Shared Security Podcast

In this episode, we discuss a recent significant cyber attack where Palo Alto Networks experienced a data breach through their Salesforce environment due to a compromised SalesLoft drift integration. Throughout the discussion, we highlight why Salesforce, a crucial CRM platform for many businesses, is becoming a prime target for supply chain attackers. The hosts discuss how the breach happened, its implications, and what organizations can do to protect themselves from similar threats. They also provide insights into Salesforce’s security posture, the role of third-party integrations, and the importance of data retention policies in mitigating risks. ** Links mentioned on the show ** Palo Alto Networks data breach exposes customer info, support cases https://www.bleepingcomputer.com/news/security/palo-alto-networks-data-breach-exposes-customer-info-support-tickets/ https://www.itpro.com/security/cyber-attacks/warning-issued-to-salesforce-customers-after-hackers-stole-salesloft-drift-data ** Watch this episode on YouTube ** https://youtu.be/mEW9vNuZlbA ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Salesforce Under Fire: The Salesloft Drift Supply-Chain Breach appeared first on Shared Security Podcast.

In this episode, we discuss if the convenience of modern technology compromises our privacy. Inspired by a thought-provoking Reddit post, we explore how everyday actions like saving passwords, enabling location tracking, and using cloud backups put our personal data at risk. Learn about the trade-offs between convenience and privacy, and get tips on using privacy-focused tools and making informed choices. Join the conversation in the comments or on Bluesky (@sharedsecurity). ** Links mentioned on the show ** Is convenience killing our Right to Privacy? Is convenience killing our Right to Privacy? byu/SecretFirst0309 inprivacy ** Watch this episode on YouTube ** https://youtu.be/rUuzrKUMcrU ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Convenience vs. Privacy: Can We Have Both? appeared first on Shared Security Podcast.

Public Wi-Fi has a bad reputation — but in 2025, the “you’ll get hacked instantly” fear is largely outdated. In this episode, Tom and Kevin dig into real research and modern protections that make most public Wi-Fi connections reasonably safe. We’ll explore why HTTPS, device security, and updated standards have drastically reduced the risks, what threats still exist, and when you might actually want to use a VPN. ** Links mentioned on the show ** No links mentioned in this episode. ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Public Wi-Fi Myths: Why You’re Probably Safer Than You Think appeared first on Shared Security Podcast.

In this episode we’re discussing the alarming breach of the Tea app, a platform intended for women to share dating experiences. The hack resulted in the exposure of over 13,000 government ID photos, 72,000 user images, and over a million private messages due to poor security practices. We’ll discuss the role of sloppy coding, an exposed database, and the lack of security discipline that led to this massive leak. Join us as we explore insights from a cybersecurity researcher who disassembled the app’s source code, the ensuing legal and privacy repercussions, and the broader implications for app security. ** Links mentioned on the show ** Hackers leak 13,000 user photos and IDs from the Tea app, designed as a women’s safe space https://www.nbcnews.com/tech/social-media/tea-app-hacked-13000-photos-leaked-4chan-call-action-rcna221139 Tea App Hack: Disassembling The Ridiculous App Source Code https://medium.com/@jankammerath/tea-app-hack-disassembling-the-ridiculous-app-source-code-bc585e15bf4f ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Tea App Hack: How a “Safe” Space Leaked 13,000 ID Photos & 1.1M Messages appeared first on Shared Security Podcast.

In this episode, we discuss a rising scam involving random smishing text messages. Learn how these messages work, why they’re effective, and what you can do to protect yourself. Discover the dangers of replying to vague text messages from unknown numbers and get practical tips on how to block and report spam texts. Stay safe by not engaging with these scams and using built-in filters and reporting options on your mobile device. ** Links mentioned on the show ** Got a weird text message? ‘Smishing’ scams likely rising because of AI, experts warn https://www.cbc.ca/news/business/smishing-scams-rise-1.7582672 ** Watch this episode on YouTube ** https://youtu.be/RAbmZpMol6M ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Random Smishing Text Scams: Why “Do I Know You?” Texts Are Dangerous appeared first on Shared Security Podcast.

This week we explore the recent Microsoft SharePoint vulnerability that has led to widespread exploitation by ransomware gangs and Chinese State-sponsored hackers. We also cover the confirmed compromise of multiple US agencies, including the Department of Homeland Security, in a large-scale cyber espionage campaign. Kevin Johnson joins to discuss the implications of these events, the underlying issues with patching systems, and the complexities of protecting applications like SharePoint. Stay informed on the latest cybersecurity developments and get insights on what might have gone wrong. Plus, get a peek at what’s happening at Black Hat and DEF CON in Vegas. ** Links mentioned on the show ** DHS, HHS among agencies hacked in Microsoft Sharepoint breach https://www.yahoo.com/news/articles/dhs-hhs-among-agencies-hacked-151648112.html Blame a leak for Microsoft SharePoint attacks, researcher insists https://www.theregister.com/2025/07/26/microsoft_sharepoint_attacks_leak/ ** Watch this episode on YouTube ** https://youtu.be/klI0XmrNxC0 ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Leaked, Patched, and Still Hacked: The SharePoint Zero-Day Crisis appeared first on Shared Security Podcast.

In this episode, we examine Amazon’s Ring doorbell camera amid rising privacy concerns and policy changes. The Electronic Frontier Foundation’s recent report criticizes Ring’s AI-first approach and the rollback of prior privacy reforms, describing it as ‘techno authoritarianism.’ We also discuss a recent scare among Ring users on May 28, related to an unexplained series of logins, said by Amazon to be a UI glitch. Join hosts Tom Eston, Scott Wright, and Kevin Johnson as they explore these issues, share personal anecdotes about their experiences with tech, and discuss broader implications for privacy and civic freedoms. ** Links mentioned on the show ** Amazon Ring Cashes in on Techno-Authoritarianism and Mass Surveillance https://www.eff.org/deeplinks/2025/07/amazon-ring-cashes-techno-authoritarianism-and-mass-surveillance Amazon Ring Doorbell May 28 Mass Hacking Claim Goes Viral https://www.forbes.com/sites/daveywinder/2025/07/20/amazon-ring-doorbell-may-28-mass-hacking-claim-goes-viral/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Doorbells, Dystopia, and Digital Rights: The Ring Surveillance Debate appeared first on Shared Security Podcast.

In this episode, join hosts Tom Eston, Scott Wright, and Kevin Johnson as they discuss the controversial topic of seniors writing down passwords. They discuss how threat modeling differs for the elderly, the practicality of using password managers, two-factor authentication, and future solutions like passkeys. The conversation includes humorous anecdotes and touches on broader cybersecurity issues such as risk assessment and the importance of tailoring security solutions to individual needs. Tune in for insights on making security accessible and effective for an often overlooked group. ** Links mentioned on the show ** Passkeys, Passwords, and Seniors: What’s the Safest Option? https://www.barnesandnoble.com/w/internet-password-book-chartwell-books/1139181596 https://www.computerworld.com/article/4009132/passkeys-how-they-work-how-to-use-them.html ** Watch this episode on YouTube ** https://youtu.be/4QeAVoU6XXw ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post Passwords and the Elderly: Why Writing Them Down Might Be OK appeared first on Shared Security Podcast.

In this episode, we discuss the often overlooked security issues within Google Workspace. Rajan Kapoor, Field CISO at Material Security, joins us to talk about how Material Security is redefining the protection of documents, email accounts, and data in Google Workspace. We explore the unique challenges Workspace presents compared to traditional tools, and how Material Security provides comprehensive solutions. Rajan shares his professional journey, insights into Google’s APIs, and how their service stands out. Tune in to understand why legacy tools may leave critical gaps in your organization’s security. Thanks to Material Security for sponsoring this episode! Protect your Google Workspace with Material Security—the only detection and response platform purpose-built to secure your emails, data, and accounts before, during, and after an attack. Visit material.security to learn more! ** Links mentioned on the show ** Connect with Rajan and Material Security https://www.linkedin.com/in/rajankkapoor/ https://material.security/ ** Watch this episode on YouTube ** ** Become a Shared Security Supporter ** Get exclusive access to ad-free episodes, bonus episodes, listen to new episodes before they are released, receive a monthly shout-out on the show, and get a discount code for 15% off merch at the Shared Security store. Support the show for as little as $3! Become a supporter today! https://patreon.com/SharedSecurity ** Thank you to our sponsors! ** SLNT Visit slnt.com to check out SLNT’s amazing line of Faraday bags and other products built to protect your privacy. As a listener of this podcast you receive 10% off your order at checkout using discount code “sharedsecurity”. Click Armor To find out how “gamification” of security awareness training can reduce cyber risks related to phishing and social engineering, and to get a free trial of Click Armor’s gamified awareness training platform, visit: https://clickarmor.ca/sharedsecurity ** Subscribe and follow the podcast ** Subscribe on YouTube: https://www.youtube.com/c/SharedSecurityPodcast Follow us on Bluesky: https://bsky.app/profile/sharedsecurity.bsky.social Follow us on Mastodon: https://infosec.exchange/@sharedsecurity Join us on Reddit: https://www.reddit.com/r/SharedSecurityShow/ Visit our website: https://sharedsecurity.net Subscribe on your favorite podcast app: https://sharedsecurity.net/subscribe Sign-up for our email newsletter to receive updates about the podcast, contest announcements, and special offers from our sponsors: https://shared-security.beehiiv.com/subscribe Leave us a rating and review: https://ratethispodcast.com/sharedsecurity Contact us: https://sharedsecurity.net/contact The post The Google Workspace Security Gap: Why Traditional Tools Fall Short appeared first on Shared Security Podcast.

Discover the groundbreaking advancements in autonomous penetration testing as a cybersecurity startup leverages AI to revolutionize offensive security. The discussion highlights the intriguing potential and challenges of AI automation in identifying vulnerabilities. Additionally, the necessity of skilled penetration testers remains critical, emphasizing transparency in findings. With an eye on the evolving technology landscape, the hosts explore both the promise and pitfalls of these innovations in the cybersecurity realm.