Shared Security Podcast

Why is federal law enforcement (still) asking Congress for encryption backdoors? Attacks on Microsoft Exchange servers seem to have gotten worse, details on an airline supplier data breach, and the real reason Kevin hasn’t replaced his Chewbacca mannequin with Darth Vader! ** Links mentioned on the show ** The FBI Should Stop Attacking Encryption and Tell Congress About All the Encrypted Phones It’s Already Hacking Into https://www.eff.org/deeplinks/2021/03/fbi-should-stop-attacking-encryption-and-tell-congress-about-all-encrypted-phones Warning the World of a Ticking Time Bomb https://krebsonsecurity.com/2021/03/warning-the-world-of-a-ticking-time-bomb/ https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ https://securityboulevard.com/2021/03/huge-fallout-from-microsoft-incompetence-lets-exchange-exchange/ Airlines warn passengers of data breach after aviation tech supplier is hit by cyberattack https://www.zdnet.com/article/airlines-warn-passengers-of-data-breach-after-aviation-tech-supplier-is-hit-by-cyberattack/ ** Watch this episode on YouTube ** https://youtu.be/qJt4e1Ej4JI ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Encryption Backdoor Debate, Microsoft Exchange Attacks, Airline Supplier Data Breach appeared first on Shared Security Podcast.

Deepfake video and audio has really advanced in recent years. Will this technology start to erode trust in the media we consume? Microsoft Exchange zero-days in the wild, and why is it that IT security investment on cybersecurity is at an all time high, yet we continue to see more data breaches? ** Links mentioned on the show ** Deepfakes are getting better and better. Should we be concerned? https://twitter.com/RachelTobac/status/1365413178327277575?s=20 https://www.vice.com/en/article/n7vgm8/heres-how-worried-you-should-be-about-those-tom-cruise-deepfakes State hackers rush to exploit unpatched Microsoft Exchange servers https://www.bleepingcomputer.com/news/security/state-hackers-rush-to-exploit-unpatched-microsoft-exchange-servers/ Why do companies fail to stop breaches despite soaring IT security investment? https://thehackernews.com/2021/03/why-do-companies-fail-to-stop-breaches.html Check out our previous episodes with Rachel Tobac https://sharedsecurity.net/2020/05/29/episode-100-with-rachel-tobac-and-kathleen-smith/ https://sharedsecurity.net/2018/03/29/the-shared-security-podcast-episode-74-special-guest-rachel-tobac-racheltobac/ Check out the video Deepfake Queen mentioned by Scott on the show ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post The Deepfake Dilemma, Microsoft Exchange Zero-Days, IT Security Investments appeared first on Shared Security Podcast.

This week co-host Kevin Johnson joins Tom Eston to discuss new card skimmers found in the wild, the Accellion zero-days, and a new type of Mac malware called “Silver Sparrow”. ** Links mentioned on the show ** Checkout Skimmers Powered by Chip Cards https://krebsonsecurity.com/2021/02/checkout-skimmers-powered-by-chip-cards/ Apple says it has already beaten new M1 Mac malware https://www.techradar.com/au/news/apple-says-it-has-already-beaten-new-m1-mac-malware Hackers Exploit Accellion Zero-Days in Recent Data Theft and Extortion Attacks https://thehackernews.com/2021/02/hackers-exploit-accellion-zero-days-in.html https://thehackernews.com/2021/02/data-breach-exposes-16-million-jobless.html https://www.msn.com/en-us/money/companies/kroger-says-some-hr-data-and-pharmacy-records-were-possibly-compromised-in-data-breach/ What We Can Learn from the Accellion Breach https://labs.bishopfox.com/industry-blog/what-we-can-learn-from-the-accellion-breach ** Watch this episode on YouTube ** https://youtu.be/g_eDR9e48CI ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Card Skimmers Powered by Chip Cards, Silver Sparrow Mac Malware, Accellion Zero-Days appeared first on Shared Security Podcast.

Everyone is talking about the Clubhouse app but what should you be concerned about from a privacy perspective? In our February monthly show, Tom and Scott discuss what all the hype is about and what you need to know if you happen to receive a Clubhouse invite! ** Links mentioned on the show ** Join Clubhouse! Umm, What is Clubhouse? https://www.nytimes.com/2021/02/20/at-home/clubhouse-app-explainer.html Clubhouse vows to fix its platform after tool enabled audio chat leaks https://www.msn.com/en-us/money/other/clubhouse-vows-to-fix-its-platform-after-tool-enabled-audio-chat-leaks/ Clubhouse Chats Are Breached, Raising Concerns Over Security https://www.msn.com/en-us/money/other/clubhouse-chats-are-breached-raising-concerns-over-security/ You’ve been invited to Clubhouse. Your privacy hasn’t. https://www.vox.com/recode/22278601/clubhouse-invite-privacy-contacts-app Register for Tom Eston’s webinar on March 18th! DevSecOps and Application Penetration Testing: Defying the Myth https://us02web.zoom.us/webinar/register/2216131471091/WN_PcfokpHMRj2A89j8jRApgA ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Clubhouse App and Your Privacy appeared first on Shared Security Podcast.

In episode 161: Apple will start to proxy Safe Browsing requests to hide IP addresses from Google, the rise of Business Email Compromise attacks, and changes to the free version of LastPass. ** Links mentioned on the show ** Apple will proxy Safe Browsing requests to hide iOS users’ IP from Google https://thehackernews.com/2021/02/apple-will-proxy-safe-browsing-requests.html This cybersecurity threat costs business millions. And it’s the one they often forget about https://www.zdnet.com/article/this-cybersecurity-threat-costs-business-millions-and-its-the-one-they-often-forget-about/ LastPass making changes free service https://www.zdnet.com/article/lastpass-making-changes-free-service/ ** Watch this episode on YouTube ** https://youtu.be/aW8qQY8XFoo ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Apple’s Safe Browsing Request Proxy, BEC Attacks, LastPass Updates appeared first on Shared Security Podcast.

In episode 160: An attacker tried to poison a Florida city’s water supply, a popular Android app was hacked to display malicious ads, and how smartphone location data was used to track the US Capitol rioters. ** Links mentioned on the show ** A Hacker Tried to Poison a Florida City’s Water Supply, Officials Say https://www.mass.gov/service-details/cybersecurity-advisory-for-public-water-suppliers https://www.wired.com/story/oldsmar-florida-water-utility-hack/ With one update, this malicious Android app hijacked millions of devices https://www.zdnet.com/article/with-one-update-this-malicious-android-app-hijacked-10-million-devices/ They Stormed the Capitol. Their Apps Tracked Them. https://www.nytimes.com/2021/02/05/opinion/capitol-attack-cellphone-data.html?mc_cid=7a7bd73939&mc_eid=f1ab7621fc ** Watch this episode on YouTube ** https://youtu.be/5uqQTZB5cpc ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Florida Water Supply Hack, Android App Hijack, US Capitol Riot Phone Tracking appeared first on Shared Security Podcast.

In episode 159: Will algorithms be the death of social media and why the US government thinks it has a moral imperative to build AI powered weapons. ** Links mentioned on the show ** US has ‘moral imperative’ to develop AI weapons, says panel https://www.theguardian.com/science/2021/jan/26/us-has-moral-imperative-to-develop-ai-weapons-says-panel Apple CEO sounds warning of algorithms pushing society towards catastrophe https://www.zdnet.com/article/apple-ceo-sounds-warning-of-algorithms-pushing-society-towards-catastrophe/ Is this the beginning of the end for Facebook? https://clickarmor.ca/2021/02/is-this-the-beginning-of-the-end-for-facebook/ Kevin’s “Pay what you can” CISSP Mentor Program https://training.secureideas.com/course/cisspmentor/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Dangerous Social Media Algorithms, A Moral Imperative for AI Powered Weapons? appeared first on Shared Security Podcast.

In episode 158: Cybersecurity researchers targeted by North Korean hackers, Apple patches three iOS zero-day exploits, and details on Google’s Federated Learning of Cohorts (FLoC) which may one day replace third-party cookie tracking. ** Links mentioned on the show ** Check out these recent popular episodes! https://sharedsecurity.net/2021/01/28/tanya-janca-ceo-and-founder-we-hack-purple/ https://sharedsecurity.net/2021/01/18/the-capital-riot-first-amendment-and-deplatforming-cybersecurity-lessons-learned/ New campaign targeting security researchers https://blog.google/threat-analysis-group/new-campaign-targeting-security-researchers/ Apple Warns of 3 iOS Zero-Day Security Vulnerabilities Exploited in the Wild https://thehackernews.com/2021/01/apple-warns-of-3-ios-zero-day-security.html Google claims almost no change in ad revenue from targeting proposals in its Privacy Sandbox — but privacy upside less clear https://www.msn.com/en-us/news/technology/google-claims-almost-no-change-in-ad-revenue-from-targeting-proposals-in-its-privacy-sandbox-but-privacy-upside-less-clear/ar-BB1d53AQ https://blog.google/products/ads-commerce/2021-01-privacy-sandbox/ Don’t Play in Google’s Privacy Sandbox https://www.eff.org/deeplinks/2019/08/dont-play-googles-privacy-sandbox-1 ** Watch this episode on YouTube ** https://youtu.be/pIFE3JaP7Go ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Cybersecurity Researchers Targeted, Three iOS Zero-Days, Google FLoC appeared first on Shared Security Podcast.

Tanya Janca, CEO and founder of We Hack Purple joins us to discuss her new book “Alice & Bob Learn Application Security”, what inspired her to write the book, the current and future state of Application Security and much more! If you’re a fan of Tanya’s work, this is one episode you don’t want to miss! ** Links mentioned on the show ** Pick up Tanya’s book: “Alice & Bob Learn Application Security” on Amazon! https://www.amazon.com/Alice-Bob-Learn-Application-Security/dp/1119687357 Check out the We Hack Purple Academy and Community https://www.wehackpurple.com Connect with Tanya https://twitter.com/shehackspurple https://www.linkedin.com/in/tanya-janca/ Tanya was last on episode 82 of the podcast! https://sharedsecurity.net/2018/11/30/special-guest-tanya-janca-devops-and-appsec-women-in-cybersecurity-82/ ** Watch this episode on YouTube ** ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Tanya Janca CEO and Founder We Hack Purple appeared first on Shared Security Podcast.

Is the world really ready for COVID-19 vaccination passport apps? Also, the partial return of Parler, details on Nancy Pelosi’s stolen laptop, the Ubiquiti data breach, Ring end-to-end encryption for video, and other important cybersecurity and privacy news from the week. ** Links mentioned on the show ** Parler Partially Reappears With Support From Russian Technology Firm https://www.usnews.com/news/top-news/articles/2021-01-18/parler-partially-reappears-with-support-from-russian-technology-firm Ubiquiti: Change Your Password, Enable 2FA https://krebsonsecurity.com/2021/01/ubiquiti-change-your-password-enable-2fa/ Ring trials customer video end-to-end encryption for smart doorbells https://www.zdnet.com/article/ring-trials-customer-video-end-to-end-encryption/ WhatsApp clarifies it’s not giving all your data to Facebook after surge in Signal and Telegram users https://www.theverge.com/2021/1/12/22226792/whatsapp-privacy-policy-response-signal-telegram-controversy-clarification New AI software can turn regular security cameras into COVID-19 policy enforcement points https://www.techrepublic.com/article/new-ai-software-can-turn-regular-security-cameras-into-covid-19-policy-enforcement-points/ The world is not ready for Covid-19 vaccine passports. At least not yet https://www.cnbc.com/video/2021/01/18/covid-19-vaccine-passports-wont-be-a-reality-anytime-soon.html ** Watch this episode on YouTube ** https://youtu.be/TEgrzi6kYVA ** Thank you to our sponsors! ** Silent Pocket Visit silent-pocket.com to check out Silent Pocket’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Help support the show ** Looking for an affordable, reliable, no logs VPN provider? Support the podcast by purchasing a Private Internet Access VPN subscription via our affiliate link: http://www.privateinternetaccess.com/pages/buy-vpn/sharedsecurity ** Subscribe and follow the show ** Sign-up for our email newsletter to receive our free Facebook Privacy & Security Guide, new and updates about the show, contest announcements, and special offers from our sponsors: http://eepurl.com/dwcc8D Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Contact us: https://sharedsecurity.net/contact Website: https://sharedsecurity.net YouTube: https://www.youtube.com/c/SharedSecurityPodcast Twitter: https://twitter.com/sharedsec Instagram: https://instagram.com/sharedsecurity The post Parler, Pelosi’s Stolen Laptop, Vaccination Passport Apps appeared first on Shared Security Podcast.