Hacking Humans

A prescriptive open source software security maturity model designed to guide strategies tailored to an organization’s specific risks.

Alex Quilici, Robocall Scam Expert of YouMail, discusses how unwanted robocalls are becoming more targeted and the psychology behind some of the worst calls, Joe and Dave share some listener follow up, Joe's story comes from listener Derek who shares how his aunt avoided a scam which wasn't very obvious at first, and Dave's story is about how the FBI released its annual Internet Crime Complaint Center Internet Crime Report for 2021, our catch of the day comes from listener John who shares how he got a new interesting Instagram follower.Links to stories:FBI Releases the Internet Crime Complaint Center 2021 Internet Crime ReportHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An open standard for hardware authentication tokens that use the universal serial bus, or USB, near-field communications, or NFCs, or Bluetooth to communicate one factor in a two-factor authentication exchange.

Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab a bowl of popcorn and join us for some Hollywood scams and frauds.Links to this episode's clips if you'd like to watch along: Joe's clip from "House of Games" (the Western Union scene) Rick's clip from "The Brothers Bloom"

Jim Ducharme, COO of Outseer joins Dave to discuss buy now pay later scams, Joe and Dave share some listener follow up, Joe has an interesting story about an Unchained Capital partner and how they were hit with a social engineering attack, and Dave's story is on the FIDO alliance, our catch of the day comes from listener Matt, who shares how he won 20.5 million and why he wasn't falling for it.Links to stories: A Big Bet to Kill the Password for Good Unchained Capital partner hit with social engineering attack Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A cyber threat intelligence best practice of assigning arbitrary labels to collections of hacker activity across the intrusion kill chain.

UK Correspondent Carole Theriault returns talking with guest David Ruiz from Malwarebytes about parents spying on their kids, Joe and Dave share some listener follow up, Joe's shares a story about the top 5 strangest social engineering tactics, Dave's got a story from one of our listeners, Ricky, about best gift card sales practices at retail chains, and our Catch of the Day comes from listener Michael with a well-crafted email full of red flags when you read into it.Links to stories:Rounding up the Past Year's Strangest Social Engineering TacticsHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A descriptive model that provides a baseline of observed software security initiatives and activities from a collection of volunteer software development shops. 

Guest Justin Reilly, the CEO of Impero, stops by to talk with Dave Bittner about the mental health of kids in the digital age, Dave's got a story about large-scale phishing campaigns targeting the Indian Electric Vehicle consumers and businesses, Joe's story is from Vade sharing the top 20 most impersonated brands in phishing, and our Catch of the Day comes from Bob, a friend and former coworker of Joe's who received a smishing attempt via text from a "friend" and how he expertly turned the tables on the scammer.Links to stories: Unearthing the Million Dollar Scams Targeting the Indian Electric Vehicle Industry Vade Releases 2021 Phishers’ Favorites Report Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Software libraries, frameworks, packages, and other components, and their dependencies (third-party code that each component uses) that have inherent security weaknesses, either through newly discovered vulnerabilities or because newer versions have superseded the deployed version.