Episodes
This week on Hacker And The Fed we discuss the latest development in the Tik Tok controversy, how to detect and mitigate a new phishing and email takeover campaign, Google's new top-level domain, and some interesting statistics in the new Verizon breach investigation report.
Links from the episode:
Former exec at TikTok's parent company says Communist Party members had a 'god credential' that let them access Americans'...
Published 06/15/23
This week on Hacker And The Fed we discuss another zero-click exploit attacking iPhones via the iMessage app, millions of PC motherboards may be downloading malware, the FTC slams another company for violations, security researchers find a vulnerability in Gmail's checkmark system that is already being abused. And the Dutch government now mandates an easy way to contact website administrators.
Links from the episode:
Operation Triangulation: iOS devices targeted with previously unknown...
Published 06/08/23
This week on Hacker And The Fed we dive into the world of ransomware. An insider exploits a ransomware attack for personal gain and a CISO's biggest lessons from quarterbacking a ransomware attack. We discuss AI generated photos and what happened to the stock market. And then we answer listener questions about geopolitics, Hector's hack on the Indonesian government and victims keeping their hacks a secret.
Links from the episode:
IT employee impersonates ransomware gang to extort...
Published 06/01/23
This week on Hacker And The Fed we speak with Erin West, a Santa Clara County Deputy District Attorney, Founder of the “Crypto Coalition”, an over 800-member group of active law enforcement partners sharing cryptocurrency crime-fighting techniques, and the very tip of the spear for Pig Butchering – the latest online romance scam. We learn about the incredible work Erin is doing via Operation Shamrock and how we can protect ourselves and our loved ones from being victimized.
Links from the...
Published 05/25/23
This week on Hacker And The Fed, up to 10 years of your location data may have been exposed if you’ve driven vehicles from a certain manufacturer, stolen private keys may lead to insecure boot ups of your computer, Congress gets another notification of a US government breach, and we answer more listener questions about failed hacks and intentional exploits. And we talk about D. B. Cooper!
Links from the episode:
Toyota: Car location data of 2 million customers exposed for ten...
Published 05/18/23
This week on Hacker And The Fed we discuss private data leaking due to a misconfiguration, and no one is listening to the researchers. We are shown the mindset of hackers during a ransom negotiation, a cell phone provider is hacked for the 9th time in 6 years, there are 50 Chinese state hackers for every FBI cyber agent, and using AI to help hack. And finally, we answer listener questions about .xyz, pen testing tools, and possible Hacker And The Fed swag.
Links from the episode:
Many Public...
Published 05/11/23
This week on Hacker And The Fed we sit down with Michele Chia, Head of Cyber Insurance at Zurich North America. We ask a number of questions including what is cyber insurance? Who needs it? And How much coverage is needed? Does cyber insurance cover an insider threat attack? What does a ransomware attack look like when you have cyber insurance? And finally, we find out how our guest cultivated such a successful career in cyber insurance.
Link from the...
Published 05/04/23
This week on Hacker And The Fed security researchers find a vulnerability allowing them to run code on Search Engine computers, ghost tokens could be used to totally control Search Engine Workplace accounts, we let you know what a Pumpkin Sandstorm and a Spandex Tempest are, how long does it take to crack your password in 2023, we answer listener questions about the FBI and diversity in cyber security appliances, and we talk about Anna Kournikova.
Links from the episode:
Remote Code Execution...
Published 04/27/23
This week on Hacker And The Fed internet videos may be able to silently hack your phone with a "Near Ultrasound Inaudible Trojan” (NUIT). Companies have more access to your data than you may know, including pictures of you. We also discuss how better access controls may have prevented the recent classified documents leak and share a story about a hacker getting hacked.
Links from the episode:
Hey Siri, use this ultrasound attack to disarm a smart-home...
Published 04/20/23
This week on Hacker And The Fed a researcher gains access to millions of Office 365 accounts, cyber criminals are stealing and selling your internet bandwidth, and now hackers can remotely open your garage door and start your car in order to steal it.
Links from the episode:
Researcher gained access to millions of Office365 accounts:
https://twitter.com/hillai/status/1641146508639600646
https://www.wiz.io/blog/azure-active-directory-bing-misconfiguration
Cybercriminals may be stealing and...
Published 04/13/23
This week on Hacker And The Fed we speak with Kelly Moan, who serves as the Chief Information Security Officer (CISO) of New York City. We talk trends and cyber threats against the city. She also details the significant volume of attacks against the city on a weekly basis and gives us tips for getting into cyber security.
Links from the episode:
nyc.gov/content/oti/pages/meet-the-team/cyber-command
nyc.gov/jobs
More info on the JSOC + Cyber Command’s authorities via Executive Order...
Published 04/06/23
This week on Hacker And The Fed we discuss what email security should look like over the next 12 months, who has the ability to read your emails, and law enforcement busting people using DDoS for hire.
Links from the episode:
Email Security Nightmare as 75% Of CISOs Expect a Severe Email-Borne Attack in the Next 12 Months
cpomagazine.com/cyber-security/email-security-nightmare-as-75-of-cisos-expect-a-severe-email-borne-attack-in-the-next-12-months/
Who reads your...
Published 03/30/23
This week on Hacker And The Fed we catch up on some questions from our listeners: we discuss what a red teamer does, how the FBI works with other law enforcement agencies, how to upgrade your personal cyber security once you’ve got the basics down, and protecting children on the Internet.
Support this episode's sponsors:
Drata: Listeners of Hacker and the Fed can get 10% off Drata and waived implementation fees at drata.com/partner/hacker-fed
BetterHelp: Hacker and the Fed is sponsored by...
Published 03/23/23
This week on Hacker And The Fed we sit down with Bill Gardner, professor and Chair Department of Cyber Forensics & Security at Marshall University. Bill offers insight into the professional and academic path into the industry and the future of cybersecurity.
Links from the episode:
Follow Bill Gardner:
Twitter: https://twitter.com/oncee
Linkedin: https://www.linkedin.com/in/304blogs/
Marshall University Prospective Students
Two papers written by Bill Gardner
“I Did What I Believe Is...
Published 03/16/23
This week on Hacker And Fed we discuss fake Google advertisements, law firms under attack from cyber criminals, and the Whitehouse announcing a new national security strategy.
Support this episode's sponsors:
Drata: Get 10% off and waived implementation fees at drata.com/partner/hacker-fed
DeleteMe: Visit JoinDeleteMe.com/FED and use promo code: FED20
Links from the...
Published 03/09/23
This week on Hacker And Fed we discuss a leaked ransomware negotiation, how Twitter's new verification system may improve security, and the NSA releases its best practices for securing your home network.
Support this episode's sponsor, Drata. For 10% off and waived implementation fees visit drata.com/partner/hacker-fed.
Links from the...
Published 03/02/23
This week on Hacker And Fed we update a story from a few episodes ago about a woman driving with a suspicious eavesdropping device near the embassies in Paris, Credit Suisse suffers a insider threat attack, an old attack methodology is updated to steal cryptocurrency, a hacker utilizes screen-capturing malware to cherry-pick their victims, regulators propose a rule to have cyber educated board members, Hector receives a phishing email that turns out to be a much larger issue, and finally...
Published 02/23/23
This week on Hacker And Fed we update a story from a few episodes ago about a woman driving with a suspicious eavesdropping device near the embassies in Paris, Credit Suisse suffers a insider threat attack, an old attack methodology is updated to steal cryptocurrency, a hacker utilizes screen-capturing malware to cherry-pick their victims, regulators propose a rule to have cyber educated board members, Hector receives a phishing email that turns out to be a much larger issue, and finally...
Published 02/23/23
This week on Hacker And Fed Reddit suffers a phishing attack, the FBI offers "Ritz Carlton" level customer service, Texas bans TikTok on state owned devices, and a researcher documents the methodology of finding a major network flaw.
Links from the...
Published 02/16/23
This week on Hacker And The Fed we discuss how Search Engine Ads are being used to spread malware through "malvertising". We also cover the impact of a breach involving data for over 20,000 individuals stolen from a firm that aggregates public records and sells background checks online.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
Published 02/09/23
This week on Hacker And Fed we discuss the FBI's takedown of Hive, the Ransomware group with over 100 million in ransom payments. We also talk about the FBI's insider threat brochure, giving companies indicators on what to look for internally. And finally, Hector asks Chris some questions about the FBI.
Links from the episode:
justice.gov/opa/pr/us-department-justice-disrupts-hive-ransomware-variant
fbi.gov/file-repository/insider_threat_brochure.pdf
cisa.gov/insider-threat-cyber
--
For more...
Published 02/02/23
This week on Hacker And Fed Hector makes some predictions of the hacks we will see in 2023. We also discuss bug bounty hunters, how they're not getting paid what they deserve and why they may take their exploits to the dark web. We touch on another big API data leak and Hector tells a story of a hack he did on Super Bowl Sunday. And finally we help a listener with spoofed calls and text messages.
T-Mobile Filed Form 8-K with the US SEC
--
For more information on Chris and his current work...
Published 01/26/23
This week on Hacker and the Fed we discuss a variety of recent news stories, including a report of a messaging service selling access to user data, bootleg network devices being sold through certified vendors, Gmail offering end-to-end encryption, lessons learned from a not so secure encrypted messaging application, cell phone software that was stolen and made public, and a password problem at a major US executive department.
--
For more information on Chris and his current work...
Published 01/19/23
This week on Hacker And Fed we discuss Twitter's data leak, explaining APIs and how to better protect ourselves. We also touch on the Russian hacking crew "Cold River" and answer some listener questions.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
Published 01/12/23
This week on Hacker And Fed we tackle IMSI Catchers, or cell phone eavesdropping devices after one was found by French authorities in the back of a vehicle near the US embassy in Paris. We also cover Hector's PBS Hack, his thought process and attack vector. And finally we have a conversation about Botnets and some of the risks they present.
--
For more information on Chris and his current work visit naxo.com
Follow Hector @hxmonsegur
Published 01/05/23