Sign up to save your podcasts
Or
Share Episode 335 - Web 3 and Scams - a Hack-in-the-Box takeaway
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 335 - Web 3 and Scams - a Hack-in-the-Box takeaway
Jane Lo, Singapore Correspndent speaks with Zoltán Balázs, Head of Vulnerability Research at CUJO AI. CUJO AI is a company focusing on home IoT Security. Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras. Zoltán has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking. Proud OSCE. In this on-site interview at “Hack-in-the-Box” held at the Singapore Intercontinental Hotel, Zoltán gives some highlights of his presentation on “Web3 + Scams = It’s a Match!” Sharing his perspective on what the Web3 world encompasses – including non-fungible tokens (NFTs) – he explains how some of the over-valuations reported in the media for NFTs may leave an impression of fraud and scams. He also points out how some of the old fashion investment scams such as “rug pulls” and “pump and dump” still plagues the Web3 world. One common tactic, such as preying on victim’s “fear of missing out” (FOMO) on an attractive investment, can also be seen in the promotion of Bored Apes Yacht Club NFT collection. Zoltán also outlines a highly notable scam known as the “Squid Game” rug pull, where the combination of the ease of creating tokens, and the popularity of the Netflix TV show lured victims to put money into the fraudulent investment scheme. To avoid falling victim to one of the scams, Zoltán’s advice is “take time, don’t rush.” Recorded on-site at the Singapore Intercontinental Hotel in Bugis, 26th August 2022, 11am Singapore Time.
View all episodes
By MySecurity Media
3.9
1919 ratings
Jane Lo, Singapore Correspndent speaks with Zoltán Balázs, Head of Vulnerability Research at CUJO AI. CUJO AI is a company focusing on home IoT Security. Before joining CUJO AI he worked as a CTO for an AV tester company, an IT Security expert in the financial industry for five years, and as a senior IT security consultant at one of the Big Four companies for two years. His primary areas of expertise are penetration testing, malware analysis, computer forensics and security monitoring. He released the Zombie Browser Tool that has POC malicious browser extensions for Firefox, Chrome and Safari. He is also the developer of the Hardware Firewall Bypass Kernel Driver (HWFWBypass), the Encrypted Browser Exploit Delivery tool (#IRONSQUIRREL) and the Sandbox tester tool to test Malware Analysis Sandboxes.
He found and disclosed a vulnerability in IP cameras, and this vulnerability was exploited by the Persirai botnet, running on ˜600 000 cameras. Zoltán has been invited to give presentations at information security conferences worldwide including DEF CON, SyScan360, SAS2018, Virusbulletin, Disobey, Deepsec, Hacker Halted USA, Botconf, AusCERT, Nullcon, Hackcon, Shakacon, OHM, Nopcon, Hacktivity, and Ethical Hacking. Proud OSCE. In this on-site interview at “Hack-in-the-Box” held at the Singapore Intercontinental Hotel, Zoltán gives some highlights of his presentation on “Web3 + Scams = It’s a Match!” Sharing his perspective on what the Web3 world encompasses – including non-fungible tokens (NFTs) – he explains how some of the over-valuations reported in the media for NFTs may leave an impression of fraud and scams. He also points out how some of the old fashion investment scams such as “rug pulls” and “pump and dump” still plagues the Web3 world. One common tactic, such as preying on victim’s “fear of missing out” (FOMO) on an attractive investment, can also be seen in the promotion of Bored Apes Yacht Club NFT collection. Zoltán also outlines a highly notable scam known as the “Squid Game” rug pull, where the combination of the ease of creating tokens, and the popularity of the Netflix TV show lured victims to put money into the fraudulent investment scheme. To avoid falling victim to one of the scams, Zoltán’s advice is “take time, don’t rush.” Recorded on-site at the Singapore Intercontinental Hotel in Bugis, 26th August 2022, 11am Singapore Time.
More shows like Cyber Security Weekly Podcast
View all
Pop Culture Happy Hour
11,592 Listeners
Global News Podcast
7,869 Listeners
WSJ Tech News Briefing
1,658 Listeners
Risky Business
373 Listeners
Security Weekly News (Audio)
33 Listeners
The Daily
113,393 Listeners
Up First from NPR
57,057 Listeners
The Indicator from Planet Money
9,583 Listeners
Cybersecurity Today
178 Listeners
If You're Listening
308 Listeners
Cybersecurity Headlines
138 Listeners
Huberman Lab
29,430 Listeners
The Fin
17 Listeners