes_laptops/ Credential phishing attacks skyrocketing, 265 brands impersonated in H1 2022 https://www.helpnetsecurity.com/2022/08/15/landscape-email-threat/ A Phone Carrier That Doesn’t Track Your Browsing or Location https://www.wired.com/story/pretty-good-phone-privacy-android/ https://invisv.com/articles/pretty-good-phone-privacy.html ** Watch this episode on YouTube ** https://youtu.be/orZV_upMYcQ ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Janet Jackson Can Crash Laptops, Credential Phishing Attacks Skyrocket, A Phone Carrier That Doesn’t Track You appeared first on Shared Security Podcast.

A Cisco employee was compromised by a ransomware gang using a technique called multi-factor authentication fatigue, an attack on the Signal messenger app’s SMS service Twilio potentially disclosed the phone numbers of 1,900 users, and details on how Facebook and Instagram track what you click on including your web browsing history by using their in-app browser. ** Links mentioned on the show ** Kevin’s interview on the Bishop Fox Livestream from DEF CON 30 Cisco Hacked by Ransomware Gang, Data Stolen https://www.securityweek.com/cybercriminals-breached-cisco-systems-and-stole-data Nearly 1,900 Signal Messenger Accounts Potentially Compromised in Twilio Hack https://thehackernews.com/2022/08/nearly-1900-signal-messenger-accounts.html Facebook and Instagram rewrite websites via in-app browser that can track ‘every single interaction’ https://www.msn.com/en-gb/money/technology/facebook-and-instagram-rewrite-websites-via-in-app-browser-that-can-track-e2-80-98every-single-interaction-e2-80-99/ar-AA10Bqpj ** Watch this episode on YouTube ** https://youtu.be/SBnzn16xt1E ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser appeared first on Shared Security Podcast.

Aaron Zar, SLNT founder and director of disconnection joins co-host Tom Eston to discuss the importance of Faraday technology, what’s changed with privacy over the last several years, some of the really cool SLNT Faraday products now available, and how Aaron tested product durability by running over a SLNT Faraday Backpack (containing a MacBook Pro) with a truck! Don’t forget, listeners of the podcast get 10% off at slnt.com using discount code “sharedsecurity” during checkout! ** Links mentioned on the show ** Founder of SLNT® Demonstrates the strength of the Berry and TAA Compliant Faraday Dry Bag Check out SLNT’s line of Faraday products https://slnt.com Visit SLNT on Twitter and YouTube https://twitter.com/goslnt https://www.youtube.com/c/Silent-pocket Aaron’s previous appearance on the podcast https://sharedsecurity.net/2019/09/27/aaron-zar-co-founder-and-ceo-of-silent-pocket/ ** Watch this episode on YouTube ** https://youtu.be/6qn8XM8Tyls ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Importance of Faraday Technology with Aaron Zar from SLNT appeared first on Shared Security Podcast.

Why your phone number is becoming a popular way to identify you, our advice on how to best protect your privacy at hacker summer camp in Las Vegas (BSides, BlackHat, DEF CON), and details on Samsung’s new repair mode which will protect your private data on your smartphone when you take it in for repairs. ** Links mentioned on the show ** When did our phone numbers become the new identifier de jour? https://iapp.org/news/a/when-did-our-phone-numbers-become-the-new-identifier-de-jour/ Letter from a librarian to Google about 2fA hurting poor and low income people https://docs.google.com/document/d/1f6HPQbUjslcbjVHkJkAgYmQmBV3PRRHEcx4WL5rxuE8/preview Going to Hacker Summer Camp (Black Hat / DEF CON)? How to secure you and your data while at the world’s largest hacker convention (plus good advice for attending any large event) https://www.reddit.com/r/Defcon/comments/6ddvao/going_to_defcon_leave_your_cell_phone_at_home/ https://forallsecure.com/blog/your-guide-to-hacker-summer-camp-2021 Samsung’s smartphone ‘Repair Mode’ will stop nosy technicians looking at your photos https://www.zdnet.com/article/samsungs-smartphone-repair-mode-will-keep-nosy-technicians-from-looking-at-your-photos ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode appeared first on Shared Security Podcast.

Twitter suffers a data breach of phone numbers and email addresses belonging to 5.4 million accounts, new research shows that attackers are finding and exploiting zero-day vulnerabilities in 15 minutes, and details on how a resilient trait in videos and images could aid in deepfake detection. ** Links mentioned on the show ** Hacker selling Twitter account data of 5.4 million users for $30k https://www.bleepingcomputer.com/news/security/hacker-selling-twitter-account-data-of-54-million-users-for-30k/ Race against time: Hackers start hunting for victims just 15 minutes after a bug is disclosed https://www.zdnet.com/article/race-against-time-hackers-start-hunting-for-victims-just-15-minutes-after-a-bug-is-disclosed/ Researchers Identify a Resilient Trait of Deepfakes That Could Aid Long-Term Detection https://www.unite.ai/researchers-identify-a-resilient-trait-of-deepfakes-that-could-aid-long-term-detection/ ** Watch this episode on YouTube ** https://youtu.be/JBuz_jKP1xE ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Twitter Data Breach, 15 Minutes to Exploit Zero-Day Vulnerabilities, Resilient Deepfake Traits appeared first on Shared Security Podcast.

In this episode learn all about the world of corporate spying from someone who was a corporate spy and actually wrote a book on it! Robert Kerbeck author of “RUSE: Lying the American Dream from Hollywood to Wall Street” joins us to discuss his fascinating career as a corporate spy, life as a struggling actor, his many celebrity encounters (including his performance in the infamous OJ Simpson exercise video), and how the corporate spying game is still big business. This is one interview you don’t want to miss! ** Links mentioned on the show ** Purchase Robert’s book: “RUSE: Lying the American Dream from Hollywood to Wall Street” https://www.robertkerbeck.com/ Corporate spy reveals how he got secret info from big American companies https://nypost.com/2022/03/09/ex-corporate-spy-robert-kerbeck-on-how-he-got-companies-info/ Robert Kerbeck’s Film Bio https://www.imdb.com/name/nm0449200/ https://memory-alpha.fandom.com/wiki/Robert_Kerbeck Follow Robert on Twitter https://twitter.com/robertkerbeck ** Watch this episode on YouTube ** https://youtu.be/K8mxD7a4z_Y ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Robert Kerbeck Author of RUSE: Lying the American Dream from Hollywood to Wall Street appeared first on Shared Security Podcast.

Apple previews Lockdown Mode which is designed for high risk individuals such as human rights workers, lawyers, politicians and journalists, hotel chain Marriott confirms another data breach, and new details on the development of smart contact lenses and what these could mean for your privacy. ** Links mentioned on the show ** Apple previews Lockdown Mode to protect users from targeted spyware https://www.cnet.com/tech/mobile/apples-lockdown-mode-why-theres-new-level-of-security-for-your-iphone/ https://www.helpnetsecurity.com/2022/07/07/apple-lockdown-mode-video/ Hotel giant Marriott confirms yet another data breach https://techcrunch.com/2022/07/06/marriott-breach-again/ Mojo Vision CEO successfully wore a smart contact lens in his eye https://skarredghost.com/2022/06/28/mojo-vision-contact-tested-eye/ ** Watch this episode on YouTube ** https://youtu.be/4mZAw_NGPDI ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses appeared first on Shared Security Podcast.

The commissioner of the FCC (Federal Communications Commission), asked the CEOs of Apple and Google to remove TikTok from their app stores, bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports and submitted them for personal gain, and new details on the California gun owner data breach which had exposed the personal information of hundreds of thousands of gun owners. ** Links mentioned on the show ** TikTok is “unacceptable security risk” and should be removed from app stores, says FCC https://blog.malwarebytes.com/privacy-2/2022/07/tiktok-is-unacceptable-security-risk-and-should-be-removed-from-app-stores-says-fcc HackerOne Employee Caught Stealing Vulnerability Reports for Personal Gains https://thehackernews.com/2022/07/hackerone-employee-caught-stealing.html https://hackerone.com/reports/1622449 Leak of California gun owners’ private data far wider than originally reported https://www.theguardian.com/us-news/2022/jun/30/california-gun-owners-data-breach ** Watch this episode on YouTube ** https://youtu.be/aoUvfGtcI6E ** Thank you to our sponsors! ** Teleport Teleport is the easiest, most secure way to access all your infrastructure. The open-source Teleport Access Plane consolidates connectivity, authentication, authorization, and audit into a single platform. Click here to learn why the most visionary businesses in the world choose Teleport! SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the show ** Join the Shared Security Community on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Twitter: https://twitter.com/sharedsec Website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Could TikTok Be Removed From App Stores, HackerOne Employee Caught Stealing Vulnerability Reports, California Gun Owner Data Breach appeared first on Shared Security Podcast.