NPM packages are getting hacked – so naturally we get Kev on the case to explain the whole thing. If you didn’t know, NPM is the official package manager for Node libraries, a JavaScript language. We’ve seen a big uptake in recent weeks, and some of those NPM packages have been compromised by hackers. They’re clearly targeting developers – and with a collective 28 million downloads every week, this is pretty big, wide-spread stuff. Next up, the raft of ransomware stories from this week: from...

A plethora of articles have been lighting up our newsfeeds and letting us know that there are new threats on the block: killware, RansomCloud, and extortion. Killware: the next thing we need to worry about. Apparently this is defined as anything that has an outcome resulting in death…Seems quite broad really, and ranges from hackers targeting a water treatment plant and poisoning the water flow to a ransomware attack that takes a hospital offline, forcing patients to be rerouted. It’s less...

First story is about someone who was “relieved” of their Bitcoin by some kids wielding malware back in 2018, when it was worth an awful lot less than it is now. There are some techie bits to this, as well as a few ethical and legal issues with the way the perps are being sued, so it’s a cracking story to get stuck into. What do NFTs – non fungible tokens – and Banksy have in common? It’s pretty confusing as far as stories go, but our resident clearer-upperer, Kev, is on hand to help, leaving...

It's a tasty ransomware week this week! Conti face their own internal threat in the shape of a disgruntled affiliate and LockBit has its claws in Accenture. Apple have been fiddling with their privacy settings again which is sending privacy advocates into a frenzy, and Kev tries very hard not to get ranty... *** https://www.bleepingcomputer.com/news/security/accenture-confirms-hack-after-lockbit-ransomware-data-leak-threats/ ...

As you probably guessed from the title of this episode, this week is all about spyware and the Pegasus project. This all kicked off when a consortium of 16 media outlets reported the alleged widespread and continuing abuse of NSO’s hacking spyware called Pegasus. The company insists that it is only used against criminals and terrorists – but is it? There’s a lot of depth to this story, and we cover it all. *** https://www.theguardian.com/news/series/pegasus-project...

Kaseya, Kaseya, Kaseya... How could we release an episode this week WITHOUT talking about the calamity at Kaseya? If you hadn't heard, the ransomware gang REvil has leveraged a vulnerability in Kaseya's VSA software against multiple MSPs and their clients. Oh dear. So what is it? Bog standard ransomware? Supply chain compromise? Zero-day exploit? It's all a bit murky, so Kev gets his 'Cyberattacks for Dummies' hat on. Also featured is the news that audio-editing software Audacity has been...

There’s a lot to cover in this week’s episode, so brace yourself because we’ve got newsflashes and stone-cold facts flying your way. First up, despite what Chris thinks, people do still use printers. Now, researchers in China have found (and accidentally disclosed) a critical Windows zero-day affecting Print Spooler. Cue much printer hate, as well as some actually useful insights into what has occurred. Next on the agenda, we take a look at the HSE Ireland ransomware attack, with a special...

EA have been hacked to the tune of 780GB of their source code which has now found itself for sale on various dark web forums. While they confirmed that they’d suffered a data breach, they’d offered no insight into how it happened. Until now… Moving from EA to AI, research shows that AI can now convincingly mimic cybersecurity and medical experts, which, naturally, sparks some lively debate. We also get into a discussion about disclosure, following Kev’s discovery of a number of...

From fake antivirus to scareware, ransomware has been around and evolving for…a while. But only now has it really hit the mainstream headlines, with attacks on critical infrastructure and "mega breaches" apparently becoming a weekly occurrence. And we’re now in the age of ‘Ransomware as a Service’, with affiliates and gangs becoming more prolific than ever. So how did we get here? Where is ransomware heading next? In this episode, our crack team of cyber experts digs deep into the...

The topic of the day is cryptocurrency – and whether banning it could help fight ransomware. We know that criminal gangs (OCGs for all those Line of Duty fans out there) are big fans of crypto for their nefarious deeds, so the issue goes much further than ransomware. Even so, a ban on crypto wouldn't stop ransomware – it would just be a bump in the road for the operators. After all, ransomware has been around since long before crypto came on the scene. Maybe gift cards would make a comeback!...

So it turns out that https://www.immersivelabs.com/imperfect-people-vulnerable-applications/ (81% of developers have knowingly released vulnerable applications) into the wild. Worrying, right? And that's the topic of conversation on today's episode: how do imperfect people lead to vulnerable applications and, most importantly, what we can do about it. Chris is joined by https://owasp.org/ (OWASP) experts, https://www.linkedin.com/in/vanderaj/ (Andrew van der Stock) and...

Welcome back to Cyber Humanity! We've got our shades on and we're ready for a busy summer of cyber. And what better way to herald our return than with a news story that's been hitting every headline? Unless you've been living under a rock, you must have heard of the Colonial Pipeline ransomware attack. Basically, ransomware hit pipeline, pipeline got shut down, America entered a state of emergency, and then someone did something about it, and...here we are. Despite what Paul thinks,...

We haf to talk about HAFNIUM. You can't have missed the news of the Exchange Server hack that's been running the InfoSec world in circles for the past few weeks. Of course we had to get the crew together to go through all things Exchange! From attribution and exploitation to... deception? We dip our toes in some tasty conspiracy theories (because who doesn't love a good conspiracy theory?!) and take a dive into the tech behind it all to see how this incident went from small fry to 'holy sh*t...

We love looking at how to hack things you didn't think would or could be hacked. Last time, it was an election. This time, it's cars. We're joined by car hacking expert, https://www.linkedin.com/in/cybermaggedon/ (Mark Adams), to help us navigate our way through these murky waters. From car jacking to car hacking, we take a deep dive into CANBus, the potential motivations for hacking a vehicle (or a fleet of vehicles), and the kind of damage that can be done. We cover everything from cyber...

Have you ever lost an irretrievable password? Max knows that pain – as does a certain programmer from San Francisco who is one lost password away from $250million in Bitcoin. Ouch... Next up, the Parler palaver. Trump has been 'de-platformed' and Parler is seeing huge back-lash for its role in recent political happenings. And just when you thought you'd had enough of it, we come back round to SolarWinds. Kev delves into the third malware strain directly involved in the SUNBURST attack:...

SolarWinds and SUNBURST are still consuming the Infosec community and a few things have happened since our last episode. Since the Department of Justice has admitted that they were breached and that email inboxes were accessed, Kev tells us just how bad it is. We cover the saga from all angles, from Jetbrains to attribution and techniques to stock prices. And a cybersecurity podcast in 2021 wouldn’t be a cybersecurity podcast in 2021 if we didn’t talk about WhatsApp and the Twittersphere...

Unless you’ve been living under a rock for the past few days, you would have heard about Sunburst – a sprawling cyberattack allegedly masterminded by Russian nation-state hackers, UNC2452 (also known as Cozy Bear). Because we love talking about stuff like this, we couldn’t resist getting the crew together to go over the events of the past few days with a fine-tooth comb. There’ll be no cruising into Christmas for us! From what SolarWinds is exactly all the way through to the impact of the...

All aboard the hype train! We jump straight into the latest news that the supply "cold chain" for the much-awaited COVID vaccine could have been compromised. Apparently, a cyber espionage campaign has targeted the supply chain for the cold storage. BUT – and this is a big but – this all sounds a little tenuous to the team. Considering we didn't even know we had a vaccine by September, which is when the campaign was supposed to have started, how could attackers have already started targeting...

As part of our series on the Psychology of Cyber, we're joined by special guests, Rebecca McKeown and Swati Singh to discuss the human challenges that are inherent in cyber crises. We take a deep dive into how do organizations prepare for the worse – and how their all important human capabilities factored in. https://www.linkedin.com/in/rebeccamckeowncpsychol/ (Rebecca McKeown) is a Psychologist specialising in how humans respond in pressurised situations. She is a guest lecturer at...

You might have guessed from the title, but in this episode, we’re looking at how to hack an election. It’s basically one long “hackers could…” feature. We cover everything from outright deception to social engineering to power cuts to…well, real hacking. Naturally, we couldn’t have this conversation without Cambridge Analytica, the 2016 election and Brexit coming into it. Does what Cambridge Analytica did count as ‘hacking an election’ or is it just political campaigning in the 21st Century?...

Things are a little different chez Cyber Humanity this week, as we're joined by cyber start-up savants, https://www.linkedin.com/in/graceacassy/ (Grace Cassy) of Cylon and https://www.linkedin.com/in/robnewby/ (Rob Newby) of Procordr. We hear about how our guests fell into cybersecurity (always an interesting topic of conversation) and what's being done to produce and nurture more quality security start ups, particularly in the UK and EU. We take a look at the differences between US and...

First up in today's episode: 16,000 confirmed COVID-19 cases mysteriously go missing from an Excel spreadsheet as part of the UK's 'track & trace' system. We don't like to speculate, but it looks like someone might have been using a legacy version of Excel... But Kev tries hard to stay upbeat about it all. Experienced fraudsters have made off with $15m from an American company after gaining access to email conversations about a commercial conversation with "surgical precision". Kev talks...

It's that time of the month: Patch Tuesday October 2020 has just passed so naturally we need to talk about it. Kev has clearly been bottling up some feelings about Bad Neighbor/ping of death attacks, and we wonder whether the hype is really merited. Next up, the most famous ballerina in cyber. If you've been anywhere near Twitter over the past few weeks, you've probably seen the advert we're talking about, which depicts a ballerina and the caption "Fatima's next job could be in cybersecurity...

We love stories about the Dark Web – and we're apparently not alone in that. This week, we're talking about HackTown, which seems to be Hogwarts for wannabe hackers (just without the...magic). HackTown promises to teach registrants how to become professional cyber criminals in 2020, which is both amusing and intriguing. The HackTown/Dark Web chat brings us neatly onto REvil, who have deposited $1m in Bitcoin on a Russian-speaking hacker forum to attract new hacker talent to join their...