Back

Explore every episode of the podcast Shared Security Podcast

Dive into the complete episode list for Shared Security Podcast. Each episode is cataloged with detailed descriptions, making it easy to find and explore specific topics. Keep track of all episodes from your favorite podcast and never miss a moment of insightful content.

Rows per page:

1–50 of 567

TitlePub. DateDuration
Telegram is NOT an Encrypted Messaging App, Must-See Documentaries02 Sep 202400:22:21
In this episode, we explore the recent arrest of Telegram founder Pavel Durov in France and discuss the app's encryption claims. Is Telegram truly an encrypted messaging app? Joining the conversation is co-host Kevin Johnson, bringing his trademark opinions. We also talk about some intriguing documentaries, including 'LulaRich' about the LuLaRoe leggings company and 'Class Action Park' about a dangerous theme park in New Jersey. Tune in to hear our thoughts on these topics and more!
Google’s Monopoly: The Debate Heats Up, Amazon Alexa Privacy Tips26 Aug 202400:24:57
This week, we discuss Google's recent accusation by the U.S. Justice Department for being a monopoly and its implications for privacy and cybersecurity. We also cover essential privacy settings for Alexa smart speakers and their importance. Join the hosts, Tom, Kevin, and Scott, for an engaging conversation on these topics, along with a segment from ClickArmor on cybersecurity training. Plus, a recap of the Black Hat and B Sides Las Vegas conferences.
The U.S. Bans Kaspersky Antivirus, WordPress Plugin Supply Chain Attacks01 Jul 202400:15:44
In episode 336 of the Shared Security Podcast, we discuss the Biden administration's recent ban on Kaspersky antivirus software in the U.S. due to security concerns linked to its Russian origins. We also highlight the importance of keeping all software updated, using recent examples of supply chain attacks that have compromised several popular WordPress plugins. Join hosts Tom Eston and Scott Wright as they examine these key cybersecurity issues and emphasize proactive security measures. Plus, find out why co-host Kevin Johnson is missing this week and get the latest updates from Aware Much, sponsored by ClickArmor.
Attack of the Wi-Fi Spy Drones, How to Destroy Your Old Electronics, Signal Removes SMS Support24 Oct 202200:19:01
Two modified wi-fi enabled drones were found on the top of a financial firm's building and used to intercept a employee's credentials, a fun discussion about the best way to physically destroy data on electronics that no longer work, and details about Signal removing SMS support for Android users.
Uber Breach Guilty Verdict, Mandatory Password Expiration, Fake Executive Profiles on LinkedIn17 Oct 202200:20:58
Former Uber CSO Joe Sullivan was found guilty of obstructing a federal investigation in connection with the attempted cover-up of a 2016 hack at Uber, NIST and Microsoft say that mandatory password expiration is no longer needed but many organizations are still doing it, and how fake executive profiles are becoming a huge problem for LinkedIn.
Hackers Need 5 Hours or Less to Break In, SMS Phishing Tactics, Strange Ways Employees Expose Data10 Oct 202200:24:11
A recent survey of ethical hackers by Bishop Fox and SANS shows that once a vulnerability or weakness is found about 58% of ethical hackers can break into an environment in less than five hours, SMS phishing and text message scams appear to be changing tactics taking a more "urgent" tone, and a discussion about strange ways employees can accidentally expose data.
What are Passkeys, PowerPoint Mouseover Attack, 2K Games Support Hacked03 Oct 202200:21:26
Passkeys are coming soon to Apple iOS 16 so what are passkeys and why are they an eventual replacement for passwords? Researchers have discovered a new attack that uses mouse movement in Microsoft PowerPoint to deploy malware, and details on how the 2K Games help desk support platform was compromised to push malware through fake support tickets.
Uber Hacked by 18 Year Old, Morgan Stanley Hard Drives Got Auctioned, Deleting Your Data is Hard26 Sep 202200:20:10
Uber got hacked by an 18 year old using social engineering and a multi-factor authentication fatigue attack, Morgan Stanley has been auctioning off hard drives holding sensitive client data since 2015, and why is it so hard for social networks to remove personal data when deleting your user account.
Facebook Doesn’t Know Where Your Data Is, New Hire Spearmishing Attack, Smart Thermostat Lock Out19 Sep 202200:20:27
In recent court testimony two Facebook engineers were asked what information, precisely, does Facebook store about us, and where is it? Surprisingly they said, they don't know. Details on how brand new employees of companies are being "spearmished" (hat tip to @ErinInfosec and @RachelTobac via Twitter), and how thousands of Colorado residents found themselves locked out of their smart thermostats to help prevent the power grid from failing.
TikTok Denies Data Breach, Los Angeles School District Ransomware Attack, Fingerprint Scanners in School Bathrooms12 Sep 202200:25:43
TikTok has denied reports that it was breached by a hacking group, after it claimed they have gained access to over 2 billion user records, the Los Angeles school district, the second-largest in the US, suffered a ransomware attack, and details on how one high school in Sydney Australia installed fingerprint scanners at the entrance to bathrooms to track student movements and prevent vandalism.
LastPass Data Breach, ETHERLED: Air-Gapped Systems Attack, Twitter Whistleblower Complaint05 Sep 202200:26:31
Popular password manager LastPass announced that some of their source code was stolen, but that no customer passwords were compromised in a recent data breach disclosure, an Israeli researcher has discovered a new method to exfiltrate data from air-gapped systems using the LED indicators on network cards, and details about the Twitter whistleblower Peiter “Mudge” Zatko and his claims about how Twitter had poor security practices, misled federal regulators about safety, and failed to properly estimate the number of bots on Twitter.
Janet Jackson Can Crash Laptops, Credential Phishing Attacks Skyrocket, A Phone Carrier That Doesn’t Track You29 Aug 202200:18:15
Janet Jackson’s “Rhythm Nation” has been recognized as an exploit for a vulnerability after Microsoft reported it can crash the hard drives of certain old laptop computers, phishing attacks that compromise credentials using brand impersonation are on the rise, and details about a new privacy focused phone carrier that doesn't track your location or web browsing activity.
Multi-Factor Authentication Fatigue Attack, Signal Account Twilio Hack, Facebook and Instagram In-App Browser22 Aug 202200:23:11
A Cisco employee was compromised by a ransomware gang using a technique called multi-factor authentication fatigue, an attack on the Signal messenger app's SMS service Twilio potentially disclosed the phone numbers of 1,900 users, and details on how Facebook and Instagram track what you click on including your web browsing history by using their in-app browser.
Exploring Cutting-Edge Browser Security with Vivek Ramachandran – Founder of SquareX27 Jun 202400:23:07
In this special episode of the Shared Security Podcast, host Tom Eston interviews Vivek Ramachandran, the founder of SquareX. Vivek shares his journey in WiFi security, recounting his introduction of the Cafe Latte man-in-the-middle attack and founding of Pentest Academy. He discusses his latest venture, SquareX, a company focused on browser security to protect employees from client-side attacks. Vivek explains SquareX's workings, industry challenges, and insights into Secure Web Gateways (SWGs). He also previews his upcoming DEF CON talk on bypassing SWGs and shares thoughts on AI in cyber-attacks. Learn about the future of browser-based security solutions and how enterprises can better protect themselves against sophisticated attacks. Thank you to SquareX for sponsoring this episode! Find out more about SquareX at https://sqrx.com/
The Importance of Faraday Technology with Aaron Zar from SLNT15 Aug 202200:24:53
Aaron Zar, SLNT founder and director of disconnection joins co-host Tom Eston to discuss the importance of Faraday technology, what's changed with privacy over the last several years, some of the really cool SLNT Faraday products now available, and how Aaron tested product durability by running over a SLNT Faraday Backpack (containing a MacBook Pro) with a truck! Don't forget, listeners of the podcast get 10% off at slnt.com using discount code "sharedsecurity" during checkout!
Phone Numbers Used for Identification, Hacker Summer Camp Advice, Samsung Repair Mode08 Aug 202200:25:52
Why your phone number is becoming a popular way to identify you, our advise on how to best protect your privacy at hacker summer camp in Las Vegas (BSides, BlackHat, DEF CON), and details on Samsung's new repair mode which will protect your private data on your smartphone when you take it in for repairs.
Twitter Data Breach, 15 Minutes to Exploit Zero-Day Vulnerabilities, Resilient Deepfake Traits01 Aug 202200:26:14
Twitter suffers a data breach of phone numbers and email addresses belonging to 5.4 million accounts, new research shows that attackers are finding and exploiting zero-day vulnerabilities in 15 minutes, and details on how a resilient trait in videos and images could aid in deepfake detection.
Robert Kerbeck Author of RUSE: Lying the American Dream from Hollywood to Wall Street25 Jul 202200:29:04
In this episode learn all about the world of corporate spying from someone who was a corporate spy and actually wrote a book on it! Robert Kerbeck author of "RUSE: Lying the American Dream from Hollywood to Wall Street" joins us to discuss his fascinating career as a corporate spy, life as a struggling actor, his many celebrity encounters (including his performance in the infamous OJ Simpson exercise video), and how the corporate spying game is still big business. This is one interview you don't want to miss!
Apple Previews Lockdown Mode, Another Marriott Data Breach, Smart Contact Lenses18 Jul 202200:23:03
Apple previews Lockdown Mode which is designed for high risk individuals such as human rights workers, lawyers, politicians and journalists, hotel chain Marriott confirms another data breach, and new details on the development of smart contact lenses and what these could mean for your privacy.
Could TikTok Be Removed From App Stores, HackerOne Employee Caught Stealing Vulnerability Reports, California Gun Owner Data Breach11 Jul 202200:21:03
The commissioner of the FCC (Federal Communications Commission), asked the CEOs of Apple and Google to remove TikTok from their app stores, bug bounty platform HackerOne disclosed that a former employee improperly accessed security reports and submitted them for personal gain, and new details on the California gun owner data breach which had exposed the personal information of hundreds of thousands of gun owners.
Period Tracking Apps and Your Privacy, Vendor Impersonation Attacks, LockBit Ransomware Bug Bounty Program04 Jul 202200:18:48
Period tracker apps are causing privacy concerns because they could potentially be used against women in states that ban abortion, new research shows that vendors are being impersonated more than employees in Business Email Compromise (BEC) attacks, and details on the first ever bug bounty program from the creators of the LockBit ransomware operation.
Tim Hortons Privacy Investigation, Social Engineering Kill-Chain, Hospitals Sending Facebook Your Data27 Jun 202200:25:51
The Tim Hortons mobile app created a “a mass invasion of Canadians’ privacy" by conducting continuous location tracking without user consent even when the app was closed, what is a social engineering kill-chain and how can this help understand and prevent attacks, and new research shows 33 out of the top 100 hospitals in America are sending sensitive heath information to Facebook via the Meta Pixel ad tracking tool.
Bipartisan Digital-Privacy Bill, Delete Your Data Before Selling Your Car, Firefox Total Cookie Protection20 Jun 202200:23:30
A new bipartisan privacy bill, the American Data Privacy and Protection Act, "could" be the first privacy legislation in the US not doomed to fail, a story about why you should delete your location and private data in your car's navigation system before selling it, and details on Firefox's new privacy feature called "Total Cookie Protection".
Hacking Ham Radio: Why It’s Still Relevant and How to Get Started13 Jun 202200:29:55
This week we discuss hacking ham radio with special guests Caitlin Johanson, Rick Osgood, and Larry Pesce. In this episode you'll learn what ham radio is, why its still relevant, why would attackers want to hack ham radio, all about packet radio and APRS (Automatic Packet Reporting System), and what equipment and licensing you need to get started in ham radio.
Social Media Warning Labels, Should You Store Passwords in Your Web Browser?24 Jun 202400:22:28
In this episode of the Shared Security Podcast, the team debates the Surgeon General's recent call for social media warning labels and explores the pros and cons. Scott discusses whether passwords should be stored in web browsers, potentially sparking strong opinions. The hosts also provide an update on Microsoft's delayed release of CoPilot Plus PCs due to security concerns and reflect on the underlying privacy issues. Join Tom, Scott, and Kevin for these engaging discussions and more!
DuckDuckGo Browser Allows Microsoft Trackers, Stolen Verizon Employee Database, Attacking Powered Off iPhones06 Jun 202200:27:36
The DuckDuckGo mobile browser allows Microsoft trackers due to an agreement in their syndicated search content contract, a database of contact details for hundreds of Verizon employees was compromised after an employee was social engineered to give the attacker remote access to their corporate computer, and details about new research that shows that even when an iPhone running iOS 15 is turned off, its really not off and certain wireless features allow the phone to be located and possibly attacked.
The State of Application Security with Tanya Janca30 May 202200:43:31
Tanya Janca, founder of the We Hack Purple Academy, Director of Developer Relations and Community at Bright, and author of "Alice & Bob Learn Application Security" joins us to discuss the current state and future of Application Security. In this episode we discuss what Tanya's been up to, what's changed in AppSec over the last several years, have organizations actually moved to DevSecOps, and what the next big thing in AppSec might be.
Apple Mail Privacy Protection, Government Agencies Reveal Top Attack Vectors, Is Big Brother Watching You at Work?23 May 202200:26:50
What is Apple Mail Privacy Protection and how does it hide your IP address, so senders can’t link it to your online activity or determine your location, government authorities such as the FBI and NSA have released a list of top attack vectors used to gain initial access by attackers, and how more companies are deploying privacy invasive surveillance software to monitor their employees at work.
FBI Warrantless Searches, Passwordless Sign-Ins, Keylogging Web Forms16 May 202200:25:59
The FBI searched emails, texts and other electronic communications of 3.4 million U.S. residents without a warrant, Apple, Google, and Microsoft have announced they will support a new passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium, and details about how some websites are keylogging your data as you type it into a web form, before you hit submit.
Cybersecurity for Startups with Josh Feinblum from Stavvy09 May 202200:27:00
Josh Feinblum is the co-founder of Stavvy, a Boston-based fully integrated digital mortgage platform, where he leads product, engineering, people, and finance. He also serves as a venture partner at F-Prime Capital, where he evaluates and advises startups of all stages across multiple verticals. Josh talks to us about his journey through cybersecurity including his experience as a CISO at Rapid7 and DigitalOcean, and then leaving cybersecurity to start a totally new business. We discuss how his cybersecurity and privacy experience helped build a successful startup and what he's learned along the way. If you're interested in either joining a startup or building your own startup this is one episode you don't want to miss!
Elon Musk Buys Twitter, Forgotten BIOS Updates, T-Shirt Outwits Facial Recognition02 May 202200:27:36
Elon Musk buys Twitter for $44 billion so what does this mean for the privacy and cybersecurity of the platform? More than 100 different Lenovo laptop computers contain firmware-level vulnerabilities which is a great reminder about making sure you update the BIOS on your computer. Plus, details about researchers who have created a t-shirt that renders the wearer undetectable to facial recognition technology.
Rehumanizing Cybersecurity with Lianne Potter25 Apr 202200:28:01
Award-winning security transformation manager and digital anthropologist Lianne Potter joins us to discuss the fascinating topic of digital anthropology and how we can rehumanize cybersecurity. In this episode Lianne discusses how she became a digital anthropologist, how this field applies to cybersecurity, and the one thing organizations need to do to bring the human back into their cybersecurity programs.
Dumbphone Sales are Soaring, John Oliver Blackmails Congress, Cicada Chinese APT Group18 Apr 202200:29:24
More young people seem to be choosing dumbphones over smartphones, but is it because of privacy concerns or because its trendy? John Oliver, host of the ‘Last Week Tonight’ show, used data brokers to obtain lawmakers’ digital footprints and promised to not release the data as long as Congress passes privacy legislation. Plus details about the Cicada state sponsored Chinese hacking group which hid inside their victims' networks for nine months.
Truths and Myths of Privacy, Fake Shopping Apps, Borat RAT Malware11 Apr 202200:25:16
Scott and Tom explain why privacy is not dead, why everyone should care about their privacy, and how you should respond to someone that says "I don't care about privacy, I have nothing to hide!". Plus, details on a new attack using fake shopping apps and how a new malware toolkit called "Borat RAT" is no laughing matter.
Google Android vs Apple iOS: Which is Better for Privacy and Cybersecurity?04 Apr 202200:40:24
This week we battle it out between the two mobile tech giants, Google Android vs Apple iOS, and discuss which one is better for your privacy and cybersecurity. Topics include: app stores and OS updates, ad tracking, and native text messaging. All this plus how Apple and Facebook fell for a massive email scam.
Citizen Lab vs. NSO Group, Apple AI and Privacy17 Jun 202400:17:06
In episode 334, hosts Tom Eston, Scott Wright, and Kevin Johnson discuss two major topics. First, they explore the ongoing legal battle between Citizen Lab and the Israeli spyware company NSO Group. The courts have consistently blocked NSO's attempts to access Citizen Lab's documents to protect victim privacy. Second, they discuss Apple's new AI features announced at their developer conference, prioritizing user privacy through opt-in by default, and its implications. Kevin shares strong opinions on NSO Group, while the hosts also review Citizen Lab's investigative work and Apple’s approach to AI and privacy.
LAPSUS$ Hacks Okta, Browser-in-the Browser Phishing Attack, Popular Software Package Updated to Wipe Russian Systems28 Mar 202200:28:23
The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1 million weekly downloads released a new tampered version to condemn Russia's invasion of Ukraine by wiping arbitrary file contents.
Top 3 Location Tracking Apps: Do They Sell Your Data?21 Mar 202200:30:22
This week we discuss the top 3 location tracking apps in the Apple App Store and Google Play and which ones sell your data. Plus, details about recent fake Chick-fil-A and Olive Garden vouchers on Facebook.
Amazon Echos Hack Themselves, Fraud Is Flourishing on Zelle, Samsung Galaxy Source Code Stolen14 Mar 202200:27:57
A new attack uses Alexa's functionality to force Amazon Echo devices to make self-issued commands, payment app Zelle has become popular with fraudsters and banks don't seem to care, and details about hackers who have stolen source code for Samsung Galaxy devices.
Russia Gets Hacked, Microsoft 365 Credential Stuffing, McDonald’s Ice Cream Machine Hackers07 Mar 202200:21:06
This week we discuss some of the more interesting hacks of Russian assets, technology, and more. Scott discusses recent credential stuffing attacks on Microsoft 365 accounts, and a fascinating story about ice cream machine "hackers" that are suing McDonald's for $900 million dollars in damages.
TikTok Circumvents Privacy Protections, Russian Sanction Attacks, Apple AirTag Anti-Stalking Measures28 Feb 202200:25:59
How TikTok can circumvent privacy protections and performs device tracking that gives TikTok full access to user data, the US government warns about ransomware attacks after Biden's new sanctions against Russia, and details about the latest beta for iOS 15.4 which includes new features designed to prevent Apple AirTags from being used to stalk people.
MoviePass Tracking Your Eyeballs, Shipment Delivery Scams, SIM Swappers Arrested21 Feb 202200:27:13
MoviePass will use facial recognition and eye tracking to make sure you're watching ads, new types of shipment-delivery scams are being used to spread malware, and details on the arrests of a SIM swapping gang and how you can protect yourself against a SIM swapping attack.
EARN IT Act is Back, Romance Scams, Like and Subscribe Ransomware14 Feb 202200:25:08
The EARN IT Act is back for a second time which would pave the way for a new massive government surveillance system in the US, romance scams are on the rise so don't fall for love in all the wrong places, and details about a new ransomware attack that wants you to like and subscribe, or else!
Graphics Card Web Tracking, Fake Job Ad Scams, Hacker Takes Down North Korea’s Internet07 Feb 202200:28:52
Researchers have discovered a new web tracking technique using your graphics card, scammers are exploiting security weaknesses on job recruitment websites to post fraudulent job postings, and how a hacker single-handedly took down North Korea's Internet.
Ukraine Invasion Hacktivists, Insta360 ONE X2 Vulnerabilities, Google Location Tracking Lawsuits31 Jan 202200:37:22
Hacktivists have hacked a Belarus rail system in an attempt to stop Russian military buildup, someone disclosed a slew of vulnerabilities in the popular Insta360 ONE X2 camera, and Google gets accused of "deceptive" location tracking in multiple lawsuits.
Pandemic Surveillance in Canada, Malware-Filled USB Sticks are Back, Kill Switches in New Cars24 Jan 202200:23:08
Canada’s federal government admitted to surveilling its population’s movements during the COVID-19 lock-down by tracking 33 million phones, the FBI warned that a hacker group has been sending malware-laden USB sticks to companies, and details on a new law in the United States which will install kill switches in new cars.
Ticketmaster Data Breach and Rising Work from Home Scams10 Jun 2024
In episode 333 of the Shared Security Podcast, Tom and Scott discuss a recent massive data breach at Ticketmaster involving the data of 560 million customers, the blame game between Ticketmaster and third-party provider Snowflake, and the implications for both companies. Additionally, they discuss Live Nation's ongoing monopoly investigation. In the 'Aware Much' segment, the rise of work-from-home job scams is analyzed, highlighting FBI warnings and tips to avoid falling victim to such schemes. The success of a past episode on Microsoft's new recall feature is also mentioned, emphasizing privacy concerns and spirited audience discussions.
Digital Wellbeing with Kelly Finnerty from Startpage19 Jan 202200:30:21
Kelly Finnerty, Director of Brand at Startpage, joins co-host Tom Eston to discuss the very important topic of digital wellbeing. In this episode you'll learn about the mental, financial, and societal impacts of constant tracking. Plus, what are some holistic approaches and tactics that we can use to help our own digital wellbeing. Kelly also shares details about Startpage's new web browser extension "Startpage Privacy Protection".
Norton 360 Cryptominer, Fake QR Codes on Parking Meters, Facebook Account Deactivation17 Jan 202200:36:37
Norton 360, a popular antivirus product, has installed a cryptocurrency mining program on its customers’ computers, some cities in Texas have been hit with a phishing scam designed to get users to pay through fraudulent QR code stickers on public parking meters, and how Facebook is still collecting data about you even if you deactivate your Facebook account. All this plus the launch of the Shared Security Community on Reddit! (https://www.reddit.com/r/SharedSecurityShow/)
Phone Scam Targets Psychologists, All My Apes Gone, Supply Chain Skimmer Attack10 Jan 202200:33:18
A phone scam targeting psychologists reveals that even professionals can become victims, stolen multi-million-dollar NFT's results in a "all my apes gone" plea for help, and details on a skimmer supply chain attack on more than 100 real estate websites.
© My Podcast Data