The LastPass Attack Gets Worse, What is Gamification, Signal’s Encryption Standoff
Popular password manager LastPass suffered a second attack that lasted for over two months. Now new and disturbing information is being released about the attack. Scott discusses the benefits and challenges of using gamification in security awareness training, emphasizing the importance of individual learning before employing it at the business ... Read More
Twitter’s Paywall 2FA, Mental Health Data for Sale, Meta’s Verified Program
Twitter is phasing out its free text message two-factor authentication (2FA) and putting the feature behind a paywall, prompting security experts to advise Twitter users to switch to other authentication methods. How data brokers are selling sensitive mental health data for a few hundred dollars with little attempt to hide ... Read More
Reddit Hacked, Preventing Accidental Location Sharing, Developer Hacks His Own Company
Reddit announced that it was the victim of a phishing attack aimed at its employees, resulting in unauthorized access to internal documents, code, and some unspecified business systems. Advice on managing device location-tracking settings to ensure you’re not sharing your location inadvertently. The case of former Ubiquiti employee, Nickolas Sharp, ... Read More
Layoffs, Recruiting, and The Year Ahead for Cybersecurity Job Seekers
In this episode host Tom Eston sits down with Kathleen Smith, Chief Outreach Officer at ClearedJobs.net, to discuss the current state of the job market in the cybersecurity industry. With a recent surge in layoffs, Kathleen provides advice for those who were recently let go and discusses how the economic ... Read More
Password Managers Under Attack, Shady Reward Apps on Google Play, Meta Account Center 2FA Bypass
The attacks on password managers and their users continue as Bitwarden and 1Password users have reported seeing paid ads for phishing sites in Google search results for the official login page of the password management vendors. Not only that, a new vulnerability in the popular open-source password management software KeePass ... Read More
U.S. ‘No Fly List’ Leaks, AI-Powered Phishing, Wi-Fi Used to See Humans Through Walls
A hacker discovered a copy of the US No Fly List, which contains the names of people banned from traveling in or out of the US on commercial flights, on an unsecured Jenkins server connected to a commercial airline. Will AI-powered phishing become a threat for organizations? Scientists from Carnegie ... Read More
Social Zombies Revisited: Your Friends Want to Eat Your Brains
On this week’s episode, We’re excited to bring you a classic conference talk that Tom Eston gave with co-host Kevin Johnson back in 2009 at DEF CON 17 in Las Vegas. The talk is called “Social Zombies: Your Friends Want to Eat Your Brains” and it explores the various risks ... Read More
Meta’s EU Ad Practices Ruled Illegal, Twitter API Data Breach, Vulnerabilities in Major Car Brands
Facebook has been ordered to pay a fine of $414m by EU regulators who ruled that the company had broken EU law by forcing users to accept personalized ads. The ruling could have a major impact on Facebook’s advertising business in the EU, which is one of the company’s largest ... Read More
LastPass Password Vaults Stolen, Pig Butchering Scams, Okta Source Code Theft
Things get worse for LastPass as a security breach in November resulted in the theft of customer data, including encrypted password vaults and unencrypted web addresses. Pig butchering scams, a variation of business email compromise and romance scams, are on the rise. How do they work and what do you ... Read More
How to Stop Online Tracking: 3 New Ways
In this episode host Tom Eston discusses one of the biggest privacy concerns people have today, online tracking by companies and advertisers. Tom will cover the following topics, tips, and new techniques to help you stop being tracked: Why should we be concerned about online tracking? How to enable and ... Read More
