Thursday, June 1, 2023
Home Podcasts Shared Security

Shared Security

A podcast that brings you timely stories, news and tips for living securely in a connected world. Topics include Information Security, Privacy, Internet of Things (IoT), Mobile Devices, Applications and Social Media. Hosted by Scott Wright- Cyber Security Auditor, Researcher and Coach, President of Security Perspectives Inc. and Tom Eston- Ethical Hacker and Information Security Professional.

The Shared Security Podcast

Meta’s $1.3 Billion Fine, AI Hoax Hysteria, Montana’s TikTok Ban

In this episode, we discuss Meta’s record-breaking $1.3 billion fine by the EU for unlawfully transferring user data, shedding light on the increasing risks faced by tech companies in violating privacy rules. Highly realistic images of a Pentagon explosion went...
The Shared Security Podcast

Google Now Supports Passkeys, Risky New Top Level Domains, Twitter’s Encryption Dilemma

In this episode, we explore the arrival of passwordless Google accounts that use “passkeys,” which offer enhanced usability and security. We discuss the benefits of passkeys over traditional passwords, but also why passkeys are not quite ready for prime...
The Shared Security Podcast

Private Tweets Exposed, Unauthorized Tracking Collaboration, AI Risks and Regulation

In this episode we discuss a recent Twitter security incident that caused private tweets sent to Twitter Circles to become visible to unintended recipients. Next, we discuss the collaboration between Apple and Google to develop a specification for detecting and...
The Shared Security Podcast

Juice Jacking Debunked, Photographer vs. AI Dataset, Google Authenticator Risks

In this episode we debunk the fearmongering surrounding “juice jacking,” a cyber attack where attackers steal data from devices that are charging via USB ports. Next, we dive into a case where a photographer tried to get his photos removed...
The Shared Security Podcast

Building a Healthy Security Culture: Insights from Kai Roer

In this episode we speak with Kai Roer, a renowned author, security culture coach, and CEO of Praxis Security Labs. Kai shares his career journey in cybersecurity and emphasizes the importance of building a strong security culture within organizations....
The Shared Security Podcast

Arkansas Social Media Consent Law, Android Malware Invasion, New Method of Keyless Car Theft

Is Arkansas taking the right step to protect children online? A new law passed in the state makes it illegal for minors to use social media without their parent or guardian’s consent. Over 60 Android apps on the Google Play...
The Shared Security Podcast

Genesis Market Crackdown, Life360 App Misuse, Tesla Customer Privacy Concerns

Law enforcement agencies across 17 countries have cracked down on Genesis Market, one of the largest criminal marketplaces, resulting in the arrests of 120 people globally. Popular family safety app, Life360, has been used by sex traffickers to monitor and...
The Shared Security Podcast

Clearview AI Facial Recognition Fallout, Hacked and Helpless, Is AI Armageddon Upon Us?

Clearview AI provided police with 30 billion scraped images from Facebook, raising concerns over privacy and the potential misuse of facial recognition technology. A victim of a phone hack shares their story of how their credit card was stolen, highlighting...
The Shared Security Podcast

The TikTok CEO Testimony, ChatGPT’s Privacy Risks, Inaudible Ultrasound Attacks

The CEO of TikTok was criticized by Congress for his “worthless” assurances regarding the app’s privacy and security. But what is the real motivation for Congress attempting to ban TikTok? Should we be concerned that AI language models like ChatGPT...
The Shared Security Podcast

Samsung Chipset Zero-Day Vulnerabilities, AI-Assisted Social Engineering, ATM Fraud with a Twist

In this episode we discuss Google’s discovery of 18 zero-day vulnerabilities in Samsung’s Exynos chipsets. We examine an AI-assisted social engineering campaign that combines emerging technologies with classic techniques. Finally, we look at a new method of ATM fraud where thieves...
The Shared Security Podcast

Exploring the Role of Empathy in Cybersecurity with Andra Zaharia

On this episode, Tom Eston discusses empathy in cybersecurity with Andra Zaharia, host of the Cyber Empathy Podcast. We talk about finding her passion for contributing to the industry and the importance of empathy in cybersecurity. We cover how empathy...
The Shared Security Podcast

Biden’s National Cybersecurity Strategy, BetterHelp’s FTC Fine, Chick-fil-A Data Breach

What you need to know about Biden’s new National Cybersecurity Strategy, which aims to provide a framework of what the current administration wants the US federal government, critical infrastructure organizations, and private companies to do to work together to...
The Shared Security Podcast

The LastPass Attack Gets Worse, What is Gamification, Signal’s Encryption Standoff

Popular password manager LastPass suffered a second attack that lasted for over two months. Now new and disturbing information is being released about the attack. Scott discusses the benefits and challenges of using gamification in security awareness training, emphasizing the...
The Shared Security Podcast

Twitter’s Paywall 2FA, Mental Health Data for Sale, Meta’s Verified Program

Twitter is phasing out its free text message two-factor authentication (2FA) and putting the feature behind a paywall, prompting security experts to advise Twitter users to switch to other authentication methods. How data brokers are selling sensitive mental health data...
The Shared Security Podcast

Reddit Hacked, Preventing Accidental Location Sharing, Developer Hacks His Own Company

Reddit announced that it was the victim of a phishing attack aimed at its employees, resulting in unauthorized access to internal documents, code, and some unspecified business systems. Advice on managing device location-tracking settings to ensure you’re not sharing your...
The Register

Ukraine war blurs lines between cyber-crims and state-sponsored attackers

This RomCom is no laughing matter A change in the deployment of the RomCom malware strain has illustrated the blurring distinction between cyberattacks motivated by money and those fueled by geopolitics, in this case Russia's illegal invasion of Ukraine,...
SC Magazine

We need to refine and secure AI, not turn our backs on the technology 

While the potential poisoning of ChatGPT raises some concerns, we need to take this threat as an opportunity to better refine and secure emerging AI models.
The Hacker News

Active Mirai Botnet Variant Exploiting Zyxel Devices for DDoS Attacks

The U.S. Cybersecurity and Infrastructure Security Agency (CISA) has added a recently patched critical security flaw in Zyxel gear to its Known Exploited Vulnerabilities (KEV) catalog, citing evidence of active exploitation. Tracked as CVE-2023-28771 (CVSS score: 9.8), the issue relates to a command injection flaw impacting...
The Hacker News

Urgent WordPress Update Fixes Critical Flaw in Jetpack Plugin on Million of Sites

WordPress has issued an automatic update to address a critical flaw in the Jetpack plugin that’s installed on over five million sites. The vulnerability, which was unearthed during an internal security audit, resides in an API present in the plugin since version 2.0,...
The Register

Dark Pink cyber-spies add info stealers to their arsenal, notch up more victims

Not to be confused with K-Pop sensation BLACKPINK, gang pops military, govt and education orgs Dark Pink, a suspected nation-state-sponsored cyber-espionage group, has expanded its list of targeted organizations, both geographically and by sector, and has carried out at...