Hacking Humans

Please enjoy this encore of Word Notes. An optional security mode for macOS and iOS that reduces the attack surface of the operating system by disabling certain commonly attacked features.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/apple-lockdown-mode⁠ Audio reference link: “⁠How NSO Group’s Pegasus Spyware Was Found on Jamal Khashoggi’s Fiancée’s Phone⁠,” FRONTLINE, YouTube, 18 July 2021.

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is ⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠DISCARDED⁠⁠⁠⁠⁠. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by her co-hosts ⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠Qintel⁠⁠⁠⁠. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we dive into supply chain attacks through the lens of a massive Android malware campaign that infects devices before they ever reach users, embedding itself in firmware and reseller-installed system images. We connect the dots to other high-impact supply chain incidents—from SolarWinds to the recent F5 breach—and share new intelligence on Android devices compromised during manufacturing and distribution in China. Together, these cases highlight how attacks at the source can quietly scale, persist, and evade traditional defenses.

While our team is out on winter break, please enjoy this episode of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building — but this time, it’s not just another episode. This is a special edition you won’t want to miss. For the first time, our hosts are together in-studio — and they’re turning up the heat. Literally. Join ⁠⁠⁠⁠⁠⁠Selena Larson⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠Proofpoint⁠⁠⁠⁠⁠⁠ intelligence analyst and host of their podcast ⁠⁠⁠⁠⁠⁠DISCARDED⁠, along with  ⁠⁠⁠⁠⁠⁠N2K Networks⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠ and ⁠⁠⁠⁠⁠Keith Mularski⁠⁠⁠⁠⁠, former FBI cybercrime investigator and now Chief Global Ambassador at ⁠⁠⁠⁠⁠Qintel⁠⁠⁠⁠⁠⁠⁠⁠⁠, as they take on a fiery hot wings challenge while answering personal questions about themselves, their careers, and the stories that shaped them. Think you’ve seen them tackle malware mysteries before? Wait until you see them sweat. This one’s too good for audio alone — you’ll want to watch the full ⁠video⁠ edition to catch every spicy reaction, every laugh, and maybe even a few tears. So grab your milk, get ready to feel the burn, and come join us for this special hot take on Only Malware in the Building.

While our team is out on winter break, please enjoy this episode of Word Notes. A security awareness training technique in which authorized, but fake phishing emails are sent to employees in order to measure and improve their resistance to real phishing attacks.  CyberWire Glossary link: ⁠https://thecyberwire.com/glossary/simulated-phishing⁠ Audio reference link: ⁠“Blackhat (2014) - Hacking the NSA Scene (4/10) | Movieclips.”⁠ YouTube, YouTube, 19 Apr. 2017.

While our team is out on winter break, please enjoy this episode of Hacking Humans This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Dave Bittner⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with a scam warning from Michal, who is sharing the latest conference scam. Dave's got the story of a retired federal investigator who mapped out the “Scammer Psychological Kill Chain” and shared rules to help you spot and break it. Maria has the story of job scams surging over 1,000% in 2025, as scammers exploit a slowing labor market and desperate jobseekers with fake offers, texts, and bogus recruiter schemes. Joe follows the story on a $4 million forex scam where two men promised safe, high returns but instead ran a Ponzi scheme that defrauded 20 investors before landing in federal prison. Our catch of the day comes from listener Shannon who writes in to share a message from "Amazon" about a recall notice. Resources and links to stories: J⁠ob Scams Surge 1,000% As Americans Struggle to Find Work⁠ ⁠Forex Account: What It Means and How It Works⁠ ⁠Ex-NYPD Cop Gets 36 Months In $4M Forex Scam That Duped 20 Investors: Feds⁠ ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠[email protected]⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.