Shared Security

On this week's episode, We're excited to bring you a classic conference talk that Tom Eston gave with co-host Kevin Johnson back in 2009 at DEF CON 17 in Las Vegas. The talk is called "Social Zombies: Your Friends Want to Eat Your Brains" and it explores the various risks and concerns related to malware delivery through social networking sites. We discuss how social networks make money and the privacy and security issues that arise due to the trust built on these platforms. We also delve into typical botnets and bot programs, and examine the delivery of malware through social networks and the use of these networks as command and control channels. Interestingly, not a lot has changed in terms of the privacy and security of social networks since we gave this presentation, so it's still highly relevant today. We hope you enjoy revisiting this classic talk with us this week on the Shared Security Show!

Facebook has been ordered to pay a fine of $414m by EU regulators who ruled that the company had broken EU law by forcing users to accept personalized ads. The ruling could have a major impact on Facebook's advertising business in the EU, which is one of the company's largest markets, if it is required to make changes to its advertising practices. A hacker has claimed to have the personal data of 400 million Twitter users for sale on the dark web. Attackers have also released the account details and email addresses of 235 million users for free. The information was exposed due to a Twitter API vulnerability shipped in June 2021 and later patched. Security researchers have identified security vulnerabilities in the connected vehicle APIs of 16 major car manufacturers, including Acura, BMW, Ferrari, Ford, Genesis, Honda, Hyundai, Infiniti, Jaguar, Kia, Land Rover, Mercedes-Benz, Nissan, Porsche, Rolls Royce, and Toyota.

Things get worse for LastPass as a security breach in November resulted in the theft of customer data, including encrypted password vaults and unencrypted web addresses. Pig butchering scams, a variation of business email compromise and romance scams, are on the rise. How do they work and what do you need to know to protect yourself? Okta, a major identity and authentication company, has suffered another security breach following the "suspicious access" to its code repositories on Github.

In this episode, Tom Eston discusses one of the biggest privacy concerns people have today, online tracking by companies and advertisers. Tom will cover the following topics, tips, and new techniques to help you stop being tracked: Why should we be concerned about online tracking? How to enable and configure the privacy settings in your web browser How your smartphone has privacy settings to block online tracking Using a privacy focused search engine

In our last episode of the year, we discuss the year that was 2022. What did we get right? What did we get wrong? And what are our cybersecurity and privacy predictions for 2023? Thank you to all of our listeners for a great year! We're looking forward to bringing you more content, news, tips, and advice in 2023! Happy New Year!

Apple is considering giving third-party app stores access to its iPhones and iPads in the European Union (EU) to comply with new competition law. Will the "sideloading" of apps change Apple's walled garden of security? Lensa the AI app that creates artistic profile pictures has gone viral. What are the privacy risks and what does their privacy policy and terms of service really say? A group of four graduate students from Wuhan University in China have developed a coat that they claim is invisible to AI-powered security cameras. How does the coat work and will this technology be used by the Chinese government to improve mass surveillance? Thanks to NordLayer for sponsoring this episode! As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity

A chatbot developed by OpenAI, called ChatGPT, has gone viral and is able to mimic human language and speech styles and can interact with users in a conversational way. It can be used for a range of purposes, including writing code, talking like a "Valley girl", and even podcast introduction scripts. Attackers broke into a cloud storage service used by password manager LastPass to gain access to "certain elements" of customers' information. Details on Apple's three new advanced security features to protect user data in iCloud. Thanks to NordLayer for sponsoring this episode! As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity

In this sponsored episode co-host Tom Eston discusses SASE (Secure Access Service Edge) and if its more than just the latest cybersecurity buzzword with Carlos Salas from NordLayer. Topics include: - What is SASE (Secure Access Service Edge)? - What's the difference between SASE and SSE (Security Service Edge)? - What challenges/problems do companies encounter while trying to secure cloud networks? - Why would companies need a SASE solution? - Some crucial features of SASE and SSE (Zero Trust Network Access, Cloud Access Security Broker, Secure Web gateway, Firewalls-as-a-Service, Data Loss Protection (DLP), SD-WAN) - What has been and will be the intersection between remote or hybrid work and an organization's cybersecurity needs? Thanks to NordLayer for sponsoring this episode! As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity.

A recent data breach of 5.4 million Twitter users and Meta being fined $265 million dollars from a 2021 data leak, and people are fleeing Twitter because of Elon Musk. Are we finally seeing a tipping point in social media? What is the TikTok “Invisible Challenge” and how links to fake "unfilter" software is being used to spread malware. Police in San Francisco will be allowed to deploy killer, remote-controlled robots in emergency situations. What could possibly go wrong?

This week we continue our series on how to break into a cybersecurity career with long time industry veteran, Rob Fuller (Mubix). Rob speaks with us about how he started his career in the Marine Corps, his time on Hak5, and more recently earning his Masters degree. Rob also talks about how these experiences has shaped his career, his best career advice to someone just starting out, and the importance of getting yourself out there and doing the things you enjoy!

Twitter users are migrating en masse to Mastodon! So what is Mastodon and what do you need to know about it from a security and privacy perspective? Twitter was flooded by a wave of imposter accounts after the $8 "verification" label fiasco, and details about the largest multi-state privacy settlement in the US where Google has agreed to pay $391 million to resolve an investigation into how the company tracked users’ locations. Plus, you don't want to miss Tom's Canadian dad jokes!

Matt Scheurer, host of the ThreatReel Podcast and Assistant Vice President of Computer Security and Incident Response in a large enterprise environment, joins us to discuss starting a career in digital forensics and incident response (DFIR). Matt discusses how he got started, his advice to anyone that wants to pursue a career in DFIR, and what the future may hold for the DFIR industry. Thanks to NordLayer for sponsoring this episode! Secure your business network with NordLayer. As a listener of this podcast, get your first month free by going to https://nordlayer.com/sharedsecurity.

Katie Teitler, Senior Cybersecurity Strategist at Axonius and co-host on the popular Enterprise Security Weekly podcast, joins us to discuss the role of cybersecurity in combating midterm election disinformation. We discuss the difference is between misinformation and disinformation, how we can combat disinformation and what are some things about disinformation, private platforms, and free speech, we all need to think about during the midterm election. Plus, you don't want to miss the story about how co-host Kevin Johnson was knocked out unconscious on an airplane!

Rafal Los, host of the popular Down the Security Rabbithole Podcast, joins us to discuss CISO liability risk and the ongoing discussion in the cybersecurity community about CISOs going to jail. Plus, details on the recent (ISC)2 bylaw vote (why you should vote no) and a discussion about the value of cybersecurity certifications.

Two modified wi-fi enabled drones were found on the top of a financial firm's building and used to intercept a employee's credentials, a fun discussion about the best way to physically destroy data on electronics that no longer work, and details about Signal removing SMS support for Android users.