Skip to main content
Cybersmart Security

Cybersmart Security

By Salaudeen Amao

Listen to a helpful take on recent news in cyberspace. In layman terms, Salaudeen Amao gives a breakdown of the ups and downs as it concerns tech, hacking, information security and cybercrime.
The podcast is published every Sunday by midnight and designed to educate you on how to become cybersmart with a 15 minutes long, summary of recent tech related news and cyber events.

Subscribe to Cybersmart security on Apple Podcasts, Google Podcasts or Spotify
Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com
Available on
Google Podcasts Logo
Overcast Logo
Pocket Casts Logo
RadioPublic Logo
Spotify Logo
Currently playing episode

Misinformation or April Fool's Joke; Datascrap on Linkedln, Facebook & Clubhouse And Job Scams

Cybersmart SecurityApr 17, 2021

00:00
19:34
Dangers of Misinformation; to People & country.
Apr 29, 202309:59
DC Health Exchange breach Root Cause revealed, Western Digital Hackers Request Ransom,& more.

DC Health Exchange breach Root Cause revealed, Western Digital Hackers Request Ransom,& more.

In this episode, we discuss DC Health Exchange breach that exposed about 56,000 people's Personally identifiable information and Root Cause of the breach, Western Digital Hackers Request Ransom Payment, 4 Infected version business Apps to be wary of & 1 Security Best Practice You should Know when writing codes. The *Cybersecurity News Review series(The Midweek Edition)-CNRs* is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations. Thank you for listening. Salahudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. New episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. LINKS: N.B This will be shared later today.
Apr 26, 202324:38
E03-Cyber SmartTalk with Michal_Cizek-GoodAccess; First VPN Providers and the Evolution of Remote Access

E03-Cyber SmartTalk with Michal_Cizek-GoodAccess; First VPN Providers and the Evolution of Remote Access

Welcome to the Cyber SmartTalk, a series brought to you by the host of GetCybersmart Security Cyber News Review.

In this episode, Michal Cizek the founder of 1st VPN providers Good Access discusses how security remote accesss helps small business profit in a hypercompetitive space and a variety of other issues such as;

  • The story of the first VPN providers in 2008.
  • The Evolution of Remote Access
  • The One mistake beginners should not make in their learning journey into cybersecurity.
  • Small and Medium-scale businesses reduce cyber risks without less stress and huge costs.
  • Use cases of Retail Vs Business VPN services.
  • Organizational Values' role in enhancing the company's security culture.
  • Culture-Driven Companies.
  • Zero-Trust and Network segmentation: How it really works.
  • The 2 non-technical secrets to protecting your kids from cybercriminals 

You can send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.

In addition, if you have an expert or colleague that you will like featured in this series, you can send an email with the subject "Persons Name-Podcast Guest Proposal"enclosed with information about the person's profile, links to their previous works or/and interviews, and possible questions or areas they wish to cover during the interview. We will be in touch afterward.   Thank you for listening.

Feb 28, 202351:09
NortonlifeLock Password Breach, Fortinet's VPN weaknesses exploited & Europol TakesDown Call Centers
Jan 18, 202315:38
Verizon & Health Systems in Data Breach,K-8 Student Learn Cybersecurity Via Games, PoS Malware.

Verizon & Health Systems in Data Breach,K-8 Student Learn Cybersecurity Via Games, PoS Malware.

Verizon & Health Systems in Data Breach, K-8 Students Learn Cybersecurity Via Games, PoS Malware. In this episode, Verizon Notified customers of Data Breach, As health systems' 3 Million patients' personally identifiable information exposed in data breach due to Meta Pixel. Customers' data stolen from a testing application server. Lastly, PoS Malware were used to steal data from more than 167,000 credit cards. The *Cybersecurity News Review series(The Midweek Edition)-CNRs* is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations. Thank you for listening. Salahudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. LINKS: 1. Verizon notifies prepaid customers their accounts were breached https://www.bleepingcomputer.com/news/security/verizon-notifies-prepaid-customers-their-accounts-were-breached/ 2. Two PoS Malware used to steal data from more than 167,000 credit cards https://securityaffairs.co/wordpress/137608/malware/pos-malware-stolen-card-data.html 3. Payment terminal malware steals $3.3m worth of credit card numbers – so far https://www.theregister.com/2022/10/24/pos_malware_campaign_steals_33m/. 4. K-8 students learn cybersecurity through Gamification https://www.securitymagazine.com/articles/98514-k-8-students-learn-cybersecurity-through-gamification
Oct 26, 202231:55
Excerpts-E02 - Cyber SmartTalk with Javvad Malik - The 1st Step To Protecting Our kids From Cyberbullying

Excerpts-E02 - Cyber SmartTalk with Javvad Malik - The 1st Step To Protecting Our kids From Cyberbullying

To fight cyberbullying, we need to establish a connection with our kids. We must earn their trust and confidence.
Oct 26, 202201:01
E02-Cyber SmartTalk with Javvad Malik-"Building A Strong Security Culture is a Marathon, Not a Sprint"

E02-Cyber SmartTalk with Javvad Malik-"Building A Strong Security Culture is a Marathon, Not a Sprint"



Welcome to the Cyber SmartTalk, a series brought to you by the host of GetCybersmart Security Cyber News Review. 


In this episode, Javvad Malik a seasoned cybersecurity professional with over 20 years of experience discusses how security helps a business thrive and a variety of other issues such as;

  • Breaking into the cybersecurity industry the right way
  • Why Jobs-related attacks always work.
  • The 1st Step to protecting children from cyberbullying and cyberfraud
  • What Makes an effective awareness Training 
  • Practical advice on building a strong security culture among employees
  • The one thing most security professionals overlook


You can send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. 


In addition, if you have an expert or colleague that you will like featured in this series, you can send an email with the subject "Persons Name-Podcast Guest Proposal"enclosed with information about the person's profile, links to their previous works or/and interviews, and possible questions or areas they wish to cover during the interview. We will be in touch afterward.


Thank you for listening. 



Oct 09, 202242:55
Excerpts-E02 - Cyber SmartTalk with Javvad Malik- The 1 reason Why Fake Job Related Attacks Works

Excerpts-E02 - Cyber SmartTalk with Javvad Malik- The 1 reason Why Fake Job Related Attacks Works

Gaining Trust is the bedrock of Social Engineering.
Oct 09, 202202:30
Cyber SmartTalk Series S01E01- "Why get Cybersmart"?

Cyber SmartTalk Series S01E01- "Why get Cybersmart"?

Welcome to the Cyber SmartTalk, a series brought to you by the host of GetCybersmart Security Cyber News review Podcasts and S01E01- Why get Cybersmart? A link to the text version of the title will be shared in Podcast notes shortly.
Aug 04, 202227:21
The Business of Trust: CafePress in data breach cover-up, Phony Instagram mails impact insurance firm and Ubisoft hit by "cyber security incident"

The Business of Trust: CafePress in data breach cover-up, Phony Instagram mails impact insurance firm and Ubisoft hit by "cyber security incident"

The Business of Trust: CafePress in data breach cover-up, Phony Instagram mails impact insurance firm and Ubisoft hit by "cyber security incident"

In today's special 50th episode - I discuss the business of trust and restoring consumers' confidence after a "cyber security incident". Also in this episode, FTC to fine CafePress for cover-up of a massive data breach and Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
This is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations.
Thank you for listening.

Salahudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to
getcybersmart@protonmail.com.

LINKS:
1. FTC to fine CafePress for cover-up of massive data breach
www.bleepingcomputer.com/news/security/ftc-to-fine-cafepress-for-cover-up-of-massive-data-breach/
2. Phony Instagram ‘Support Staff’ Emails Hit Insurance Company
threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/

3. Ubisoft Cyber Security Incident Update
news.ubisoft.com/en-gb/article/3tSsBh25mhHhlbGSy1xbRw/ubisoft-cyber-security-incident-update

On the Business of Trust
4. The Target breach of (2013), two years later
www.zdnet.com/article/the-target-breach-two-years-later/

5. Uber argument that data theft wouldn’t be a risk to users is a warning, says consumer group
www.itworldcanada.com/article/uber-argument-that-data-theft-wouldnt-be-a-risk-to-users-is-a-warning-says-consumer-group/402711
Mar 21, 202226:10
Managing Misinformation; Toyota, Axis communications and Aon deal with Cyberattacks

Managing Misinformation; Toyota, Axis communications and Aon deal with Cyberattacks

On today's theme  - I discuss the subject of misinformation. How do you manage misinformation from cyberspace, especially on social media? 

Toyota was forced to shut down production at 14 plants in Japan after a cyberattack on a third-party company. Insurance company Aon said a cyber incident impacted what it called “a limited number of systems.” And Video surveillance systems company Axis Communications said someone was able to use social engineering to get around MFA login protection and hack into the company.

This is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations.

Thank you for listening.

Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com

LINKS:

      About Managing Misinformation - 



Mar 06, 202219:44
Attackers up "phishing" game using Docusign to steal Microsoft Outlook Logins, Manufacturing ranked most targeted in 2021
Feb 27, 202215:25
Three-Fifth of Cyberattacks in 2021 were malware-free,FBI warns on increased BEC scams via virtual Meetings,CISA releases list...
Feb 20, 202218:03
Puma employee data breach in Kronos cyberattack and Marketing Firm leaves database open
Feb 13, 202210:02
Telco Fined €9M,Data Breach exposes PII of Airport Workers & Malicious 2FA app found on Google Play.
Feb 06, 202214:39
Credentials Phishing Campaign Targets Organizations, Microsoft Warns of Consent Phishing attack, Hacker Cracks Crypto Hardware Wallet

Credentials Phishing Campaign Targets Organizations, Microsoft Warns of Consent Phishing attack, Hacker Cracks Crypto Hardware Wallet

A review of selected cybersecurity news from cyberspace and the key takeaways that we can learn from them as individuals or organizations. Over 100 people were affected by a credential phishing campaign. Microsoft has issued a warning that Office 365 users are getting emails to trick them into granting permissions via an app(Upgrade) appearing to be from a verified publisher. And a  Hardware Hacker cracked a crypto wallet worth only $50k in 2018

Thank you for listening.


Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com  

LINKS 

  1.  Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA - https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/ 
  2.  Microsoft warns about this phishing attack that wants to read your emails - https://www.zdnet.com/article/microsoft-warns-about-this-phishing-attack-that-wants-to-read-your-emails/
  3.  Cracking a $2 Million Crypto Wallet - https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft?scrolla=5eb6d68b7fedc32c19ef33b4

 

Jan 30, 202213:24
Privacy Under Threat From German Police, 2FA Bypass and Quick Thinking Saves Hospital

Privacy Under Threat From German Police, 2FA Bypass and Quick Thinking Saves Hospital

A review of cybersecurity news from the cyberspace including Privacy under threat after misuse of Covid contact tracing App by German Police,Box 2FA bypass opens user accounts to attack, $34.6M withdrawn in crypto.com 2FA bypass & Quick Thinking saves Florida hospital from a ransomware attack. 

Thank you for listening. 

Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com 

LINKS: 

  1.  German police under fire for misuse of COVID contact tracing app https://amp.dw.com/en/german-police-under-fire-for-misuse-of-covid-contact-tracing-app/a-60393597 
  2. Box 2FA Bypass Opens User Accounts to Attack https://threatpost.com/box-2fa-bypass-accounts-attack/177760/
  3.  2FA Bypassed in $34.6M Crypto.com Heist: What We Can Learn https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/ 
  4. Crypto.com confirms 483 accounts hacked, $34 million withdrawn https://www.bleepingcomputer.com/news/security/cryptocom-confirms-483-accounts-hacked-34-million-withdrawn/
  5. 'Lock it down and piss people off': How quick thinking stopped a ransomware attack from crippling a Florida hospital  https://edition.cnn.com/2022/01/16/politics/florida-hospital-ransomware/index.html
Jan 23, 202219:51
Morgan Stanley agrees to $60M data breach settlement, FBI warns about Google Voice Authentication Scams
Jan 12, 202212:08
Swiss Text Messaging Firm's COO Departs...Facebook Takes Down Accounts belonging to 7 Cyber Mercenary Firms
Dec 20, 202111:04
Swiss Exec helped Governments track phones, Malicious Free Utility Notepad++ in the wild and Poor OAuth Implementation Leads to Redirection Attacks
Dec 12, 202112:29
"Zinc" group posed as Samsung Recruiters, DNA Testing Firm In Data Breach of 2M, IKEA employees under Phishing Email attacks
Dec 05, 202112:35
Heating systems(HVAC) Hacks, GoDaddy Data Breach Impacts 1M, Hikvision cameras Exposed to Remote Code Execution
Nov 28, 202110:51
The PerSwaysion phishing campaign, a new malware hitting e-commerce sites, & something new about ransomware gangs
Nov 21, 202110:12
BOTs used to scam 2FA codes, Tesla recalls almost 12k vehicles and phone scams, and Password Spraying Attacks on the rise
Nov 07, 202109:27
Deep6 AI in Medical Data breach, 70% of Sampled WiFi Networks Cracked & Outlook Web Access Phishing
Oct 30, 202111:25
Olympus has Fallen,Verizon Fake logo,Microsoft Digital Defence Report and Beware of free movie sites
Oct 14, 202110:38
Much Ado About Legacy Systems, Really? Dumpster Diving and EA; Makers of FIFA21 in 780GB Data Breach

Much Ado About Legacy Systems, Really? Dumpster Diving and EA; Makers of FIFA21 in 780GB Data Breach

In this episode, the task of protecting legacy systems by organizations are discussed. Dumpster diving is a popular term in cybersecurity today. Learning how to treat data differently is crucial, whether in transit, at rest or when data is considered obsolete. Also, how we treat trash can be the difference between being a victim of identity theft or blackmail and ensuring useful info from a "dumpster" is never used against us. And Electronic Arts were in a massive data breach that resulted in source code for FIFA 21 and the Frostbite engine stolen by Hackers.

Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com.


LINKS: 

1. Prevention Is the Only Cure: The Dangers of Legacy Systems https://beta.darkreading.com/vulnerabilities-threats/prevention-is-the-only-cure-the-dangers-of-legacy-systems

2. Hackers Steal Wealth of Data from Game Giant EA - The data includes source code for FIFA 21 and the Frostbite engine.
www.vice.com/amp/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code

3. Hackers steal source code and more from Electronic Arts in massive data breach - EA falls victim to hackers in new data breach
https://www.techspot.com/news/90020-hackers-steal-source-code-more-electronic-arts-massive.html

Jun 13, 202115:55
Start Good CyberHygiene Now!; Fix Your Passwords with a Single Tap, $40M Ransom Reportedly Paid, and More
May 23, 202113:01
Wi-Fi Warnings and Anti-Ransomware Day Advice
May 15, 202114:49
World Password Day, Malicious Office 365 Apps, and Fake Product Reviews
May 08, 202116:29
Ransomware Costs, the Risk With Old Version Softwares,New Updates and Gamers Beware of this Fake DirectX12 Download

Ransomware Costs, the Risk With Old Version Softwares,New Updates and Gamers Beware of this Fake DirectX12 Download

In this episode, the cost of ransomware has doubled over a year, the risk with using old version software(or end of life operating system like Windows 7). Update your Mac now. Also, beware of a fake Microsoft DirectX12 installer in the Wild. This malware is an information-stealing malware that attempts to harvest a victim's cookies, cryptocurrency wallets, passwords, and more in the background when installed.

Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.

LINKS


1. Ransomware: don’t expect a full recovery, however much you pay. https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/


2. Task Force Seeks to Disrupt Ransomware Payments

https://krebsonsecurity.com/2021/04/task-force-seeks-to-disrupt-ransomware-payments/


3. Kaspersky finds 22% of PC users still running end-of-life Windows 7 OS

https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-22-of-pc-users-still-running-end-of-life-windows-7-os#_ftn1


4. Update Your Mac Now: The ‘Worst Hack In Years’ Hits Apple Computers

https://www.forbes.com/sites/thomasbrewster/2021/04/26/update-your-mac-now-the-worst-hack-in-years-hits-apple-computers/?sh=3ee9cd855da0


5. NVIDIA Driver Downloads

https://www.nvidia.com/Download/index.aspx


6. Fake Microsoft DirectX 12 site pushes crypto-stealing malware

https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/

May 01, 202114:14
Misinformation or April Fool's Joke; Datascrap on Linkedln, Facebook & Clubhouse And Job Scams

Misinformation or April Fool's Joke; Datascrap on Linkedln, Facebook & Clubhouse And Job Scams

Over half a billion Facebook and Linkedin user profiles were recently leaked online or put up for sale by cybercriminals. Also, about 1.3M Clubhouse user profilers were posted on a hacker forum. This may have been due to data scraping, which is allowed by Clubhouse API or app and can be accessed by "anyone". 

April fool's joke by Deliveroo and Volkswagen backfires.  Shouldn't inaccurate or untrue information published as a joke by some companies be classified as misinformation rather than a prank? 


Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.


LINKS


1. The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/


2. The joke is on Volkswagen after April Fool’s name change debacle https://www.aljazeera.com/economy/2021/3/31/bb-thejokeis-on-volkswagen-after-april-fools-name-change-debacle


3. Deliveroo April Fool's joke backfires in France

https://www.bbc.co.uk/news/world-europe-56617049


4. Security News This Week: Oh Look, LinkedIn Also Had 500M Users' Data Scraped

https://www.wired.com/story/linkedin-data-scrape-phishing-zoom-security-news/


5. “Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data

https://cybernews.com/security/not-ideal-from-a-privacy-standpoint-clubhouse-api-lets-anyone-scrape-public-user-data/

Apr 17, 202119:34
The Trust Layer Conundrum; World Backup Day, LinkedIn to Rival Clubhouse App & Crypto Scam via Apple's App store

The Trust Layer Conundrum; World Backup Day, LinkedIn to Rival Clubhouse App & Crypto Scam via Apple's App store


An iPhone user lost 17.1 bitcoin worth $600,000 due to downloading a fake app on Apple's "trusted" app store.
Are technology giants really doing a lot more and not just the minimum to instil trust in the services they provide to us? I discuss the trust layer conundrum and Linkedin's plan to rival clubhouse soon.
31st March each year is #WorldBackupDay. This is a reminder to keep a backup of your most important files offsite(SSDs, Drive, USB... ) or via a reliable cloud service.

Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to
getcybersmart@protonmail.com

LINKS
1. World Backup Day Take action
As most of us have services we enjoy from Google, it is good advice to backup your data today.
You can go to this link below now. Follow the prompts and back up your data to a cloud service so that it’s in two separate locations.
takeout.google.com/?pli=1

2. LinkedIn confirms it’s working on a Clubhouse rival, too
techcrunch.com/2021/03/30/linkedin-confirms-its-working-on-a-clubhouse-rival-too/

3. He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin.
www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million/

4. Trezor for securing your Crypto savings
www.youtube.com/watch?v=wruL9LF8AUA
Apr 02, 202120:15
Tax & Refund Scams, $50m Ransom, Fake Clubhouse App To Avoid and The Power of Compliments & Empathy

Tax & Refund Scams, $50m Ransom, Fake Clubhouse App To Avoid and The Power of Compliments & Empathy

Have you ever got carried away by compliments to the extent that you may have shared very personal information or that of someone else that you never intended initially? Scammers are exploiting the power of empathy to gain the trust of their victims. In this episode, I talk about how we can better respond to a refund claim via calls, SMS or emails and spot the scammy ones. Also mentioned is a fake clubhouse app to avoid. 


Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.

LINKS

  • IRS Impersonation - https://abnormalsecurity.com/blog/irs-impersonation/


  • Fighting back against phone scammers with glitter bombs  -https://grahamcluley.com/fighting-back-against-phone-scammers-with-glitter-bombs/ 


  • Spotting scammy emails - https://www.consumer.ftc.gov/blog/2021/03/spotting-scammy-emails?utm_source=govdelivery


  • YouTube Link---Glitterbomb Trap Catches Phone Scammer (who gets arrested) - https://www.youtube.com/watch?v=VrKW58MS12g


  • Catching Money Mules ft. Mark Rober - https://www.youtube.com/watch?v=Xvjjpzyiig4&t=0s


  • Scammer Payback - https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw


  • Computer giant Acer hit by $50 million ransomware attack - https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/
  • Beware Android trojan posing as Clubhouse app - https://blog.eset.ie/2021/03/19/beware-android-trojan-posing-as-clubhouse-app/
Mar 27, 202118:13
FBI Warns About TrickBot in Emails, Costly Error As Books Worth Up To $3.4m Given For Free

FBI Warns About TrickBot in Emails, Costly Error As Books Worth Up To $3.4m Given For Free

FBI Warns About TrickBot in Emails, Costly Error As Books Worth Up To $3.4m Given For Free

Earlier this week, the Federal Bureau of Investigations(FBI) mentioned in an alert that cybercrime actors are tricking victims via a traffic infringement phishing scheme. The TrickBot malware spread primarily by spearphishing campaigns using tailored emails that contain malicious attachments. In this episode, this malware's capabilities and how to stay a step ahead of it are discussed. 

Also, an academic book publisher-Springer Nature had a misconfiguration that allowed anyone to download their books for free, and lastly, a costly mistake by an employee in the Health Dept of a county in New York State is briefly dissected in the episode.


Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com.


LINKS:


  1. TrickBot Malware Alert https://us-cert.cisa.gov/ncas/alerts/aa21-076a
  2. Trickbot is the most prolific malware operation using COVID-19 themed lures https://securityaffairs.co/wordpress/101824/cyber-crime/trickbot-covid-19-themed-lures.html
  3.  Error caused the world’s largest academic book publisher to give books away free -https://cybernews.com/security/error-caused-worlds-largest-academic-book-publisher-to-give-books-away-free/
  4. WI: 900 emails of COVID vaccination registrants accidentally shared in Walworth County -https://www.databreaches.net/wi-900-emails-of-covid-vaccination-registrants-accidentally-shared-in-walworth-county/ 
Mar 20, 202113:25
Solarwinds Hack Isn't Intern's Fault, New Covid-19 Phishing Scams And Identifying Social Media Scams

Solarwinds Hack Isn't Intern's Fault, New Covid-19 Phishing Scams And Identifying Social Media Scams

Solarwinds Hack Isn't Intern's Fault, New Covid-19 Phishing Scams And Identifying Social Media Scams.

Cybercriminals are once again using the Covid-19 pandemic as a smokescreen for their phishing scams. These scammers rely on the naivety of victims to gain maximum damage. According to people’s reports to the FTC and a new Data Spotlight, about $117m was lost by consumers to scams starting from social media scams in the first 6 months of 2020. Thus it is more pertinent to know ways to identify scams beginning from the social media platforms. I discuss this and more in today's episode. 

I also address where the fault really lies about the SolarWinds hack. It is more an organizational issue than an individual one. Responsibility and accountability should always come from the top before it trickles down to the bottom. 

Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com


LINKS:

  1. Scams will follow new COVID-19 rescue plan  - https://www.consumer.ftc.gov/blog/2021/03/scams-will-follow-new-covid-19-rescue-plan
  2. Scams Starting on Social Media and Targeting Your Business - https://www.tripwire.com/state-of-security/security-data-protection/scams-social-media-targeting-business
  3. Scams that start on social media - https://www.consumer.ftc.gov/blog/2020/10/scams-start-social-media 
  4. Threat Actors Target Victims by Promising COVID-19 Relief, Vaccines, and Variant News - https://www.proofpoint.com/us/blog/security-briefs/threat-actors-target-victims-promising-covid-19-relief-vaccines-and-variant
  5. SolarWinds blaming intern for leaked password is symptom of ‘security failures’ - https://www.scmagazine.com/access-control/solarwinds-blaming-intern-for-leaked-password-is-symptom-of-security-failures/
Mar 13, 202117:16
Facebook in $650M Privacy Lawsuit Settlement, 400 T-Mobile Users Affected By SIM Swap Fraud & How To Prevent A SIM Swap Attack

Facebook in $650M Privacy Lawsuit Settlement, 400 T-Mobile Users Affected By SIM Swap Fraud & How To Prevent A SIM Swap Attack

T-Mobile is in the news again for the fifth time in four years for a data breach; this time, 400 users were victims of a SIM Swap Fraud.  The recent attacks via SIM swap fraud have brought Wireless carriers under the spotlight.

In 2021, more companies are embracing cryptocurrencies investments. Online users are buying company shares via mobile applications; it is thus crucial to ensure that accounts are kept safe from identity theft and other types of attacks. 

In episode 23, I talk about protecting yourself from SIM swap attacks and keeping your crypto safe. I also comment on the verdict by a US District Judge to order Facebook to pay $650M in settlement for a privacy violation. Besides, this episode notes includes a research paper regarding vulnerable authentication challenges published in January 2020. 

Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral.

LINKS:

  • 1. Judge Approves $650M Facebook Privacy Lawsuit Settlement

    https://www.securityweek.com/judge-approves-650m-facebook-privacy-lawsuit-settlement

  • 2. T-Mobile Discloses Data Breach After SIM Swapping Attacks

    https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/

  • T-Mobile Notice To Customers Affected By Data Breach

     https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach


  • 3. All about SIM Hijacking and Research Done Using 5 Popular Telecom Carriers 

     https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html

  • An Empirical Study of Wireless Carrier Authentication for SIM Swaps

     https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf

  • Study Shows The Internet Is Hugely Vulnerable To SIM Hijacking Attacks

     https://www.techdirt.com/articles/20200114/06480143727/study-shows-internet-is-hugely-vulnerable-to-sim-hijacking-attacks.shtml


  • 4. Stories And A Video-‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories

     https://www.vice.com/en/article/j5bpg7/sim-hijacking-t-mobile-stories

  • 5. Keeping Your Crypto Safe Offline - What Happens When Hackers Steal Your SIM You Learn To Keep Your Crypto Offline

     https://techcrunch.com/2018/08/20/what-happens-when-hackers-steal-your-sim-you-learn-to-keep-your-crypto-offline/amp/

Mar 06, 202117:15
Fake Cryptocurrency Trading Platforms,Sim-Swapping,Novel Phishing Tactic Via Malformed URLs and 5 Ways To Begin Fullproof Privacy Protection

Fake Cryptocurrency Trading Platforms,Sim-Swapping,Novel Phishing Tactic Via Malformed URLs and 5 Ways To Begin Fullproof Privacy Protection

If you know why you should take privacy protection seriously, then taking proactive actions towards achieving foolproof security against the bad guys is the next step.  In this episode, I discussed 5 ways you can start to have a sense of control over everything that connects to you.  Before that, I delved into the recent charges brought against 3 North Koreans arrested for globally related cyberattacks that include fake Cryptocurrency Trading Platforms used to fool unsuspecting users to download malicious applications. How to ensure your mobile number is not ported to another sim by impersonators is also addressed. 

Salaudeen Amao gives a breakdown of recent news on cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral

LINKS:  US charges North Koreans in relation to global cyber attacks https://www.tripwire.com/state-of-security/featured/us-charges-north-korean-hackers-wannacry-sony-pictures-attack/ New Phishing Attack Identified: Malformed URL Prefixes https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/ Ten Hackers Arrested For String of Sim-swapping Attacks Against Celebrities https://www.europol.europa.eu/newsroom/news/ten-hackers-arrested-for-string-of-sim-swapping-attacks-against-celebrities

Feb 26, 202121:17
Why Are Security Firms Vulnerable Too And 5 Reasons To Take Privacy Protection Seriously

Why Are Security Firms Vulnerable Too And 5 Reasons To Take Privacy Protection Seriously

"I have nothing to hide." A common phrase I read on the internet or hear in conversations at the moment. Are you kidding me? That is far from the truth. In fact, you have more to lose. The issues regarding data breaches, information security, privacy intrusions by cybercriminals or unethical hackers, surveillance by governments and more won't go away anytime soon. This is quite crucial in 2021 as attackers are finding crafty methods to get your data.
.
In this episode, you will learn the 5 reasons why you should take privacy protection seriously. Before that, I talk about the SolarWinds hack and why security firms are only as strong as the weakest vendor on their books.
Salaudeen Amao gives a breakdown of recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral. LINKS.
A Second SolarWinds Hack Deepens Third-Party Software Fears

www.wired.com/story/solarwinds-hack-china-usda/

SonicWall says it was hacked using zero-days in its own products

www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/

New phishing attack uses Morse code to hide malicious URLs

www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/

Bluetooth Overlay Skimmer That Blocks Chip

krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/

SonicWall Is Latest Security Vendor to Disclose Cyberattack
The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products.

www.darkreading.com/endpoint/sonicwall-is-latest-security-vendor-to-disclose-cyberattack/d/d-id/1339972
Feb 18, 202116:29
Remote Attacks;Beware of Fake Office 365 updates, Vishing Campaigns And The Rise In SMS-based Phishing Services

Remote Attacks;Beware of Fake Office 365 updates, Vishing Campaigns And The Rise In SMS-based Phishing Services

Being Cyber aware is more important now than ever before as phishing related attacks are up by over 300%. Hackers are creating phishing toolkits to harvest login credentials to gain remote access to corporate networks. The FBI has warned businesses of increased phishing voice call otherwise known as vishing.  Also, security authorities in the UK and Ukraine have arrested creators of phishing toolkits called SMS bandit and U-Admin. these toolkits have features that can intercept OTP and multifactor authentication codes.

Salaudeen Amao gives a breakdown of recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app.

Links quoted in this episode 

https://www.proofpoint.com/us/blog/threat-protection/mobile-phishing-increases-more-300-2020-chaos-continues

https://www.databreachtoday.asia/phishing-campaign-features-fake-office-365-update-a-15869

https://krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/

https://krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/

https://www.bleepingcomputer.com/news/security/beware-of-this-active-uk-nhs-covid-19-vaccination-phishing-attack/

https://www.govinfosecurity.com/fbi-warns-increase-in-vishing-attacks-a-15795

Feb 13, 202114:19
Data-sharing Policies-WhatsApp,Telegram&Signal&The 1 Reason You Are Prone To Threats&Attacks in 2021

Data-sharing Policies-WhatsApp,Telegram&Signal&The 1 Reason You Are Prone To Threats&Attacks in 2021

Data-sharing Policies-WhatsApp,Telegram&Signal&The 1 Reason You Are Prone To Threats&Attacks even in 2021. Should you really leave WhatsApp for an alternative like Signal and Telegram due to Facebook's data sharing policy plans? In this episode, I talk about how you can strengthen the protection of your WhatsApp account and the difference or similarities amongst the 3 messaging platform. How best to weigh the reasons to use a messaging app? Also there is a brief explanation on the One major reason we are prone to attacks regardless of our personality, reputation or the defences we put in place to protect ourselves, and businesses. LINKS: 1. Yes, You Can Still Use WhatsApp—But Change These 3 Critical Settings First—https://www.forbes.com/sites/zakdoffman/2021/01/12/you-can-use-whatsapp-after-facebook-apple-imessage-and-signal-backlash-but-change-this/?sh=2b6f6eed798f 2. WhatsApp data-sharing policy change: here’s what it means—https://www.stationx.net/whatsapp-data-sharing-policy-change-heres-what-it-means/ 3. Answering your questions about WhatsApp’s Privacy Policy—https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy/?lang=fb
Feb 01, 202117:45
Doing Things Right;FTC on Zoom's Unfair Practices,Muslim Pro,Salaat First&The Location Data Question

Doing Things Right;FTC on Zoom's Unfair Practices,Muslim Pro,Salaat First&The Location Data Question

Federal Trade Commission-FTC settlement with Zoom requires Zoom to ensure they keep the personal information of users secured and privacy protected. Also 2 Muslim Prayer apps have shared data with partners who in turn sold this location data to U.S Military. In this episode; How should companies behave in adhering to terms & offering service as advertised such that they will protect their consumers' interests and at the same time, keep their reputation intact. And the implication of doing otherwise. Hence the need to do the right things by their consumers and the regulatory authorities.  LINKS: 1. Zooming in on Zoom’s unfair and deceptive security practices: More about the FTC settlement- https://www.ftc.gov/news-events/blogs/business-blog/2020/11/zooming-zooms-unfair-deceptive-security-practices-more-about?utm_source=govdelivery   2. How the U.S. Military Buys Location Data from Ordinary Apps. - https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x   3. Muslim Pro Stops Sharing Location Data After Motherboard Investigation - https://www.vice.com/en/article/g5bq89/muslim-pro-location-data-military-xmode   4. Leaked Location Data Shows Another Muslim Prayer App Tracking Users. - https://www.vice.com/en/article/xgz4n3/muslim-app-location-data-salaat-first   5. ACLU files request over data US collected via Muslim app used by millions-- https://www.theguardian.com/us-news/2020/dec/03/aclu-seeks-release-records-data-us-collected-via-muslim-app-used-millions   6. US military buys location data of popular Muslim apps: Report. - - www.aljazeera.com/amp/news/2020/11/17/report-us-military-buying-location-data-on-popular-muslim-apps
Jan 15, 202119:16
Privacy, Data Protection: Why DP Regulators are Vital Now & Ways To Stay A Smart Holiday Shopper

Privacy, Data Protection: Why DP Regulators are Vital Now & Ways To Stay A Smart Holiday Shopper

From British Airways & Marriott International in the UK to a Supermarket Co-op in the US Fined with HIPAA Settlement for violations of privacy and security rules, the rate of violations and data breaches is on the rise. Are these fines & the roles played by regulators serving as a wake up call businesses to treat data security as a priority? Also, learn ways to outsmart scammers as you shop for gift for friends, family, acquaintances and colleagues during the holiday period.   State Slaps Supermarket Co-Op with HIPAA Settlement https://www.databreachtoday.com/state-slaps-supermarket-co-op-hipaa-settlement-a-15307   Marriott data breach fine slashed to £18.4 million by UK regulator – HOTforSecurity - https://hotforsecurity.bitdefender.com/blog/marriott-data-breach-fine-slashed-to-18-4-million-by-uk-regulator-24457.html   Helpful websites to check a URL or link (I.) https://www.islegitsite.com (ii) https://www.urlvoid.com
Nov 17, 202022:60
Due Diligence, Are SMS Security Codes For 2FA Still Reliable? British Airways Fined €20M
Oct 30, 202027:37
If In Doubt,Don't Give It Out:Former Cisco Employee Pleads Guilty&Hackers Pose As Journalist-Part 2
Sep 11, 202016:52
If In Doubt, Don't Give It Out:Tesla Saved From Ransom Attempt By Russian Hacker-Part 1
Sep 11, 202018:07
Privacy: College Tracks Students via Corona App & Ex-Uber Chief In Data Breach Cover-Up—Part 2
Aug 26, 202017:40
Security: Agencies(FBI & CISA) Warn About "Vishing" & Why You Should Plant Your Flag —Part 1

Security: Agencies(FBI & CISA) Warn About "Vishing" & Why You Should Plant Your Flag —Part 1

Security Agencies have issued a joint alert and advisory to businesses and users regarding voice phishing attacks. Cybercriminals are taking advantage of the impact of COVID-19 on those Working remotely. Corporate VPNs are at risk especially in the event that in person authentication is not required due to current unusual times. Why you have to get an online presence to safeguard your offline lives. Remember to take the pain to activate all security settings provided by your financial, identity and telecommunications services, 2FA, MFA, one-Passwords and physical security keys. Google disclosed in July 2018 that they have been using security keys for employees since 2017. No intrusion recorded since that move in 2017. LINKS :...... Why & Where You Should Plant Your Flag https://krebsonsecurity.com/2020/08/why-where-you-should-you-plant-your-flag/ FBI, CISA Echo Warnings on ‘Vishing’ Threat https://krebsonsecurity.com/2020/08/fbi-cisa-echo-warnings-on-vishing-threat/#more-52783 A recent example of a successful Phishing attack - Blox Tales #12: Verizon Credential Phishing https://www.armorblox.com/blog/blox-tales-verizon-credential-phishing/..... 4. The joint FBI/CISA alert (PDF)-https://krebsonsecurity.com/wp-content/uploads/2020/08/fbi-cisa-vishing.pdf
Aug 26, 202020:19
The Human Factor: Garmin Pays Ransom, Twitter Hack And "Phone-Spear-Phishing"
Aug 10, 202016:24
Only the Paranoid Survive,Are you?;Child Predator"Extortionists"Cyber Spies, 2 Diff. Corona App&More

Only the Paranoid Survive,Are you?;Child Predator"Extortionists"Cyber Spies, 2 Diff. Corona App&More

In this episode: How Paranoid are you about your security? Are you communicating with your wards or kids and providing them the right education on how to use social media on the Internet? Cyber Spies used LinkedIn platform to hack into 2 European defence firms and more are discussed in this episode. 

Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. . . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app.

LINKS

  • Facebook Helped the FBI Hack a Child Predator https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez 
  • You’ve heard of sextortion – now there’s “breachstortion”, tool https://nakedsecurity.sophos.com/2020/06/15/youve-heard-of-sextortion-now-theres-breachstortion-too/
  • Extortionists threaten to destroy sites in fake ransom attacks-https://www.bleepingcomputer.com/news/security/extortionists-threaten-to-destroy-sites-in-fake-ransom-attacks/ 
  • Cyber spies use LinkedIn to hack European defence firms https://in.reuters.com/article/cyber-linkedin-hacks/cyber-spies-use-linkedin-to-hack-european-defence-firms-idINKBN23O2S4
  • Germany appeals to nation to download coronavirus app https://www.theguardian.com/world/2020/jun/16/germany-appeals-to-nation-to-download-coronavirus-app 
  • Coronavirus: Alarm over 'invasive' Kuwait and Bahrain contact-tracing apps https://www.bbc.com/news/world-middle-east-53052395 
  • Google will default to phone notifications for two-factor sign-ins https://www.engadget.com/google-defaults-to-phone-verification-prompts-012756172.html?guccounter=1
Jun 21, 202038:09