Podcast: The Jerich Show

The Jerich Show Episode 52 – Charl van der Walt Chats About Getting Into Infosec & News of the Week

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 52 - Charl van der Walt Chats About Getting Into Infosec & News of the Week
Loading
/

In this episode, Charl van der Walt jions Erich and Javvad as they talk about the news stories related to the new CISA ‘Bad Practices’ guidance, My Book Live devices being remotely wiped, Windows print spoolers being weaponized and data movement by pigeons.

Charl then talks about what it’s like being a CEO, what he looks for in potential employees, the state of security organizations in South Africa, the value of certifications and more.

Remember to hit the ‘Like’ button, then subscribe and share for more great weekly episoded.

About Charl:
Twitter: @charlvdwalt
LinkedIn: https://www.linkedin.com/in/charl-van-der-walt/

Orange Cyberdefense: https://www.linkedin.com/company/orange-cyberdefense/

Stories from the show:

CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability:
https://www.tenable.com/blog/cve-2021-1675-proof-of-concept-leaked-for-critical-windows-print-spooler-vulnerability

Hackers use zero-day to mass-wipe My Book Live devices:
https://www.bleepingcomputer.com/news/security/hackers-use-zero-day-to-mass-wipe-my-book-live-devices/

Bad Practices:
https://www.cisa.gov/BadPractices

 

BONUS STORY:

In Africa, A Pigeon Transfers Data Faster Than The Internet:

https://www.wired.com/2009/09/in-africa-a-pigeon-transfers-data-faster-than-the-internet/

IP over Avian Carriers with Quality of Service:

https://datatracker.ietf.org/doc/html/rfc2549

 

The Jerich Show Episode 52 – Charl van der Walt Chats About Getting Into Infosec & News of the Week

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 52 - Charl van der Walt Chats About Getting Into Infosec & News of the Week
Loading
/

In this episode, Charl van der Walt jions Erich and Javvad as they talk about the news stories related to the new CISA ‘Bad Practices’ guidance, My Book Live devices being remotely wiped, Windows print spoolers being weaponized and data movement by pigeons.

Charl then talks about what it’s like being a CEO, what he looks for in potential employees, the state of security organizations in South Africa, the value of certifications and more.

Remember to hit the ‘Like’ button, then subscribe and share for more great weekly episoded.

About Charl:
Twitter: @charlvdwalt
LinkedIn: https://www.linkedin.com/in/charl-van-der-walt/

Orange Cyberdefense: https://www.linkedin.com/company/orange-cyberdefense/

Stories from the show:

CVE-2021-1675: Proof-of-Concept Leaked for Critical Windows Print Spooler Vulnerability:
https://www.tenable.com/blog/cve-2021-1675-proof-of-concept-leaked-for-critical-windows-print-spooler-vulnerability

Hackers use zero-day to mass-wipe My Book Live devices:
https://www.bleepingcomputer.com/news/security/hackers-use-zero-day-to-mass-wipe-my-book-live-devices/

Bad Practices:
https://www.cisa.gov/BadPractices

 

BONUS STORY:

In Africa, A Pigeon Transfers Data Faster Than The Internet:

https://www.wired.com/2009/09/in-africa-a-pigeon-transfers-data-faster-than-the-internet/

IP over Avian Carriers with Quality of Service:

https://datatracker.ietf.org/doc/html/rfc2549

 

The Jerich Show Episode 51 – John McAfee Dead, Cryptobros Vanish with $2.2B and FB Takes On Privacy

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 51 - John McAfee Dead, Cryptobros Vanish with $2.2B and FB Takes On Privacy
Loading
/

In this episode Javvad and Erich discuss the death of John McAfee, a story where 2 brothers in South Africa disappear under mysterious circumstances (and along with $2.2 billion in BTC) and, Facebook calls out Apple by funding an attempt at an academic-ish paper, as they strive to protect you from the evils of monopolistic behavior (or maybe just to protect their own profits). All this and more in this episode!

Be sure to like, subscribe and share!

Javvad’s Interview with John McAfee:
https://www.youtube.com/watch?v=xHuVW63ceSQ

Stories from the show:

John McAfee found dead in Spanish prison after his extradition to the US was approved:
https://www.cnn.com/2021/06/23/tech/john-mcafee-death/index.html

South African Brothers Disappear, Along With $2.2 Billion Worth Of Bitcoin:
https://www.forbes.com/sites/emilymason/2021/06/23/south-african-brothers-disappear-along-with-22-billion-worth-of-bitcoin/?sh=4dbd6a3a1a60

Facebook vs. Apple: Here’s what you need to know about their privacy feud:
https://www.cnet.com/news/facebook-vs-apple-heres-what-you-need-to-know-about-their-privacy-feud/

The paper that was published:
Harming Competition and Consumers under the Guise of Protecting Privacy: An Analysis of Apple’s iOS 14 Policy Updates:
https://papers.ssrn.com/sol3/papers.cfm?abstract_id=3852744

The Jerich Show Episode 50 – Magda de Jager joins us to discuss cyber busts in Kyiv and much more

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 50 - Magda de Jager joins us to discuss cyber busts in Kyiv and much more
Loading
/

In this episode, Javvad and Erich are joined by Magda de Jager (aka Mags) to discuss this weeks news stories, including the Peloton bike vulnerability (or is it?), the takedown of the Clot ransomware gang and credential stuffing attacks targeting the travel and retail industries. Mags also discusses her journey to working in infosec and much, much more!

Please like, share and subscribe

About Mags:
Twitter: @magsdj
LinkedIn: https://www.linkedin.com/in/magdadejager/

Stories from the show:

Ukrainian police partner with US, South Korea for raid on Clop ransomware members:
https://www.zdnet.com/article/ukranian-police-partner-with-us-south-korea-for-raid-on-clop-ransomware-members/

Peloton Bike+ Was Vulnerable to Remote Hacking, Researchers Find:
https://gizmodo.com/peloton-bike-was-vulnerable-to-remote-hacking-researc-1847105097

Travel and retail industries facing wave of credential stuffing attacks:
https://www.zdnet.com/article/travel-and-retail-industries-facing-wave-of-credential-stuffing-attacks/

Scottish word of the day:
Miss PunnyPennie – @Lenniesaurus

https://twitter.com/Lenniesaurus

 

The Jerich Show Episode 49 – Mo Amin joins us for talk about culture, a big pwd dump, MQTT and more

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 49 - Mo Amin joins us for talk about culture, a big pwd dump, MQTT and more
Loading
/

In this episode Javvad and Erich welcome Mo Amin, ——– at ——- as we discuss the Fastly outage, some vulnerabilities in some MQTT handlers, what might be the biggest password dump of all times and we have some serious discussion about company security culture and what that means to an organization.

Don’t forget to like, share and subscribe for more great weekly content!

About Mo:
Twitter:  @infosecmo
LinkedIn: https://www.linkedin.com/in/moamin1/

Stories form the show
One Fastly customer triggered internet meltdown:
https://www.bbc.com/news/technology-57413224

DoS vulns in 3 open-source MQTT message brokers could leave users literally locked out of their homes or offices:
https://www.theregister.com/2021/06/08/mqtt_dos_vulnerabilities/

Largest List of Passwords Ever Has Been Released Online:
https://news.softpedia.com/news/largest-list-of-passwords-ever-has-been-released-online-533160.shtml

The Jerich Show Episode 48 -Jim Zuffoletti Joins to Talk Ransomware, Ransomware and Entrepreneurship

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 48 -Jim Zuffoletti Joins to Talk Ransomware, Ransomware and Entrepreneurship
Loading
/

In this episode, Jim Zuffoletti, CEO & Co-Founder of SafeGuard Cyber, joins the show as we discuss several ransomware attacks from the week, talk about how security has evolved to bring about some signficant challenges securing human and cloud architectures and the data involved, and much, much more. 

Jim’s info:
SafeGuard Cyber: https://www.safeguardcyber.com/
SafeGuard Cyber’s Twitter: @SafeGuard_Cyber
LinkedIn: https://www.linkedin.com/in/jimzuffoletti/

Stories from the show:

REvil, A Notorious Ransomware Gang, Was Behind JBS Cyberattack, The FBI Says
https://www.npr.org/2021/06/03/1002819883/revil-a-notorious-ransomware-gang-was-behind-jbs-cyberattack-the-fbi-says

FUJIFILM shuts down network after suspected ransomware attack
https://www.bleepingcomputer.com/news/security/fujifilm-shuts-down-network-after-suspected-ransomware-attack/

NYC’s Subway Operator and Martha’s Vineyard Ferry Latest to Report Cyberattacks
https://www-wsj-com.cdn.ampproject.org/c/s/www.wsj.com/amp/articles/ransomware-scourge-continues-as-essential-services-are-hit-11622672685

Biden will confront Vladimir Putin about ransomware as cyberattacks increase in US
https://www.usatoday.com/story/news/politics/2021/06/02/joe-biden-discuss-ransomware-putin-amid-rising-cyberattacks/7508957002/

Effectuation.org
https://www.effectuation.org/

The Jerich Show Episode 47 – Breach laws, Russian Marketplaces and Attacks on Japan

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 47 - Breach laws, Russian Marketplaces and Attacks on Japan
Loading
/

In this episode, Erich is recovering from a minor spinal surgery an hour before recording and Javvad makes him discuss topics ranging from the FBI notice about Conti attacking hospitals and first responders, the governement attempting to get control of data breaches, a huge illegal Russian dark web market and recent Japan hacks

Don’t forget to like, share and subscribe!

Links from the show:

The most important link in the list –  恋のセキュリティホール〜HACK SONG〜:
https://www.youtube.com/watch?v=ZQlvY5UfjeE

FBI Flaaaaaash:
https://www.documentcloud.org/documents/20785301-conti-ransomware-attacks-impact-healthcare-and-first-responder-networks-bc-5-20-21

Senators roll out bipartisan data privacy bill:
https://www.theverge.com/2021/5/20/22444515/amy-klobuchar-data-privacy-protection-facebook-state-laws

Illegal Drug Trade Fuels $1.37B in Crypto Transactions at Russian Dark Site:
https://www.ecommercetimes.com/story/87146.html

Japanese government agencies suffer data breaches after Fujitsu hack:
https://www.bleepingcomputer.com/news/security/japanese-government-agencies-suffer-data-breaches-after-fujitsu-hack/

Japan predicts hacker attack on Tokyo Summer Olympics by Russian hackers:
https://www.ehackingnews.com/2021/05/japan-predicts-hacker-attack-on-tokyo.html

The Jerich Show Episode 46 – Cloud Camera Woes, and Andra Zaharia Talks Cybersecurity Marketing

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 46 - Cloud Camera Woes, and Andra Zaharia Talks Cybersecurity Marketing
Loading
/

In this episode, Javvad and Erich welcome Andra Zaharia to the show as they talk about an issue with an update to servers behind some cloud cameras that allowed people to view other feeds, how a Russian keyboard can stop malware and about infosec marketing, both externally to customers and internally to your leadership.

Stories: Bug Exposes Eufy Camera Private Feeds to Random Users

https://threatpost.com/eufy-cam-private-feeds/166288/

Russian keyboards can stop ransomware?

https://www.newstalk.com/news/russian-keyboard-could-protect-you-from-potential-cyber-hack-expert-says-1197842

 

About Andra:
Twitter: @AndraZaharia
LinkedIn: https://www.linkedin.com/in/andrazaharia/
Website: https://andrazaharia.com/

Resources she recommended:
 Impersonation example: https://twitter.com/kat_boogaard/status/1361769043267645440

Thanks for the Feedback: The Science and Art of Receiving Feedback Well by Douglas Stone, Sheila Heen – https://www.goodreads.com/book/show/18114120-thanks-for-the-feedback?ac=1&from_search=true&qid=BNKechN2EP&rank=1 

Nonviolent Communication: A Language of Life by Marshall B. Rosenberg – https://www.goodreads.com/book/show/71730.Nonviolent_Communication?ac=1&from_search=true&qid=o3Ar8B4VcH&rank=1 

The Mom Test: How to talk to customers & learn if your business is a good idea when everyone is lying to you by Rob Fitzpatrick – https://www.goodreads.com/book/show/52283963-the-mom-test?ac=1&from_search=true&qid=7KBV7NvPN8&rank=1 

What To Do When It’s Your Turn (and it’s always your turn) by Seth Godin – https://www.goodreads.com/book/show/23665356-what-to-do-when-it-s-your-turn?ac=1&from_search=true&qid=njWuQP6RrB&rank=1

Her list of people to follow who will instantly make your timeline a source of good convos – https://twitter.com/i/lists/967424242961801217/members

The Jerich Show Episode 45 – CIA, government meddling, another data breach and a bug bounty for good

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 45 - CIA, government meddling, another data breach and a bug bounty for good
Loading
/

This week Erich and Javvad talk about the issues of law enforcement making changes to private companies servers, the spotting of some CIA malware, another government data breach and an awesome bug bounty story. 

Listen, like and subscribe!

 

Links from the show:

This software update is deleting botnet malware from infected PCs around the world

https://www.msn.com/en-us/news/technology/this-police-update-is-now-deleting-botnet-malware-from-infected-pcs-around-the-world/ar-BB1g3Prr?ocid=BingNews

 

Security firm Kaspersky believes it found new CIA malware

https://therecord.media/security-firm-kaspersky-believes-it-found-new-cia-malware/

 

Wyo Health Department Data Breach Exposes Info From 165K Wyomingites

https://cowboystatedaily.com/2021/04/27/wyoming-department-of-health-sees-data-breach-of-165k-wyomingites/

 

Researchers Secure Bug Bounty Payout to Help Raise Funds for Infant’s Surgery

https://www.vice.com/en/article/m7eaqv/researchers-secure-bug-bounty-payout-to-help-raise-funds-for-infants-surgery

 

The Jerich Show Episode 44 – Japanese Biker tricks the Internet, McDonalds Ice cream makers & more

The Jerich Show Podcast
The Jerich Show Podcast
The Jerich Show Episode 44 - Japanese Biker tricks the Internet, McDonalds Ice cream makers & more
Loading
/

In this episode, Erich and Javvad discuss a 50-year-old male Japanese motorcycler that tricked his fans in to believing he was a 20-something-year-old female with digital face swap trickery, How McDonalds $18k ice cream machines have a dirty little secret, and maybe a fix for that with a Raspberry Pi, and free or cheap alternatives to some popular graphics design programs.

All this and more. Don’t forget to watch, like and subscribe below

Stories from the show: 

Face editing: Japanese biker tricks internet into thinking he is a young woman
https://www.bbc.com/news/world-asia-56447357

They Hacked McDonald’s Ice Cream Machines—and Started a Cold War
https://www.wired.com/story/they-hacked-mcdonalds-ice-cream-makers-started-cold-war/

Farmers Are Having to Hack Their Own Tractors Just to Make Repairs
https://www.thedrive.com/news/39158/farmers-are-having-to-hack-their-own-tractors-just-to-make-repairs

Sonos explains why it bricks old devices with ‘Recycle Mode’
https://www.theverge.com/2019/12/30/21042871/sonos-recycle-mode-trade-up-program-controversy

Adobe Early Cancellation Fee Stirs Up Controversy On Twitter; Leaves Users Enraged
https://www.republicworld.com/technology-news/apps/adobe-early-cancellation-fee-stirs-up-controversy-on-twitter-leaves-users-enraged.html

Adobe Alternatives
https://www.patreon.com/posts/26834357