Shared Security Tom Eston, Scott Wright, Kevin Johnson

In episode 325, Tom and Kevin discuss a significant backdoor threat that nearly compromised Linux systems globally, stemming from an infiltration into an open-source project called XZ Utils by attackers who gained commit access and inserted a backdoor. The episode further delves into a cybersecurity incident where hackers stole 340,000 social security numbers from a government consulting firm, emphasizing the implications and broader concerns related to data security in government contractors and the inefficacy of response mechanisms. Additionally, the hosts explore the negative influences of marketing in the cybersecurity industry, particularly following significant security breaches.

Episode 324 features discussions on a significant AT&T data breach affecting 73 million customers and a sophisticated thread jacking attack targeting a journalist. Co-host Scott Wright joins the discussion, highlighting how millions of AT&T customer account passcodes, along with personal information, were compromised due to a leak discovered by a security researcher and reported by TechCrunch. The episode also details the thread jacking phishing attack, emphasizing the importance of recognizing unexpected email threads and the potential dangers of malicious attachments. The episode concludes with a brief discussion on the upcoming solar eclipse, stressing the importance of using ISO-certified glasses for viewing.

In episode 323, the hosts discuss two prominent topics. The first segment discusses a significant vulnerability discovered in hotel locks, branded as 'Unsaflok,' affecting 3 million doors across 131 countries. The vulnerability allows attackers to create master keys from a regular key, granted access to all doors in a hotel. The co-hosts also discuss the vulnerability's relation to legacy systems and the implications for hotel security. The second segment shifts focus to Glassdoor, revealing that the popular company review site can no longer guarantee anonymity due to changes following its acquisition of Fishbowl, raising concerns about privacy and the potential misuse of personal data. Additionally, the hosts cover the importance of maintaining security in physical and information security systems and the challenges businesses face when upgrading these systems.

In this episode, special guest Alyssa Miller joins the hosts for an insightful and entertaining conversation covering a broad range of topics from social engineering anecdotes involving Kevin Johnson to Alyssa's journey in aviation and being a pilot. They discuss the challenges within the cybersecurity industry, including the transition to cloud computing and the neglect of on-prem data centers. Alyssa also shares a personal story about encountering workplace discrimination, offering advice based on her experiences. Additionally, the discussion touches on upcoming conference talks Alyssa is giving, which link her passion for aviation with lessons for the cybersecurity field. The episode touches on critical InfoSec challenges for 2024, humorously dismissing the hype around generative AI and quantum computing as the main issues.

In episode 321, the hosts discuss how connected cars are sharing driving data with insurance companies, potentially leading to increased rates for drivers. They also talk about the anti-TikTok bill passed by the House, which could force ByteDance to sell TikTok or face a ban in app stores. The episode also covers a significant update to Signal, allowing users to use usernames instead of phone numbers, enhancing privacy. Insights into privacy policies, the importance of understanding consent, and the broader implications of data collection and sharing among different entities are also discussed.

In episode 320, Tom and Scott discuss the contentious issue of who is accountable when Facebook or Instagram accounts are hacked, discussing potential failings on both the user's and Meta's part. They explore the possibility of inadequate security measures on these platforms and the implications of Meta potentially profiting from fraudulent ads. The episode also covers a Wired article regarding 41 state attorney generals in the U.S. urging Meta to enhance their security to manage the rising complaints of account theft. Furthermore, the 'Aware Much' segment highlights a new threat involving spoofed Zoom, Google, and Skype meeting requests that spread remote access Trojans (RATs), discussing the sophistication of these phishing attacks and malware's ability to compromise systems. The conversation touches on the effectiveness of two-factor authentication (2FA), the challenge of identifying malicious URLs, and the role of government in pressuring companies like Meta to improve security practices.