Hacking Humans

Guest Allan Liska from Recorded Future joins Dave to discuss the evolution of ransomware and his new book "Ransomware: Understand. Prevent. Recover," Joe shares a question from listener Joan about an email her father received from "MasterCard Fraud Department" asking photo/video and the last 4 of his Social Security Number, Joe has a story about scams to watch out for during tax time in the US, Dave's story is about ransomware operators trying to recruit company insiders, and our Catch of the Day is from listener Michael who had some acquaintances fall for a scam.Links to stories: Latest IRS Scams: How to Spot Them and Fight Back The Rising Insider Threat: Hackers Have Approached 65% of Executives or Their Employees To Assist in Ransomware Attacks Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Software users are allowed access to data or functionality contrary to the defined zero trust policy by bypassing or manipulating the installed security controls. 

Guest Roger Grimes, Data Driven Defense Evangelist at KnowBe4, joins Dave to discuss his new book "Ransomware Protection Playbook," Dave has a story about a Meta (Facebook) group with a cryptocurrency scam that promises "a new way to wealth," Joe's story has tales of account takeover attacks of high-profile gamers, and our Catch of the Day is from listener Jesse about a text they received from "Facebook" about a $600,000 windfall.Links to stories: We Infiltrated a Crypto Scam Network That’s Hosted by Meta EA Confirms Account Takeover Attacks Compromising High-Profile Gamers via Phishing and Social Engineering Attacks Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The state of a web application when it's vulnerable to attack due to an insecure configuration. 

Guest Jane Lee, Trust and Safety Architect at Sift, joins Dave to talk about the Digital Trust and Safety Index, Joe and Dave share some follow up from a listener, Ben, with a suggestion as an alternative to prevent clicking on those bonus phishing scams, Joe's story is about fake ticket scams for the Kansas City Chiefs NFL playoff game against the Pittsburgh Steelers, Dave's got a story about scams on Apple's App Store, and our Catch of the Day is from an anonymous listener about an email they received from their "IT department" requesting credentials (including password) when getting a new laptop. (Note: This is our first COTD that is not a scam, rather a bad policy.)Links to stories: Kansas City police warn Chiefs fans about ticket scams APPLE’S $64 BILLION-A-YEAR APP STORE ISN’T CATCHING THE MOST EGREGIOUS SCAMS Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A broad OWASP Top 10 software development category representing missing, ineffective, or unforeseen security measures.

Guest Tom Tovar, CEO and Co-Creator of AppDome, joins Dave and Joe to discuss the results of a recent consumer survey, Dave's story is based on a tweet where the user's child's middle school had some unintended consequences of a phishing scam training, Joe has two stories: one on QR code scammers on parking kiosks, and one about a book publishing phishing scam, and our Catch of the Day is a message that purports to come from the USPS sent in by listener William about a missed package delivery.Links to stories: Tweet about phishing simulation gone wrong. QR code scammers hitting on-street parking in Texas cities -- including Houston, officials say; This is what you need to know FBI Arrests Suspect in Unpublished Book Manuscript Phishing Scam Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

An open source Java-based software tool available from the Apache Software Foundation designed to log security and performance information. 

Guest Adam Flatley, Director of Threat Intelligence at Redacted, talks with Dave about "the only way to truly disrupt the ransomware problem is to target the actors themselves," Joe shares some statistics that will help you stay up-to-date on recent cybersecurity trends, Dave's story is about criminal indictments in a case of a Maryland company buying lead paint victims’ settlements for a fraction of their value, and our Catch of the Day comes from listener Brady about a slick mail campaign they received from "Amazon."Links to stories: 22 cybersecurity statistics to know for 2022 Criminal indictments filed against Maryland company that targeted Baltimore lead paint victims’ settlements Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A broad class of attack vectors, where an attacker supplies input to an applications command interpreter that results in unanticipated functionality.