BlackHat Europe, Android Malware Parasite, Scammers Scamming Scammers and More!

The Jerich Show Podcast
The Jerich Show Podcast
BlackHat Europe, Android Malware Parasite, Scammers Scamming Scammers and More!
Loading
/

In this episode, Javvad gives hjs report on BlackHat Europe and tells of his upcoming trip to BSides London, a story about scammers scamming each other out of millions of dollars, and an interesting andriod malware that parasites on legit apps. All this and more!

Jargon Ruining Security, over 40% of Work Emails are Junk, and Your Password is What?

The Jerich Show Podcast
The Jerich Show Podcast
Jargon Ruining Security, over 40% of Work Emails are Junk, and Your Password is What?
Loading
/

In this episode, Erich and Javvad discuss the jargon issue in #cybersecurity, the overwhelming issue of garbage email, the continued trend for crap passwords and more. 

Stories from the show:

Cybersecurity jargon impacting communication between C-suite and specialists
https://www.information-age.com/cybersecurity-jargon-impacting-communication-between-c-suite-specialists-123500747/

Unwanted emails steadily creeping into inboxes
https://www.helpnetsecurity.com/2022/11/14/email-security-threats/

Mass Email Extortion Campaign Claims Server Hack
https://www.infosecurity-magazine.com/news/mass-email-extortion-claims-server/

Guess the most common password. Hint: We just told you
https://www.theregister.com/2022/11/25/infosec_roundup/

Liz Truss’ phone hacked, $4M in network access for sale, and more!

The Jerich Show Podcast
The Jerich Show Podcast
Liz Truss’ phone hacked, $4M in network access for sale, and more!
Loading
/

In This episode, Erich and Javvad discuss the hack of Liz Truss’ phone, the offering of $4M worth of initial network access, the FTC crack down on a repeat offender and more!

 

Stories from the show

Hackers selling access to 576 corporate networks for $4 million

https://www.bleepingcomputer.com/news/security/hackers-selling-access-to-576-corporate-networks-for-4-million/

 

FTC Cracks Down on Homework App Provider Chegg for 4 Past Data Breaches

https://www.pcmag.com/news/ftc-cracks-down-on-homework-app-provider-chegg-for-4-past-data-breaches

 

Liz Truss’ phone was ‘clearly hacked’, says minister

https://news.stv.tv/world/liz-truss-phone-was-clearly-hacked-says-minister

 

People are pretending to be laid-off Twitter employees carrying boxes outside of HQ

https://www.theverge.com/2022/10/28/23428775/twitter-fake-employee-layoff-rahul-ligma-elon-musk 

Purged accounts on LinkedIn, bad Android apps and Raccoon steals 50M credentials

The Jerich Show Podcast
The Jerich Show Podcast
Purged accounts on LinkedIn, bad Android apps and Raccoon steals 50M credentials
Loading
/

In this episode, Erich and Javvad discuss the cybersecurity stories of the week, including some significant convictions, bots and LinkedIn battle, CVE PoCs used to spread malware and much more! 

Stories from the show:

EFCC touts 1,968 cybercrime-related convictions secured in nine months 
https://punchng.com/2669-convictions-secured-in-nine-months-efcc/

Battle with Bots Prompts Mass Purge of Amazon, Apple Employee Accounts on LinkedIn
https://krebsonsecurity.com/2022/10/battle-with-bots-prompts-mass-purge-of-amazon-apple-employee-accounts-on-linkedin/

Security experts targeted with malicious CVE PoC exploits on GitHub
https://securityaffairs.co/wordpress/137527/hacking/malicious-github-repositories.html

Google bans 16 popular Android apps! Millions warned to delete them now
https://www.express.co.uk/life-style/science-technology/1687205/Android-warning-delete-Google-Play-Store-apps-now

See Tickets discloses 2.5 years-long credit card theft breach
https://www.bleepingcomputer.com/news/security/see-tickets-discloses-25-years-long-credit-card-theft-breach/

Feds say Ukrainian man running malware service amassed 50M unique credentials
https://arstechnica.com/information-technology/2022/10/feds-say-ukrainian-man-running-malware-service-amassed-50m-unique-credentials/

Ransomware Gang Gets Scammed, Scammed by an Astronaut and More!

The Jerich Show Podcast
The Jerich Show Podcast
Ransomware Gang Gets Scammed, Scammed by an Astronaut and More!
Loading
/

In this episode, Erich and Javvad talk about a woman who was scammed by an ‘astronaut’ that needed money to get home from the space station, the failure of Microsoft to secure their own product, Chinese police stations around the world, how the Dutch scammed a ransomware gang into giving up decryption keys, and more!

Stories from the show:

An Imposter Claiming to Be an Astronaut Wooed a Japanese Woman Into Paying for a ‘Return Ticket to Earth’
https://gizmodo.com/astronaut-iss-instagram-1849638814

Microsoft data breach exposes customers’ contact info, emails
https://www.bleepingcomputer.com/news/security/microsoft-data-breach-exposes-customers-contact-info-emails/

China opens police stations in Nigeria, clamps down on alleged Chinese fraudsters
https://gazettengr.com/china-opens-police-stations-in-nigeria-clamps-down-on-alleged-chinese-fraudsters/

Police tricked a ransomware gang into handing over its decryption keys. Here’s how they did it
https://www.zdnet.com/article/police-tricked-a-ransomware-gang-into-handing-over-its-decryption-keys-heres-how-they-did-it/

Mobile Problems Abound – Android Apps and VPN Service Problems and More

The Jerich Show Podcast
The Jerich Show Podcast
Mobile Problems Abound - Android Apps and VPN Service Problems and More
Loading
/

In this episode Javvad and Erich discuss a number of issues with Android phones, including an unofficial WhatsApp app stealing user accounts, how the Always-on VPN is leaking traffic and more.

Stories from the show:
 
Unofficial WhatsApp Android app caught stealing users’ accounts
https://www.bleepingcomputer.com/news/security/unofficial-whatsapp-android-app-caught-stealing-users-accounts/

Facebook Login Details at Risk as Meta Identifies Over 400 Malicious Apps
https://www.infosecurity-magazine.com/news/facebook-login-details-at-risk/

Android leaks some traffic even when ‘Always-on VPN’ is enabled
https://www.bleepingcomputer.com/news/google/android-leaks-some-traffic-even-when-always-on-vpn-is-enabled/

Lloyd’s of London cuts off network after dodgy activity detected
https://www.theregister.com/2022/10/07/lloyds_london_security_incident/ 

Human trafficking in cybercrime, social media identity theft and more

The Jerich Show Podcast
The Jerich Show Podcast
Human trafficking in cybercrime, social media identity theft and more
Loading
/

In this episode, Erich and Javvad talking about human trafficking related to cybercrime operations, social media account takeovers and more!

 

Stories from the show:

Guilty verdict in the Uber breach case makes personal liability real for CISOs
https://www.csoonline.com/article/3676148/guilty-verdict-in-the-uber-breach-case-makes-personal-liability-real-for-cisos.html

Jury Finds Former Uber CSO Joe Sullivan Guilty of Cover-Up
https://www.govinfosecurity.com/jury-finds-former-uber-cso-joe-sullivan-guilty-cover-up-a-20187 

Twitter post by Whitney Merrill – @wbm312
https://twitter.com/wbm312/status/1577827226196013056 

SUPERSEDING INDICTMENT
https://dd80b675424c132b90b3-e48385e382d2e5d17821a5e1d8e4c86b.ssl.cf1.rackcdn.com/external/sullivansupersedingindictment-dec222021.pdf

Twitter whistleblower tells Senate of ‘egregious’ security failings by company
https://www.theguardian.com/technology/2022/sep/13/twitter-whistleblower-testimony-congress-peiter-zatko 

Hundreds of Indians Reportedly Trafficked to Myanmar by Cybercrime Operations
https://www.irrawaddy.com/news/burma/hundreds-of-indians-reportedly-trafficked-to-myanmar-by-cybercrime-operations.html/amp

Police arrest teen for using leaked Optus data to extort victims
https://www.bleepingcomputer.com/news/security/police-arrest-teen-for-using-leaked-optus-data-to-extort-victims/

An identity scam that has grown in the past 12 months by more than 1,000% – social media account takeover
https://www.idtheftcenter.org/wp-content/uploads/2022/09/2022-Consumer-Impact-Report_V3.4_Final_Linked.pdf

Categories
General Ramblings

Live Hurricane Ian Video and Weather

Here are some links to live hurricane Ian videos and weather info from a weather station in Trinity, Florida (north of Tampa). It should remain pretty calm, but I wanted it here for people that are curious what it’s like this far away.

Video 1 from Trinity:

Video 2 from Trinity:

Weather data in Trinity (note: wind speeds will not be accurate):

https://www.wunderground.com/dashboard/pws/KFLTRINI16?cm_ven=localwx_pwsdash

Video of the Skyway bridge in Tampa:

Categories
Cybersecurity Tech Talk

What is credential stuffing, and why do I care?

Credential stuffing is when known passwords and usernames are used to try to take over online accounts. Recently an organization had almost 200,000 customer accounts compromised like this.

Learn more about it and what to do to protect yourself.

Categories
Cybersecurity Tech Talk

Amazon Scam Text Message – What Actually Happens When You Click?

Have you ever wondered what happens when you click on a link from one of thos Amazon text messages that say your account is suspended? Here I run through one of those so you understand what they are doing.

TLDR; They capture anything you put in the form, login info, social security number, credit card, whatever.

Do not try this at home – This was done from a secure computer that is resistant to viruses. Some of these links CAN try to infect your computer or phone.