Shared Security

Period tracker apps are causing privacy concerns because they could potentially be used against women in states that ban abortion, new research shows that vendors are being impersonated more than employees in Business Email Compromise (BEC) attacks, and details on the first ever bug bounty program from the creators of the LockBit ransomware operation.

The Tim Hortons mobile app created a “a mass invasion of Canadians’ privacy" by conducting continuous location tracking without user consent even when the app was closed, what is a social engineering kill-chain and how can this help understand and prevent attacks, and new research shows 33 out of the top 100 hospitals in America are sending sensitive heath information to Facebook via the Meta Pixel ad tracking tool.

A new bipartisan privacy bill, the American Data Privacy and Protection Act, "could" be the first privacy legislation in the US not doomed to fail, a story about why you should delete your location and private data in your car's navigation system before selling it, and details on Firefox's new privacy feature called "Total Cookie Protection".

This week we discuss hacking ham radio with special guests Caitlin Johanson, Rick Osgood, and Larry Pesce. In this episode you'll learn what ham radio is, why its still relevant, why would attackers want to hack ham radio, all about packet radio and APRS (Automatic Packet Reporting System), and what equipment and licensing you need to get started in ham radio.

The DuckDuckGo mobile browser allows Microsoft trackers due to an agreement in their syndicated search content contract, a database of contact details for hundreds of Verizon employees was compromised after an employee was social engineered to give the attacker remote access to their corporate computer, and details about new research that shows that even when an iPhone running iOS 15 is turned off, its really not off and certain wireless features allow the phone to be located and possibly attacked.

Tanya Janca, founder of the We Hack Purple Academy, Director of Developer Relations and Community at Bright, and author of "Alice & Bob Learn Application Security" joins us to discuss the current state and future of Application Security. In this episode we discuss what Tanya's been up to, what's changed in AppSec over the last several years, have organizations actually moved to DevSecOps, and what the next big thing in AppSec might be.

What is Apple Mail Privacy Protection and how does it hide your IP address, so senders can’t link it to your online activity or determine your location, government authorities such as the FBI and NSA have released a list of top attack vectors used to gain initial access by attackers, and how more companies are deploying privacy invasive surveillance software to monitor their employees at work.

The FBI searched emails, texts and other electronic communications of 3.4 million U.S. residents without a warrant, Apple, Google, and Microsoft have announced they will support a new passwordless sign-in standard created by the FIDO Alliance and the World Wide Web Consortium, and details about how some websites are keylogging your data as you type it into a web form, before you hit submit.

Josh Feinblum is the co-founder of Stavvy, a Boston-based fully integrated digital mortgage platform, where he leads product, engineering, people, and finance. He also serves as a venture partner at F-Prime Capital, where he evaluates and advises startups of all stages across multiple verticals. Josh talks to us about his journey through cybersecurity including his experience as a CISO at Rapid7 and DigitalOcean, and then leaving cybersecurity to start a totally new business. We discuss how his cybersecurity and privacy experience helped build a successful startup and what he's learned along the way. If you're interested in either joining a startup or building your own startup this is one episode you don't want to miss!

Elon Musk buys Twitter for $44 billion so what does this mean for the privacy and cybersecurity of the platform? More than 100 different Lenovo laptop computers contain firmware-level vulnerabilities which is a great reminder about making sure you update the BIOS on your computer. Plus, details about researchers who have created a t-shirt that renders the wearer undetectable to facial recognition technology.

Award-winning security transformation manager and digital anthropologist Lianne Potter joins us to discuss the fascinating topic of digital anthropology and how we can rehumanize cybersecurity. In this episode Lianne discusses how she became a digital anthropologist, how this field applies to cybersecurity, and the one thing organizations need to do to bring the human back into their cybersecurity programs.

More young people seem to be choosing dumbphones over smartphones, but is it because of privacy concerns or because its trendy? John Oliver, host of the ‘Last Week Tonight’ show, used data brokers to obtain lawmakers’ digital footprints and promised to not release the data as long as Congress passes privacy legislation. Plus details about the Cicada state sponsored Chinese hacking group which hid inside their victims' networks for nine months.

Scott and Tom explain why privacy is not dead, why everyone should care about their privacy, and how you should respond to someone that says "I don't care about privacy, I have nothing to hide!". Plus, details on a new attack using fake shopping apps and how a new malware toolkit called "Borat RAT" is no laughing matter.

This week we battle it out between the two mobile tech giants, Google Android vs Apple iOS, and discuss which one is better for your privacy and cybersecurity. Topics include: app stores and OS updates, ad tracking, and native text messaging. All this plus how Apple and Facebook fell for a massive email scam.

The LAPSUS$ hacking group has claimed to have hacked both Microsoft and Okta, details about a novel phishing technique called a browser-in-the-browser (BitB) attack, and how a popular software package that has 1.1 million weekly downloads released a new tampered version to condemn Russia's invasion of Ukraine by wiping arbitrary file contents.