Hacking Humans

Guest Chris Kirsch, DefCon 25 Social Engineering Capture The Flag winner and Co-Founder and Chief Executive Officer at Rumble, talks with our UK Correspondent Carole Theriault about his experience at the event, Dave's story is about scammers bypassing social engineering and going directly to pitch employees to install ransomware, Joe's got a story about travel scams he came across while planning a recent trip, our Catch of the Day comes from Reddit about some text messages which cause emotions to flare.Links to stories: Nigerian Threat Actors Skip Social Engineering, Make Direct Pitches to Employees To Install Ransomware on Company Networks 15 Common Travel Scams (And How To Avoid Them) Catch of the Day links: Guess I made the scammer angry? He blocked me before I could really mess with him, unfortunately Did I win? Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Phase of a typical cyber adversary group's attack sequence, after the initial compromise and usually after the group has established a command and control channel, where the group moves through the victims network by compromising as many systems as it can, by looking for the data, it has come to steal or to destroy.

Guest Alex Hinchliffe, Threat Intelligence Analyst from Unit 42 at Palo Alto Networks joins Dave to talk about some of his team's ransomware research, Joe's story is about a new jury duty scam that is out there (hint, they will not call you on the phone), Dave's got a story about Microsoft rolling out passwordless login options, our Catch of the Day comes from a listener named Lucio who shared several social engineering ploys with us.Links to stories: Brand New Jury Duty Scam You Can Now Ditch the Password on Your Microsoft Account Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world. 

Guest Etay Maor of Cato Networks joins Dave Bittner to discuss the impact that deepfakes will have on our society, we share some fun feedback on the Lightning Rod story edit, Dave's story talks about how some of the most successful and lucrative online scams employ a “low-and-slow” approach, Joe's story is about 2 Arkansas farmer that scammed investors out of money for wind turbines, but used it for houses, cars and Disney World, and our Catch of the Day is from an unnamed listener with a supposed iPhone invoice.Links to stories: Gift Card Gang Extracts Cash From 100k Inboxes Daily Arkansas wind farmers claimed their technology was more efficient than turbines — then spent investors’ money on houses, cars and at Disney World Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A forensic technique where practitioners capture an entire image of a system and analyze the contents offline.

Guest Gil Friedrich from Avanan joins Dave to discuss how collaboration platforms, like Microsoft Teams, Slack and others, opened up a new gateway to ransomware attacks, Joe's story comes from listener Matt shared as a COTD candidate that's a phishing scam, Dave's got a story about China and Russia trying to turn your employees into spies, and our Catch of the Day comes from a listener named Iain with a timely story "from" Afghanistan.Links to stories: Guarding Against the Chinese Domain Name Email Scam The FBI’s warning to Silicon Valley: China and Russia are trying to turn your employees into spies Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.Note: Microsoft is a sponsor of the CyberWire, however, we cover them as we would any other company.

A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025. 

Guest Javvad Malik from KnowBe4 shares his thoughts on bad security training with the CyberWire's UK correspondent Carole Theriault, Dave's story is about deepfake technology being used for business cases, Joe's gives a synopsis of Proofpoint's most recent State of the Phish report, our very first Catch of the Day about Discord comes from a listener named Henning.Links to stories: Deepfakes Are Now Making Business Pitches Proofpoint's 2021 State of the Phish Report Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A collection of people, process, and technology that provides an organization the ability to detect and respond to cyber attacks.