USB our Guest
This podcast is intended to help people better protect themselves from Cyber criminals by offering quick tips and hacking news summaries. // - Do you shop on Amazon? If so, please consider shopping through my Amazon Associates affiliate link // amzn.to/3B0sMYC \\ You get your stuff and I get a tiny commission.
Russia / Ukraine Cyber War discussion with Stefan from Tech Hatters
I sit down with Stefan from the Tech Hatters Discord for a discussion on the Russia / Ukraine Cyber War. Stefan is a University student working in the industry. Please see all the links for all the articles we discussed below. Feel free to run all the links provided below through VirusTotal to ensure safe to click. I do not suggest using the 1920.in app. Tech Hatters Discord Tracking Cyber Operations and actors in the Russian-Ukraine War Anonymous broadcasts infamous ‘troll face’ on Russian military radio WhisperGate Malware Corrupts Computers in Ukraine Second Data Wiper attack hits Ukraine computer networks CENTRAL BANK HACK Most recently, the group claimed involvement in hacking of the central bank of Russia White House.gov- FACT SHEET: Act Now to Protect Against Potential Cyberattacks Anonymous hacks Russia AGAIN and leaks 340,000 files in attempt to stop Putin’s war propaganda campaign Snapchat turns off public ‘heatmap’ for Ukraine SPACE HACK ATTACK Anonymous claims it has shut down Russia’s space agency – so Putin ‘no longer has control over spy satellites Hackers changed the call sign of a Putin-linked superyacht to 'FCKPTN' and set the ship's destination as 'hell'
April 06, 2022
Log4shell, Log4j exploit or Log4what, is that a new crossfit trend?
Today’s episode covers the vulnerability affecting Java logging package, Log4j. This episode took a little longer to make than expected due to its complexity. Please see links below used to create the episode. TryHackMe’s Solar, exploiting log4j https://tryhackme.com/room/solar The Log4J Vulnerability Will Haunt the Internet for Years https://www.wired.com/story/log4j-log4shell/ Huntress Log4Shell Vulnerability Tester https://log4shell.huntress.com/ Apache logging services https://logging.apache.org/ The Apache Software Foundation https://www.apache.org/ USB our Guest - Episode 22 Updates - https://anchor.fm/usbog/episodes/Software-Updates-emgnsh Log4j Attack surface - https://github.com/YfryTchsGD/Log4jAttackSurface Log4j - Apache Log4j Security Vulnerabilities - https://logging.apache.org/log4j/2.x/security.html JDBC Appender https://logging.apache.org/log4j/2.x/manual/appenders.html#JDBCAppender Apache Log4j Security Vulnerabilities https://logging.apache.org/log4j/2.x/security.html What is JDBC? https://www.ibm.com/docs/en/informix-servers/12.10?topic=started-what-is-jdbc Lesson: Overview of JNDI https://docs.oracle.com/javase/tutorial/jndi/overview/index.html W3Schools - Addressing https://www.w3.org/Addressing/URL/uri-spec.html Amazon Affiliate link - https://amzn.to/3rpF5KI
February 19, 2022
Twitch Gets Hacked or Source Code! Get your Source Code here!
Today's episode covers the recent Twitch hack. yikes. The entirety of Twitch has reportedly been leaked https://www.videogameschronicle.com/news/the-entirety-of-twitch-has-reportedly-been-leaked/ A Devastating Twitch Hack Sends Streamers Reeling - https://www.wired.com/story/devastating-twitch-hack-sends-streamers-reeling/ Twitch confirms it was hacked after its source code and secrets leak out https://www.theverge.com/2021/10/6/22712365/twitch-data-leak-breach-security-confirmation-comments Twitch’s twitter posts https://twitter.com/Twitch/status/1445770441176469512 https://twitter.com/Twitch/status/1445985601174392835 Twitch’s blog - Update on the Twitch Security incident https://blog.twitch.tv/en/2021/10/06/updates-on-the-twitch-security-incident/?utm_referrer=https://t.co/ FB Update about the October 4th outage https://engineering.fb.com/2021/10/04/networking-traffic/outage/
October 14, 2021
EA Hack or The bad guys forgot to do something...
This episode is about the recent EA/Electronic Arts hack that occurred on June 6th. TL:DR/L - only download from Legit game retailers. Hackers Steal Wealth of Data from Game Giant EA - https://www.vice.com/en/article/wx5xpx/hackers-steal-data-electronic-arts-ea-fifa-source-code Hackers leak full EA data after failed extortion attempt - https://therecord.media/hackers-leak-full-ea-data-after-failed-extortion-attempt/ How Hackers Used Slack to Break into EA Games - https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack EA ignored domain vulnerabilities for months despite warnings and breaches - https://www.zdnet.com/article/ea-ignored-domain-vulnerabilities-for-months-despite-warnings-and-breaches/ Hackers selling access to FIFA matchmaking servers and other games after EA attack - https://www.zdnet.com/article/hackers-selling-access-to-fifa-matchmaking-servers-and-other-games-after-ea-attack/ How Hackers Used Slack to Break into EA Games - https://www.vice.com/en/article/7kvkqb/how-ea-games-was-hacked-slack
August 29, 2021
Colonial Pipeline ransomware attack or Backup, Shmackup...
Today’s episode is about the Ransomware attack that occurred on May 7th that forced Colonial Pipeline to shut down its operations. A Closer Look at the DarkSide Ransomware Gang - https://krebsonsecurity.com/2021/05/a-closer-look-at-the-darkside-ransomware-gang/#more-55529 Colonial Pipeline attack: Everything you need to know- https://www.zdnet.com/article/colonial-pipeline-ransomware-attack-everything-you-need-to-know/ Colonial Pipeline ransomware attack linked to a single VPN login -https://www.engadget.com/pipeline-ransomware-010631984.html Hackers Breached Colonial Pipeline Using Compromised Password - https://www.bloomberg.com/news/articles/2021-06-04/hackers-breached-colonial-pipeline-using-compromised-password?sref=10lNAhZ9 USBOG - Ransomware - https://anchor.fm/usbog/episodes/What-is-Ransomware-ejikem USBOG - Passwords - https://anchor.fm/usbog/episodes/Password-Best-Practices-e52ank
June 19, 2021
The FBI is remotely hacking hundreds of servers or Why Hello, I didn’t see you there...
Today’s episode covers the FBI’s Unprecedented helpful remote hacking of Hafnium infected servers. The FBI is remotely hacking hundreds of computers to protect them from Hafnium- https://www.theverge.com/2021/4/13/22382821/fbi-doj-hafnium-remote-access-removal-hack The FBI got a court order to delete backdoors from hacked Exchange servers- https://www.engadget.com/fbi-hafnium-exchange-server-060721872.html USB our Guest - Microsoft Server Exchange Hack - https://anchor.fm/usbog/episodes/Microsoft-Server-Exchange-Hack-ets89n
May 28, 2021
Gamers, Modders and RATs and Take your negative K/D like we all have
Today's episode is about cheaters or modders getting infected with RAT’s or a Remote Access Trojans. Tech Republic - Malicious attack now targeting video gamers and modders https://www.techrepublic.com/article/malicious-attack-now-targeting-video-gamers-and-modders/ Cisco Talos - Cheating the cheater: How adversaries are using backdoored video game cheat engines and modding tools https://blog.talosintelligence.com/2021/03/cheating-cheater-how-adversaries-are.html USBOG Episode 31- RAT's or Remote Access Trojans and Stop Clicking Links from your Moms https://anchor.fm/usbog/episodes/RATs-or-Remote-Access-Trojans-and-Stop-Clicking-Links-from-your-Moms-ev3dht
May 22, 2021
RAT's or Remote Access Trojans and Stop Clicking Links from your Moms
Today’s episode covers RATs or Remote Access Trojans. There is a great article on DarkReading that gives an overview of what RATs do and I’ll include it in the show notes. In This episode we will cover What are RATs, how do they find their way on your computer, what they do when they find themselves on there and what you can do to protect your device from them. Dark Reading - RATs 101: The Grimy Trojans That Scurry Through Remote Access Pipes...
April 17, 2021
Alwin of ITPodcast.club Interview
Today's episode is a little different. We have the opportunity to speak to the host of ITPodcast.Club, available on major podcasting platforms and who is in their last year of university. This episode is a bit longer around 30 minutes, but Alwin and I talk about a few topics including, paid and free learning resources, how we learn, entry level work, certifications and lastly why Backups are essential. Alwin email - firstname.lastname@example.org IG - @itpodcast.club Link Alwin’s podcast - ITpodcast.Club https://open.spotify.com/show/2qjTo5KX5lDoEgGymvx4mU?si=Dc46RQssQn2PBKZALuuXwA Link CFTE server - https://discord.gg/uWPvAR6HTR
April 09, 2021
Microsoft Server Exchange Hack
Today’s episode covers the Microsoft Server Exchange Hack. So disclaimer here, this is a fairly technical hack. The purpose of this episode is to give you a high level overview of the hack, a timeline, who is responsible and what to do? Krebs on Security - At Least 30,000 U.S. Organizations Newly Hacked Via Holes in Microsoft’s Email Software - https://krebsonsecurity.com/2021/03/at-least-30000-u-s-organizations-newly-hacked-via-holes-in-microsofts-email-software/ ZD Net - Everything you need to know about the Microsoft Exchange Server hack - https://www.zdnet.com/article/everything-you-need-to-know-about-microsoft-exchange-server-hack/ Microsoft’s Github with tools for mitigation - https://github.com/microsoft/CSS-Exchange/tree/main/Security ZD Net Microsoft blog with patch update - https://msrc-blog.microsoft.com/2021/03/02/multiple-security-updates-released-for-exchange-server/ Krebs on Security - A Basic Timeline of the Exchange Mass Hack https://krebsonsecurity.com/2021/03/a-basic-timeline-of-the-exchange-mass-hack/ USB our Guest - Software Updates https://anchor.fm/usbog/episodes/Software-Updates-emgnsh
March 30, 2021
Silver Sparrow as discovered by Red Canary
Silver Sparrow as discovered by Red Canary RedCanary's silver sparrow discovery - https://redcanary.com/blog/clipping-silver-sparrows-wings/ Computer world - https://www.computerworld.com/article/3609611/30k-macs-infected-with-silver-sparrow-virus-m1-mac-ssd-health.html MITRE|ATT&CK - LaunchAgents - https://attack.mitre.org/techniques/T1543/001/ CyberWire- Silver Sparrow targets Macs - https://thecyberwire.com/newsletters/week-that-was/5/8 USB our Guest - Episode 22 Updates - https://anchor.fm/usbog/episodes/Software-Updates-emgnsh
March 11, 2021
CD Projekt Red's CyberPunk2077 Breach
Hello and welcome back to USB our Guest Cyber Security tips. Today's episode is about CD Projekt Red's CyberPunk2077 Breach. Spoiler, they tell hackers 'no thank you' to ransom demands and restore from backup. Wired article https://www.wired.com/story/cd-projekt-red-ransomware-hack-cyberpunk-2077-source-code/ knowbe4 blog https://blog.knowbe4.com/cyberheistnews-vol-11-08-eye-opener-major-video-game-maker-refuses-to-negotiate-with-ransomware-cyber-criminals USB our Guest - Backups https://anchor.fm/usbog/episodes/Backups-eju9r7
March 03, 2021
Zero-Day Exploits - Recently Windows
Today's episode covers Zero Days. What are they, why you should know about them and what you should do when you hear about them. Recent Windows Zero day - https://www.darkreading.com/vulnerabilities---threats/microsoft-fixes-windows-zero-day-in-patch-tuesday-rollout/d/d-id/1340114 FireEye Zero-Day definition - https://www.fireeye.com/current-threats/what-is-a-zero-day-exploit.html
February 18, 2021
RoboCalls with Dominic
Today's Episode is an interview with my son Dominic. I had the chance to sit down and talk to him about Robo-calls. Never give someone from a Robo-call your personal identifiable info, Credit Card numbers or Bank account numbers.
February 01, 2021
Today's topic is Coronavirus Phishing Scams. https://www.consumer.ftc.gov/blog/2020/06/help-covid-19-contact-tracers-not-scammers https://www.irs.gov/coronavirus/economic-impact-payments https://www.consumer.ftc.gov/blog/2020/04/coronavirus-stimulus-payment-scams-what-you-need-know https://coronavirus.ohio.gov/wps/portal/gov/covid-19/covid-19-vaccination-program
January 22, 2021
AnimalJam Passwords with Rosie
This episode I get to interview my daughter and pick her brain on Animal Jam and Passwords. A little longer than usual but Rosie drops a truth bomb about passwords and I couldn't be more proud Also, error on part during recording. Best passwords should seem like a random, incoherent group of letters, numbers and symbols.
January 22, 2021
This episode is about Software Updates and why they are important to install asap. Norton anti-virus article mentioned in the episode. https://us.norton.com/internetsecurity-how-to-the-importance-of-general-software-updates-and-patches.html WannaCrypt/WannaCry wiki-pedia entry https://en.wikipedia.org/wiki/WannaCry_ransomware_attack
November 15, 2020
This episode covers Shodan.io the search engine for the Internet of Things. Please see the website https://danielmiessler.com/study/shodan/ for the Shodan tutorial mentioned in the show. Support the podcast by shopping on Amazon through the following link amzn.to/34lCFzX
October 18, 2020
The website haveibeenpwned.com
Today's episode covers the website https://haveibeenpwned.com Troy hunt created haveibeenpwned.com with the simple idea that there should be place for you to find out if your credentials have been stolen. visit haveibeenpwned.com to easily search breaches with your email address or browse breaches
October 09, 2020
Today's episode is about whaling. What is it and what can you do to thwart an attack. There is a great article on Rapid7's Blog on whaling. Find it here. https://www.rapid7.com/fundamentals/whaling-phishing-attacks/ . As mentioned at the end of the podcast, I wanted to try something a little different. For a chance to win a $10 Amazon Gift card, send an email to email@example.com with 'raffle' as the subject or visit anchor.fm/usbog and leave a voice message with your email by Sunday, October 9th at Midnight. Your email will be used to send the winner their prize and will not supplied to advertisers. Support the podcast by shopping on Amazon through the following link amzn.to/34lCFzX
September 30, 2020
Today's Episode covers Backups. What are backups, why you should use them and how to do them. Find the PC mag article referenced in the podcast at https://www.pcmag.com/news/the-beginners-guide-to-pc-backup Find the Microsoft support article referenced in the podcast at https://support.microsoft.com/en-us/help/4027408/windows-10-backup-and-restore Support the podcast by shopping on Amazon through the following link amzn.to/34lCFzX
September 21, 2020
What is Ransomware?
Today's Episode covers Ransomware. What is it and how can you protect yourself from it. Find the knowbe4 article we referenced in the show at https://www.knowbe4.com/ransomware . Find the Sophos article I referenced at the end of the episode at https://news.sophos.com/en-us/2020/09/17/maze-attackers-adopt-ragnar-locker-virtual-machine-technique/ Support the podcast by shopping on Amazon through the following link amzn.to/34lCFzX
September 13, 2020
Password Best Practices
We cover some password best practices in this flash briefing Support the podcast by shopping on Amazon through the following link amzn.to/34lCFzX
August 22, 2019
What is SMiShing?
Today's episode cover tips to keep you safe from a SMiShing attack. From the Norton Website. What is Smishing and how to protect yourself from an attack? https://us.norton.com/internetsecurity-emerging-threats-what-is-smishing.html
August 21, 2019
What is Spear Phishing ?
In this episode we explain what exactly is spear phishing. KnowBe4 website https://www.knowbe4.com/spear-phishing/
August 20, 2019
This episode is about Phishing and how to avoid being phished From the FTC website - How to Recognize and Avoid Phishing Scams https://www.consumer.ftc.gov/articles/how-recognize-and-avoid-phishing-scams
August 19, 2019
Virtual Private Networks or VPNs
In this Flash Briefing we cover Virtual Private Networks or VPN's PC Mag - The Best VPN services for 2019 https://www.pcmag.com/roundup/296955/the-best-vpn-services
August 16, 2019
Public Wi-Fi use warnings and suggestions
In this episode we cover warnings and suggestions when using public Wi-Fi Norton website - The Risks of public Wi-Fi https://us.norton.com/internetsecurity-privacy-risks-of-public-wi-fi.html
August 15, 2019
Utility Company Scam Calls
This Flash Briefing is about Utility Company Scam Calls. Federal Trade Commission website - Empower yourself against utility scams - by Lisa Lake https://www.consumer.ftc.gov/blog/2018/09/empower-yourself-against-utility-scams Federal Trade Commission Complaint Assistant https://www.ftccomplaintassistant.gov/#crnt&panel1-1
August 14, 2019
Social Security Administration RoboCall Scams
Tips to avoid being scammed by a SSA RoboCall Federal Trade Commission - Getting Calls from the SSA? https://www.consumer.ftc.gov/blog/2019/03/getting-calls-ssa
August 13, 2019
Credit Card RoboCalls
Tips to help avoid being scammed by a Credit Card RoboCall. FCC robo-calls website https://www.fcc.gov/consumers/guides/stop-unwanted-robocalls-and-texts
August 12, 2019
Hacking Humans and CyberWire Podcasts
Today's tip is about the Hacking Humans podcast by Cyberwire with Dave Bitner and Joe Carrigan. Hacking Humans podcast by Cyberwire with Dave Bitner and Joe Carrigan https://thecyberwire.com/podcasts/hacking-humans.html CyberWire https://thecyberwire.com/podcasts/daily-podcast.html
August 09, 2019
knowbe4 blog web address as referred to in this episode https://blog.knowbe4.com/
August 08, 2019
In this episode we explain how to use the VirusTotal website to help protect your computer from viruses. Virus Total virustotal.com
August 07, 2019
2FA - 2 Factor Authentication
Two-Factor Authentication: What is it and why do I need it to stay safe online? https://blog.trendmicro.com/two-factor-authentication-what-is-it-and-why-do-i-need-it-to-stay-safe-online/ Google Authenticator Apple https://apps.apple.com/us/app/google-authenticator/id388497605 Microsoft Authenticator https://www.microsoft.com/en-us/account/authenticator Authy https://authy.com/
August 06, 2019
THE 4 BEST PASSWORD MANAGERS TO SECURE YOUR DIGITAL LIFE https://www.wired.com/story/best-password-managers/ 1Password https://1password.com/ dashlane https://www.dashlane.com/ LastPass https://www.lastpass.com/hp Keep PassXC https://keepassxc.org/
August 02, 2019
In this Flash Briefing we cover tips for creating secure passwords from the experts at knowbe4.com Use the website https://howsecureismypassword.net/ to check how strong your password is
August 01, 2019
Password Best Practices
We cover some password best practices in this flash briefing
July 31, 2019
Never plug a USB flash drive into your computer that is not your own. Malicious Code could be saved on the flash drive and programmed to run keyloggers or backdoors when plugged in. Some of these devices appear to be USB flash drives but instead are microcontrollers designed to run files or control you computer without your permission. As a best practice, never plug in a USB flash drive to your device if you don't own it.
July 30, 2019