Please enjoy this encore episode.

President Biden's May, 2021 formal compliance mandate for federal civilian executive branch agencies, or FCEBs, to include specific shortterm and longterm deadlines designed to enhance the federal government's digital defense posture. 

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. This week we jump right into stories, Maria shares Apple’s new AI feature and how it is unintentionally rewording scam messages to make them appear more legitimate and flagging them as priority notifications, raising concerns about increased susceptibility to scams. Joe has two stories this week, the first focuses on two individuals, including an inmate using a smuggled cellphone, being charged with defrauding a Sarasota woman of $12,000 in a jury duty scam involving spoofed law enforcement identities and Bitcoin transfers, with authorities urging vigilance against such schemes. Joe's second story is on a LinkedIn job interview turned hacking attempt when a technical challenge contained obfuscated code designed to gather crypto wallet information from the user's computer; the scam highlights the importance of carefully reviewing code and using secure environments like virtual machines during such evaluations. Finally Dave has the story on a prolific voice phishing crew manipulating legitimate Apple and Google services to deceive victims, leveraging advanced phishing kits, social engineering tactics, and automated tools like "autodoxers" to target cryptocurrency holders and high-value individuals for significant financial theft. Our catch of the day comes from listener Keefe, who shares a voicemail from one suspicious sounding Walmart voice.

Resources and links to stories:

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Phase of a typical cyber adversary group's attack sequence, after the initial compromise and usually after the group has established a command and control channel, where the group moves through the victims network by compromising as many systems as it can, by looking for the data, it has come to steal or to destroy.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. Our hosts discuss and ponder whether or not diamonds are the original cryptocurrency, as well as diving further into Yubikeys for organizations. Maria shares the story of a 66-year-old woman who lost her $2 million retirement savings to a romance scam on Match.com, highlighting the rise in such scams and efforts to pass the Online Dating Safety Act to protect users. Joe's story is on the Madoff Victim Fund's final $131.4 million payout, bringing total recoveries to $4.3 billion for victims of Bernard Madoff's infamous Ponzi scheme, which collapsed during the 2008 financial crisis. Dave's got the story on allegations that the PayPal Honey browser extension not only fails to deliver the best deals but also hijacks affiliate revenue from influencers by replacing their links with its own, sparking backlash and controversy. Our catch of the day comes from Reddit and Dave and Maria do their best impressions yet, as a scammer chats up an unsuspecting victim.

Resources and links to stories:

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. 

Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about the year's most impactful cyber trends and incidents—from the Snowflake hack and Operation Endgame to the rise of multi-channel scams and explosive growth in web inject attacks. Ransomware continued to wreak havoc, especially in healthcare, while callback phishing and MFA-focused credential attacks kept defenders on high alert. Join us as we reflect on these challenges and look ahead to what’s next in 2025.

A public list sponsored by the US government and designed to uniquely identify, without the need to manually cross- reference, all the known software vulnerabilities in the world. 

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware of what is out there. First off, our hosts share some follow up, Asher wrote in to discuss follow up on the AI granny. Maria's story covers a "new QR code scam" involving unsolicited packages and brushing tactics, where scammers lure victims into scanning malicious QR codes to steal personal and financial information. Joe's story highlights how the FBI and CISA urge Americans to secure their text messages using end-to-end encryption to combat sophisticated hacking campaigns linked to China's government, which target telecom networks and user data. Dave's story highlights how pallet liquidation scams target buyers with offers of discounted merchandise, warning against red flags like unrealistic prices and unverified sellers. Our Catch of the Day comes from Jim, who shares a suspicious email he received offering a collaboration under the guise of a business partnership, which included overly generic language and an unusual sign-off from "Robert De Niro."

Resources and links to stories:

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

A forensic technique where practitioners capture an entire image of a system and analyze the contents offline.

Please enjoy this encore episode of Hacking Humans.

This week we are joined by Maria Varmazis, host of the N2K daily space show, T-Minus. She discusses how AI is being used as a possible solution to one of the oldest scams in the book in Japan. Dave and Joe share some listener follow up, one from listener Alan and one from Clinton, who both write in about a recent episode and they share their thoughts on the story of Charlotte Cowles being scammed out of $50,000. Dave shares a story about calendar meeting links, from Calendly, a popular application for scheduling appointments and meetings, being used to spread mac malware. Joe shares write ins from several listeners, some writing in to share experiences with scams they have come across, others writing to warn others on scams they have seen used in the real world. Our catch of the day comes from Zach with an oddity, getting scammed by mail!

Please take a moment to fill out an audience survey! Let us know how we are doing!

Links to the stories:

You can hear more from the T-Minus space daily show here.

Have a Catch of the Day you'd like to share? Email it to us at [email protected].

Please enjoy this encore episode of Word Notes.

A supply chain cybersecurity accreditation standard designed for the protection of controlled unclassified information that the U.S. Department of Defense, or DoD, will require for all contract bids by October, 2025.