Avsnitt

  • On this episode of Hacker And The Fed we interview Special Agent Aron Mann with Homeland Security Investigations (HSI) Cyber Crime Center about their cyber role and career opportunities. We break down the Colonial Pipeline hack, how the dark web is intensifying the insider threat, and dig into the mother of all breaches. And finally, the SEC's X account was hacked.
    Links from the episode: 
    https://www.ice.gov/about-ice/homeland-security-investigations
    https://www.ice.gov/partnerships-centers/cyber-crimes-center
    https://www.usajobs.gov/
    https://www.usajobs.gov/Search/?k=homeland%20security%20investigator
     
    Colonial Pipeline Hack - May 2021
    https://www.justice.gov/opa/speech/dag-monaco-delivers-remarks-press-conference-darkside-attack-colonial-pipeline
    https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside
    https://www.justice.gov/media/1159701/dl

    From Loyal Employees to Cybercriminals
    https://thesun.my/opinion_news/from-loyal-employees-to-cybercriminals-AC12012406

    Mother of All Breaches Reveals 26 Billion Records: What We Know So Far
    https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/

    SECGov X Account
    https://www.sec.gov/secgov-x-account

    Support our sponsors:
    NAXO is a premier cybersecurity and investigations firm, including blockchain forensics, whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
    Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

  • This week on Hacker And The Fed we interview Greg Van Houten of Haynes Boone and policyholderplaybook.com, a seasoned civil litigator who focuses on insurance recovery. We talk to Greg about the SEC's new cybersecurity disclosure rules, which went into effect this month. We also discuss a massive hack that went unreported, a train hack due to a vendor’s geofencing feature, indictments in an 80-million-dollar pig butchering scheme, and a MongoDB security breach.
    Links from the episode: 

    Greg Van Houten of Haynes Boone
    policyholderplaybook.com
     
    SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers. Authored by Greg Van Houten (Haynes Boone), David Franzel (NAXO), and Chris Tarbell (NAXO)
    https://www.cybersecuritydive.com/news/secs-cyber-disclosure-rules-tips/700550/
     
    The Biggest Hack Over the Last Few Years Has Gone Unreported
    https://twitter.com/mattjay/status/1735046508242780575
     
    Train Hack Due to Vendor Geofencing Feature
    https://social.hackerspace.pl/@q3k/111528165627522619
     
    Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them
    https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/
     
    Four Men Indicted in $80 million ‘Pig Butchering’ Scheme
    https://www.cnbc.com/2023/12/14/pig-butchering-scam-results-in-four-indictments-two-arrests-doj.html
     
    MongoDB Suffers Security Breach, Exposing Customer Data
    https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html

    Support our sponsors:
    NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
    Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

  • Saknas det avsnitt?

    Klicka här för att uppdatera flödet manuellt.

  • This week on Hacker And The Fed we speak with Lance Taubin of Alston & Bird about being a cyber lawyer, the FBI shares the tactics of the ransomware gang Scattered Spider, a company pays a ransom and their data is exposed anyway, Alpha BlackCat uses government regulations to further pressure a victim to pay, and the FCC is trying to make SIM swapping more difficult.
    Links from the episode: 
    FBI Shares Tactics of Notorious Scattered Spider Hacker Collective
    https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/
     
    Dolly.com Pays Ransom, Attackers Release Data Anyway
    https://cybernews.com/security/dolly-data-breach-ransomware-attack/#google_vignette
     
    Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach
    https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/
     
    FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks
    https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html
     
    Lance Taubin | Technology and Privacy Attorney | Alston & Bird

    Support our sponsors:
    NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content.
    Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

  • This week on Hacker And The Fed we break down the SolarWinds hack, there are 8 new vulnerabilities found in SolarWinds, thousands of remote IT workers have been working for North Korea, hackers are targeting a company that handles data requests for law enforcement, and we answer listener questions about VPN services, password managers and patch management.
    Links from the episode: 
    Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover
    https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover
     
    Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program, FBI Says
    https://apnews.com/article/north-korea-weapons-program-it-workers-f3df7c120522b0581db5c0b9682ebc9b?taid=6531b8b29c11a80001ef2a28
     
    Hackers Target Company That Vets Police Data Requests for Tech Giants
    https://www.404media.co/hackers-target-kodex-accounts-edrs/
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
    Go to Cloudsolvers.com and tell them "Hacker and the Fed sent you" for a free assessment of your current environment
    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at [email protected]

  • This week on Hacker And The Fed we offer updates on the MOVEit and MGM Resorts hacks, the US State Department has no idea if its IT security actually works, the Senate's email system melts down in the face of a security test, Cisco can't stop using static passwords, and we answer listener questions about Single Sign-on, circumventing company IT rules, and LinkedIn profiles.
    Links from the episode:
    MOVEit Maker Announces New Critical Vulnerability Affecting a Different File Transfer Tool
    https://therecord.media/progress-new-file-transfer-vulnerability
     
    MGM Resorts Hack Update
    https://x.com/brettforrest89/status/1711885567695433765
     
    US State Dept has No Idea if its IT Security Actually Works, Say Auditors
    https://www.theregister.com/2023/10/02/us_state_security_gao/
    https://endoflife.date/windows
     
    The Senate’s Email System Melted Down in the Face of Security Test
    https://www.politico.com/minutes/congress/09-8-2023/senate-reply-all-mess/
     
    Cisco Can't Stop Using Static Passwords
    https://www.schneier.com/blog/archives/2023/10/cisco-cant-stop-using-hard-coded-passwords.html

    Support our sponsors:
    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at [email protected]

  • This week on Hacker And The Fed Microsoft releases their 2023 digital defense report, are paying ransoms illegal in the United States? The NSA and CISA red and blue teams share top 10 cyber security misconfigurations, a 158 year old company shuts down because of a ransomware attack, and we answer listener questions about fido2 security keys and "hacktivist" rules.
    Links from the episode:
    Microsoft Releases Its Yearly Digital Defense Report
    https://www.microsoft.com/en-us/security/security-insider/microsoft-digital-defense-report-2023
     
    Are Paying Ransoms Illegal in the U.S.?
    https://www.huntonprivacyblog.com/2022/07/26/florida-enacts-law-prohibiting-state-agencies-from-paying-cyber-ransoms/
     
    NSA and CISA Red and Blue Teams Share Top Ten Cybersecurity Misconfigurations
    https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-278a
     
    Zero-days for Hacking WhatsApp are Now Worth Millions of Dollars
    https://techcrunch.com/2023/10/05/zero-days-for-hacking-whatsapp-are-now-worth-millions-of-dollars/
     
    Lazarus Impersonated Meta Recruiter to Breach Spanish Aerospace Firm
    https://www.helpnetsecurity.com/2023/10/02/lazarus-lightlesscan/
     
    Kettering logistics firm enters administration with 730 jobs lost
    https://www.bbc.com/news/uk-england-northamptonshire-66927965
     
    FDA Cyber Mandates for Medical Devices Goes into Effect
    https://cyberscoop.com/fda-cybersecurity-medical-devices/
     
    City of Dallas Suffers a Ransomware Attack
    https://dallascityhall.com/DCH%20Documents/dallas-ransomware-incident-may-2023-incident-remediation-efforts-and-resolution.pdf
     
    International Committee of the Red Cross Published Rules of Engagement for Civilian Hackers Involved in Conflicts
    https://www.bbc.co.uk/news/technology-66998064
    https://www.theregister.com/2023/10/04/red_cross_hacktivist_rules/
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
     
    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at [email protected]

  • This week on Hacker And The Fed the end of privacy with AI being used to dox people in viral videos, billions of usernames and passwords are exposed, nationstate hackers are hiding in router firmware updates, we answer listener questions about working with the FBI, setting up a cyber security business, and safely using data sent to you be others. Finally, we announce Hacker And The Fed's first contest for cyber security awareness month.
    Links from the episode:
    The End of Privacy is a Taylor Swift Fan TikTok Account Armed with Facial Recognition Tech
    https://www.404media.co/the-end-of-privacy-is-a-taylor-swift-fan-tiktok-account-armed-with-facial-recognition-tech/
     
    Darkbeam Leaks Billions of Email and Password Combinations
    https://securityaffairs.com/151566/security/darkbeam-data-leak.html
     
    FBI Hacker Dropped Stolen Airbus Data on 9/11
    https://krebsonsecurity.com/2023/09/fbi-hacker-dropped-stolen-airbus-data-on-9-11/
     
    People's Republic of China-Linked Cyber Actors Hide in Router Firmware
    https://media.defense.gov/2023/Sep/27/2003309107/-1/-1/0/CSA_BLACKTECH_HIDE_IN_ROUTERS_TLP-CLEAR.PDF
     
    Russian Exploit Marketplace offering $20M for a Full Chain Mobile Exploit
    https://twitter.com/opzero_en/status/1706762507631677760
     
    McDonalds Point of Sale System Hacked
    https://twitter.com/vxunderground/status/1706508703745151211
     
    Support our sponsors:
    Go to HelloFresh.com/50hatf and use the code 50hatf for 50% off plus free shipping

    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at [email protected]

  • This week on Hacker And The Fed we break down how Equifax was breached, is Google Authenticator MFA Cloud Sync feature responsible for a hack into 27 crypto companies? Google’s Threat Analysis Group announces an in-the-wild 0-day exploit chain for iPhones, the year of the insider threat continues with the arrest of a Department of State IT Contractor on espionage charges.
    Links from the episode:
    How Equifax Was Breached in 2017
    https://blog.0x7d0.dev/history/how-equifax-was-breached-in-2017/
    https://twitter.com/vxunderground/status/1700335482440204521
     
    Retool Blames Breach on Google Authenticator MFA Cloud Sync feature
    https://www.bleepingcomputer.com/news/security/retool-blames-breach-on-google-authenticator-mfa-cloud-sync-feature/
     
    0-days Exploited by Commercial Surveillance Vendor in Egypt
    https://blog.google/threat-analysis-group/0-days-exploited-by-commercial-surveillance-vendor-in-egypt/
     
    Department of State IT Contractor Arrested on Espionage Charges
    https://fedscoop.com/department-of-state-it-contractor-arrested-on-espionage-charges/
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at [email protected]

  • This week on Hacker And The Fed we answer listener questions about finding out our relative is a hacker, applying for a cyber security job as a chemical engineer, preparing you for a technical interview, the FBI being a great place to work, is MFA once every 24 hours too much, and much more.

    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at [email protected]

  • This week on Hacker And The Fed your car may know all the details about your sex life, the Swiss fined an insurer 3 million dollars for horrible cyber security practices, the US Departments of State and Commerce were compromised because of a two-year-old Windows crash report, Iran and New Korea hacking crews have active campaigns against security researchers, and two victories over Russian hackers for the US government.
    Links from the episode:
    Insurer Fined $3M for Exposing Data of 650k Clients for Two Years
    https://www.bleepingcomputer.com/news/security/insurer-fined-3m-for-exposing-data-of-650k-clients-for-two-years/
     
    If You’ve Got a New Car, It’s a Data Privacy Nightmare
    https://gizmodo.com/mozilla-new-cars-data-privacy-report-1850805416
    https://arstechnica.com/cars/2023/09/connected-cars-are-a-privacy-nightmare-mozilla-foundation-says/
     
    Microsoft Finally Explains Cause of Azure Breach: An Engineer’s Account Was Hacked
    https://arstechnica.com/security/2023/09/hack-of-a-microsoft-corporate-account-led-to-azure-breach-by-chinese-hackers/
    https://twitter.com/0xdabbad00/status/1699596048392736812
     
    Hacker Group Disguised as Marketing Company to Attack Enterprise Targets
    https://gbhackers.com/hacker-group-disguised-as-marketing/
     
    Active North Korean Campaign Targeting Security Researchers
    https://blog.google/threat-analysis-group/active-north-korean-campaign-targeting-security-researchers/
     
    Russian Infosec Boss Gets Nine Years for $100M Insider-Trading Caper Using Stolen Data
    https://www.theregister.com/AMP/2023/09/08/russian_insider_training_prison/
     
    United States and United Kingdom Sanction Additional Members of the Russia-Based Trickbot Cybercrime Gang
    https://home.treasury.gov/news/press-releases/jy1714
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off

    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at [email protected]

  • This week on Hacker And The Fed the FBI's Operation "Duck Hunt" takes down a ransomware botnet, we disclose the secret weapon hackers use for doxing, the New York City subway system allows its users to be tracked online, and we answer listener questions about leaving the FBI, getting jobs in cyber security, and Hector's detailed description of a red teamer.
    Links from the episode:
    How the FBI Took Down the Notorious Qakbot Botnet
    https://techcrunch.com/2023/09/01/fbi-qakbot-takedown-operation-duck-hunt/
     
    The Secret Weapon Hackers Can Use to Dox Nearly Anyone in America for $15
    https://www.404media.co/the-secret-weapon-hackers-can-use-to-dox-nearly-anyone-in-america-for-15-tlo-usinfosearch-transunion/
     
    I Tracked an NYC Subway Rider's Movements with an MTA ‘Feature’
    https://www.404media.co/i-tracked-nyc-subway-rider-home-omny-mta/
     
    Paramount Discloses Data Breach Following Security Incident
    https://www.bleepingcomputer.com/news/security/paramount-discloses-data-breach-following-security-incident/
     
    Hacking Campaign Bruteforces Cisco VPNs to Breach Networks
    https://www.bleepingcomputer.com/news/security/hacking-campaign-bruteforces-cisco-vpns-to-breach-networks/
     
    Big Ass Data Broker Opt Out List
    https://github.com/yaelwrites/Big-Ass-Data-Broker-Opt-Out-List
     
    Support Our Sponsors
    HelloFresh! Go to hellofresh.com/50hatf use code 50hatf for 50% off plus 15% off the next 2 months!
     
    Get your Hacker and the Fed merchandise at hackerandthefed.com
    Send HATF your questions at [email protected]

  • This week on Hacker And The Fed a Danish cloud provider loses all of their customer's data, a hacker in custody continues hacking through a fire stick, there are two great write ups about a zero day vulnerability and HTML smuggling, cyber security entry jobs should be just that, entry into the industry, and we answer listener questions that include an ongoing dialogue with an active hacker about becoming a white hat.
    Links from the episode:
    Criminals Go Full Viking on CloudNordic, Wipe All Servers and Customer Data
    https://www.theregister.com/AMP/2023/08/23/ransomware_wipes_cloudnordic/
     
    GTA 6 Hacker Found to be Teen with Amazon Fire Stick in Small Town Hotel Room
    https://hackaday.com/2023/08/26/gta-6-hacker-found-to-be-teen-with-amazon-fire-stick-in-small-town-hotel-room/
     
    Traders' Dollars in Danger: Zero-Day Vulnerability in WinRAR Exploited by Cybercriminals to Target Traders
    https://www.group-ib.com/blog/cve-2023-38831-winrar-zero-day/
     
    HTML Smuggling Leads to Domain Wide Ransomware
    https://thedfirreport.com/2023/08/28/html-smuggling-leads-to-domain-wide-ransomware/
     
    Cybersecurity Hiring Gap: Time to Rethink Who Can Contribute
    https://www.csoonline.com/article/649166/cybersecurity-hiring-gap-time-to-rethink-who-can-contribute.html

    https://twitter.com/CyberWarship/status/1692239445188120950
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
     
    Get your Hacker and the Fed merchandise at hackerandthefed.com

  • This week on Hacker And The Fed we have Andrew Morris, CEO and founder of GreyNoise on the show. GreyNoise is a cybersecurity company that collects and analyzes mass internet data to remove pointless security alerts, find compromised devices, or identify emerging threats. We talk internet honeypots, how to get into the cyber security industry and much more.
    Links from the episode:
    Andrew Morris, CEO & Founder of GreyNoise
    https://www.greynoise.io/
    https://twitter.com/Andrew___Morris
    https://twitter.com/GreyNoiseIO
     
    Support our sponsor:
    Go to JoinDeleteMe.com/FED code FED20 for 20% off all consumer plans
     
    Get your Hacker and the Fed merchandise at hackerandthefed.com

  • This week on Hacker And The Fed Zoom wanted to use your calls to train artificial intelligence, the NSA and DARPA are presenting challenges to the cyber security community, and we answer listener questions from a US military chaplain about justice, a former black hat about a career in cyber security, and even a hacker who used a compromised email account to ask us how to stop hacking.
    Links from the episode:
    Zoom walks back controversial privacy policy
    https://www.thestreet.com/technology/zooms-latest-move-may-make-you-reconsider-using-the-service
     
    Microsoft Exposes Russian Hackers' Sneaky Phishing Tactics via Microsoft Teams Chats
    https://thehackernews.com/2023/08/microsoft-exposes-russian-hackers.html
     
    Hackers to compete for nearly $20 million in prizes by using A.I. for cybersecurity, Biden administration announces
    https://www.cnbc.com/2023/08/09/biden-admin-launches-hacking-challenge-to-use-ai-for-cybersecurity.html
    https://aicyberchallenge.com/rules/
     
    NSA: Codebreaker Challenge Helps Drive Cybersecurity Education
    https://www.darkreading.com/attacks-breaches/nsa-talks-codebreaker-challenge-success-influence-on-education
     
    Lil Tay Meta Helped Get Account Back from Hacker
    https://www.tmz.com/2023/08/12/lil-tay-dead-dies-hacker-meta-instagram-hacked-account-hoax/
     
    CISCO Launches a FREE 120-Hour Ethical Hacking Training
    https://cursin.net/en/cisco-launches-a-free-120-hour-ethical-hacking-training/
     
    Support our sponsor:
    Go to JoinDeleteMe.com/FED code FED20 for 20% off all consumer plans
     
    Get your Hacker and the Fed merchandise at hackerandthefed.com

  • This week on Hacker And The Fed the US hunts Chinese malware that could disrupt American Military operations, a year in review of zero-day exploits, a study finds no evidence that ransomware victims with cyber insurance pay up more often, there's fighting words between Tenable CEO and Microsoft, and we answer listener questions from a listener in Greece, Holland, and a new minted NSA hacker.
    Links from the episode:
    U.S. Hunts Chinese Malware That Could Disrupt American Military Operations
    https://dnyuz.com/2023/07/29/u-s-hunts-chinese-malware-that-could-disrupt-american-military-operations/
     
    The Ups and Downs of 0-days: A Year in Review of 0-days Exploited In-the-Wild in 2022
    https://security.googleblog.com/2023/07/the-ups-and-downs-of-0-days-year-in.html
     
    No evidence ransomware victims with cyber insurance pay up more often
    https://therecord.media/ransomware-cyber-insurance-payments-uk-report
     
    Tenable CEO accuses Microsoft of negligence in addressing security flaw
    https://cyberscoop.com/tenable-microsoft-negligence-security-flaw/
    https://twitter.com/MalwareJake/status/1686869818912202755
    https://www.wired.com/2002/01/bill-gates-trustworthy-computing/
     
    SMS Traffic Pumping Fraud
    https://support.twilio.com/hc/en-us/articles/8360406023067-SMS-Traffic-Pumping-Fraud
     
    New acoustic attack steals data from keystrokes with 95% accuracy
    https://www.bleepingcomputer.com/news/security/new-acoustic-attack-steals-data-from-keystrokes-with-95-percent-accuracy/
     
    Get your Hacker and the Fed merchandise at hackerandthefed.com

  • This week on Hacker And The Fed what authentication attacks might look like in a phishing resistant future, the SEC now requires companies to disclose cyber attacks, there are many more US government domains in the .com world than you might think, and other news stories from this week in cyber security.
    Links from the episode:
    What might authentication attacks look like in a phishing-resistant future?
    https://blog.talosintelligence.com/what-might-authentication-attacks-look-like-in-a-phishing-resistant-future/

    The Messaging Layer Security (MLS) Protocol
    https://datatracker.ietf.org/doc/html/rfc9420

    List of public government managed domains that exist outside of the top-level .gov and .mil domains
    https://github.com/GSA/govt-urls/blob/main/1_govt_urls_full.csv

    Top level domain operator wants out of the business
    https://domainnamewire.com/2023/07/26/top-level-domain-operator-wants-out-of-the-business/

    Network giants unite to fight security risks
    https://www.networkworld.com/article/3703233/network-giants-unite-to-fight-security-risks.html

    Cybersecurity Agencies Warn Against IDOR Bugs Exploited for Data Breaches
    https://thehackernews.com/2023/07/cybersecurity-agencies-warn-against.html

    Norwegian government IT systems hacked using zero-day flaw
    https://www.bleepingcomputer.com/news/security/norwegian-government-it-systems-hacked-using-zero-day-flaw/
    https://www.dss.dep.no/aktuelle-saker/departementer-utsatt-for-dataangrep/
    https://www.wsj.com/articles/critical-infrastructure-companies-warned-to-watch-for-ongoing-cyberattack-76508d83

    Satellites Are Rife With Basic Security Flaws
    https://www.wired.com/story/satellites-basic-security-flaws/
     
    Support our sponsors:
    Go to hellofresh.com/50hatf code 50hatf for 50% off plus free shipping
    Get your Hacker and the Fed merchandise at hackerandthefed.com

    Get your Hacker and the Fed merchandise at hackerandthefed.com

  • This week on Hacker And The Fed new cyber security labels proposed by the US government could help us buy our new devices, an employee exposes thousands of intelligence and defense employees, Google may be restricting internet access to some employees to reduce their cyber attack risk, a hacker infects his own computer, and Google says an Apple employee found a zero-day but didn't report it, and we answer listener questions about our phones getting searched and email encryption.
    Links from the episode: 
    White House teams with Amazon, Google and Qualcomm on cybersecurity labels for gadgets
    https://www.cnbc.com/2023/07/18/us-cyber-trust-labels-will-help-consumers-pick-safer-smart-devices.html
     
    Google exposes intelligence and defense employee names in VirusTotal leak
    https://therecord.media/virustotal-user-email-addresses-leaked-google-military-intelligence
     
    Google restricting internet access to some employees to reduce cyberattack risk
    https://www.cnbc.com/2023/07/18/google-restricting-internet-access-to-some-employees-for-security.html
     
    Black Hat Hacker Exposes Real Identity After Infecting Own Computer With Malware
    https://www.securityweek.com/black-hat-hacker-exposes-real-identity-after-infecting-own-computer-with-malware/
     
    IT Security Analyst Jailed for Impersonating as a Hacker in Own Company
    https://cybersecuritynews.com/it-security-analyst-jailed/
     
    Google says Apple employee found a zero-day but did not report it
    https://techcrunch.com/2023/07/20/google-says-apple-employee-found-a-zero-day-but-did-not-report-it/
    https://news.ycombinator.com/item?id=36803537
     
    Microsoft Cybersecurity Analyst Professional Certificate
    https://www.coursera.org/professional-certificates/microsoft-cybersecurity-analyst
     
    Cybersecurity Expert Kevin David Mitnick died
    https://www.dignitymemorial.com/obituaries/las-vegas-nv/kevin-mitnick-11371668
     
    Listener Questions:
    https://www.theverge.com/2021/8/18/22630439/apple-csam-neuralhash-collision-vulnerability-flaw-cryptography
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
    Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees
     
    Get your Hacker and the Fed merchandise at hackerandthefed.com

  • This week on Hacker And The Fed you can't always count on Google for the right telephone number for an airline, an American cloud based directory as a service platform announces that they were hacked by a state sponsored threat actor, millions of US military emails may be ending up in the wrong hands, a new ransomware looks like a windows update, we answer listener questions, and Hector tells a fascinating story about a hacking methodology.
    Links from the episode:
    Airline Fake Contact Number on Google Maps
    https://twitter.com/Shmuli/status/1680669938468499458
    https://twitter.com/SwiftOnSecurity/status/1680926780599812098
     
    JumpCloud discloses breach by state-backed APT hacking group
    https://www.bleepingcomputer.com/news/security/jumpcloud-discloses-breach-by-state-backed-apt-hacking-group/
    JumpClouds IOCs - https://jumpcloud.com/support/july-2023-iocs
     
    Domains like army․ml, pentagon․ml, navy․ml and af․ml all have Mail Exchange records pointing to 'handle․catchemail․ml'
    https://twitter.com/mikko/status/1680947795862200325
     
    Watch out for this new malicious ransomware disguised as Windows updates
    https://www.foxnews.com/tech/watch-out-new-malicious-ransomware-disguised-windows-updates
    https://www.trendmicro.com/en_id/research/23/g/tailing-big-head-ransomware-variants-tactics-and-impact.html
     
    Listener Questions
    https://www.lsu.edu/mediacenter/news/2023/06/13-cyber-clinic.php
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
    Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

    Get your Hacker and the Fed merchandise at hackerandthefed.com

  • This week on Hacker And The Fed your lightbulbs may be giving away the location of your house, could Microsoft end ransomware right now? Also, voice authentication may be broken, the latest ransomware attack shows us the important of logistics security, convenience has once again jeopardized Google authenticator security, and a listener shares a wild car theft story.

    Links from the episode:
    Your lightbulbs may be giving out your exact location
    twitter.com/haxrob/status/1676416949499338752
     
    Microsoft Can Fix Ransomware Tomorrow
    darkreading.com/vulnerabilities-threats/microsoft-can-fix-ransomware-tomorrow
     
    Cybercriminals can break voice authentication with 99% success rate
    helpnetsecurity.com/2023/07/06/voice-authentication-insecurity/
     
    INTERPOL Nabs Hacking Crew OPERA1ER's Leader Behind $11 Million Cybercrime
    thehackernews.com/2023/07/interpol-nabs-hacking-crew-opera1ers.html
     
    Japan's biggest port, Nagoya, hit by suspected cyberattack
    asia.nikkei.com/Business/Technology/Japan-s-biggest-port-Nagoya-hit-by-suspected-cyberattack
     
    Raising concerns over Google Authenticator’s new features
    techradar.com/pro/raising-concerns-over-google-authenticators-new-features
     
    Trinidad and Tobago facing outages after cyberattack
    therecord.media/trinidad-tobago-hit-with-cyberattack
     
    Listener Questions
    ksltv.com/563455/police-release-images-of-suspect-who-broke-into-familys-car-at-airport-then-their-home/
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
    Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees

  • This week on Hacker And The Fed your car may be collecting up to 25 GB per hour of data about you and a new malware payload vector is using DNS, what is “encryptionless ransomware”. We also answer listener questions about a variety of topics, including how to prepare for a cybersecurity career in the US government, banking security, and hack-backs.

    Links from the episode:
    How Your New Car Tracks You
    https://www.wired.com/story/car-data-privacy-toyota-honda-ford/
     
    DNS TXT Records Can Be Used by Hackers to Execute Malware
    https://cybersecuritynews.com/dns-txt-records-to-execute-malware/?amp

    Encryption-less ransomware: Warning issued over emerging attack method for threat actors
    https://www.itpro.com/security/ransomware/encryption-less-ransomware-warning-issued-over-emerging-attack-method-for-threat-actors
     
    Support our sponsors:
    Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off
    Go to drata.com/partner/hacker-fed and get 10% off Drata and waived implementation fees