Hacking Humans

Guest Inon Shkedy, security researcher at Traceable and API project leader at OWASP Foundation, talks with Dave about the risks various types of insider threats pose to APIs, we have some follow-up from a listener closing on their home, Dave's story is about a new wave of scams saying they are from the Social Security Administration, Joe's got Deepfakes of Tom Cruise (thanks to Rachel Tobac for this one), and our Catch of the Day is from a listener named John's son and a job interview scam he experienced.Links to stories: US government warns of Social Security scams using fake federal IDs Here’s How Worried You Should Be About Those Tom Cruise Deepfakes Deepfake videos of Tom Cruise show the technology's threat to society is very real Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A best practice for framing cyber intelligence critical information requirements that recommends collecting and consolidating data from three specific sources: endpoint, network and log.

Guest Brittany Allen of Sift joins Dave to talk about a new fraud ring on Telegram where bad actors leverage the app to steal from on-demand food delivery services, Joe's story involves two of the five parts of URLs in phishing attacks, Dave's got a story about a malvertising group called "ScamClub," and our Catch of the Day is from a listener named John about a letter he received in the mail from "TD Trust Bank" about an inheritance opportunity.Links to stories: New Phishing Attack Identified: Malformed URL Prefixes “ScamClub” gang outed for exploiting iPhone browser bug to spew ads Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Also known as a third-party attack or a value-chain attack, advisory groups gain access to a targeted victims network by first infiltrating a business partner's network that has access to the victim's systems or data.

Guest Professor Lior Fink from Ben Gurion University shares insights from their study on "How We Can Be Manipulated Into Sharing Private Information Online," Dave's story is some good news about a Nigerian man sentenced for phishing the US heavy equipment company Caterpillar, Joe has a story with bad news about a sextortion email scam with a fake Zoom zero day component, and our Catch of the Day is a compelling phishing email a listener named Michael recently received.Links to stories: Nigerian man sentenced 10 years for $11 million phishing scam Watch out for sextortion email scams Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The process of software engineers checking the flow of user input in application code to determine if unanticipated input can affect program execution in malicious ways.

Guest Sara Teare who is known as 1Password's Minister of Magic talks with Dave about things that people don't consider like custody of the digital keys to your stuff online, Dave and Joe share some listener feedback from Jonathan about replacing outdated equipment (aka an old phone), Joe's story is about ongoing campaign targeting security researchers working on vulnerability research and development at different companies and organizations, Dave's story has a holiday theme: emails pretending to confirm orders from lingerie and flower shops that are actually spreading malware, and our Catch of the Day is from a listener named Kristian and it's a "legitimate deal" from Colonel Gaddafi's daughter.Links to stories: New campaign targeting security researchers Pre-Valentine’s Day Malware Attack Mimics Flower, Lingerie Stores Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The process of stealing ATM customer credentials by means of physically and covertly installing one or more devices onto a public ATM machine.

Carole Theriault returns with a discussion on disinformation with guest, BBC host, podcaster and author Tim Harford, Dave's got a story about Covid vaccine phishing campaigns, Joe's story talks about data breaches that have increased 50% year over year since 2018, and our Catch of the Day is from a listener named John his wife saw on Facebook who translated it from Lithuanian.Links to stories: Count Yourself in For a Vaccine Phish Deep Analysis of More than 60,000 Breach Reports Over Three Years Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A nation-state hacking group’s practice of funding its town activities through cybercrime or cyber mercenary work.