Skip to main content
Cybersmart Security

Cybersmart Security

By Salaudeen Amao
Listen to a helpful take on recent news in cyberspace. In layman terms, Salaudeen Amao gives a breakdown of the ups and downs as it concerns tech, hacking, information security and cybercrime.
The podcast is published every Sunday by midnight and designed to educate you on how to become cybersmart with a 15 minutes long, summary of recent tech related news and cyber events.

Subscribe to Cybersmart security on Apple Podcasts, Google Podcasts or Spotify
Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com
Where to listen
Google Podcasts Logo

Google Podcasts

Overcast Logo

Overcast

Pocket Casts Logo

Pocket Casts

RadioPublic Logo

RadioPublic

Spotify Logo

Spotify

Currently playing episode

Privacy, Data Protection: Why DP Regulators are Vital Now & Ways To Stay A Smart Holiday Shopper

Cybersmart Security

1x
Cyber SmartTalk Series S01E01- "Why get Cybersmart"?
Welcome to the Cyber SmartTalk, a series brought to you by the host of GetCybersmart Security Cyber News review Podcasts and S01E01- Why get Cybersmart? A link to the text version of the title will be shared in Podcast notes shortly.
27:21
August 04, 2022
The Business of Trust: CafePress in data breach cover-up, Phony Instagram mails impact insurance firm and Ubisoft hit by "cyber security incident"
The Business of Trust: CafePress in data breach cover-up, Phony Instagram mails impact insurance firm and Ubisoft hit by "cyber security incident" In today's special 50th episode - I discuss the business of trust and restoring consumers' confidence after a "cyber security incident". Also in this episode, FTC to fine CafePress for cover-up of a massive data breach and Phony Instagram ‘Support Staff’ Emails Hit Insurance Company This is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. LINKS: 1. FTC to fine CafePress for cover-up of massive data breach https://www.bleepingcomputer.com/news/security/ftc-to-fine-cafepress-for-cover-up-of-massive-data-breach/ 2. Phony Instagram ‘Support Staff’ Emails Hit Insurance Company https://threatpost.com/phony-instagram-support-staff-emails-hit-insurance-company/178929/ 3. Ubisoft Cyber Security Incident Update https://news.ubisoft.com/en-gb/article/3tSsBh25mhHhlbGSy1xbRw/ubisoft-cyber-security-incident-update On the Business of Trust 4. The Target breach of (2013), two years later https://www.zdnet.com/article/the-target-breach-two-years-later/ 5. Uber argument that data theft wouldn’t be a risk to users is a warning, says consumer group https://www.itworldcanada.com/article/uber-argument-that-data-theft-wouldnt-be-a-risk-to-users-is-a-warning-says-consumer-group/402711
26:10
March 21, 2022
Managing Misinformation; Toyota, Axis communications and Aon deal with Cyberattacks
On today's theme  - I discuss the subject of misinformation. How do you manage misinformation from cyberspace, especially on social media?  Toyota was forced to shut down production at 14 plants in Japan after a cyberattack on a third-party company. Insurance company Aon said a cyber incident impacted what it called “a limited number of systems.” And Video surveillance systems company Axis Communications said someone was able to use social engineering to get around MFA login protection and hack into the company. This is a review of selected cybersecurity news from cyberspace and key takeaways or lessons that we can learn from them as individuals or organizations. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com LINKS: Toyota suspends domestic factory operations after suspected cyber attack                                                                                                                                              Aon filing with the U.S. Securities and Exchange Commission       About Managing Misinformation -   The More Often Something is Repeated, the More True It Becomes: Dealing with Social Media   Episode 28 of Cybersmart Security podcast - Misinformation or April Fool's Joke
19:44
March 06, 2022
Attackers up "phishing" game using Docusign to steal Microsoft Outlook Logins, Manufacturing ranked most targeted in 2021
A phishing campaign directed at a major US payment company used DocuSign and a compromised third-party's email domain to scale past email security measures. Also IBM Threat report stated that 1 in 3 cyber-attacks were against the manufacturing sector in 2021. A review of cybersecurity news from cyberspace and the key takeaways that we can learn from them as individuals or organizations. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com LINKS: 1. Cyberattackers leverage DocuSign to steal Microsoft Outlook logins  2. Manufacturing was the top industry targeted by ransomware last year  3. IBM Security Threat Intelligence Index 2022  
15:25
February 27, 2022
Three-Fifth of Cyberattacks in 2021 were malware-free,FBI warns on increased BEC scams via virtual Meetings,CISA releases list...
This is a review of recent news from cyberspace and the takeaway and lessons we can learn as individuals or as an organization.    Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com   LINKS: Three-Fifths of Cyber-Attacks in 2021 Were Malware-Free  CISA releases list...CISA Launches New Catalog of Free Public and Private sector cybersecurity services  FBI sees increase in use of virtual meeting platforms for BEC scams 
18:03
February 20, 2022
Puma employee data breach in Kronos cyberattack and Marketing Firm leaves database open
Puma employee data breach in Kronos cyberattack and Marketing Firm leave database open A cyberattack in form of a ransomware attack against Kronos workforce management system last December has affected Puma through a data breach. Also, a marketing firm left a vast database held in an Amazon S3 bucket unsecured and open. This is a review of recent news in cyberspace and the takeaway and lessons we can learn as individuals or as an organization.     Thank you for listening.  Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com    LINKS:  Puma Data Breach: Sensitive Data of Employees Stolen  Report: US Marketing Platform Exposed Millions of Leads’ Data   How to secure data on Amazon S3.
10:02
February 13, 2022
Telco Fined €9M,Data Breach exposes PII of Airport Workers & Malicious 2FA app found on Google Play.
A Telco firm based in Greece has been fined €9M for leaking sensitive customer data back in a 2020 cyberattack, Data Breach exposes the personally identifiable information of airport security workers & malicious 2FA app titled "2FA Authenticator" found on Google Play after it was downloaded 10, 000 times. This is a review of recent news in cyberspace and the takeaway and lessons we can learn as individuals or as an organisation. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com LINKS: Data Leak Exposes IDs of Airport Security Workers  Telco fined €9 million for hiding cyberattack impact from customers  Malicious app on Google Play drops banking malware on users’ devices
14:39
February 06, 2022
Credentials Phishing Campaign Targets Organizations, Microsoft Warns of Consent Phishing attack, Hacker Cracks Crypto Hardware Wallet
A review of selected cybersecurity news from cyberspace and the key takeaways that we can learn from them as individuals or organizations. Over 100 people were affected by a credential phishing campaign. Microsoft has issued a warning that Office 365 users are getting emails to trick them into granting permissions via an app(Upgrade) appearing to be from a verified publisher. And a  Hardware Hacker cracked a crypto wallet worth only $50k in 2018 Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com   LINKS   Evolved phishing: Device registration trick adds to phishers’ toolbox for victims without MFA - https://www.microsoft.com/security/blog/2022/01/26/evolved-phishing-device-registration-trick-adds-to-phishers-toolbox-for-victims-without-mfa/   Microsoft warns about this phishing attack that wants to read your emails - https://www.zdnet.com/article/microsoft-warns-about-this-phishing-attack-that-wants-to-read-your-emails/  Cracking a $2 Million Crypto Wallet - https://www.theverge.com/2022/1/24/22898712/crypto-hardware-wallet-hacking-lost-bitcoin-ethereum-nft?scrolla=5eb6d68b7fedc32c19ef33b4  
13:24
January 30, 2022
Privacy Under Threat From German Police, 2FA Bypass and Quick Thinking Saves Hospital
A review of cybersecurity news from the cyberspace including Privacy under threat after misuse of Covid contact tracing App by German Police,Box 2FA bypass opens user accounts to attack, $34.6M withdrawn in crypto.com 2FA bypass & Quick Thinking saves Florida hospital from a ransomware attack.  Thank you for listening.  Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com  LINKS:   German police under fire for misuse of COVID contact tracing app https://amp.dw.com/en/german-police-under-fire-for-misuse-of-covid-contact-tracing-app/a-60393597  Box 2FA Bypass Opens User Accounts to Attack https://threatpost.com/box-2fa-bypass-accounts-attack/177760/  2FA Bypassed in $34.6M Crypto.com Heist: What We Can Learn https://threatpost.com/2fa-bypassed-crypto-com-heist/177846/  Crypto.com confirms 483 accounts hacked, $34 million withdrawn https://www.bleepingcomputer.com/news/security/cryptocom-confirms-483-accounts-hacked-34-million-withdrawn/ 'Lock it down and piss people off': How quick thinking stopped a ransomware attack from crippling a Florida hospital  https://edition.cnn.com/2022/01/16/politics/florida-hospital-ransomware/index.html
19:51
January 23, 2022
Morgan Stanley agrees to $60M data breach settlement, FBI warns about Google Voice Authentication Scams
The US bank and financial services giant has agreed to $60M settelement to resolve a lawsuit following two data exposure incidents involving approximately 15 million current and former clients. Also, The FBI has been getting reports of people getting targeted in different locations as it surrounds malicious Google Voice activity, where victims are associated with fraudulent virtual phone numbers. Do not share Google verification code with others. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com LINKS: Morgan Stanley agrees to $60 million settlement in data breach lawsuit FBI issues warning about Google voice authentication service scamming users
12:08
January 12, 2022
Swiss Text Messaging Firm's COO Departs...Facebook Takes Down Accounts belonging to 7 Cyber Mercenary Firms
Swiss Text Messaging Firm's COO Departs amidst Surveillance Allegation, Facebook Takes Down Accounts belonging to 7 "Cyber-Mercenary" Firms Facebook and Social Media Users are strongly advised to take a privacy checkup, be cautious when accepting or interacting with unknown people, and review their privacy settings on their accounts. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com LINKS:          Mitto COO departs after surveillance allegations  Facebook takes down accounts for seven “cyber-mercenary” firms
11:04
December 20, 2021
Swiss Exec helped Governments track phones, Malicious Free Utility Notepad++ in the wild and Poor OAuth Implementation Leads to Redirection Attacks
Swiss Company, Mitto AG is said to have operated a service that ultimately helped governments secretly surveil and track mobile phones. A hacking group known as Strongpity has made an infected version of the Notepad++ text editor app that installs malware on a victim's computer. Poor implementation of popular OAuth2.0 leads to redirection attacks that bypass most phishing detection solutions and email security solutions. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com LINKS: - Swiss Firm Executive Operates Secret Surveillance Operation, Sources Say  - A new StrongPity variant hides behind Notepad++ installation  - Malicious Notepad++ installers push StrongPity malware -  Microsoft and GitHub OAuth Implementation Vulnerabilities Lead to Redirection Attacks 
12:29
December 12, 2021
"Zinc" group posed as Samsung Recruiters, DNA Testing Firm In Data Breach of 2M, IKEA employees under Phishing Email attacks
North Korean linked Zinc hacker group sent fake job offers to employees at South Korean security companies that sell anti-malware solutions and more. A  DNA testing Firm in Ohio has disclosed a data breach where Hackers have had access to 2.1M people's CVV code, account passwords. IKEA is fighting a phishing email system attack where threat actors are targeting employees in internal phishing attacks using stolen reply-chain emails. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com LINKS: North Korea-linked Zinc group posed as Samsung recruiters to target security firms DNA testing firm discloses data breach affecting 2.1 million people IKEA dealing with an ongoing attack
12:35
December 05, 2021
Heating systems(HVAC) Hacks, GoDaddy Data Breach Impacts 1M, Hikvision cameras Exposed to Remote Code Execution
Heating systems(HVAC) Hacks, GoDaddy Data Breach Impacts 1M, Hikvision cameras Exposed to Remote Code Execution Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com  UK Ministry of Justice secures HVAC systems 'protected' by passwordless Wi-Fi after Register tipoff Hikvision Security Cameras Potentially Exposed to Remote Code Execution GoDaddy says data breach exposed over a million user accounts
10:51
November 28, 2021
The PerSwaysion phishing campaign, a new malware hitting e-commerce sites, & something new about ransomware gangs
The PerSwaysion phishing campaign, a new malware hitting e-commerce sites, & something new about ransomware gangs A kit, named PerSwaysion, can give cybercriminals a way to launch a phishing campaign relatively easily and with little up-front effort. A new malware is hitting e-commerce sites. Security researchers found attackers found a vulnerability in a website plug-in and used that to upload a backdoor. This allows sites' code alteration in order to allow interception of payment card data for purchases. Ransomware gangs compete in auction sessions on cybercriminal forums for zero-day vulnerabilities in software applications.  Thank you for listening.   Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com LINKS: 1.'PerSwaysion' Phishing Campaign Still Ongoing, and Pervasive 2. Linux malware agent hits eCommerce sites 3. Vulnerability Intelligence: What’s The Word In Dark Web Forums?
10:12
November 21, 2021
BOTs used to scam 2FA codes, Tesla recalls almost 12k vehicles and phone scams, and Password Spraying Attacks on the rise
Scammers are exploiting automated bots to steal Multi-factor authentication codes or one-time passwords(OTP) to allow cash transfers. Tesla recalls almost 12k vehicles due to software errors in its beta version that can cause activation of emergency brakes. Also, phone scams and password Spraying attacks are on the rise. Thank you for listening.  Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. LINKS: The Booming Underground Market for Bots That Steal Your 2FA Codes    Tesla recalls nearly 12,000 U.S. vehicles over software communication error Phone scams: Caught Beneath the Landline: A 411 on Telephone Oriented Attack Delivery Protect your business from password sprays with Microsoft DART recommendations
09:27
November 07, 2021
Deep6 AI in Medical Data breach, 70% of Sampled WiFi Networks Cracked & Outlook Web Access Phishing
Another Medical Data Processing Firm involved data Breach. A Security researcher cracked 70% of sampled WiFi networks goes on to explain why phone numbers are bad WiFi passwords and Beware of phishing sites disguising as outlook Web access to get stolen credentials. Thank you for listening.  Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. LINKS:  Researcher cracked 70% of WiFi networks sampled in Tel Aviv In-depth Report: Cracking WiFi at Scale with One Simple Trick  Medical AI Company Exposed Millions of Records Online Outlook Web Access Phishing
11:25
October 30, 2021
Olympus has Fallen,Verizon Fake logo,Microsoft Digital Defence Report and Beware of free movie sites
Olympus, medical imaging firm suspends data systems in the US Canada and Latin America due to cyber attacks. In Microsoft's second annual digital defense report, the company provides insight into the changing cyber-crime landscape. Ranging from phishing to ransomware as a service. Also, beware of so-called free sites offering free downloads of recent blockbuster movies. Listen till the end for an announcement. Thank you for listening. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments, and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. LINKS: 1. Olympus US systems hit by cyberattack over the weekend 2. How cyberattacks are changing according to new Microsoft Digital Defense Report 3. Olympus suffers second cyberattack in 2021 4. Phishers Get Clever, Use Math Symbols for Verizon Logo
10:38
October 14, 2021
Much Ado About Legacy Systems, Really? Dumpster Diving and EA; Makers of FIFA21 in 780GB Data Breach
In this episode, the task of protecting legacy systems by organizations are discussed. Dumpster diving is a popular term in cybersecurity today. Learning how to treat data differently is crucial, whether in transit, at rest or when data is considered obsolete. Also, how we treat trash can be the difference between being a victim of identity theft or blackmail and ensuring useful info from a "dumpster" is never used against us. And Electronic Arts were in a massive data breach that resulted in source code for FIFA 21 and the Frostbite engine stolen by Hackers. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. LINKS:  1. Prevention Is the Only Cure: The Dangers of Legacy Systems https://beta.darkreading.com/vulnerabilities-threats/prevention-is-the-only-cure-the-dangers-of-legacy-systems 2. Hackers Steal Wealth of Data from Game Giant EA - The data includes source code for FIFA 21 and the Frostbite engine. www.vice.com/amp/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code 3. Hackers steal source code and more from Electronic Arts in massive data breach - EA falls victim to hackers in new data breach https://www.techspot.com/news/90020-hackers-steal-source-code-more-electronic-arts-massive.html
15:55
June 13, 2021
Start Good CyberHygiene Now!; Fix Your Passwords with a Single Tap, $40M Ransom Reportedly Paid, and More
In this episode, Start good cyber-hygiene now; the need to fix bad passwords with a password manager such as Chrome's built-in manager.  The average cost of ransomware has increased, and beware of fake browser extensions. Good cyber hygiene includes user practices such as inspecting file extensions, routine checks, self-auditing and being cautious. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or email to getcybersmart@protonmail.com. LINKS:  1. Fix your passwords in Chrome with a single tap  2. Manage passwords Now  3. FBI's IC3 Logs 6 Million Complaints  4. One of the US's largest insurance companies reportedly paid $40 million to ransomware hackers 5. Fake Microsoft Authenticator extension discovered in Chrome Store 
13:01
May 23, 2021
Wi-Fi Warnings and Anti-Ransomware Day Advice
In this episode, the recent flaws discovered in WiFi devices and products and the basic hygiene to observe for WiFi connections. Anti-Ransomware Day and why it is important to understand how ransomware works to keep our data and business safe from disruption and not fall for malicious cybercriminals. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com LINKS: 1. FragAttack https://www.fragattacks.com/ 2. Anti-Ransomware Day, fuel pipelines and water utilities https://www.cybersecasia.net/newsletter/anti-ransomware-day-fuel-pipelines-and-water-utilities 3. Kaspersky Report - Ransomware world in 2021: who, how and why https://securelist.com/ransomware-world-in-2021/102169/ 4. Alert (AA21-131A) DarkSide Ransomware : Best Practices for Preventing Business Disruption from Ransomware Attacks https://us-cert.cisa.gov/ncas/alerts/aa21-131a
14:49
May 15, 2021
World Password Day, Malicious Office 365 Apps, and Fake Product Reviews
In this episode, how we are still very much reliant on passwords in 2021, Google plans to enforce the use of two-factor authentication for everyone who has a google account. Also, a breakdown of how Attackers Distribute Malicious Apps via Office 365 apps are discussed. Lastly, Why you should not trust that 5-star review you read about a product on Amazon as researchers found a database of documents behind a product reward scam run by vendors on Amazon. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com. LINKS:  1. World password Day- A simpler and safer future — without passwords  2. The Wages of Password Re-use: Your Money or Your Life 3. Malicious Office 365 Apps Are the Ultimate Insiders 4. Further reading about How Attackers Distribute Malicious Apps - How Attackers Use Compromised Accounts to Create and Distribute Malicious OAuth Apps  5. Amazon Fake Reviews Scam Exposed in Data Breach  6. A further explanation about 2FA or 2SV -Episode 4 Cybersmart Security Podcast 
16:29
May 08, 2021
Ransomware Costs, the Risk With Old Version Softwares,New Updates and Gamers Beware of this Fake DirectX12 Download
In this episode, the cost of ransomware has doubled over a year, the risk with using old version software(or end of life operating system like Windows 7). Update your Mac now. Also, beware of a fake Microsoft DirectX12 installer in the Wild. This malware is an information-stealing malware that attempts to harvest a victim's cookies, cryptocurrency wallets, passwords, and more in the background when installed. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com. LINKS 1. Ransomware: don’t expect a full recovery, however much you pay. https://nakedsecurity.sophos.com/2021/04/27/ransomware-dont-expect-a-full-recovery/ 2. Task Force Seeks to Disrupt Ransomware Payments https://krebsonsecurity.com/2021/04/task-force-seeks-to-disrupt-ransomware-payments/ 3. Kaspersky finds 22% of PC users still running end-of-life Windows 7 OS https://usa.kaspersky.com/about/press-releases/2021_kaspersky-finds-22-of-pc-users-still-running-end-of-life-windows-7-os#_ftn1 4. Update Your Mac Now: The ‘Worst Hack In Years’ Hits Apple Computers https://www.forbes.com/sites/thomasbrewster/2021/04/26/update-your-mac-now-the-worst-hack-in-years-hits-apple-computers/?sh=3ee9cd855da0 5. NVIDIA Driver Downloads https://www.nvidia.com/Download/index.aspx 6. Fake Microsoft DirectX 12 site pushes crypto-stealing malware https://www.bleepingcomputer.com/news/security/fake-microsoft-directx-12-site-pushes-crypto-stealing-malware/
14:14
May 01, 2021
Misinformation or April Fool's Joke; Datascrap on Linkedln, Facebook & Clubhouse And Job Scams
Over half a billion Facebook and Linkedin user profiles were recently leaked online or put up for sale by cybercriminals. Also, about 1.3M Clubhouse user profilers were posted on a hacker forum. This may have been due to data scraping, which is allowed by Clubhouse API or app and can be accessed by "anyone".  April fool's joke by Deliveroo and Volkswagen backfires.  Shouldn't inaccurate or untrue information published as a joke by some companies be classified as misinformation rather than a prank?  Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com. LINKS 1. The Facebook Phone Numbers Are Now Searchable in Have I Been Pwned https://www.troyhunt.com/the-facebook-phone-numbers-are-now-searchable-in-have-i-been-pwned/ 2. The joke is on Volkswagen after April Fool’s name change debacle https://www.aljazeera.com/economy/2021/3/31/bb-thejokeis-on-volkswagen-after-april-fools-name-change-debacle 3. Deliveroo April Fool's joke backfires in France https://www.bbc.co.uk/news/world-europe-56617049 4. Security News This Week: Oh Look, LinkedIn Also Had 500M Users' Data Scraped https://www.wired.com/story/linkedin-data-scrape-phishing-zoom-security-news/ 5. “Not ideal” from a privacy standpoint: Clubhouse API lets “anyone” scrape public user data https://cybernews.com/security/not-ideal-from-a-privacy-standpoint-clubhouse-api-lets-anyone-scrape-public-user-data/
19:34
April 17, 2021
The Trust Layer Conundrum; World Backup Day, LinkedIn to Rival Clubhouse App & Crypto Scam via Apple's App store
An iPhone user lost 17.1 bitcoin worth $600,000 due to downloading a fake app on Apple's "trusted" app store. Are technology giants really doing a lot more and not just the minimum to instil trust in the services they provide to us? I discuss the trust layer conundrum and Linkedin's plan to rival clubhouse soon. 31st March each year is #WorldBackupDay. This is a reminder to keep a backup of your most important files offsite(SSDs, Drive, USB... ) or via a reliable cloud service. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com LINKS 1. World Backup Day Take action As most of us have services we enjoy from Google, it is good advice to backup your data today.  You can go to this link below now. Follow the prompts and back up your data to a cloud service so that it’s in two separate locations.  https://takeout.google.com/?pli=1 2. LinkedIn confirms it’s working on a Clubhouse rival, too https://techcrunch.com/2021/03/30/linkedin-confirms-its-working-on-a-clubhouse-rival-too/ 3. He believed Apple’s App Store was safe. Then a fake app stole his life savings in bitcoin. https://www.washingtonpost.com/technology/2021/03/30/trezor-scam-bitcoin-1-million/ 4. Trezor for securing your Crypto savings https://www.youtube.com/watch?v=wruL9LF8AUA
20:15
April 02, 2021
Tax & Refund Scams, $50m Ransom, Fake Clubhouse App To Avoid and The Power of Compliments & Empathy
Have you ever got carried away by compliments to the extent that you may have shared very personal information or that of someone else that you never intended initially? Scammers are exploiting the power of empathy to gain the trust of their victims. In this episode, I talk about how we can better respond to a refund claim via calls, SMS or emails and spot the scammy ones. Also mentioned is a fake clubhouse app to avoid.  Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com. LINKS IRS Impersonation - https://abnormalsecurity.com/blog/irs-impersonation/ Fighting back against phone scammers with glitter bombs  -https://grahamcluley.com/fighting-back-against-phone-scammers-with-glitter-bombs/  Spotting scammy emails - https://www.consumer.ftc.gov/blog/2021/03/spotting-scammy-emails?utm_source=govdelivery YouTube Link---Glitterbomb Trap Catches Phone Scammer (who gets arrested) - https://www.youtube.com/watch?v=VrKW58MS12g Catching Money Mules ft. Mark Rober - https://www.youtube.com/watch?v=Xvjjpzyiig4&t=0s Scammer Payback - https://www.youtube.com/channel/UCBNG0osIBAprVcZZ3ic84vw Computer giant Acer hit by $50 million ransomware attack - https://www.bleepingcomputer.com/news/security/computer-giant-acer-hit-by-50-million-ransomware-attack/ Beware Android trojan posing as Clubhouse app - https://blog.eset.ie/2021/03/19/beware-android-trojan-posing-as-clubhouse-app/
18:13
March 27, 2021
FBI Warns About TrickBot in Emails, Costly Error As Books Worth Up To $3.4m Given For Free
FBI Warns About TrickBot in Emails, Costly Error As Books Worth Up To $3.4m Given For Free Earlier this week, the Federal Bureau of Investigations(FBI) mentioned in an alert that cybercrime actors are tricking victims via a traffic infringement phishing scheme. The TrickBot malware spread primarily by spearphishing campaigns using tailored emails that contain malicious attachments. In this episode, this malware's capabilities and how to stay a step ahead of it are discussed.  Also, an academic book publisher-Springer Nature had a misconfiguration that allowed anyone to download their books for free, and lastly, a costly mistake by an employee in the Health Dept of a county in New York State is briefly dissected in the episode. Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com. LINKS: TrickBot Malware Alert https://us-cert.cisa.gov/ncas/alerts/aa21-076a Trickbot is the most prolific malware operation using COVID-19 themed lures https://securityaffairs.co/wordpress/101824/cyber-crime/trickbot-covid-19-themed-lures.html  Error caused the world’s largest academic book publisher to give books away free -https://cybernews.com/security/error-caused-worlds-largest-academic-book-publisher-to-give-books-away-free/ WI: 900 emails of COVID vaccination registrants accidentally shared in Walworth County -https://www.databreaches.net/wi-900-emails-of-covid-vaccination-registrants-accidentally-shared-in-walworth-county/ 
13:25
March 20, 2021
Solarwinds Hack Isn't Intern's Fault, New Covid-19 Phishing Scams And Identifying Social Media Scams
Solarwinds Hack Isn't Intern's Fault, New Covid-19 Phishing Scams And Identifying Social Media Scams. Cybercriminals are once again using the Covid-19 pandemic as a smokescreen for their phishing scams. These scammers rely on the naivety of victims to gain maximum damage. According to people’s reports to the FTC and a new Data Spotlight, about $117m was lost by consumers to scams starting from social media scams in the first 6 months of 2020. Thus it is more pertinent to know ways to identify scams beginning from the social media platforms. I discuss this and more in today's episode.  I also address where the fault really lies about the SolarWinds hack. It is more an organizational issue than an individual one. Responsibility and accountability should always come from the top before it trickles down to the bottom.  Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. Send your questions, comments and suggestions via voice message on the Anchor app or by email to getcybersmart@protonmail.com LINKS: Scams will follow new COVID-19 rescue plan  - https://www.consumer.ftc.gov/blog/2021/03/scams-will-follow-new-covid-19-rescue-plan Scams Starting on Social Media and Targeting Your Business - https://www.tripwire.com/state-of-security/security-data-protection/scams-social-media-targeting-business Scams that start on social media - https://www.consumer.ftc.gov/blog/2020/10/scams-start-social-media  Threat Actors Target Victims by Promising COVID-19 Relief, Vaccines, and Variant News - https://www.proofpoint.com/us/blog/security-briefs/threat-actors-target-victims-promising-covid-19-relief-vaccines-and-variant SolarWinds blaming intern for leaked password is symptom of ‘security failures’ - https://www.scmagazine.com/access-control/solarwinds-blaming-intern-for-leaked-password-is-symptom-of-security-failures/
17:16
March 13, 2021
Facebook in $650M Privacy Lawsuit Settlement, 400 T-Mobile Users Affected By SIM Swap Fraud & How To Prevent A SIM Swap Attack
T-Mobile is in the news again for the fifth time in four years for a data breach; this time, 400 users were victims of a SIM Swap Fraud.  The recent attacks via SIM swap fraud have brought Wireless carriers under the spotlight. In 2021, more companies are embracing cryptocurrencies investments. Online users are buying company shares via mobile applications; it is thus crucial to ensure that accounts are kept safe from identity theft and other types of attacks.  In episode 23, I talk about protecting yourself from SIM swap attacks and keeping your crypto safe. I also comment on the verdict by a US District Judge to order Facebook to pay $650M in settlement for a privacy violation. Besides, this episode notes includes a research paper regarding vulnerable authentication challenges published in January 2020.  Salaudeen Amao gives a breakdown of recent news in cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every week. Follow him on Twitter @Major_Jeneral. LINKS: 1. Judge Approves $650M Facebook Privacy Lawsuit Settlement     https://www.securityweek.com/judge-approves-650m-facebook-privacy-lawsuit-settlement 2. T-Mobile Discloses Data Breach After SIM Swapping Attacks     https://www.bleepingcomputer.com/news/security/t-mobile-discloses-data-breach-after-sim-swapping-attacks/ T-Mobile Notice To Customers Affected By Data Breach      https://beta.documentcloud.org/documents/20492859-t-mobile-feb-2021-bc-data-breach 3. All about SIM Hijacking and Research Done Using 5 Popular Telecom Carriers       https://www.schneier.com/blog/archives/2020/01/sim_hijacking.html An Empirical Study of Wireless Carrier Authentication for SIM Swaps      https://www.issms2fasecure.com/assets/sim_swaps-01-10-2020.pdf Study Shows The Internet Is Hugely Vulnerable To SIM Hijacking Attacks      https://www.techdirt.com/articles/20200114/06480143727/study-shows-internet-is-hugely-vulnerable-to-sim-hijacking-attacks.shtml 4. Stories And A Video-‘I Lived a Nightmare:’ SIM Hijacking Victims Share Their Stories      https://www.vice.com/en/article/j5bpg7/sim-hijacking-t-mobile-stories 5. Keeping Your Crypto Safe Offline - What Happens When Hackers Steal Your SIM You Learn To Keep Your Crypto Offline      https://techcrunch.com/2018/08/20/what-happens-when-hackers-steal-your-sim-you-learn-to-keep-your-crypto-offline/amp/
17:15
March 06, 2021
Fake Cryptocurrency Trading Platforms,Sim-Swapping,Novel Phishing Tactic Via Malformed URLs and 5 Ways To Begin Fullproof Privacy Protection
If you know why you should take privacy protection seriously, then taking proactive actions towards achieving foolproof security against the bad guys is the next step.  In this episode, I discussed 5 ways you can start to have a sense of control over everything that connects to you.  Before that, I delved into the recent charges brought against 3 North Koreans arrested for globally related cyberattacks that include fake Cryptocurrency Trading Platforms used to fool unsuspecting users to download malicious applications. How to ensure your mobile number is not ported to another sim by impersonators is also addressed.  Salaudeen Amao gives a breakdown of recent news on cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral LINKS:  US charges North Koreans in relation to global cyber attacks https://www.tripwire.com/state-of-security/featured/us-charges-north-korean-hackers-wannacry-sony-pictures-attack/ New Phishing Attack Identified: Malformed URL Prefixes https://www.greathorn.com/blog-new-phishing-attack-identified-malformed-url-prefixes/ Ten Hackers Arrested For String of Sim-swapping Attacks Against Celebrities https://www.europol.europa.eu/newsroom/news/ten-hackers-arrested-for-string-of-sim-swapping-attacks-against-celebrities
21:17
February 26, 2021
Why Are Security Firms Vulnerable Too And 5 Reasons To Take Privacy Protection Seriously
"I have nothing to hide." A common phrase I read on the internet or hear in conversations at the moment. Are you kidding me? That is far from the truth. In fact, you have more to lose. The issues regarding data breaches, information security, privacy intrusions by cybercriminals or unethical hackers, surveillance by governments and more won't go away anytime soon. This is quite crucial in 2021 as attackers are finding crafty methods to get your data. . In this episode, you will learn the 5 reasons why you should take privacy protection seriously. Before that, I talk about the SolarWinds hack and why security firms are only as strong as the weakest vendor on their books. Salaudeen Amao gives a breakdown of recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral. LINKS. A Second SolarWinds Hack Deepens Third-Party Software Fears https://www.wired.com/story/solarwinds-hack-china-usda/ SonicWall says it was hacked using zero-days in its own products https://www.zdnet.com/article/sonicwall-says-it-was-hacked-using-zero-days-in-its-own-products/ New phishing attack uses Morse code to hide malicious URLs https://www.bleepingcomputer.com/news/security/new-phishing-attack-uses-morse-code-to-hide-malicious-urls/  Bluetooth Overlay Skimmer That Blocks Chip https://krebsonsecurity.com/2021/02/bluetooth-overlay-skimmer-that-blocks-chip/ SonicWall Is Latest Security Vendor to Disclose Cyberattack The network security firm is investigating a coordinated campaign in which attackers exploited vulnerabilities in SonicWall's products. https://www.darkreading.com/endpoint/sonicwall-is-latest-security-vendor-to-disclose-cyberattack/d/d-id/1339972
16:29
February 18, 2021
Remote Attacks;Beware of Fake Office 365 updates, Vishing Campaigns And The Rise In SMS-based Phishing Services
Being Cyber aware is more important now than ever before as phishing related attacks are up by over 300%. Hackers are creating phishing toolkits to harvest login credentials to gain remote access to corporate networks. The FBI has warned businesses of increased phishing voice call otherwise known as vishing.  Also, security authorities in the UK and Ukraine have arrested creators of phishing toolkits called SMS bandit and U-Admin. these toolkits have features that can intercept OTP and multifactor authentication codes. Salaudeen Amao gives a breakdown of recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app. Links quoted in this episode  Mobile Phishing Increases More Than 300% as 2020 Chaos Continues https://www.proofpoint.com/us/blog/threat-protection/mobile-phishing-increases-more-300-2020-chaos-continues Phishing Campaign Features Fake Office 365 Update-Trend Micro Says Campaign Designed to Steal Executives' Credentials https://www.databreachtoday.asia/phishing-campaign-features-fake-office-365-update-a-15869 U.K. Arrest in ‘SMS Bandits’ Phishing Service https://krebsonsecurity.com/2021/02/u-k-arrest-in-sms-bandits-phishing-service/ Arrest, Raids Tied to ‘U-Admin’ Phishing Kit https://krebsonsecurity.com/2021/02/arrest-raids-tied-to-u-admin-phishing-kit/ Beware of this active UK NHS COVID-19 vaccination phishing attack https://www.bleepingcomputer.com/news/security/beware-of-this-active-uk-nhs-covid-19-vaccination-phishing-attack/ FBI Warns of Increase in Vishing Attacks https://www.govinfosecurity.com/fbi-warns-increase-in-vishing-attacks-a-15795
14:19
February 13, 2021
Data-sharing Policies-WhatsApp,Telegram&Signal&The 1 Reason You Are Prone To Threats&Attacks in 2021
Data-sharing Policies-WhatsApp,Telegram&Signal&The 1 Reason You Are Prone To Threats&Attacks even in 2021. Should you really leave WhatsApp for an alternative like Signal and Telegram due to Facebook's data sharing policy plans? In this episode, I talk about how you can strengthen the protection of your WhatsApp account and the difference or similarities amongst the 3 messaging platform. How best to weigh the reasons to use a messaging app? Also there is a brief explanation on the One major reason we are prone to attacks regardless of our personality, reputation or the defences we put in place to protect ourselves, and businesses. LINKS: 1. Yes, You Can Still Use WhatsApp—But Change These 3 Critical Settings First—https://www.forbes.com/sites/zakdoffman/2021/01/12/you-can-use-whatsapp-after-facebook-apple-imessage-and-signal-backlash-but-change-this/?sh=2b6f6eed798f 2. WhatsApp data-sharing policy change: here’s what it means—https://www.stationx.net/whatsapp-data-sharing-policy-change-heres-what-it-means/ 3. Answering your questions about WhatsApp’s Privacy Policy—https://faq.whatsapp.com/general/security-and-privacy/answering-your-questions-about-whatsapps-privacy-policy/?lang=fb
17:45
February 01, 2021
Doing Things Right;FTC on Zoom's Unfair Practices,Muslim Pro,Salaat First&The Location Data Question
Federal Trade Commission-FTC settlement with Zoom requires Zoom to ensure they keep the personal information of users secured and privacy protected. Also 2 Muslim Prayer apps have shared data with partners who in turn sold this location data to U.S Military. In this episode; How should companies behave in adhering to terms & offering service as advertised such that they will protect their consumers' interests and at the same time, keep their reputation intact. And the implication of doing otherwise. Hence the need to do the right things by their consumers and the regulatory authorities.  LINKS: 1. Zooming in on Zoom’s unfair and deceptive security practices: More about the FTC settlement- https://www.ftc.gov/news-events/blogs/business-blog/2020/11/zooming-zooms-unfair-deceptive-security-practices-more-about?utm_source=govdelivery   2. How the U.S. Military Buys Location Data from Ordinary Apps. - https://www.vice.com/en/article/jgqm5x/us-military-location-data-xmode-locate-x   3. Muslim Pro Stops Sharing Location Data After Motherboard Investigation - https://www.vice.com/en/article/g5bq89/muslim-pro-location-data-military-xmode   4. Leaked Location Data Shows Another Muslim Prayer App Tracking Users. - https://www.vice.com/en/article/xgz4n3/muslim-app-location-data-salaat-first   5. ACLU files request over data US collected via Muslim app used by millions-- https://www.theguardian.com/us-news/2020/dec/03/aclu-seeks-release-records-data-us-collected-via-muslim-app-used-millions   6. US military buys location data of popular Muslim apps: Report. - - www.aljazeera.com/amp/news/2020/11/17/report-us-military-buying-location-data-on-popular-muslim-apps
19:16
January 15, 2021
Privacy, Data Protection: Why DP Regulators are Vital Now & Ways To Stay A Smart Holiday Shopper
From British Airways & Marriott International in the UK to a Supermarket Co-op in the US Fined with HIPAA Settlement for violations of privacy and security rules, the rate of violations and data breaches is on the rise. Are these fines & the roles played by regulators serving as a wake up call businesses to treat data security as a priority? Also, learn ways to outsmart scammers as you shop for gift for friends, family, acquaintances and colleagues during the holiday period.   State Slaps Supermarket Co-Op with HIPAA Settlement https://www.databreachtoday.com/state-slaps-supermarket-co-op-hipaa-settlement-a-15307   Marriott data breach fine slashed to £18.4 million by UK regulator – HOTforSecurity - https://hotforsecurity.bitdefender.com/blog/marriott-data-breach-fine-slashed-to-18-4-million-by-uk-regulator-24457.html   Helpful websites to check a URL or link (I.) https://www.islegitsite.com (ii) https://www.urlvoid.com
22:60
November 17, 2020
Due Diligence, Are SMS Security Codes For 2FA Still Reliable? British Airways Fined €20M
Due Diligence, Are SMS Security Codes For 2FA Still Reliable? British Airways Fined €20M ..... Do you exercise a bit of care before entering into a contract or agreement? Investigating and checking the details of a business deal or investment in a business idea is important now than ever before so you don't get scammed. At times people are just Wolves in sheep clothing. Always do due diligence. BA were Fined 20M for keeping Customers' credit card details in plaintext sìnce 2015. All these and more in this week's episode. —LINKS For Further Reading—1. Due Diligence That Money Can’t Buy https://krebsonsecurity.com/2020/09/due-diligence-that-money-cant-buy/ —2. Having Saved Credit Card Details in Plaintext Since 2015, British Airways Is Fined £20 Million https://hotforsecurity.bitdefender.com/blog/having-saved-credit-card-details-in-plaintext-since-2015-british-airways-is-fined-20-million-24340.html —3. Amazon Fires Employee For Leaking Customer Data https://hotforsecurity.bitdefender.com/blog/amazon-fires-employee-for-leaking-customer-data-24417.html
27:37
October 30, 2020
If In Doubt,Don't Give It Out:Former Cisco Employee Pleads Guilty&Hackers Pose As Journalist-Part 2
In part two, former cisco employee pleads guilty to damaging cisco's network for deleting about 16,000 Webex teams Accounts And Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware. .... Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. . . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app. LINKS 1. San Jose Man Pleads Guilty To Damaging Cisco’s Network Unauthorized Access Led to Deletion of 16,000 WebEx Teams Accounts in the Fall of 2018- https://www.justice.gov/usao-ndca/pr/san-jose-man-pleads-guilty-damaging-cisco-s-network 2. Iranian Hackers Pose as Journalists to Trick Victims Into Installing Malware https://thehackernews.com/2020/08/hackers-journalist-malware.html?m=1
16:52
September 11, 2020
If In Doubt, Don't Give It Out:Tesla Saved From Ransom Attempt By Russian Hacker-Part 1
Are you so naive that you are willing to forget the company's policies because of new friendship out of the blue? Learn from this employee who forgoes a $1M in bribe to stop a cyberattack on Tesla's computer network. And more recent news are discussed in this episode of GetCybersmart Security Podcast. . Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. . . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app. LINKS Tesla employee foregoes $1M payment, works with FBI to thwart cybersecurity attack https://www.teslarati.com/tesla-employee-fbi-thwarts-russian-cybersecurity-attack/
18:07
September 11, 2020
Privacy: College Tracks Students via Corona App & Ex-Uber Chief In Data Breach Cover-Up—Part 2
To what extent will you accept extreme measures to protect you from a virus? Are you prepared to sacrifice your privacy for your health? A school asked her students to use a coronavirus App without an opt-out option. A former Über Executive is accused of not disclosing a data breach to customers and the authorities in an incident that occurred in 2016. About 57m customers were not informed of the incident at the time... LINKS:....Ex-Uber chief security officer charged, accused of covering up theft of personal info from databases by hackers Say it ain't Joe?—https://www.theregister.com/2020/08/20/uber_sullivan_concealment_charges/ Fearing coronavirus, a Michigan college is tracking its students with a flawed app And students have no way to opt out... https://techcrunch.com/2020/08/19/coronavirus-albion-security-flaws-app/
17:40
August 26, 2020
Security: Agencies(FBI & CISA) Warn About "Vishing" & Why You Should Plant Your Flag —Part 1
Security Agencies have issued a joint alert and advisory to businesses and users regarding voice phishing attacks. Cybercriminals are taking advantage of the impact of COVID-19 on those Working remotely. Corporate VPNs are at risk especially in the event that in person authentication is not required due to current unusual times. Why you have to get an online presence to safeguard your offline lives. Remember to take the pain to activate all security settings provided by your financial, identity and telecommunications services, 2FA, MFA, one-Passwords and physical security keys. Google disclosed in July 2018 that they have been using security keys for employees since 2017. No intrusion recorded since that move in 2017. LINKS :...... Why & Where You Should Plant Your Flag https://krebsonsecurity.com/2020/08/why-where-you-should-you-plant-your-flag/ FBI, CISA Echo Warnings on ‘Vishing’ Threat https://krebsonsecurity.com/2020/08/fbi-cisa-echo-warnings-on-vishing-threat/#more-52783 A recent example of a successful Phishing attack - Blox Tales #12: Verizon Credential Phishing https://www.armorblox.com/blog/blox-tales-verizon-credential-phishing/..... 4. The joint FBI/CISA alert (PDF)-https://krebsonsecurity.com/wp-content/uploads/2020/08/fbi-cisa-vishing.pdf
20:19
August 26, 2020
The Human Factor: Garmin Pays Ransom, Twitter Hack And "Phone-Spear-Phishing"
Humans are the weakest link to break into any secured system. What does the recent hacks and ransomware mean for you as an individual or your business? Understanding how social engineering tactics works is no longer an option it is important now than ever before. Take a listen to this podcast to know more...........LINKS:.. 1. The Twitter mega-hack. What you need to know https://www.tripwire.com/state-of-security/featured/twitter-mega-hack-what-you-need-to-know/ ... 2...Twitter says a “phone spear phishing” attack helped hackers – what’s that?- https://grahamcluley.com/twitter-phone-spear-phishing/ ....3....  Twitter hack – three suspects charged in the US https://nakedsecurity.sophos.com/2020/08/01/twitter-hack-three-suspects-charged-in-the-us/   ...4...Garmin Surrenders, Pays Millions In Ransom…And Other Small Business Tech News-https://www.forbes.com/sites/quickerbettertech/2020/08/09/garmin-surrenders-pays-millions-in-ransomand-other-small-business-tech-news/#6d0daf7b0d8a   ...5....Garmin confirms a cyber attack took its systems offline-- https://www.engadget.com/garmin-confirms-cyberattack-164913517.html
16:24
August 10, 2020
Only the Paranoid Survive,Are you?;Child Predator"Extortionists"Cyber Spies, 2 Diff. Corona App&More
In this episode: How Paranoid are you about your security? Are you communicating with your wards or kids and providing them the right education on how to use social media on the Internet? Cyber Spies used LinkedIn platform to hack into 2 European defence firms and more are discussed in this episode.  Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. . . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app. LINKS Facebook Helped the FBI Hack a Child Predator https://www.vice.com/en_us/article/v7gd9b/facebook-helped-fbi-hack-child-predator-buster-hernandez  You’ve heard of sextortion – now there’s “breachstortion”, tool https://nakedsecurity.sophos.com/2020/06/15/youve-heard-of-sextortion-now-theres-breachstortion-too/ Extortionists threaten to destroy sites in fake ransom attacks-https://www.bleepingcomputer.com/news/security/extortionists-threaten-to-destroy-sites-in-fake-ransom-attacks/  Cyber spies use LinkedIn to hack European defence firms https://in.reuters.com/article/cyber-linkedin-hacks/cyber-spies-use-linkedin-to-hack-european-defence-firms-idINKBN23O2S4 Germany appeals to nation to download coronavirus app https://www.theguardian.com/world/2020/jun/16/germany-appeals-to-nation-to-download-coronavirus-app  Coronavirus: Alarm over 'invasive' Kuwait and Bahrain contact-tracing apps https://www.bbc.com/news/world-middle-east-53052395  Google will default to phone notifications for two-factor sign-ins https://www.engadget.com/google-defaults-to-phone-verification-prompts-012756172.html?guccounter=1
38:09
June 21, 2020
Tycoon:Java-Based Ransomware,Fake BlackLivesMatter Vote Campaign Spreads Trickbot,CEO Apologise&More
Tycoon-Java-Based Ransomware,Fake BlackLivesMatter vote campaign spreads Trickbot, Brave CEO Apologises for adding affiliate links to URL & NASA cyber incidents hit 368% increase and Microsoft release June 130 security patches...... —Researchers say Tycoon ransomware, which has targeted institutions(educational and business), has a few traits they haven't seen before. Targets Windows & Linux. —A campaign asking you to vote anonymously about #BlackLivesMatter is spreading the information-stealing malware called Trickbot. —Microsoft have released its June 2020 batch of software security updates that patches about 130 newly discovered vulnerabilities. One of these vulnerabilities affects virtually all supported Windows versions–from Windows 7 to Windows Server 2019. . And more about NASA And Billions of Plug and Play devices affected by UPnP protocol vulnerability in this new episode —Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. . . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app. LINKS----- 1.A new Java-based ransomware targets Windows and Linux https://techcrunch.com/2020/06/04/tycoon-java-ransomware/ . New 'Tycoon' Ransomware Strain Targets Windows, Linux Researchers say Tycoon ransomware, which has targeted software and educational institutions, has a few traits they haven't seen before. https://www.darkreading.com/vulnerabilities---threats/new-tycoon-ransomware-strain-targets-windows-linux/d/d-id/1338006 . Michigan State University won’t pay ransom after cyber attack https://www.mlive.com/news/2020/06/michigan-state-university-wont-pay-ransom-after-cyber-attack.html . MSU Provides Update On IT-Based Intrusion https://msutoday.msu.edu/news/2020/msu-provides-update-on-it-based-intrusion/ . 2. Fake Black Lives Matter voting campaign spreads Trickbot malware —https://www.bleepingcomputer.com/news/security/fake-black-lives-matter-voting-campaign-spreads-trickbot-malware/ . 3.Brave CEO apologises for adding affiliate links to URLs—https://nakedsecurity.sophos.com/2020/06/09/brave-ceo-apologises-for-adding-affiliate-links-to-urls/ . 4.Billions of devices affected by UPnP vulnerability-https://nakedsecurity.sophos.com/2020/06/10/billions-of-devices-affected-by-upnp-vulnerability/ 5.NASA Hit By 366% Rise In Cybersecurity Incidents— https://www.forbes.com/sites/simonchandler/2020/06/08/nasa-hit-by-366-rise-in-cybersecurity-incidents-after-budget-cuts/#155fdf785b31 6. Microsoft Releases June 2020 Security Patches For 129 Vulnerabilities https://thehackernews.com/2020/06/windows-update-june.html?m=1 . Microsoft June 2020 Patch Tuesday https://isc.sans.edu/forums/diary/Microsoft+June+2020+Patch+Tuesday/26220/
39:31
June 11, 2020
Security Is Not Final, Failure Can Be Quite Fatal.—Unusual Photo Is Bricking Phones...
Cisco Release Patch. An Unusual Photo is Bricking Phones...Cisco have released Patches for their Nexus Switches.—Cisco are asking organisations, busineses & users to install these updates to prevent a possible distributed denial of service(DDoS) due to the vulnerabilities.  Some popular brands have been affected by a photo, bricking phones when used as the background image. This image is causing irregular behaviors to smartphones. This occurs when you set it has a background image. Mobile Phishing on the Rise—The rate of Phishing has increased in mobile in 2020 especially during the pandemic. Be cyber aware of malicious attacker trying to trick you to download attachments or click phishing links used to scoop your data.  Are The Hacktivitists Anonymous, Back again to push their agenda while they hack our attention? (again).  Find out about this and more in this week's episode of Cybersmart Security Podcast themed - Security is not Final, Failure can be Quite Fatal.  Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday. . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app. LINKS- Cisco warns: These Nexus switches have been hit by a serious security flaw— https://www.zdnet.com/article/cisco-warns-these-nexus-switches-have-been-hit-by-a-serious-security-flaw/ Cisco NX-OS Software Unexpected IP in IP Packet Processing Vulnerability—https://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-nxos-ipip-dos-kCT9X4   Android: Why this photo is bricking some phones —https://www.bbc.co.uk/news/amp/technology-52891650  Anonymous’ online activists see huge, unexplained surge in support—https://www.independent.co.uk/life-style/gadgets-and-tech/news/anonymous-activists-online-george-floyd-protests-black-lives-matter-a9544261.html
26:36
June 03, 2020
Signal IM Introduce PINs For Secured Recovery,Why Sec...Awareness Matters&EasyJet Faces 18B Lawsuits
Signal IM Introduces PINs For Secured Recovery Of Accounts,Why Basic Training & Security Awareness Matters & EasyJet Faces €18B In Lawsuits Over Data Breach. . . Signal, a non-profit organization interested in providing secured messaging platform for use have announced the introduction of secure PINs to be used for recovery of accounts. You are advised to use long Passphrase. Why businesses must take training and security awareness seriously. And EasyJet facing the 18 billion pounds in Lawsuits filed against them over the data breach. A data breach they disclosed to customers after 5 months the incident was recorded. . Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Wednesday, latest at midnight. . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app.
21:41
May 27, 2020
EasyJet Data Breach Affect 9M, WolfRAT Targets Messaging Apps& 6 ways To Protect Your Gaming Kids
EasyJet Data Breach Affects 9M Passengers, Messaging Apps under Threat from New Android Malware called WolfRAT & 6 ways parents can protect their online gaming kids.... Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Tuesday. . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app.
26:24
May 21, 2020
Password Day, WhatsApp Accounts Hacks on the rise & Cyber-Attacks on the Straitz of Hormuz Ports.
Learn about password Day and the mistakes you should avoid while creating passwords. And the possibility of a passwordless future. Bad guys prey on the naivety of their victims/targets to hijack WhatsApp accounts. Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Tuesday. . Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app. . Links. . 1. A passwordless future: How security keys and biometrics are taking over https://www.techrepublic.com/google-amp/article/a-passwordless-future-how-security-keys-and-biometrics-are-taking-over/ . 2. Two-factor authentication: A cheat sheet https://www.techrepublic.com/article/two-factor-authentication-cheat-sheet/#ftag=CAD-00-10aag7f . 3. WhatsApp Users Beware: This Stupidly Simple New Hack Puts You At Risk—Here’s What You Do https://www.forbes.com/sites/zakdoffman/2020/01/25/whatsapp-users-beware-this-stupidly-simple-new-hack-puts-you-at-riskheres-what-you-do/#245b1e3a1d76 . 4. Iran reports failed cyber-attack on Strait of Hormuz port https://www.zdnet.com/google-amp/article/iran-reports-failed-cyber-attack-on-strait-of-hormuz-port/
20:43
May 14, 2020
BEC Attacks Targets Equity Firms,'Mass Surveillance'? GoDaddy hit by Data Breach & 7 Swift Actions
Hackers takes almost $1.3 million from 3 British Equity Firms. Is the plan to use Thermal Cameras in a post-Covid-19 period at game venues not an intrusion of personal privacy? And 7 actions any organisation like GoDaddy should take in the event of a data breach. These action will aid the recovery of all stakeholders involved and reduce the impact of the incident. Salaudeen Amao gives a breakdown on recent news in the cyberspace. Learn something about security and more that can help you get Cybersmart both online and offline. Episodes are released every Tuesday. Follow him on Twitter @Major_Jeneral. Subscribe on your podcast app. Links: 1. Hackers Trick 3 British Private Equity Firms Into Sending Them $1.3 Million. https://thehackernews.com/2020/04/bec-scam-wire-transfer-money.html?m=1 2. Incident Response Casefile – A successful BEC leveraging lookalike domains. https://research.checkpoint.com/2019/incident-response-casefile-a-successful-bec-leveraging-lookalike-domains/ 3. Premier League clubs could roll out thermal cameras post-lockdown https://www.telegraph.co.uk/technology/2020/04/25/premier-league-clubs-could-roll-thermal-cameras-post-lockdown/ 4. GoDaddy Hack Breaches Hosting Account Credentials. https://threatpost.com/godaddy-hack-breaches-hosting-account-credentials/155475/
24:31
May 06, 2020
2FA or 2SV? Creative Phone Scams? 160k Nintendo & 450 WHO Accounts hacked Microsoft Teams Patched
Why you should activate 2FA or 2SV on your accounts now? Microsoft have patched vulnerability that would have allowed the bad guys to take over your Team's Microsoft Teams' accounts. About 25000 email addresses of prominent organisations such as WHO, were published. You can fall for this creative Phone Scams that involves ATM cards, spoofing and call phishing. Scammers will spoof caller IDs when calling both the bank and the target/victim. And how to protect yourself from this art of social engineering.
39:12
April 29, 2020
Fake Eyeballs?TIktok at risk to MITM,"free trial" apps are sneaky.18M Hoax emails blocked—21-04-2020
Bot network named ICEBUCKET impersonates human eyes in 30 countries. Google warn developers about free trial apps, TIktok uses HTTP instead of HTTPS. and 100M phishing emails identified by Google daily.
25:47
April 22, 2020
COVID-19: Google and Apple partners for a medical cause, Hacks and scams on the rise.—16-04-2020
Contact tracking Devices to trace possible contacts with COVID-19 will be available soon. More exploitation of the coronavirus situation by hackers and Scammers and how to stay safe.
22:40
April 22, 2020
Introduction and Cyber Awareness In A Pandemic.-07-04-2020
In this first episode, Salaudeen Amao gives an introduction on how the Cybersmart Security podcast will benefit its listeners and also give general Cyber Awareness advice against becoming a victim to scams during the Coronavirus pandemic.
08:34
April 22, 2020
April 22, 2020
00:46
April 22, 2020