Shows
The Jerich Show PodcastLastPass (Again), U.S. Marshals get hit with ransomware and moreIn this episode Erich Javvad discuss important #cybersecurity stories including... Lastpass... again, the U.S. Marshals get pwned by #ransomware, and much more.
Stories from the show:
U.S. Marshals Service suffers 'major' security breach
https://www.nbcnews.com/politics/politics-news/major-us-marshals-service-hack-compromises-sensitive-info-rcna72581
LastPass says employee’s home computer was hacked and corporate vault taken
https://arstechnica.com/information-technology/2023/02/lastpass-hackers-infected-employees-home-computer-and-stole-corporate-vault/
Salesforce to sweat assets
https://www.theregister.com/2023/03/02/salesforce_q4_fy_2023/
Hacker leaks alleged Activision employee data on cybercrime forum
https://www.bleepingcomputer.com/news...2023-03-0325 minThe Jerich Show PodcastNameCheap email hacked, GoDaddy breached for years and WhatsApp woesIn this episode, Erich and Javvad discuss the hack of NameCheap's email, which was used to send phishing emails, how Godaddy has been breached for years, accidental WhatsApp account takeovers and more.
Stories from the show:
NameCheap's email hacked to send Metamask, DHL phishing emails
https://www.bleepingcomputer.com/news/security/namecheaps-email-hacked-to-send-metamask-dhl-phishing-emails/
How a women’s ‘disdain for email guff’ stopped a Putin hack six years on
https://www.independent.co.uk/news/uk/home-news/russia-ukraine-email-putin-hack-b2280580.html
GoDaddy: Hackers stole source code, installed malware in multi-year breach
https...2023-02-2425 minThe Jerich Show PodcastWeee! a Breach, Cyber Diplomat Hacked, Reddit Phished and More!In this episode, Erich and Javvad discuss the weeks top cybersecurity issues and stories, including the Reddit hack, a top US cybersecurity diplomat's persona Twitter getting pwned, talk about a VMware 0-day and Weee! dealing witha not-so-fun breach.
All of this and more live on Linkedin, Facebook, Twitch and YouTube!
Don't forget to like and subscribe
Stories from the show:
The Top U.S. Cybersecurity Diplomat's Personal Twitter Account Was Hacked
https://www.forbes.com/sites/petersuciu/2023/02/06/the-top-us-cybersecurity-diplomats-personal-twitter-account-was-hacked/?sh=3918883d4d7e
VMware Finds No Evidence of 0-Day in On...2023-02-1022 minThe Jerich Show Podcast£3.9B Fraud and Cybercrime in the UK, ‘The Pooping Perpetrator’, SwiftSlicer Wiper and MoreIn this episode, Erich and Javvad discuss fraud in the UK, the 'Pooping Perpertrator' gets flushed out, a new Russian wiper is spotted and much, much more!
Join us on LinkedIn to comment live!
Stories from the show:
Over £3.9 BILLION has been lost to fraud and cybercrimes in the last 13 months across the UK
https://ifamagazine.com/article/over-3-9-billion-has-been-lost-to-fraud-and-cybercrimes-in-the-last-13-months-across-the-uk/
Florida Authorities Arrest ‘The Pooping Perpetrator’ for Burglary After Suspect Jumped Naked into River and was Rescued by Police
https://lawandcrime.com/crime/florida-authorities-arrest-the-pooping-perpetrator-for-burglary-after-suspect-jumped-naked-into-river-and-was-rescued-by-police/?ICID=ref_fark...2023-02-0326 minThe Jerich Show PodcastThe Feds Bust a Hive, Refunds Scams and More!In this episode, Erich and Javvad discuss the Hive ransomware group takedown, some refund scams, RMM tool attacks and more.
Stories from the show:
DOJ disrupts major ransomware group
https://www.nbcnews.com/tech/security/doj-disrupts-major-ransomware-group-rcna67627
CISA says federal agencies attacked in refund scam through remote management software
https://therecord.media/cisa-says-federal-agencies-attacked-in-refund-scam-through-remote-management-software/
GoTo says hackers stole encrypted backups during November cyberattack
https://therecord.media/goto-says-hackers-stole-encrypted-backups-during-november-cyberattack/
2023-01-2721 minThe Jerich Show PodcastIt’s a new year! CES Wrap Up, Is Every Outage a Hack? and MoreIn this episode we welcome in the new year, chat about the future in 2023, recap Erich's trip to CES, talk about the big news of the last couple of weeks, and more.
Stories from the show:
'No Evidence' of Cyberattack Related to FAA Outage, White House Says
https://www.securityweek.com/no-evidence-cyberattack-related-faa-outage-white-house-says
Guardian Tells Workers Their Data Was Compromised in Ransomware Hack
https://www.bloomberg.com/news/articles/2023-01-11/guardian-tells-staff-their-data-was-accessed-in-ransomware-hack
Royal Mail ransomware attackers threaten to publish stolen data
https://www.theguardian.com/business/2023/jan/12/royal-mail-ransomware-attackers-threaten-to-publish-stolen-data
2023-01-1326 minThe Jerich Show PodcastJargon Ruining Security, over 40% of Work Emails are Junk, and Your Password is What?In this episode, Erich and Javvad discuss the jargon issue in #cybersecurity, the overwhelming issue of garbage email, the continued trend for crap passwords and more.
Stories from the show:
Cybersecurity jargon impacting communication between C-suite and specialists
https://www.information-age.com/cybersecurity-jargon-impacting-communication-between-c-suite-specialists-123500747/
Unwanted emails steadily creeping into inboxes
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/
Mass Email Extortion Campaign Claims Server Hack
https://www.infosecurity-magazine.com/news/mass-email-extortion-claims-server/
Guess the most common password. Hint: We just told you
https://www.theregister.com/2022/11/25/infosec_roundup/
2022-12-0220 minThe Jerich Show PodcastLiz Truss’ phone hacked, $4M in network access for sale, and more!In This episode, Erich and Javvad discuss the hack of Liz Truss' phone, the offering of $4M worth of initial network access, the FTC crack down on a repeat offender and more!
Stories from the show
Hackers selling access to 576 corporate networks for $4 million
https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/
FTC Cracks Down on Homework App Provider Chegg for 4 Past Data Breaches
https://www.pcmag.com/news/ftc-cracks-down-on-homework-app-provider-chegg-for-4-past-data-breaches
Liz Truss' phone was 'clearly hacked', says minister
h...2022-11-0417 minThe Jerich Show PodcastPurged accounts on LinkedIn, bad Android apps and Raccoon steals 50M credentialsIn this episode, Erich and Javvad discuss the cybersecurity stories of the week, including some significant convictions, bots and LinkedIn battle, CVE PoCs used to spread malware and much more!
Stories from the show:
EFCC touts 1,968 cybercrime-related convictions secured in nine months
https://punchng.com/2669-convictions-secured-in-nine-months-efcc/
Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn
https://krebsonsecurity.com/2022/10/battle-with-bots-prompts-mass-purge-of-amazon-apple-employee-accounts-on-linkedin/
Security experts targeted with malicious CVE PoC exploits on GitHub
https://securityaffairs.co/wordpress/137527/hacking/malicious-github-repositories.html
Google bans 16 popular Android apps! Millions wa...2022-10-2818 minThe Jerich Show PodcastRansomware Gang Gets Scammed, Scammed by an Astronaut and More!In this episode, Erich and Javvad talk about a woman who was scammed by an 'astronaut' that needed money to get home from the space station, the failure of Microsoft to secure their own product, Chinese police stations around the world, how the Dutch scammed a ransomware gang into giving up decryption keys, and more!
Stories from the show:
An Imposter Claiming to Be an Astronaut Wooed a Japanese Woman Into Paying for a 'Return Ticket to Earth'
https://gizmodo.com/astronaut-iss-instagram-1849638814
Microsoft data breach exposes customers’ contact info, emails
https://ww...2022-10-2130 minThe Jerich Show PodcastMobile Problems Abound - Android Apps and VPN Service Problems and MoreIn this episode Javvad and Erich discuss a number of issues with Android phones, including an unofficial WhatsApp app stealing user accounts, how the Always-on VPN is leaking traffic and more.
Stories from the show:
Unofficial WhatsApp Android app caught stealing users’ accounts
https://www.bleepingcomputer.com/news/security/unofficial-whatsapp-android-app-caught-stealing-users-accounts/
Facebook Login Details at Risk as Meta Identifies Over 400 Malicious Apps
https://www.infosecurity-magazine.com/news/facebook-login-details-at-risk/
Android leaks some traffic even when 'Always-on VPN' is enabled
https://www.bleepingcomputer.com/news/google/android-leaks-some-traffic-even-when-always-on-vpn-is-enabled/
Lloyd's of...2022-10-1427 minThe Jerich Show PodcastHuman trafficking in cybercrime, social media identity theft and moreIn this episode, Erich and Javvad talking about human trafficking related to cybercrime operations, social media account takeovers and more!
Stories from the show:
Guilty verdict in the Uber breach case makes personal liability real for CISOs
https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html
Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up
https://www.govinfosecurity.com/jury-finds-former-uber-cso-joe-sullivan-guilty-cover-up-a-20187
Twitter post by Whitney Merrill - @wbm312
https://twitter.com/wbm312/status/1577827226196013056
SUPERSEDING INDICTMENT
https://dd80b675424c132b90b3-e48385e382d2e5d17...2022-10-0729 minThe Jerich Show PodcastAn Uber incident, WeTransfer used to spread malware and much more!In this episode, Erich and Javvad speak about the Uber breach, using WeTransfer to spread malware, UK folks fear that their kids will turn to cybercrime due to the rising cost-of-living, and more.
Stories from the show:
Uber investigating 'cybersecurity incident' after report of breach
https://www.reuters.com/business/autos-transportation/uber-investigating-computer-network-breach-nyt-2022-09-16/
Cybercrime Fears for Children as Cost-of-Living Bites
https://www.infosecurity-magazine.com/news/cybercrime-fears-children/
Hackers are using WeTransfer links to spread malware
https://www.msn.com/en-us/news/technology/hackers-are-using-wetransfer-links-to-spread-malware/ar-AA11MEiM
Hackers...2022-09-1621 minThe Jerich Show PodcastLog4j Still a Problem, Credential Stuffing Yeilds 200k Accounts and more!This week, Javvad and Erich discuss the campaign the Lazarus group is using against US energy companies, surveillance camera access for sale, and how credential stuffing compromised almost 200k accounts at North Face. All this and more!
Stories from the show:
Cybercriminals Are Selling Access to Chinese Surveillance Cameras
https://threatpost.com/cybercriminals-are-selling-access-to-chinese-surveillance-cameras/180478/
200,000 North Face accounts hacked in credential stuffing attack
https://www.bleepingcomputer.com/news/security/200-000-north-face-accounts-hacked-in-credential-stuffing-attack/
North Korea’s Lazarus hackers are exploiting Log4j flaw to hack US energy compa...2022-09-0925 minThe Jerich Show PodcastStealthy Coinminers, Ransomware Victims List Over Doubles and More!In this episode, Javvad and Erich discussa crafty coinminer malware that lays dormant for a while, Okta credential thefts, a huge increase in potential victims of a ransomware attack, and a possible device that allows bad actors to simulate swipes and taps on phones from under a table.
All this and more!
Accepted the Risk Video:
https://www.youtube.com/watch?v=9IG3zqvUqJY
Stories from the show:
Twilio Hackers Scarf 10K Okta Credentials in Sprawling Supply-Chain Attack
https://www.darkreading.com/remote-workforce/twilio-hackers-okta-credentials-sprawling-supply-chain-attack
Windows malware d...2022-09-0214 minThe Jerich Show PodcastOn the Road, Twitter is a Mess, French Hospital Down, and MoreIn this episode, Erich is on the road in Dallas for the Podcast Movement conference, but him and Javvad still take the time out to discuss some major stories on cybersecurity this week.
Stories from the show:
LastPass developer systems hacked to steal source code
https://www.bleepingcomputer.com/news/security/lastpass-developer-systems-hacked-to-steal-source-code/
Twitter whistleblower alleges ‘egregious deficiencies’ in security measures
https://www.theguardian.com/technology/2022/aug/23/twitter-whistleblower-peiter-zatko-mudge-security
Cyber attackers disrupt services at French hospital, demand $10 million ransom
https://www.france24.com/en/europe/20220823-cyber-attackers-disrupt-services-at-french-hospital-demand-10-million-ransom
Researchers Find...2022-08-2622 minThe Jerich Show PodcastCisco Hacked, and Black Hat 2022 Wrap UpIn this episode, Javvad and Erich talk about the Cisco hack and wrap up the 2022 Black Hat experience.
Stories from the show:
Las Vegas slammed with more flash floods as iconic strip, casinos under water again
https://nypost.com/2022/08/12/las-vegas-slammed-with-more-flash-floods-as-iconic-strip-casinos-under-water-again/
Smishing Attack Led to Major Twilio Breach
https://www.infosecurity-magazine.com/news/smishing-attack-led-to-major/
Cloudflare: Someone tried to pull the Twilio phishing tactic on us too
https://www.theregister.com/2022/08/10/cloudflare_twilio_phishing/
Cisco Talos shares insights related to recent cyber attack o...2022-08-1217 minThe Jerich Show PodcastFEMA Warns Systems Vulnerable, $190MIL in Crypto Stolen and Macros Cause HavokErich and Javvad discuss a crypto currency theft of around $190mil, FEMA warns about patching emergency alerts systems and macros have become a top way to spread ransomware, plus more stories of the week.
Join us live and chat with us on LinkedIn
Stories from the show:
Hack of US cryptocurrency firm Nomad leads to $190 million loss in bridge attack
https://www.scmagazine.com/analysis/breach/hack-of-us-cryptocurrency-firm-nomad-leads-to-190-million-loss-in-bridge-attack
87% of the ransomware found on the dark web has been delivered via malicious macros
https://www.helpnetsecurity.com...2022-08-0525 minThe Jerich Show PodcastWhat is your data worth, cyber attacks on shipping and much more!In this episode Erich and Javvad discuss cyber attacks on the Port of Los Angeles, the value T-Mobile places on your data and much more!
T-Mobile Pitches $4-Per-Customer Settlement for Data Leak Impacting 80M People
https://www.darkreading.com/application-security/t-mobile-pitches-4-per-customer-settlement-for-data-leak
Cyber-attacks on Port of Los Angeles have doubled since pandemic
https://www.bbc.com/news/business-62260272
2022-07-2918 minThe Jerich Show PodcastFake Cisco gear, Microsoft warns about MFA resistant phish, and more!In this episode, Javvad and Erich discuss a Florida man charged with selling fake Cisco gear, a phish designed to get around MFA, ransomware gangs allow searching of dumped data and Google updates their password manager.
Stories from the show:
Florida man charged with selling fake Cisco equipment in $1 billion scheme
https://www.reuters.com/world/us/florida-man-charged-with-selling-fake-cisco-equipment-1-bln-scheme-2022-07-08/
This big phish can swim around MFA, says Microsoft Security
https://www.theregister.com/2022/07/13/aitm-phishing-microsoft/
Ransomware gang now lets you search their stolen data
https://www.bleepingcomputer...2022-07-1523 minThe Jerich Show PodcastCarnival gets a $5mil fine, Microsoft changes mind on macros, and more!In this episode, Erich and Javvad talk about fake copyright infringement emails, Carnival cruise line is fined $5 for not having MFA, A Dutch univeristy makes money off a paid ransom, unemployment payments taken offline by ransomware and more.
Stories from the show:
Fake copyright infringement emails install LockBit ransomware
https://www.bleepingcomputer.com/news/security/fake-copyright-infringement-emails-install-lockbit-ransomware/
Cruise line operator Carnival hit with $5m fine for failing to implement multi-factor authentication and failing to conduct cyber security training for its staff.
https://www.itpro.co.uk/security/cyber-security/368362/carnival-hit-with-5-million-fine-over-cyber-security-violations
D...2022-07-0824 minThe Jerich Show PodcastVoices from the dead, CISA gets serious, and much more!In this episode, Javvad and Erich chat about Alexa bringing voices from the dead, CISA getting serious about Log4Shell, AI being alive and much, much more.
Stories from the show:
CISA: Log4Shell exploits still being used to hack VMware servers
https://www.bleepingcomputer.com/news/security/cisa-log4shell-exploits-still-being-used-to-hack-vmware-servers/
Conti ransomware hacking spree breaches over 40 orgs in a month
https://www.bleepingcomputer.com/news/security/conti-ransomware-hacking-spree-breaches-over-40-orgs-in-a-month/
Google engineer put on leave after saying AI chatbot has become sentient
https://www.theguardian.com/technology/2022/jun/12/google-engineer-ai-bot-sentient-blake-lemoine
2022-06-2420 minThe Jerich Show PodcastRoblox Ransomware, EMOTET is Still Alive, 1 Million Facebook Creds Stolen in 4 Months, and More!In this episode, Erich and Javvad discuss ransomware demanding payment through ROBLOX, a cybercriminal that stole over 1 million Facebook accounts in 4 months, a data breach exposes 2 million people's info, and they offer no help.
Stories from the show:
Bizarre ransomware sells decryptor on Roblox Game Pass store
https://www.bleepingcomputer.com/news/security/bizarre-ransomware-sells-decryptor-on-roblox-game-pass-store/
A cybercriminal stole 1 million Facebook account credentials over 4 months
https://www.techrepublic.com/article/a-cybercriminal-stole-1-million-facebook-account-credentials-over-4-months/
Emotet malware detections surge 27-fold in first quarter
https://siliconangle.com/2022/06/09/emotet-malware-detections-surge-first-quarter/
Data breach at h...2022-06-1021 min
The Jerich Show PodcastThe Jerichshow Episode 88 - Twitter Fined, CFOs Mushroomed, and More!In this episode, Erich and Javvad talk about the arrest of a phishing kingpin, in Nigeria surprisingly, the $150m fine Twitter just got, and a study showing that CFO's aren’t being included in ransomware talks.
All this and more in this episode.
Stories from the show:
FTC fines Twitter $150M for using 2FA info for targeted advertising:
https://www.bleepingcomputer.com/news/technology/ftc-fines-twitter-150m-for-using-2fa-info-for-targeted-advertising/
Multi-Continental Operation Leads to Arrest of Cybercrime Gang Leader:
https://www.infosecurity-magazine.com/news/operation-arrest-cybercrime-gange/
Most CFOs being left...2022-05-2724 min
The Jerich Show PodcastThe Jerich Show Episode 85 - Coke Hacked, Recruitment SNAFU and Much More!In this episode Erich and Javvad talk about the Coke hack that may not have happened, the UK Army recruiting portal debacle, and Gloucester's choice not to have cyber insurance. All of this and more in this episode of the Jerich Show
Stories from the show:
Coca-Cola investigates hackers' claims of breach and data theft
https://www.bleepingcomputer.com/news/security/coca-cola-investigates-hackers-claims-of-breach-and-data-theft/
Gloucester council reveals more about why it was not insured against cyber attacks
https://www.gloucestershirelive.co.uk/news/gloucester-news/gloucester-council-reveals-more-not-6935231
Data Breach Disrupts UK Army Recruitment2022-04-2920 min
The Jerich Show PodcastThe Jerich Show Episode 84 - Crypto Wallets Targeted, Arrests Made and more!In this episode, Erich and Javvad cover stories about data breach emails being used to target crypto wallets, some arrests and charges filed against cyber criminals, WhatsApp voice message phishing emails, and much more!
Stories From the Show:
Fake Trezor data breach emails used to steal cryptocurrency wallets
https://www.bleepingcomputer.com/news/security/fake-trezor-data-breach-emails-used-to-steal-cryptocurrency-wallets/
UK charges two teenagers linked to the Lapsus$ hacking group
https://www.bleepingcomputer.com/news/security/uk-charges-two-teenagers-linked-to-the-lapsus-hacking-group/
GitHub can now auto-block commits containing API keys, auth tokens
https://www.bleepingcomputer.com/n...2022-04-1523 minThe Jerich Show PodcastThe Jerich Show Episode 83 - On the Road AgainIn this episode, Erich joins Javvad from the airport in Nashville, Tennessee to discuss some of the top cybersecurity stories of the week.
2022-04-0119 min
The Jerich Show PodcastThe Jerich Show Episode 82 - Lapsus$ is still going, London Voter Info Leaked and More!In this Episode, Erich and Javvad cover the weekly hot stories related to the Lapsus$ group, ISACA says we need more staff, London voter info leaked and more.
Stories from the show:
ISACA: Two-Thirds of Cybersecurity Teams Are Understaffed
https://www.infosecurity-magazine.com/news/isaca-cybersecurity-understaffed/
Anonymous claims it has hacked the Central Bank of Russia
https://www.computerweekly.com/news/252515064/Anonymous-claims-it-has-hacked-the-Central-Bank-of-Russia
Over 40,000 London Voters Have Data Leaked to Strangers
https://www.infosecurity-magazine.com/news/over-40000-london-voters-data/
Microsoft confirms they were hacked by Lapsus$ extortion group
...2022-03-2520 min
The Jerich Show PodcastThe Jerich Show Episode 81 - Russian AV, Meta Pays Fines and Much More!In this episode, Javvad and Erich talk about the German Governement warning about using Russian anitivirus, Meta gets a fine and the CISSP gets a testing revamp. All this and more!
Stories from the show:
German Government Warns Against Using Russia's Kaspersky Antivirus Software
https://thehackernews.com/2022/03/german-government-warns-against-using.html
Facebook Hit With $18.6 Million GDPR Fine Over 12 Data Breaches in 2018
https://thehackernews.com/2022/03/facebook-hit-with-186-million-gdpr-fine.html
Cyber security certification overhaul brings new questions and longer exams
https://www.itpro.co.uk/security/cyber-security/366966/cy...2022-03-1822 min
The Jerich Show PodcastThe Jerich Show Episode 80 - Samsung, NVIDIA and Lapsus$, Dirty Pipe and MoreIn this episode, Javvad and Erich chat about the Lapsus$ ransomware group and the attacks on NVIDIA and Samsung, Android malware and more!
Stories from the show:
Chinese phishing actors consistently targeting EU diplomats
https://www.bleepingcomputer.com/news/security/chinese-phishing-actors-consistently-targeting-eu-diplomats/
Samsung Confirms Lapsus$ Ransomware Hit, Source Code Leak
https://threatpost.com/samsung-lapsus-ransomware-source-code/178791/
That Android antivirus could actually be malware
https://www.techradar.com/news/that-android-antivirus-could-actually-be-malware
'Dirty Pipe' Linux vulnerability discovered
https://www.zdnet.com/article/dirty-pipe-linux-vulnerability-discovered-fixed/
A Risk Question
https://twitter.com...2022-03-1119 min
The Jerich Show PodcastThe Jerich Show Episode 79 - NVIDIA Hack back, Conti Code Leak and More!In this episode, Javvad and Erich chat about the cybersecurity issues related to the Ukraine invasion, the Conti ransomware group has a lot of data dumped, and the folks that hit Nvidia, get hit back.
All of this and more!
Stories from the show:
83% of employees continue accessing old employer’s accounts
https://www.helpnetsecurity.com/2022/02/21/employees-maintaining-accounts-access/
Conti Ransomware Decryptor, TrickBot Source Code Leaked
https://threatpost.com/conti-ransomware-decryptor-trickbot-source-code-leaked/178727/
Ransomware group claiming responsibility for Nvidia attack is hacked in turn
https://www.pcgamer.com/ransomware-group-claiming-responsibility-for-nvidia-attack-is-hacked-in-turn/
2022-03-0420 min
The Jerich Show PodcastThe Jerich Show Episode 78 - While the cat’s away... Guest host James McQuigganJavvad is away this week, so Erich is joined by James McQuiggan as they speak about the top #cybersecurity stories from the week.
Stories from the show:
Baltimore Conned Out of $375k
https://www.infosecurity-magazine.com/news/baltimore-conned-out-of-375k/
74% of ransomware revenue goes to Russia-linked hackers
https://www.bbc.com/news/technology-60378009
Venmo and other financial app users to get $58 million in settlement
https://www.consumeraffairs.com/news/venmo-and-other-financial-app-users-to-get-58-million-in-settlement-012422.html
US DOJ Announces Leader for New FBI Crypto Unit
https://blockchain.news/news/us-doj-announces-leader-for-new-fbi-crypto-unit2022-02-1829 minThe Jerich Show PodcastThe Jerich Show Episode 77 - Infotainment Crashes, Russian Crackdowns and More!In this episode, Erich Kron and Javvad Malik chat about the weekly #infosec and #cybersecurity stories, including how Russia is cracking down on carders, infotainment system crashes and more.
Stories from the show:
Tech bug keeps Mazda radios locked in to NPR
https://www.bbc.com/news/technology-60333765
Intuit users warned over tax scam threatening to disable your account – here’s the fake email to look out for
https://www.the-sun.com/money/4620318/intuit-scam-phishing-fake-email-tax/
Russia arrests third hacking group, seizes carding forums
https://www.bleepingcomputer.com/news/security/russ...2022-02-1112 min
The Jerich Show PodcastThe Jerich Show Episode 76 - Perry Carpenter, The Inside Man Season 4 Premiere and MoreIn this episode, Erich and Javvad welcome Perry Carpenter, author of 'Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors' as we discuss the release of The Inside Man Season 4 and interesting weekly inforsec stories
Perry's LinkedIn Profile:
https://www.linkedin.com/in/perrycarpenter/
Perry's Twitter Profile:
https://twitter.com/PerryCarpenter (@PerryCarpenter)
Perry's Own (AWESOME) Podcast - 8th Layer Insights
https://thecyberwire.com/podcasts/8th-layer-insights
Stories from the show:
Facebook says Apple iOS privacy change will result in $10 b...2022-02-0445 minThe Jerich Show PodcastThe Jerich Show Episode 74 - Ethan Smart from appNovi Chats About Weekly Stories, AppNovi and More!In this episode Javvad and Erich are joined by Ethan Smart, Co-Founder and Head of Solutions Architecture at appNovi, as they discuss the #cybersecurity stories of the week and hear more about Ethan's passion for making the lives of practitioners easier.
Stories from the show:
DHL dethrones Microsoft as most imitated brand in phishing attacks
https://www.bleepingcomputer.com/news/security/dhl-dethrones-microsoft-as-most-imitated-brand-in-phishing-attacks/
Nintendo warns of spoofed sites pushing fake Switch discounts
https://www.bleepingcomputer.com/news/security/nintendo-warns-of-spoofed-sites-pushing-fake-switch-discounts/
Alexa outage
https://www.techradar.com/uk/news/live...2022-01-2148 min
The Jerich Show PodcastThe Jerich Show Episode 72 - The Festive EpisodeIn this, the last episode of 2021, Erich and Javvad chat about a propane problem, the Grinch steal payday, the log4j thing and stealing lotto tickets with an interesting end.
All this and more
Stories frome the show:
https://indianexpress.com/article/explained/log4j-vulnerability-cybersecurity-7671367/
https://www.thesun.co.uk/tech/17049490/christmas-payday-cancelled-hackers-ukg-ransomware-who-is-affected/
https://www.govinfosecurity.com/superior-plus-latest-fuel-supplier-hit-by-ransomware-a-18128
https://www.bbc.co.uk/news/uk-england-manchester-59654724
2022-01-1415 min
The Jerich Show PodcastThe Jerich Show Episode 71 - We ”Predict” This Will Be A Great EpisodeIn this special episode Javvad and Erich welcome Jelle Wieringa (@JelleWieringa), Roger Grimes (@rogeragrimes), Anna Collard @AnnaCollard3) and James McQuiggan (@James_McQuiggan) to the show for their 2022 cyber predictions.
How bad will things get? Will we have to welcome our new robotic overlords? Will shortages doom the Pumpkin Spice Latte? This and more may be answered in this episode, so be sure to join us.
2021-12-1039 min
The Jerich Show PodcastThe Jerich Show Episode 69 - Going Live Streaming, What Could Go Wrong?In this episode, Erich and Javvad chat about the #infosec and #cybersecurity stories of the week. Check them out and chat live with the hosts.
Stories from the show:
New Memento ransomware switches to WinRar after failing at encryption:
https://www.bleepingcomputer.com/news/security/new-memento-ransomware-switches-to-winrar-after-failing-at-encryption/
Security company faces backlash for waiting 12 months to disclose Palo Alto 0-day:
https://www.zdnet.com/article/security-company-faces-backlash-for-waiting-12-months-to-disclose-palo-alto-0-day/
FBI system hacked to email 'urgent' warning about fake cyberattacks:
https://www.bleepingcomputer.com/news/security/fbi-system-hacked-to-email-urgent-warning-about-fake-cyberattacks/
2021-11-2924 min
The Jerich Show PodcastThe Jerich Show Episode 68 - Medical Breach, Big Pharma, Robinhood Robbed, the South and Much More!In this episode, Erich and Javvad discuss issues around a fertility clinic hack, another way big pharma is a hot mess, how Robinhood was swindled with simple social engineering and how North Korea is up to it's old tricks again.
Don't forget to Like, Share and Subscribe!
Stories from the show:
Hack leaves fertility clinic medical data at risk:
https://www.bbc.com/news/technology-59156683
EU pharmaceutical giants run old, vulnerable apps and fail to use encryption in login forms:
https://www.zdnet.com/article/eu-pharmaceutical-giants-run-old-vulnerable-apps-and-fail-to-use-encryption-in-login-forms/
2021-11-1217 min
The Jerich Show PodcastThe Jerich Show Episode 67 - Cisco joins the present, Pegasus is blacklisted, Squidcrypto and moreIn this episode Javvad and Erich discuss Cisco's decision to remover hard-coded credentials and SSH keys... finally, the US ban on Pegasus spyware, a Squid Game themed cryptocoin robbery, and parents being threatened after building a school app.
Stories from the show:
Cisco fixes hard-coded credentials and default SSH key issues:
https://www.bleepingcomputer.com/news/security/cisco-fixes-hard-coded-credentials-and-default-ssh-key-issues/
US Bans Trade With Pegasus Spyware Maker:
https://threatpost.com/pegasus-spyware-blacklisted-us/175999/
Squid Game crypto token collapses in apparent scam:
https://www.bbc.co.uk/news/business-59129466
These Parents B...2021-11-0826 min
The Jerich Show PodcastThe Jerich Show Episode 66 - Groovy Revenge, NRA Gets Hacked, Iran... Out of Gas, and More!This week, Erich and Javvad discuss some of the latest cybersecurity stories, including the NRA hack, North Korea is going after security vendors in supply chain attacks, some Iranian gas pumps are taken offline by a cyber attack and the Groove ransomware gang wants revenge on the US for taking down REvil, and is enlisting other gangs to focus their attacks there.
All of this and more!
Remember to Like, Share and Subscribe!
Stories from the show:
NRA Hacked:
https://www.cbsnews.com/news/nra-hack-ransomware-gang-grief-russia/
North Korea is H...2021-10-2922 min
The Jerich Show PodcastThe Jerich Show Episode 65 - Presentation Fails, Telecom Targets, a Breach Admittance and More!In this episode, Erich and Javvad talk about their fails during presentations, Accenture finally admits it's data was breached, telecoms are targeted by China, the UK bans Huawei from the 5Gs bad actors steal cookies from content creators, and a whole lot more!
Remember to Like, Subscribe and Share!
Stories from the show:
Accenture confirms data breach after August ransomware attack:
https://www.bleepingcomputer.com/news/security/accenture-confirms-data-breach-after-august-ransomware-attack/
Huawei ban: UK to impose early end to use of new 5G kit:
https://www.bbc.com/news/business-551242362021-10-2219 minThe Jerich Show PodcastThe Jerich Show Episode 64 - Ransomware Without the Encryption, Flight School Hijinx and More!In this episode, Erich and Javvad discuss the weekly hot infosec topics, including ransomware without the encryption, angry ex-employees turned insider threat at a flight school, "super" passwords to not use, and whether or not "It was a deepfake" is the new, "The dog ate my homework".
All of this and more!
Remember to like, subscribe and share!
Stories from the show:
30 Mins or Less: Rapid Attacks Extort Orgs Without Ransomware:
https://threatpost.com/rapid-attacks-extort-ransomware/175445/
Woman, 26, is arrested 'for hacking into Florida flight training school's system an...2021-10-1533 min
The Jerich Show PodcastThe Jerich Show Episode 63 - The Facebook Thing, a Twitchy Hack, Airgapped Pwnage and MoreIn this episode, Javvad makes fun of Erich for his current state of mental exhaustion due to National CyberSecurity Awareness Month, the Facebook outage and incident response tips are discussed, the ramifications of the Twitch breach are covered and an interesting, but maybe not so useful, method of pulling data from an air-gapped system is covered. All of this and more!
Remember to Like, Share and Subscribe!
Stories from the show:
Understanding How Facebook Disappeared from the Internet:
https://blog.cloudflare.com/october-2021-facebook-outage/
Security experts ha...2021-10-0819 minThe Jerich Show PodcastThe Jerich Show Episode 61 - Raging Against the MachineIn this episode, Erich channels his deep inner anger about some government follies that have impacted individuals and organizations alike. Javvad mostly nods along for effect.
Remember to Like, Share and Subscribe!
Stories from the show:
FBI Withholding Kaseya Ransomware Decryption Key Had ‘No Bearing’ on REvil:
https://www.channelfutures.com/security/fbi-withholding-kaseya-ransomware-decryption-key-had-no-bearing-on-revil
Four months on from a sophisticated cyberattack, Alaska's health department is still recovering:
https://www.zdnet.com/article/four-months-on-from-sophisticated-cyber-attack-alaskas-health-services-is-still-recovering/
Investigation launched after MoD email blunder:
https://www.computerweekly.com/news/252506972/Investigation-launched-after-MoD-email-blunder
2021-09-2419 minThe Jerich Show PodcastThe Jerich Show Episode 60 - Hostile TakeoverErich Kron is out this week so the award-winning Host Unknown stepping in and took matters into their own hands.
Follow host unknown on hostunknown.tv @hostunknowntv
Listen to the host unknown podcast on your favourite podcast player
Stories from the show:
‘Significant threat’: cyber attacks increasingly targeting Australia’s critical infrastructure
https://www.theguardian.com/technology/2021/sep/15/significant-threat-cyber-attacks-increasingly-targeting-australias-critical-infrastructure
Microsoft: Windows 10 2004 reaches end of service in December
https://www.bleepingcomputer.com/news/microsoft/microsoft-windows-10-2004-reaches-end-of-service-in-december/
HP patches severe OMEN driver privilege escalation vulnerability
https://w...2021-09-1717 minThe Jerich Show PodcastThe Jerich Show Episode 59 - No Cops or the Data gets Dumped, Cybercrime as a Tax Deduction and MoreIn this episode, Javvad messes up by starting the recording early, then hem and Erich discuss a new threat from a ransomware gang about dumping data if the victim calls the cops, the REvil servers mysteriously being resurrected from the dead, claiming a ransomware payment as a tax deduction and a whole bunch of VPN passwords being stolen.
All of this and more, in this episode of The Jerich Show (complete with a reworked logo)
Remember to Like, Share and Subscribe!
Stories From the Show:
Ransomware gang threatens to l...2021-09-1020 minThe Jerich Show PodcastThe Jerich Show Episode 58 - Returned From a Break: AKA the Curmudgeon EpisodeIt's been a couple of weeks, but Javvad and Erich are back from a little break and far more grumpy than you might assume. That's OK, because, as evidenced by the stories, they are grumpy because nobody fixed the internet while they were gone.
Check out what they are so grumpy about and don't forget to Like, Share and Subscribe!
Stories from the show:
Attackers Can Remotely Disable Fortress Wi-Fi Home Security Alarms:
https://thehackernews.com/2021/08/attackers-can-remotely-disable-fortress.html
Scam artists are recruiting English speakers for business email campaigns:
h...2021-09-0326 minThe Jerich Show PodcastThe Jerich Show Episode 57 - Back from Blackhat and DEFCON, a criminal returning money, phish reportsIn this episode, Erich reminisces about Blackhat and DEFCON, comparing past years to 2021 and Javvad and him discuss some crazy news stories, including one where a cyber thief actually returns $260 million and a new UK governement software that adds a button to report emails to the 'Ministry of Phishy Things', or some such government entity.
Don't forget to Like, Subscribe and Share for more fun looks at very serious topics.
Stories from the show:
Cryptocurrency heist hacker returns $260m in funds:
https://www.bbc.com/news/business-58180692
New one-click button w...2021-08-1331 minThe Jerich Show PodcastThe Jerich Show Episode 56.3 - Day 2 Black Hat Recap and some DEFCON infoIn this quick daily recap, Erich and Javvad talk about the closing day of Black Hat and the start of DEFCON, conference speaking and much more.
2021-08-0620 minThe Jerich Show PodcastThe Jerich Show Episode 56 - Live from Black Hat and more ransomware, a big leak and hotel capsulesIn this episode, Javvad and Erich discuss the first day at Black Hat 2021. They discuss the low attendance at Black Hat, the topics and big vendors at the show and other observations from the show.
In addition they discuss a ransomware attack on a school, a huge amount of data leaked by a mystery company, security issues with a hotel capsule, and more.
Look out for more updates from Vegas this year!
Like, share and subscribe!
Stories from the show:
Report: Over 63 Million US Citizens Exposed in Massive Data Le...2021-08-0524 minThe Jerich Show PodcastThe Jerich Show Episode 54 - Black Hat, Swatting, Kaseya Decryptor, (ISC)2, S3 Badness and MoreThis week Javvad and Erich discuss some of the hottest stories of the past week, including the sentancing of a swatter, the release of a Kaseya universal ransomware decryptor, a $50m demand (possibly being delivered by bicycle), MosaicLoader punishes pirates, the (ISC)2 learning portal for CISSP's and other members and an insurtech startup that joins the 'unsecured S3 bucket' club.
All of this and more. Please like, subscribe and share. Story links and chapter listing is below.
Serial Swatter Who Caused Death Gets Five Years in Prison
https://krebsonsecurity.com/2021/07/serial-swatter-who-caused-death-gets-five-years-in-prison/
Kaseya...2021-07-2635 minThe Jerich Show PodcastThe Jerich Show Episode 54 - Guess who has a breach, Soniwall issues and moreIn this episode, Erich and Javvad discuss some data breaches, issues with outdated and End-of-Life (EOL) hardware and software and issues with government collection of zero-day vulnerabilities and issues related to mandatory reporting with too little time to understand the issue.
Like, subscribe and share!
Fashion retailer Guess discloses data breach after ransomware attack:
https://www.bleepingcomputer.com/news/security/fashion-retailer-guess-discloses-data-breach-after-ransomware-attack/
SonicWall warns of 'critical' ransomware risk to EOL SMA 100 VPN appliances:
https://www.bleepingcomputer.com/news/security/sonicwall-warns-of-critical-ransomware-risk-to-eol-sma-100-vpn-appliances/
22% of exploits for sale in und...2021-07-1622 minThe Jerich Show PodcastThe Jerich Show Episode 52 - Charl van der Walt Chats About Getting Into Infosec & News of the WeekIn this episode, Charl van der Walt jions Erich and Javvad as they talk about the news stories related to the new CISA 'Bad Practices' guidance, My Book Live devices being remotely wiped, Windows print spoolers being weaponized and data movement by pigeons.
Charl then talks about what it's like being a CEO, what he looks for in potential employees, the state of security organizations in South Africa, the value of certifications and more.
Remember to hit the 'Like' button, then subscribe and share for more great weekly episoded.
About Charl:
...2021-07-0258 minThe Jerich Show PodcastThe Jerich Show Episode 51 - John McAfee Dead, Cryptobros Vanish with $2.2B and FB Takes On PrivacyIn this episode Javvad and Erich discuss the death of John McAfee, a story where 2 brothers in South Africa disappear under mysterious circumstances (and along with $2.2 billion in BTC) and, Facebook calls out Apple by funding an attempt at an academic-ish paper, as they strive to protect you from the evils of monopolistic behavior (or maybe just to protect their own profits). All this and more in this episode!
Be sure to like, subscribe and share!
Javvad's Interview with John McAfee:
https://www.youtube.com/watch?v=xHuVW63ceSQ
Stories from the...2021-06-2519 minThe Jerich Show PodcastThe Jerich Show Episode 50 - Magda de Jager joins us to discuss cyber busts in Kyiv and much moreIn this episode, Javvad and Erich are joined by Magda de Jager (aka Mags) to discuss this weeks news stories, including the Peloton bike vulnerability (or is it?), the takedown of the Clot ransomware gang and credential stuffing attacks targeting the travel and retail industries. Mags also discusses her journey to working in infosec and much, much more!
Please like, share and subscribe
About Mags:
Twitter: @magsdj
LinkedIn: https://www.linkedin.com/in/magdadejager/
Stories from the show:
Ukrainian police partner with US, South Korea for raid on Clop...2021-06-1853 minThe Jerich Show PodcastThe Jerich Show Episode 49 - Mo Amin joins us for talk about culture, a big pwd dump, MQTT and moreIn this episode Javvad and Erich welcome Mo Amin, -------- at ------- as we discuss the Fastly outage, some vulnerabilities in some MQTT handlers, what might be the biggest password dump of all times and we have some serious discussion about company security culture and what that means to an organization.
Don’t forget to like, share and subscribe for more great weekly content!
About Mo:
Twitter: @infosecmo
LinkedIn: https://www.linkedin.com/in/moamin1/
Stories form the show
One Fastly customer triggered internet meltdown:
https://www.bbc.com/new...2021-06-1146 minThe Jerich Show PodcastThe Jerich Show Episode 47 - Breach laws, Russian Marketplaces and Attacks on JapanIn this episode, Erich is recovering from a minor spinal surgery an hour before recording and Javvad makes him discuss topics ranging from the FBI notice about Conti attacking hospitals and first responders, the governement attempting to get control of data breaches, a huge illegal Russian dark web market and recent Japan hacks
Don't forget to like, share and subscribe!
Links from the show:
The most important link in the list - 恋のセキュリティホール〜HACK SONG〜:
https://www.youtube.com/watch?v=ZQlvY5UfjeE
FBI Flaaaaaash:
https://www.documentcloud.org/documents/20785301-conti-ransomware-attacks-i...2021-05-2829 minThe Jerich Show PodcastThe Jerich Show Episode 46 - Cloud Camera Woes, and Andra Zaharia Talks Cybersecurity MarketingIn this episode, Javvad and Erich welcome Andra Zaharia to the show as they talk about an issue with an update to servers behind some cloud cameras that allowed people to view other feeds, how a Russian keyboard can stop malware and about infosec marketing, both externally to customers and internally to your leadership.
Stories: Bug Exposes Eufy Camera Private Feeds to Random Users
https://threatpost.com/eufy-cam-private-feeds/166288/
Russian keyboards can stop ransomware?
https://www.newstalk.com/news/russian-keyboard-could-protect-you-from-potential-cyber-hack-expert-says-1197842
About Andra:
Twitter: @AndraZaharia
LinkedIn: https://w...2021-05-2151 minThe Jerich Show PodcastThe Jerich Show Episode 45 - CIA, government meddling, another data breach and a bug bounty for goodThis week Erich and Javvad talk about the issues of law enforcement making changes to private companies servers, the spotting of some CIA malware, another government data breach and an awesome bug bounty story.
Listen, like and subscribe!
Links from the show:
This software update is deleting botnet malware from infected PCs around the world
https://www.msn.com/en-us/news/technology/this-police-update-is-now-deleting-botnet-malware-from-infected-pcs-around-the-world/ar-BB1g3Prr?ocid=BingNews
Security firm Kaspersky believes it found new CIA malware
https://therecord.media/security-firm-kaspersky-believes-it-found-new-cia-malware/
2021-04-3017 minThe Jerich Show PodcastThe Jerich Show Episode 44 - Japanese Biker tricks the Internet, McDonalds Ice cream makers & moreIn this episode, Erich and Javvad discuss a 50-year-old male Japanese motorcycler that tricked his fans in to believing he was a 20-something-year-old female with digital face swap trickery, How McDonalds $18k ice cream machines have a dirty little secret, and maybe a fix for that with a Raspberry Pi, and free or cheap alternatives to some popular graphics design programs.
All this and more. Don't forget to watch, like and subscribe below
Stories from the show:
Face editing: Japanese biker tricks internet into thinking he is a young woman
https://www.b...2021-04-2326 minThe Jerich Show PodcastThe Jerich Show Episode 43 - FBI playing geek squad, PII via real estate and Derrick Thomas joins usHave you ever wanted to start an infosec conference of your very own? This week Erich and Javvad talk with Derrick Thomas, a co-founder of BSides Tampa, about what it's like to start and grow a conference, some pitfalls and reaching for stars.
They will also discuss the FBI fixing Exchange servers via search warrants, Derrick will be distracted by a clickbait ad about twerking, and realtors showing PII in a virtual tour will be discussed.
Don't forget to like and subscribe to the podcast and video versions.
About Derrick:
Twitter: @BSidesTampa2021-04-1650 minThe Jerich Show PodcastThe Jerich Show Episode 42 - The Dramatic Reading Episode with @TriciaKicksSaaSIn this great episode, Erich and Javvad welcome Tricia Howard to the show as they discuss the Ziggy ransomware game giving refunds (no, really), the 500 million user LinkedIn profile scrape, getting in to the cybersecurity industry from outside, and more.
Trisha even uses her amazing theatrical skills to do a dramatic reading of a ransomware note.
Remember to watch, like, and subscribe!
Trisha's information:
Twitter and Instagram: @TriciaKicksSaaS
LinkedIn: https://www.linkedin.com/in/triciakickssaas/
Stories from the show:
Ziggy ransomware admin announces refunds for all targeted victims2021-04-0943 minThe Jerich Show PodcastThe Jerich Show Episode 41 - Talking culure with Kai RoerIn the episode, Javvad and Erich welcome Kai Roer to the show to talk about a Twitter account takeover, a big potential data leak, responsibility in a phishing click and of course, about security culture.
About Kai:
Twitter: @kairoer
LinkedIn: https://www.linkedin.com/in/kairoer/
Stories From the Show:
Phish Leads to Breach at Calif. State Controller
https://krebsonsecurity.com/2021/03/phish-leads-to-breach-at-calif-state-controller/
NHS boss's Twitter accounts hacked by PS5 scammers:
https://www.bbc.co.uk/news/technology-56456002
Forex Broker Leaks Billions of Customer Records Online:2021-03-2642 minThe Jerich Show PodcastThe Jerich Show Episode 40 - The Camera Episode. Pwned Cameras, Tracking and MoreFrom security camera feeds being pwned to tracking people through lens scratches and dust and big issues with some Adobe software, cameras and related items are the topic today for Javvad and Erich.
Links from the show:
FB can track you via dust and scratches:
https://www.tiktok.com/@jengolbeck/video/6936959507356486918
The FB patent for associating cameras with users and objects in a social networking system
https://patents.google.com/patent/US9485423B2/en
Dr. Jen Golbeck:
Twitter: https://twitter.com/jengolbeck
TikTok: https://www.t...2021-03-1219 minThe Jerich Show PodcastThe Jerich Show Episode 39 - James McQuiggan, Elder Fraud, AOL Phishing and MoreIn this episode, Erich and Javvad are joined by their colleague and friend, James McQuiggan, as they discuss Elder Fraud, phishing attacks targeting AOL users, Cash App phishing kits and bogus Capital Calls among other things.
James McQuiggans info:
Twitter: @James_McQuiggan
LinkedIn: https://www.linkedin.com/in/jmcquiggan/
His book Pick:
Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors
https://www.amazon.com/Transformational-Security-Awareness-Neuroscientists-Storytellers/dp/1119566347/
Stories from the show:
Elder Fraud:
https://www.fbi.gov/scams-and-safety/common-scams-and-crimes/elder-fraud2021-03-0538 minThe Jerich Show PodcastThe Jerich Show Episode 38 - Mohammed Aldoub discussed API and Cloud securityMohammed Aldoub AKA @voulnet is an API and Cloud security expert. While Erich is off nursing a sore neck, Mohammed keeps Javvad quiet and drops some serious API security knowledge.
Links discussed:
Clubhouse https://twitter.com/_DanielSinclair/status/1363738761339826177?s=19
Hacking Starbucks https://samcurry.net/hacking-starbucks/
Cloud pricing specialists https://www.duckbillgroup.com/
API vulnerability https://hackerone.com/reports/810320
Exploiting Drupal8's REST RCE https://www.ambionics.io/blog/drupal8-rce
Stop using JWT for sessions http://cryto.net/~joepie91/blog/2016/06/19/stop-using-jwt-for-sessions-part-2-why-your-solution-doesnt-work/
Moha...2021-02-2640 minThe Jerich Show PodcastThe Jerich Show Episode 37 - Javvad's internet is broken, we talk ransomware and the new M1 virusJavvad's internet is broken, so he is a pixelated mess, but we still talk ransomware and the new Mac M1 virus.
Stories from the show:
Kia Motors Hit With $20M Ransomware Attack – Report (with a cameo ad for Erich's upcoming ThreatPost panel)
https://threatpost.com/kia-motors-ransomware-attack/164085/
When Cyber Gangs Disregard Ransomware Payments, Victims Can Be Hit Twice
https://securityintelligence.com/news/when-cyber-gangs-disregard-ransomware-payments/
First Malware Running Natively on M1 Chip Discovered
https://www.macrumors.com/2021/02/17/first-m1-chip-malware/
2021-02-1914 minThe Jerich Show PodcastThe Jerich Show Episode 36 - Kylee Lockwood, ICS issues, a lawyer that is not a cat and more.In this episode, Erich and Javvad welcome Kylee Lockwood, a pro in the field of compliance, to the show as they discuss issues with ICS, the impact of cat filters on professional people and another loss of source code.
Kylee's contact information:
LinkedIn - https://www.linkedin.com/in/kyleemarie/
Twitter - @kyleemariel
Links from the show:
Hackers steal StormShield firewall source code in data breach
https://www.bleepingcomputer.com/news/security/hackers-steal-stormshield-firewall-source-code-in-data-breach/
ICS Challenges
https://www.zdnet.com/article/hacker-modified-drinking-water-chemical-levels-in-a-us-city/
Lawyer is NOT a c...2021-02-1257 minThe Jerich Show PodcastThe Jerich Show Episode 35 - Ransomware, WiFi Ownage and Facial RecognitionIn this episode Erich and Javvad discuss stories related to ransomware, vulnerabilites in some WiFi chipsets and issues related to the Greek police officers being issued hardware allowing for facial recognition and fingerprint identification.
Stories in this episode:
Critical Bugs Found in Popular Realtek Wi-Fi Module for Embedded Devices:
https://thehackernews.com/2021/02/critical-bugs-found-in-popular-realtek.html
Ransomware attacks increasingly destroy victims’ data by mistake:
https://www.bleepingcomputer.com/news/security/rise-in-ransomware-attacks-mistakenly-causing-data-destruction/
Ransomware: A company paid millions to get their data back, but forgot to do one thing. So the hackers came ba...2021-02-0519 minThe Jerich Show PodcastThe Jerich Show Episode 34 - Adrian Sanabria, the Emotet takedown and moreThis week Javvad and Erich welcome a long time friend and former colleague of Javvad's, Adrian Sanabria to the show as they discuss news around the takedown of the the Emotet group, a new phishing toolkit that dynamically changes brands and other news from they cybersecurity world. Adrian also discusses his new job and how it will change the future of infosec tool product reviews.
Don't forget to like and subscribe for more great weekly content!
Adrian's Social Media:
Twitter: @sawaba
LinkedIn: https://www.linkedin.com/in/adrian-sanabria/
OnlyFans: TBD
S...2021-01-2945 minThe Jerich Show PodcastThe Jerich Show Episode 33 - Headline RouletteKnowing that Erich was going in for doctor visit that morning, Javvad decided rather than a traditional show, to help take his mind off things, he would put Erich on the spot to comment to stories he had no idea were coming.
Welcome to Headline Roulette, a speed response to the following stories with no time to actually read these articles:
Privacy-focused search engine DuckDuckGo grew by 62% in 2020
https://www.bleepingcomputer.com/news/technology/privacy-focused-search-engine-duckduckgo-grew-by-62-percent-in-2020/
FBI: Disinformation Campaigns Seek to Exploit Capitol Siege
https://www.bankinfosecurity.com/fbi-disinformation-campaigns-seek-to-exploit-capitol-siege-a-15782
...2021-01-2217 minThe Jerich Show PodcastThe Jerich Show Episode 32 - Rowenna Fielding - Let's talk about privacyIn this episode, Javvad and Erich are joined by privacy expert Rowenna Fielding for a fun and informative show discussing privacy issues around the globe. The group discusses changes made by TikTok, the new WhatsApp privacy debacle, the use crowdsourcing by law enforcement after the capitol fiasco, and how to move from and infosec role to a job focused on privacy.
Rowenna’s recommended books:
• Surveillance capitalism - https://www.amazon.com/Age-Surveillance-Capitalism-Future-Frontier/dp/1541758005/
• Weapons of math destruction - https://www.amazon.com/Weapons-Math-Destruction-Increases-Inequality/dp/0553418831/
• Algorithms of oppression - https://www.amazon.com/Algorithms-Oppression-Search-Engines-Reinforce/dp/147983...2021-01-1551 minThe Jerich Show PodcastThe Jerich Show Episode 31 - Garrett Gross, The End Of The Year And Our Favorite Stories Of 2020Join Javvad and Erich as they trick the ever funny and good humored Garrett Gross in to joining, them one last time before their end of year break, for a solid 9 minutes of great discussion followed by his dismissal. Once rid of him, the team turns the topic to their own favorite infosec stories of 2020.
After this episode Erich and Javvad will be taking a break until the new year while they try incantations, burning of incense, interprative dance and any other possible method of ensuring 2021 won't be the dumpster fire that 2020 was.
This is a...2020-12-1133 minThe Jerich Show PodcastThe Jerich Show Episode 30 - Alethe Denis Joins Us, Amazon Scams, and Cyber Attacks at HomeIn this episode, Javvad and Erich welcome Althe Denis, winner of the Social Engineering Capture the The Flag (SECTF) at DEFCON and one of the most motivated and awesome people we have met.
They discuss her path to an infosec career, how she keeps things straight and advice for those interested in getting in to the infosec community from other careers.
They also discuss some interesting news stories related to cyber attacks on homes, the OGUsers forum hack/ransom, Amazon delivery scams and the value of C-Level executive credentials and accounts.
All this and...2020-12-0448 minThe Jerich Show PodcastThe Jerich Show Episode 29 - When our Privates Aren't PrivateIn this special Thanksgiving episode, Erich and Javvad talk about privacy issues related to both the government and in the private sector. Should your employer judge your performance on based on an Office 360 report? Should the government restrict singing in your own home?
These questions and more will be answered in this episode.
Don't forget to like and subscribe!
Links from the show:
CDC Guidance:
https://www.cdc.gov/coronavirus/2019-ncov/global-covid-19/shielding-approach-humanitarian.html
California Guidance:
https://www.cdph.ca.gov/Programs/CID/DCDC/Pages/COVID-19/Guidance-for-the-Prevention-of-COVID-19...2020-11-2729 minThe Jerich Show PodcastThe Jerich Show Episode 28 - That Time Mark Shawa (Afri-CAN) Joined UsIn this show, Javvad and Erich welcome the incredibly entertaining guest, Mark Shawa. Mark discusses ways to improve security culture, why it's so important, and gives sugeestions for reading materials and people to follow in the industry.
Erich and Javvad also discuss how stress is impacting employees, the spike in phishing as we get close to Black Friday and a really interesting and scary new attack using browser notifications.
Join us and subscribe for the latest in cybersecurity news delivered every week and check out the podcast version at https://thejerichshow.podbean.com/.
L...2020-11-2033 minThe Jerich Show PodcastThe Jerich Show Episode 27 - Kids Games and Breaches plus Microsoft Says To Ditch SMS MFAAfter a week off after a traffic accident, Erich and Javvad discuss another data breach around a kids game and discuss the Microsoft advisory to move away from SMS Multi-Factor Authentication
Links from the show:
Hacking Multifactor Authentication:
https://amzn.to/2K2RMba
Hackers Steal 46 Million Records from Kids’ Game Developer:
https://www.infosecurity-magazine.com/news/hackers-steal-46-million-records/\
The Animal Jam data breach notification:
https://www.animaljam.com/en/2020databreach
The difference between two-factor and two-step authentication:
https://paul.reviews/the-difference-between-two-factor-and-two-step-authentication/
Microsoft ur...2020-11-1308 minThe Jerich Show PodcastThe Jerich Show Episode 26 - More Low Blows from the Ransomware GangsIn this episode Javvad and Erich take a look at the new low that the Ryuk ransomware gang is sinking to, that is targeting hospitals and medical clinics.
They also discuss the incredible amount of money being made in the ransomware game, with one group claiming to have made over $100 million. On the other side of that coin, a ransomware gang donated $10k to charity. Why? Who really knows? Maybe guilt, maybe a PR move, maybe just a way to get mentioned on the show.
Finally, to wrap up their ransom demanding trend today, they di...2020-10-3023 minThe Jerich Show PodcastThe Jerich Show Episode 25 - Direct Threats Against Voters and Fun with Zero-DaysIn this episode Erich and Javvad discuss the threatening emails sent to some US voters that are registered Democrats, apparently from none other than Iran. Do they help a certain party or are they just designed to create division?
In addition, there is a new 0-day vulnerability for Chrome that is being exploited in the wild. Javvad and Erich discuss the issues related to patching and when 0-days are important, and when they aren't.
All this, plus Javvad gets confused while trying to accomplish the simple task of announcing the podcast version of The Jerich S...2020-10-2317 minThe Jerich Show PodcastThe Jerich Show Episode 24 - Burnout, Barnes & Noble and Bad AdsIn this episode Javvad and Erich discuss pandemic burnout, the Barnes & Noble breach and the trouble with advertising and accidental outrage.
If you like this episode, subscribe for more weekly insights
2020-10-1918 minThe Jerich Show PodcastThe Jerich Show Episode 23 - It's NCSAM and About Time We Had Another SponsorIn this episode, Erich and Javvad are joined by Thom Langford from (TL)2 Security, who somehow got us to refer to him as a sponsor. I think Javvad is taking bribes now.
The important and valuable parts of this episode are our chats about National CyberSecurity Awareness Month (NCSAM) and ways to make your programs work well and about MFA. Thom and Erich offer great advice while Javvad just nods his head.
2020-10-1617 minThe Jerich Show PodcastThe Jerich Show Episode 21 - TikTok, Ransomware Kills and Chasing Child PredatorsIn this episode Erich and Javvad chat about the TikTok and Oracle merger/buyout/whatever thing that is happening, a case where ransomware kills and finally we discuss how people are being leveraged to help find endangered children or help hunt down child predators.
Links from this episode:
Oracle and TikTok:
https://techcrunch.com/2020/09/13/oracle-wins-bid-to-buy-tiktok/
A Ransomware Attack Turns Deadly:
https://www.theverge.com/2020/9/17/21443851/death-ransomware-attack-hospital-germany-cybersecurity
Europol's Stop Child Abuse – Trace An Object:
https://www.europol.europa.eu/stopchildabuse
Innocent Lives Foundation:
https://www.innocentlivesfoundation.org/get...2020-10-1619 minThe Jerich Show PodcastThe Jerich Show Episode 20 - More Fun With RansomwareIn this episode Javvad and Erich chat about some recent ransomware attacks that hit a school district here in the US and a power provider in Pakistan. We discuss the timing of the tactics being used by attackers and other somewhat interesting points.
2020-10-1614 minThe Jerich Show PodcastThe Jerich Show Episode 19 - That Time Quentyn Joined UsThis week Javvad and Erich were joined by Quentyn Taylor, where we discussed SIM swapping attacks and how Ring doorbells could ruin the suprise the police have planned for you.
Check out Quentyn on Twitter at @QuentynBlog
Links to our stories:
The SIM swapping attacks against phone carriers
https://www.vice.com/en_us/article/5dmbjx/how-hackers-are-breaking-into-att-tmobile-sprint-to-sim-swap-yeh
FBI worried that Ring doorbells are spying on police
https://www.bbc.com/news/technology-53985418
The Ring neighborhood app Erich mentioned
https://www.nytimes.com/wirecutter/blog/ring-neighbors-app-review/
2020-10-1618 minThe Jerich Show PodcastThe JerichShow Episode 18 - The One About the RussianJoin Javvad and Erich as they discuss the interesting situation where a Russian criminal tried to get an employee to sabotage their organzation, offering a million dollars to do it.
They also discuss a quite simple and lucrative plan that was selling toothbruses to Amazon for $94 each.
2020-10-1614 minThe Jerich Show PodcastThe Jerich Show Episode 17 - Not the Carnival I hoped for and an Uber Big Legal IssueIn this episode, Once Javvad remembers who he is, has a discussion with Erich about the Carnival Cruise Lines ransomware attack/data breach, new legal filings against the past Uber CISO related to that breach, and the importance of transparency when the wheels fall off the wagon.
Carnival:
https://www.engadget.com/carnival-cruise-customer-data-at-risk-following-ransomware-attack-225029822.html
The Uber Issue
https://www.npr.org/2020/08/20/904113981/former-uber-executive-charged-with-paying-hush-money-to-conceal-massive-breach?t=1598007456273
2020-10-1612 minThe Jerich Show PodcastThe Jerich Show Episode 16 - Social Media Fights and Real Things That Seem Like ScamsIn this episode Javvad and Erich tackle the rather interesting situation that happened last week when one vendor accused another one of some shady practices, then found out it wasn't them. Do fights over social media really help? They discuss it.
They also talk about people receiving legitimate emails that follow the script of the phishing emails to the point, you can't tell them apart.
This and more on this episode of the Jerich Show!
2020-10-1618 minThe Jerich Show PodcastThe Jerich Show Episode 13 - MeowErich is on holiday, but the show must go on!
Stories covered:
Posti Phishing scam:
https://yle.fi/uutiset/osasto/news/helsinki_police_probe_200k_phishing_scam_in_postis_name/11438564
Meow Bot:
https://www.forbes.com/sites/daveywinder/2020/07/22/not-all-internet-cats-are-cute-meow-bot-is-a-database-destroyer/#13a2a8b30e24
2020-10-1606 minThe Jerich Show PodcastThe Jerich Show Episode 12 - A Tweetworthy WeekThis week Javvad and Erich chat about the the week that twitter got hacked and the the social engineering behind the associated Bitcoin scam. We also both look back and wish we had invested when BTC was $35
2020-10-1612 minThe Jerich Show PodcastThe Jerich Show Episode 10 - TikTok, Social Media and PrivacyIn this episode of the Jerich Show, Erich and Javvad discuss the world of social media and how much data we trade for a few funny videos. **Spoiler alert: It's a lot**
Guy Who Reverse-Engineered TikTok Reveals The Scary Things He Learned, Advises People To Stay Away From It: https://www.boredpanda.com/tik-tok-reverse-engineered-data-information-collecting/
Social Media Information Breach:
https://www.forbes.com/sites/petersuciu/2020/06/26/there-isnt-enough-privacy-on-social-media-and-that-is-a-real-problem/#38ddaad444f1
2020-10-1622 minThe Jerich Show PodcastThe Jerich Show Episode 9 - I Can't Remember What This Was AboutIn this episode of the Jerich Show, Javvad and Erich talk about mental exhaustion, the stressors of being tired and how this can lead to falling for scams and social engineering attacks.
2020-10-1611 minThe Jerich Show PodcastThe Jerich Show Episode 8 - Of Tea Shops and Cyber MercenariesIn this episode Javvad and Erich discuss a group of cyber mercenaries that put up shop above a nice little tea shop in New Delhi.
The discussed in the story is here: https://in.reuters.com/article/india-cyber-mercenaries/exclusive-obscure-indian-cyber-firm-spied-on-politicians-investors-worldwide-idINKBN23G1FI
2020-10-1611 minThe Jerich Show PodcastThe Jerich Show Episode 7 - Social Media Misinformation, Statistics and the 5G'sIn this episode Erich and Javvad tackle the issue of misinformation in social media and the impacts it can have. We all know that there are lies, damn lies and statistics. Bots are taking over Twitter and other social media sites and posting divisive content to both sides of arguments. It's never been more important to do your own fact checking and understand what is actually being presented. Also, people are falling for silly stuff due to the hype, so as a public service, Javvad tells us about a device meant to save us from the 5G's.
2020-10-1615 minThe Jerich Show PodcastThe Jerich Show Episode 6 - How Low Will They Go?In this episode Javvad and Erich talk about scammers and just how low they will go to make a few bucks. We also discuss how some of their stupidity gets them caught
2020-10-1610 minThe Jerich Show PodcastThe Jerich Show Episode 5 - The CISSP is a Masters Degree?In this episode of the Jerich show, Javvad and Erich tackle the recent issue of the CISSP and Masters degree equivalency bombshell.
2020-10-1612 minThe Jerich Show PodcastThe Jerich Show Episode 4 - Executive Phishing and Returning to Work ChaosIn this episode, Javvad talks about an incident where executives were compromised at over 150 companies and Erich talks the mayhem we can expect when returning to work as the economy is reopened
2020-10-1613 minThe Jerich Show PodcastThe Jerich Show Episode 3 -Travelex and DoppelpaymerIn this episode, Javvad talks about the current post-incident status of Travelex and Erich talks about the City of Torrance, Ca getting hit by Doppelpaymer ransomware
2020-10-1608 minThe Jerich Show PodcastThe Jerich Show Episode 2 - From Ransomware to Facebooks ScamsIn this episode, Javvad and Erich discuss security topics ranging from the new normal for ransomware to hot scams on Facebook.
2020-10-1611 minThe Jerich Show PodcastThe Jerich Show Episode 1 - COVID Scams, Mental Health Plus MoreIn this episode Javvad and Erich carry the mantra "Timely Topics, Poorly Presented" as they discuss a bunch of different COVID-19 scams, mental health during the pandemic and Javvad shows just how blue he has become.
2020-10-1625 min