Listen Now

The prevention of the first part of an intrusion kill chain model exploitation technique, where the hacker steals valid logging credentials from a targeted victim. 

Guest Dave Senci of Mastercard's NuData Security talks about the security issues with remote access and coaching frauds, Dave's got a story about receiving a "Best Buy gift card" and USB mailing, Joe's story is from the Better Business Bureau about their "12 Scams of Christmas," and our Catch of the Day is from our listener Henry who received an email that appeals to one's faith.Links to stories: PSA: If You Get a 'Best Buy Gift Card' on a USB Drive in the Mail, Don't Plug It Into Your PC The Naughty List: BBB's 12 Scams of Christmas Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The process of proactively searching through networks to detect and isolate security threats, rather than relying on security solutions or services to detect those threats. 

Guest Jay Radcliffe from Thermo Fisher Scientific shares his advice and security concerns with smart devices since the holiday gifting season is around the corner, Joe and Dave have some listener follow up about 2FA, Joe's got a story about the Robinhood breach, Dave's story is about numerous LinkedIn requests from HR specialists with GAN images (Generated Adversarial Network), and our Catch of the Day is from listener Michael who was just trying to sell his car and then he got a text message.Links to stories: Data Breach of Robinhood Trading Platform Blamed on Social Engineering, Similar to 2020 Twitter Breach LinkedIn Fakes: A Wolf in Business Casual Clothing Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The continuous practice of identifying classifying, prioritizing, remediating, and mitigating software vulnerabilities within this.

Thanks for joining us for our fun project brought to you by the team of Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series where they view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this episode, Dave, Joe and Rick are watching Joe's and Rick's scene picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us for a trip to the movies.Links to this episode's clips if you'd like to watch along: Joe's clip from "The Simpsons: Father and Son Grifting" episode Rick's pick from "Paper Moon"

A formal record containing the details and supply chain relationships of various components used in building software. 

Guest Blake Hall, CEO and cofounder of a company called ID.me, discusses protecting your identity online, Dave and Joe have some follow up from listener Rafa on 2FA he uses, Dave has a story about bots that take advantage of 2FA to break into your payment accounts, Joe's story is about scams carried out through QR codes, and our COTD comes from listener Wyatt about an award-winning email from Warren Buffett.Links to stories: The Booming Underground Market for Bots That Steal Your 2FA Codes Fake “Sugar Daddies” are cheating on Instagram Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

A security philosophy that assumes adversaries have already penetrated the digital environment and tries to reduce the potential impact by limiting access by people, devices, and software to only the resources essential to perform their function and nothing more. 

Welcome to a fun new project by the team who brings you Hacking Humans, the CyberWire's social engineering podcast. Co-hosts Dave Bittner and Joe Carrigan are joined by Rick Howard in this series. They view clips from their favorite movies with examples of the social engineering scams and schemes you hear about on Hacking Humans. In this first episode, Dave, Joe and Rick are watching Dave's and Joe's picks. They watch each of the selected scenes, describe the on-screen action for you, and then the team deconstructs what they saw. Grab your popcorn and join us for a trip to the movies.Links to movie clips if you'd like to watch along: Dave's pick from "The Grifters" Joe's clip from "Matchstick Men"

Hardware and software designed to detect and prevent cyber adversary campaigns that target industrial operations. 

Guest Dr. Jessica Barker from Cygenta talks with UK correspondent Carole Theriault about how every month should be cyber awareness month, Joe has a story about password spraying (kind of like a credential stuffing attack), Dave's story is about scams carried out through QR codes, and our COTD comes from listener Wyatt about an award-winning email from Warren Buffett.Links to stories: Microsoft warns over uptick in password spraying attacks Scammers are emailing waves of unsolicited QR codes, aiming to steal Microsoft users' passwords Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The difference between organizational employee job requirements and the available skillsets in the potential employee pool.

Guest Brandon Hoffman from Intel 471 is back sharing some research on business email compromise, Dave's got a story on buying collectable sneakers and how bots make that really hard to do, Joe has two stories with different spins on romance scams: one notes they are the most prevalent scams targeting older adults; and the second is about a group of Nigerian men preying on women through money scams, and our Catch of the Day comes from reddit user steev p (Steve P) about a benefit scam from an impersonated Facebook friend.Links to stories: Bots have made it nearly impossible to buy hyped up shoes. What if they could be stopped? FTC warns of increase in romance scams, especially targeting older adults Nigerian romance scam suspects targeted 100 women - FBI Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The use of technology to radically improve the performance or reach of the business. 

UK Correspondent Carole Theriault returns with an interview with Paul, a spam analyst, Dave and Joe have some follow-up, Joe revisits NFTs with rug pull scams, Dave's story is about phishers using a symbol in place of the Verizon logo, and our Catch of the Day comes from listener Rafael in Spain about a Steam account takeover scam attempt his son experienced on Discord.Links to stories:Phishers Get Clever, Use Math Symbols for Verizon LogoHave a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

Cloud services intended for cyber criminals and other bad actors designed to obstruct law enforcement and other kinds of government investigations, and to provide some protection against competitors.

Guest Marina Ciavatta CEO at Hekate talks with Dave about some of her social engineering and pen testing experiences, Dave's got a story is about getting your family to use a password manager, Joe's story is about NFTs (non-fungible tokens) and scams that have arisen around them, and our Catch of the Day is from listener William and it turns out Dave is in trouble with the IRS again on this one.Links to stories: How to Get Your Family to Actually Use a Password Manager THE NFT SCAMMERS ARE HERE Have a Catch of the Day you'd like to share? Email it to us at hackinghumans@thecyberwire.com or hit us up on Twitter.

The practice of securing a device that connects to a network in order to facilitate communication with other devices on the same or different networks.