Hacking Humans

Guest Jeff Nathan, the Director of Threat research at Norton Labs, joins Dave to discuss their most recent Consumer Cyber Safety Pulse Report, Joe and Dave share some follow up from listeners Daniel and Neville who helped the guys with a phrase from a recent Catch of the Day, Joe shares a story about getting around MFA using remote access software, Dave's story is about a jobfishing scam from a fake design firm, and our Catch of the Day is from listener Randy about an unsubscribe email he received.Links to stories: Devious phishing method bypasses MFA using remote access software Jobfished: the con that tricked dozens into working for a fake design agency Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Code and data repositories that don't protect against unauthorized changes.

Guest Joshua Neil, the Chief Data Scientist for SecurOnix, joins Dave to talk about evasive techniques and identifying nation-state kill chains, Joe shares an update on his identity theft experience, the guys share some follow up from listener Benji who shares experiences of scammers changing the name on gmail accounts at the synagogue where he works saying they are the rabbi and emailing congregants asking for gift cards, Dave's story is about Apple's AirTags and how they led to the discovery of a German intelligence agency, Joe's got a story about the City of Baltimore falling victim to a phishing scam, and our Catch of the Day is from listener G about a compressed file attachment he received, but did not open.Links to stories: Apple's AirTag uncovers a secret German intelligence agency Inspector General: Baltimore victimized in 376,213 phishing scam last year Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An attack technique that leverages an unprotected web server as a proxy for attackers to send commands through to other computers. 

Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Dave's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab a bowl of popcorn and join us for some Hollywood scams and frauds.Links to this episode's clips if you'd like to watch along: Joe's scene from "The Hustle" Dave's clip from "True Lies"

Guest Deral Heiland from Rapid7 talks with our UK Correspondent Carole Theriault about the state of IOT, Joe shares a personal story about bank checks and a debit card received at his home that were in his name but not from his bank, Dave's got a story from an email he received from the PR department at TikTok about romance scams, and our Catch of the Day is from listener John about a friend who was harassed on Facebook to click a link and how John addressed it.Links to stories:#BeCyberSmart: Tips to protect your heart and walletHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The absence of telemetry that could help network defenders detect and respond to hostile attempts to compromise a system. 

Guest Nick Shevelyov, Chief Security Officer for Silicon Valley Bank. joins Dave sharing some personal history around security, and discussing his book "Cyber War… and Peace," Dave and Joe have some follow up from an anonymous listener about mobile device management issue at their work, Dave has a story where a woman was scammed out of thousands while someone contacted her to "help" with a problem with their bank, Joe's got a few stories about Facebook and ad scams, and our Catch of the Day is from listener Jonathan with a Geek Squad subscription scam.Links to stories: They Were ‘Calling to Help.’ Then They Stole Thousands Facebook blames Apple after a historically bad quarter, saying iPhone privacy changes will cost it $10 billion Scam ads: why an Australian billionaire is launching legal action against Facebook Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Ineffectual confirmation of a user's identity or authentication in session management.

Thanks for joining us for the latest episode of our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Dave's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab a bowl of popcorn and join us for some Hollywood scams and frauds.Links to this episode's clips if you'd like to watch along: Dave's clip from the television show "Key & Peele" Rick's pick from "Sneakers"