Shared Security

In episode 306, noteworthy guest Tanya Janca returns to discuss her recent ventures and her vision for the future of AppSec. She reflects on the significant changes she has observed since her career at Microsoft, before discussing her new role at Semgrep that recently acquired WeHackPurple. Tanya sheds light on her decision to partner with Semgrep, a company that aligns with her vision of providing free resources in the AppSec community. Despite facing a failed acquisition process the previous year, WeHackPurple received multiple acquisition offers, leading to a bidding war. In addition, Tanya shares her optimism about the maturity of AppSec programs, presents her concerns about consolidation in the industry, and highlights the importance of role-based, tailored training. She also reveals her ongoing work on the sequel to her book titled 'Alice and Bob Learn Secure Coding' and hints at the launch of the Semgrep Academy. For our Patreon supporters, don't miss our bonus episode where Tanya shares her biggest career accomplishment and failure, offering invaluable lessons for all!

In this episode, Tom shows off AI generated images of a "Lonely and Sad Security Awareness Manager in a Dog Pound" and the humorous outcomes. The conversation shifts to Apple's upcoming support for Rich Communication Services (RCS) and the potential security implications. Lastly, Tom and Kevin reflect on reports of AI-powered voice cloning scams targeting elderly Americans, and argue that the true issue lies with social engineering rather than the involvement of AI.

In this week's episode of the Shared Security Podcast, hosts Tom Eston, Scott Wright and Kevin Johnson tackle a number of topics related to AI, privacy and security. They begin with an amusing discussion about their respective roles on the podcast, before shifting to big tech's use of user data and whether subscribers should pay to not have their data used. The focus then turns to a recent move by Meta to charge European users who wish to use Instagram and Facebook without ads. Next, they touch on new research from NordVPN about the burdensome length and complexity of privacy policies on popular websites, and offer alternatives for consumers to navigate them. Lastly, the hosts discuss a new executive order by the Biden administration directed towards AI companies, calling for a watermark system to alert consumers when they interact with an AI-enabled product. They express concerns about businesses benefiting from the new AI rules while potentially stifling competition and highlight the need for stronger, enforceable laws to truly protect users' data and privacy.

In this episode we discuss the SEC's charges against SolarWinds' CISO for misleading investors about a major cyberattack. Plus don't miss our discussion about the shady world of "Classiscam Scam-as-a-Service," a very popular cyber criminal service that creates fake user accounts, posts fraudulent reviews, and boosts the reputation of dishonest sellers while defrauding e-commerce platforms.

In this episode, we explore the recent Okta breach where hackers obtained sensitive customer data via unauthorized access to the Okta support system. Next, we discuss the emerging threat of "quishing," a combination of voice calls and phishing that preys on unsuspecting victims. Finally, we discuss Google Play Protect's new feature, "Real-time App Analysis," which enhances Android device security by helping prevent malware from being installed.

Did you know that your mobile phone provider can give data like phone numbers you've called and received, the time and date of those calls, and even your location data to their parent companies, affiliates, and agents? In this episode we show you how to opt out so you can stop your data from being being shared!

In milestone episode 300, Jayson E. Street (a renowned hacker, helper, and human who has successfully robbed banks, hotels, government facilities, and Biochemical companies on five continents) joins us to share what he's been up to recently and to talk about his new role at Secure Yeti. Next, we explore the alarming rise of 'phantom hacker' scams targeting the elderly. The FBI issues a stern warning about these evolving tech support scams that are draining the savings of unsuspecting seniors. We uncover the extent of the issue, with staggering victim losses and disturbing trends. Finally, we unravel the unsettling revelation that private user data from 23andMe has been scraped and is up for sale, raising concerns about credential stuffing attacks, user privacy, and data security. For our Patreon supporters, check out this week's bonus episode where Jayson shares his recent gaming adventures in Starfield and No Man's Sky! If you're not a supporter yet, head to https://patreon.com/sharedsecurity to discover how you can access this exclusive content.

In this episode, we explore the remarkable journey of Tib3rius, a web application hacking expert and content creator. In this engaging conversation, we discuss: - Tib3rius' passion for community education and content creation. What fuels his desire to empower the next generation of cybersecurity professionals? - His expertise and enthusiasm for web application hacking, and we explore the transformative shifts in Application Security over recent years. - If you're new to the industry and aspire to be a web application pentester, don't miss the valuable insights Tib3rius has to offer. - Get the inside scoop on Tib3rius' latest move to TCM Security and his courses, with a spotlight on his upcoming web application security pentesting course! For our Patreon supporters, an extraordinary bonus episode awaits, where Tib3rius unveils two of his most astonishing hacks! This is a discussion you won't want to miss. If you're not a supporter yet, head to patreon.com/sharedsecurity to discover how you can access this exclusive content.

In this episode, we discuss the Mozilla Foundation's alarming report that reveals why cars are the top privacy concern. Modern vehicles, equipped with data-collecting tech, pose significant risks to consumers' privacy, with data sharing even extending to law enforcement. Listen in to our discussion as we explore the urgent need for transparency and *gasp* regulations in the automotive industry. Next, we explore the best practices around password creation and why password requirements are so different between organizations and applications you use every day. Lastly, Sony has suffered two security breaches in the past four months. In their latest breach, we discuss how a zero-day vulnerability led to unauthorized access and the Clop ransomware gang's involvement, affecting thousands of individuals.

In this episode, we explore the growing trend of AI surveillance in corporations, where cutting-edge technology is used to monitor employees, optimize productivity, and raise ethical concerns. Next, we uncover a disturbing Instagram scam that lures unsuspecting victims into a trap, highlighting the deceptive tactics employed by cyber criminals on social media. Finally, discover the startling vulnerabilities in Kia and Hyundai vehicles that make them easy targets for car thieves. We discuss the security flaws, the scale of affected vehicles, and practical steps owners can take to protect their cars. Find out how manufacturers are addressing this issue and what it means for your vehicle's security.

In this episode Matt Johansen, Security Architect at Reddit and Vulnerable U newsletter and YouTube content creator, joins host Tom Eston to discuss Matt's background as one of the original "Security Twits", his career journey, his passion for mental health advocacy, the significance of the recent MGM ransomware attack, and a discussion on the pros and cons of paying ransoms.

In this episode Ryan Davis, Chief Information Security Officer at NS1, speaks with host Tom Eston about the changing role of the CISO, acquisitions, what the biggest challenges are, and Ryan's advice for those considering a career as a CISO. This is one episode you don't want to miss if you're curious what a CISO does, thinking about becoming one, or currently a CISO yourself.

In this episode we discuss the FBI's remarkable takedown of the Qakbot botnet, a saga involving ransomware, cryptocurrency, and the FBI pushing an uninstaller to thousands of victim PCs. Next, we explore how a major U.S. energy organization fell victim to a QR code phishing attack, highlighting the ever-evolving tactics used by attackers. Finally, we discuss the alarming world of personal data exploitation through credit header information and a TransUnion subsidiary, where attackers can dox anyone in America for only $15.

In this episode Luke Jennings VP of Research & Development from Push Security joins us to discuss SaaS attacks and how its possible to compromise an organization without touching a single endpoint or network. Luke talks about his recent SaaS attack research, why SaaS based attacks are different than traditional network based attacks, the SaaS attack matrix which can be used by both red and blue teams, and why its important that this research is shared and talked about in the cybersecurity community.

In this episode, we discuss essential cybersecurity tips for students and educational institutions as they gear up for the school season. From software updates to strong passwords and cybersecurity education, we explore how students and schools can fortify their digital defenses. Next, we navigate the treacherous waters of phishing and related scams, unveiling strategies to outwit malicious links. Hovering over links, cautious email scrutiny, and verification tactics all play a role. Finally, we discuss the surprising policy change by X (formerly Twitter), where blocking faces a major overhaul. Tune in as we discuss the privacy and safety ramifications of this change.