))
There's a lot of cool techy stuff going down in cybersecurity, and we love it. But you can't deny that a lot of the time we humans get forgotten. Our podcast takes a not-so-serious look at issues in security from a human point of view. Covering social engineering to hacker motivations and everything in between, we chat through security stories and themes and what they mean to us: the oft-neglected humans behind the screen. Apart from Kev, Kev is a cyborg. These weekly podcasts come in two ma ...
…
continue reading
NPM packages are getting hacked – so naturally we get Kev on the case to explain the whole thing. If you didn’t know, NPM is the official package manager for Node libraries, a JavaScript language. We’ve seen a big uptake in recent weeks, and some of those NPM packages have been compromised by hackers. They’re clearly targeting developers – and with…
…
continue reading
A plethora of articles have been lighting up our newsfeeds and letting us know that there are new threats on the block: killware, RansomCloud, and extortion. Killware: the next thing we need to worry about. Apparently this is defined as anything that has an outcome resulting in death…Seems quite broad really, and ranges from hackers targeting a wat…
…
continue reading
First story is about someone who was “relieved” of their Bitcoin by some kids wielding malware back in 2018, when it was worth an awful lot less than it is now. There are some techie bits to this, as well as a few ethical and legal issues with the way the perps are being sued, so it’s a cracking story to get stuck into. What do NFTs – non fungible …
…
continue reading
It's a tasty ransomware week this week! Conti face their own internal threat in the shape of a disgruntled affiliate and LockBit has its claws in Accenture. Apple have been fiddling with their privacy settings again which is sending privacy advocates into a frenzy, and Kev tries very hard not to get ranty... *** https://www.bleepingcomputer.com/new…
…
continue reading
C
Cyber Humanity
1
43: Pegasus Project: Winged Horses for Spyware Courses
36:11
36:11
Play later
Play later
Lists
Like
Liked
36:11
As you probably guessed from the title of this episode, this week is all about spyware and the Pegasus project. This all kicked off when a consortium of 16 media outlets reported the alleged widespread and continuing abuse of NSO’s hacking spyware called Pegasus. The company insists that it is only used against criminals and terrorists – but is it?…
…
continue reading
C
Cyber Humanity
1
42: Hey Ya Kaseya: MSPs as unwitting attackers
46:34
46:34
Play later
Play later
Lists
Like
Liked
46:34
Kaseya, Kaseya, Kaseya... How could we release an episode this week WITHOUT talking about the calamity at Kaseya? If you hadn't heard, the ransomware gang REvil has leveraged a vulnerability in Kaseya's VSA software against multiple MSPs and their clients. Oh dear. So what is it? Bog standard ransomware? Supply chain compromise? Zero-day exploit? I…
…
continue reading
There’s a lot to cover in this week’s episode, so brace yourself because we’ve got newsflashes and stone-cold facts flying your way. First up, despite what Chris thinks, people do still use printers. Now, researchers in China have found (and accidentally disclosed) a critical Windows zero-day affecting Print Spooler. Cue much printer hate, as well …
…
continue reading
EA have been hacked to the tune of 780GB of their source code which has now found itself for sale on various dark web forums. While they confirmed that they’d suffered a data breach, they’d offered no insight into how it happened. Until now… Moving from EA to AI, research shows that AI can now convincingly mimic cybersecurity and medical experts, w…
…
continue reading
C
Cyber Humanity
1
39: The Crime That Pays: Ransomware Special
47:35
47:35
Play later
Play later
Lists
Like
Liked
47:35
From fake antivirus to scareware, ransomware has been around and evolving for…a while. But only now has it really hit the mainstream headlines, with attacks on critical infrastructure and "mega breaches" apparently becoming a weekly occurrence. And we’re now in the age of ‘Ransomware as a Service’, with affiliates and gangs becoming more prolific t…
…
continue reading
C
Cyber Humanity
1
38: Ransom Laundering: Can We Ban Crypto?
40:08
40:08
Play later
Play later
Lists
Like
Liked
40:08
The topic of the day is cryptocurrency – and whether banning it could help fight ransomware. We know that criminal gangs (OCGs for all those Line of Duty fans out there) are big fans of crypto for their nefarious deeds, so the issue goes much further than ransomware. Even so, a ban on crypto wouldn't stop ransomware – it would just be a bump in the…
…
continue reading
C
Cyber Humanity
1
37: Imperfect People, Vulnerable Applications
52:31
52:31
Play later
Play later
Lists
Like
Liked
52:31
So it turns out that 81% of developers have knowingly released vulnerable applications into the wild. Worrying, right? And that's the topic of conversation on today's episode: how do imperfect people lead to vulnerable applications and, most importantly, what we can do about it. Chris is joined by OWASP experts, Andrew van der Stock and Brian Glas,…
…
continue reading
Welcome back to Cyber Humanity! We've got our shades on and we're ready for a busy summer of cyber. And what better way to herald our return than with a news story that's been hitting every headline? Unless you've been living under a rock, you must have heard of the Colonial Pipeline ransomware attack. Basically, ransomware hit pipeline, pipeline g…
…
continue reading
C
Cyber Humanity
1
35: Exchange Hack: We don’t need no attribution
35:42
35:42
Play later
Play later
Lists
Like
Liked
35:42
We haf to talk about HAFNIUM. You can't have missed the news of the Exchange Server hack that's been running the InfoSec world in circles for the past few weeks. Of course we had to get the crew together to go through all things Exchange! From attribution and exploitation to... deception? We dip our toes in some tasty conspiracy theories (because w…
…
continue reading
We love looking at how to hack things you didn't think would or could be hacked. Last time, it was an election. This time, it's cars. We're joined by car hacking expert, Mark Adams, to help us navigate our way through these murky waters. From car jacking to car hacking, we take a deep dive into CANBus, the potential motivations for hacking a vehicl…
…
continue reading
Have you ever lost an irretrievable password? Max knows that pain – as does a certain programmer from San Francisco who is one lost password away from $250million in Bitcoin. Ouch... Next up, the Parler palaver. Trump has been 'de-platformed' and Parler is seeing huge back-lash for its role in recent political happenings. And just when you thought …
…
continue reading
C
Cyber Humanity
1
32: Breaches, Damned Breaches, and Statistics
53:25
53:25
Play later
Play later
Lists
Like
Liked
53:25
SolarWinds and SUNBURST are still consuming the Infosec community and a few things have happened since our last episode. Since the Department of Justice has admitted that they were breached and that email inboxes were accessed, Kev tells us just how bad it is. We cover the saga from all angles, from Jetbrains to attribution and techniques to stock …
…
continue reading
Unless you’ve been living under a rock for the past few days, you would have heard about Sunburst – a sprawling cyberattack allegedly masterminded by Russian nation-state hackers, UNC2452 (also known as Cozy Bear). Because we love talking about stuff like this, we couldn’t resist getting the crew together to go over the events of the past few days …
…
continue reading
All aboard the hype train! We jump straight into the latest news that the supply "cold chain" for the much-awaited COVID vaccine could have been compromised. Apparently, a cyber espionage campaign has targeted the supply chain for the cold storage. BUT – and this is a big but – this all sounds a little tenuous to the team. Considering we didn't eve…
…
continue reading
As part of our series on the Psychology of Cyber, we're joined by special guests, Rebecca McKeown and Swati Singh to discuss the human challenges that are inherent in cyber crises. We take a deep dive into how do organizations prepare for the worse – and how their all important human capabilities factored in. Rebecca McKeown is a Psychologist speci…
…
continue reading
You might have guessed from the title, but in this episode, we’re looking at how to hack an election. It’s basically one long “hackers could…” feature. We cover everything from outright deception to social engineering to power cuts to…well, real hacking. Naturally, we couldn’t have this conversation without Cambridge Analytica, the 2016 election an…
…
continue reading
C
Cyber Humanity
1
27: Incubating Security: Cyber’s Thriving Startup Scene
45:37
45:37
Play later
Play later
Lists
Like
Liked
45:37
Things are a little different chez Cyber Humanity this week, as we're joined by cyber start-up savants, Grace Cassy of Cylon and Rob Newby of Procordr. We hear about how our guests fell into cybersecurity (always an interesting topic of conversation) and what's being done to produce and nurture more quality security start ups, particularly in the U…
…
continue reading
First up in today's episode: 16,000 confirmed COVID-19 cases mysteriously go missing from an Excel spreadsheet as part of the UK's 'track & trace' system. We don't like to speculate, but it looks like someone might have been using a legacy version of Excel... But Kev tries hard to stay upbeat about it all. Experienced fraudsters have made off with …
…
continue reading
It's that time of the month: Patch Tuesday October 2020 has just passed so naturally we need to talk about it. Kev has clearly been bottling up some feelings about Bad Neighbor/ping of death attacks, and we wonder whether the hype is really merited. Next up, the most famous ballerina in cyber. If you've been anywhere near Twitter over the past few …
…
continue reading
We love stories about the Dark Web – and we're apparently not alone in that. This week, we're talking about HackTown, which seems to be Hogwarts for wannabe hackers (just without the...magic). HackTown promises to teach registrants how to become professional cyber criminals in 2020, which is both amusing and intriguing. The HackTown/Dark Web chat b…
…
continue reading
C
Cyber Humanity
1
23: Watch Your Wrist: The Fitbit Spyware Special
45:17
45:17
Play later
Play later
Lists
Like
Liked
45:17
This episode is a little different to normal – and all because Kev went poking around in Fitbit. Kev, doing what Kev does, found a flaw in the Fitbit App Store that allowed him to deliver a malicious application from fitbit.com. The spyware/stalkerware was capable of stealing everything from location and personal body data to to connection got comp…
…
continue reading
First up in this week’s episode is news that, as part of its ‘notarization’ process, Apple approved code used by Shlayer, the most common threat faced by Macs last year. Is it reasonable to expect Apple – or any app store – to keep their entire ecosystem squeaky clean at all times, or is it up to the user to always be sceptical about what they’re d…
…
continue reading
C
Cyber Humanity
1
21: When Sysadmins Attack: The Snowden Edition
44:54
44:54
Play later
Play later
Lists
Like
Liked
44:54
We want to talk about Edward Snowden. It’s harder than you would imagine, considering most of the Cyber Humanity team have at some point worked for government agencies and therefore can’t quite remember what they do and “don’t” know about him. Even so, he’s still in the public eye even after all this time, and there are certainly some lessons to be…
…
continue reading
What’s been bugging the team recently? Slack’s bug bounty – if it can even be called that – causes some consternation in this episode and raises serious questions about bug bounty programs. The bug in question was classified as a ‘critical’ RCE vulnerability and yet the researcher who discovered it only got $1750. Yup, you read that right. Apparent…
…
continue reading
We have a vaccine! No, not that one. The Emotet vaccine has been quietly doing the rounds over the last few months. Kev gives a nice overview of malware vaccines and how this particular one works. We also chat about circles of trust, old boys’ networks and secret handshakes, and the part they pay in intelligence sharing and international collaborat…
…
continue reading
If you notice the team being a little bit more careful with their words than usual, it's because the topic of this episode is...a SANSitive one. We'll leave it like that, shall we? We also chat about the NCC/CREST/GitHub debacle, which sparks debate over how valuable certifications are when they can be played with 'leaked' step-by-step guides. Is t…
…
continue reading
The dust from Garmin's scrimmage with WastedLocker is just about settling – potentially at the cost of $10 million dollars. Kev sheds light on the matter from a technical standpoint, and we learn why it's really unlikely Garmin would have been able to decrypt their files without paying up to the perpetrators. It seems we can't go a week without tal…
…
continue reading
C
Cyber Humanity
1
16: Child's Play: The Kids That Took Twitter
26:35
26:35
Play later
Play later
Lists
Like
Liked
26:35
As you might have guessed from the title, the Twitter hack is the focus of this episode – specifically, the kids behind the attack. Why are youngsters so much more likely to turn to cyber crime? How can we guide them onto a more ethical path, while still giving them the opportunity to explore their incredible cyber talents? Kev shares a blast from …
…
continue reading
He ransomware, she ransomware, they all ransomware! Yup, you guessed it: this week's episode is all about ransomware. We start with Garmin's interesting handling of their recent tryst with WastedLocker, which largely involved them saying nothing at all to anyone. Then we move on to Blackbaud, who took the opposite stance by telling everyone everyth…
…
continue reading
Imagine our surprise when we were casually browsing Twitter one evening and then got offered $2,000 for every $1,000 we sent to Jeff Bezos. Now that's a good deal... Naturally our curiosity was piqued and in today's episode we take a deeper look at this high profile hack. Apparently you can now hack chargers to destroy devices. What a world we live…
…
continue reading
The one that got Huawei. We discuss the controversy around the Chinese company and the role it plays in the UK’s network, which has been rumbling on for years. Now it seems to be coming to a head – and headlines proclaiming the potential for the ‘9/11 of cybersecurity’ aren’t helping matters… Next, we need to do talk about TikTok. Or do we? Is it a…
…
continue reading
In this week’s episode, we take a look at the recent critical vulnerabilities in F5, which scored a perfect 10 CVSS score, and Kev sheds some light on what made it such a perfect storm. We also have a little think about why companies with the most security tools and platforms in place feel the least secure. Does more always mean better? Next, we de…
…
continue reading
In this week’s episode, we revisit the thin blue line, this time with a focus on a Wikileaks-style data dump called ‘Blue Leaks’. 270GB of police data – 24 years’ worth from over 200 departments – was leaked in what has been dubbed ‘a more transparent alternative to Wikileaks’. Could it be a catalyst for change or a danger to life? We also spin the…
…
continue reading
In this episode, we take a look at some recent faux-pas that have been making headlines. Facebook helps develop a zero-day exploit in Tails to catch a prolific predator and then keeps it all very quiet. A South African bank discovers what happens when a single master key can decrypt literally everything – and one of their employees decides to print…
…
continue reading
In this episode we take a much closer look at the applications of Open Source Intelligence (OSINT) in both offensive and defensive operations, including Paul's growing excitement about the dark web (mainly because he thinks it sounds like Geocities. Google it, kids).By Immersive Labs
…
continue reading
Now it's automotive giant Honda's turn to fall victim to what seems to be a fairly crippling cyberattack. And while they aren't giving anything away, it seems cloud malware analyzer VirusTotal did have enough accessible information to tip off security researchers that Snake ransomware was the culprit. We also dive into Dark Basin with a look at The…
…
continue reading
We all really hope no government agencies are listening as Paul gets excited about a new career as a cyber vigilante. How do the police actually go about investigating cybercrime? And a lawsuit filed against Google says that it's really Chrome's Incognito that's spying on us. 5G Bioshield: https://www.bbc.co.uk/news/technology-52810220 Exim vulnera…
…
continue reading
Cyberattacks are the darling of both mainstream and industry media. But this is a double-edged sword? It seems like too often the hype around a new type of threat overtakes the real risk it poses. We take a cheeky look at some vulnerabilities from yesteryear as Paul plays quizmaster.By Immersive Labs
…
continue reading
This episode could be entitled: REvil III as they make a further unwelcome appearance on our show. Now they are demanding a huge ransom from no lesser figure than the President of the United States himself, does that make them terrorists? And Kev went digging around in the Anubis Android malware only to make a quite shocking discovery. REvil and Tr…
…
continue reading
It is weird that we each picked different threats to talk about and two of them were named after near-eastern gods, including the patron of lost souls and the helpless. Speaking of helpless, Max gets mired in a MAR. And just why are there so many bits of Brazilian banking malware?By Immersive Labs
…
continue reading
There was much flailing of arms recently as an international examination body decided to rank a CISSP at the same level as a Master's Degree. Kev flexes his honeypots and talks Saltstack. And Paul takes a closer look at a newly discovered Evil Maid with a distinctly Bond-esque moniker.By Immersive Labs
…
continue reading
The first of our episodes recorded in lockdown. We take a closer look at accusations of poor security thrown at Zoom, the plucky little video conferencing company that has eaten the world. Is it really all that bad or just a storm in the infosec twitter-cup? Also, as a little bonus we round up the very worst COVID-19 scams.…
…
continue reading
At the dawn of 2020, foreign exchange company Travelex had something of a New Year cyber nightmare. In this episode we discuss what happened, how they responded and whether paying the ransom is ever the right thing to do.By Immersive Labs
…
continue reading
