Episodi
-
Looking to break into the field of cybersecurity? Special guest Dr. Michael Hart, Assistant Professor of Computer Information Science at Minnesota State University, Mankato, gives his best advice! Nathan sits down with Dr. Hart to chat about the job market, skills needed for the field, recommended coursework, degrees, and certifications, and a plethora of other resources to get started. Plan your path to landing your dream cybersecurity career!
This episode concludes with news stories including a data breach at electronics company Panasonic and a cyberattack on Ohio-based DNA Diagnostics Center.
________________
News Sources:
Story 1:
Seals, Tara. "Panasonic's Data Breach Leaves Open Questions." Threatpost, 30 November 2021, https://threatpost.com/panasonic-data-breach-questions/176660/
Story 2:
Toulas, Bill. "DNA Testing Firm Discloses Data Breach Affecting 2.1 Million People." Bleeping Computer, 30 November 2021, https://www.bleepingcomputer.com/news/security/dna-testing-firm-discloses-data-breach-affecting-21-million-people/
-
The internet took the world by storm, and with it came a variety of cybercrimes that you should know about. From identity theft to cyber stalking, Ham and Nathan run through some of the most common cybercrimes that affect millions of people a year. Learn top risks to look out for in order to avoid falling victim to criminals.
This episode concludes with news from expert Mercy, including a recent cyberattack on wind turbine manufacturer Vestas Wind Systems, a confirmed data breach on internet domain registrar GoDaddy, and an up and coming TSA PreCheck membership scam.
_______________
News Sources:
Story 1:
Toulas, Bill. "Wind Turbine Giant Vestas' Data Compromised in Cyberattack." Bleeping Computer, 22 November 2021, https://www.bleepingcomputer.com/news/security/wind-turbine-giant-vestas-data-compromised-in-cyberattack/
Story 2:
Seals, Tara. "GoDaddy's Latest Breach Affects 1.2M Customers." Threatpost, 22 November 2021, https://threatpost.com/godaddys-latest-breach-customers/176530/
Story 3:
Toulas, Bill. "Fake TSA PreCheck Sites Scam US Travelers with Fake Renewals." Bleeping Computer, 19 November 2021, https://www.bleepingcomputer.com/news/security/fake-tsa-precheck-sites-scam-us-travelers-with-fake-renewals/
-
Episodi mancanti?
-
Whether you're an aspiring crypto enthusiast, a skeptic, or just plain curious – learn the basics of what cryptocurrency is and some of the potential risks. Find out what crypto coins really are, some interesting examples, and how they're used. From Bitcoin to Dogecoin, Nathan and Ham walk you through this intriguing world with basic facts and personal anecdotes. Plus, find out top risks you should watch out for, including scams, cryptojacking, and mining.
This episode concludes with news from expert Mercy, including a TikTok scam targeting influencers, an update on the Robinhood data breach, and hundreds of WordPress sites hacked for a cryptocurrency ransom.
_______________
News Sources:
Story 1:
Montalbano, Elizabeth. "Phishing Scam Aims to Hijack TikTok 'Influencer' Accounts." Threatpost, 17 November 2021, https://threatpost.com/phishing-scam-tiktok-influencer/176391/
Story 2:
Abrams, Lawrence. "7 Million Robinhood User Email Addresses for Sale on Hacker Forum." Bleeping Computer, 15 November 2021, https://www.bleepingcomputer.com/news/security/7-million-robinhood-user-email-addresses-for-sale-on-hacker-forum/
Story 3:
Toulas, Bill. "WordPress Sites Are Being Hacked in Fake Ransomware Attacks." Bleeping Computer, 16 November 2021, https://www.bleepingcomputer.com/news/security/wordpress-sites-are-being-hacked-in-fake-ransomware-attacks/
-
Rewind to see how the past has influenced the present and fast forward to see what the future could bring with special guest expert Jeff Hall of Truvantis, a cybersecurity company. Nathan sits down with Jeff to chat about his experiences in the changing field of cybersecurity, including changes in the internet, the job landscape, and college degrees since he entered. The two also discuss the reality of cyberwarfare and new trends for the future including innovation in artificial intelligence and machine learning.
This episode concludes with news stories from expert Mercy, including a cyberattack on trading company Robinhood, a phishing attack targeting Microsoft 365 and Google users, and the exciting new availability of Mozilla Firefox in the Microsoft Windows Store.
________________
News Sources:
Story 1:
Abrams, Lawrence. "Robinhood Discloses Data Breach Impacting 7 Million Customers." Bleeping Computer, 8 November 2021, https://www.bleepingcomputer.com/news/security/robinhood-discloses-data-breach-impacting-7-million-customers/
"Robinhood Announces Data Security Incident (Update)." Robinhood, 16 November 2021, https://blog.robinhood.com/news/2021/11/8/data-security-incident
Story 2:
Iyer, Abhishek. "A Pointed Spoof: Proofpoint Credential Phishing." Armorblox, 4 November 2021, https://www.armorblox.com/blog/proofpoint-credential-phishing/
Seals, Tara. "Proofpoint Phish Harvests Microsoft O365, Google Logins." Threatpost, 5 November 2021, https://threatpost.com/proofpoint-phish-microsoft-o365-google-logins/176038/
Story 3:
Warren, Tom. "Mozilla's Firefox Browser Arrives in the Windows Store." The Verge, 9 November 2021, https://www.theverge.com/2021/11/9/22771845/mozilla-firefox-microsoft-store-windows-download
-
The secret to staying secure? Check for and protect from risks! Nathan and Ham cover the basics on how to get started. From identifying to preventing security threats, find out just how important assessing your risks can be. This quick episode walks you through the essential steps for finding security risks in your daily life and preventing incidents from occurring.
This episode concludes with news from expert Mercy, including Google Chrome Malware targeting Windows machines and an announcement from Facebook about the deletion of its face recognition system.
________________
News Sources:
Story 1:
Iwamaye, Andrew. "Sneaking Through Windows: Infostealer Malware Masquerades as Windows Application." Rapid7, 28 October 2021, https://www.rapid7.com/blog/post/2021/10/28/sneaking-through-windows-infostealer-malware-masquerades-as-windows-application/
Montalbano, Elizabeth. "Google Chrome is Abused to Deliver Malware as 'Legit' Win 10 App." Threat Post, 29 October 2021, https://threatpost.com/chrome-deliver-malware-as-legit-win-10-app/175884/
Story 2:
Abrams, Lawrence. "Facebook to Delete 1 Billion Faceprints in Face Recognition Shutdown." Bleeping Computer, 2 November 2021, https://www.bleepingcomputer.com/news/technology/facebook-to-delete-1-billion-faceprints-in-face-recognition-shutdown/
-
Wondering where to start with backing up your data? Nathan and Ham have you covered with the basics. Learn about what exactly a backup is, what the cloud really means, and other types of backups like hard drives. Nathan and Ham walk through the pros and cons of each and answer the question â do you really need to back up your data? Hear personal stories of sulfur pits and corrupted hard drives from Ham, plus learn about the different types of data and who can access them.
This episode concludes with news from expert Mercy about a recent Craigslist phishing scam and more malicious Android apps.
_______________
News Sources:
Story 1:
Bracken, Becky. "Attackers Hijack Craigslist Emails to Bypass Security, Deliver Malware." Threat Post, 26 October 2021, https://threatpost.com/attackers-hijack-craigslist-email-malware/175754/
Story 2:
Toulas, Bill. "Millions of Android Users Targeted in Subscription Fraud Campaign." Bleeping Computer, 25 October 2021, https://www.bleepingcomputer.com/news/security/millions-of-android-users-targeted-in-subscription-fraud-campaign/
Montalbano, Elizabeth. "Millions of Android Users Scammed in SMS Fraud Driven by Tik-Tok Ads." Threat Post, 26 October 2021, https://threatpost.com/android-scammed-sms-fraud-tik-tok/175739/
-
Explore the world of ethical hacking with special guest Brad Ammerman, an industry expert. Nathan sits down with Brad to chat about what it's really like working as a penetration tester. From hacking into computer systems to breaking into physical locations, Brad and his team are hired to help find holes in clients' security, so they can resolve issues and stay safe.
Hear exclusive on-the-job stories from Brad's career and get inside advice on some of the top security pitfalls that everyday people fall victim to.
_______________
News Sources:
Story 1:
Claburn, Thomas. "WhatsApp's Got Your Back(ups) with Encryption for Stored Messages." The Register, 14 October 2021, https://www.theregister.com/2021/10/14/whatsapps_backups_encryption/
Story 2:
Abrams, Lawrence. "Acer Hacked Twice in a Week by the Same Threat Actor." Bleeping Computer, 19 October 2021, https://www.bleepingcomputer.com/news/security/acer-hacked-twice-in-a-week-by-the-same-threat-actor/
Story 3:
Gatlan, Sergiu. "Man Gets 7 Years in Prison for Hacking 65K Health Care Employees." Bleeping Computer, 19 October 2021, https://www.bleepingcomputer.com/news/security/man-gets-7-years-in-prison-for-hacking-65k-health-care-employees/
-
Tune in to learn about the "internet iceberg," an analogy to help put into perspective the vastness of the internet and its three main parts – the surface web, the deep web, and the dark web. Nathan and Ham define each one and discuss the perils of the dark web. Find out what goes on in some of the most hidden parts of the internet, and hear Ham's personal story about a frightening experience.
The episode concludes with news from Mercy on a recent malware disguised as an Android app, a Verizon phishing scam, and a cyberattack on a Japanese company.
_________________________
News Sources:
Story 1:
Sharma, Ax. "Photo Editor Android App Still Sitting on Google Play Store is Malware." Bleeping Computer, 12 October 2021, https://www.bleepingcomputer.com/news/security/photo-editor-android-app-still-sitting-on-google-play-store-is-malware/
Story 2:
Riley, Duncan. "Sneaky New Phishing Campaign Uses a Math Symbol in the Verizon Logo." SiliconANGLE, 12 October 2021, https://siliconangle.com/2021/10/12/sneaky-new-phishing-campaign-uses-math-symbol-verizon-logo/
"Verizon Phishing Scam Targets Customers Through a Text Message." DataBreaches.net, 11 October 2021, https://www.databreaches.net/verizon-phishing-scam-targets-customers-through-a-text-message/
Story 3:
Greig, Jonathan. "Olympus Suffers Second Cyberattack in 2021." ZDNet, 12 October 2021, https://www.zdnet.com/article/olympus-announces-second-cyberattack-in-2021/
-
Tune in to find out what exactly ransomware is, who these attackers are, and why and how they do it. Nathan and Ham discuss recent large attacks by groups such as REvil and WannaCry. Hear about the far-reaching effects these attacks can have and how people and businesses can protect themselves.
The episode concludes with a chat about cybersecurity tactics such as cyber insurance and ransomware negotiators. Both are ways that businesses can protect themselves in the event of a ransomware attack. Lastly, hear the latest news on ransomware attacks and more from Mercy.
News Sources:
Story 1:
Vaas, Lisa. "Crystal Valley Farm Coop Hit with Ransomware." ThreatPost, 22 September 2021, https://threatpost.com/crystal-valley-farm-coop-hit-with-ransomware/174928/
Story 2:
Gatlan, Sergiu. "Transnational Fraud Ring Stole Millions from Army Members, Veterans." Bleeping Computer, 3 October 2021, https://www.bleepingcomputer.com/news/security/transnational-fraud-ring-stole-millions-from-army-members-veterans/
Story 3:
Quach, Katyanna. "Google to Auto-Enroll 150m Users, 2m YouTubers with Two-Factor Authentication." The Register, 6 October 2021, https://www.theregister.com/2021/10/06/google_twofactor_authentication/
-
Tune in to hear Nathan and Ham discuss how to #BeCyberAware with the basics of cybersecurity. Learn about the Four Pâs â phishing, passwords, patching, and protect your devices â to help you stay safe. Plus, Nathan and Ham both share interesting personal stories about their encounters with cybercrime and they give their top tips on how to avoid falling into the traps of hackers. Get an insight into cybersecurity terminology you may have never even heard of, like a âwhalingâ and âzero-day vulnerability.â
This episode is ended with a segment of current news and events given by Mercy. She covers updates including new malware that hunts gaming accounts, an information leak from a far-right militia, and two more dangerous malware targeting Android and Mac devices.
_______
News Sources:
Story 1:
Bracken, Becky. âGamers Beware: Malware Hunts Steam, Epic and EA Origin Accounts.â ThreatPost, 28 September 2021, https://threatpost.com/gamers-malware-steam-epic-ea-origin-accounts/175081/Story 2:
Thomson, Iain. âEmails, chat logs, more leaked online from far-right militia linked to US Capitol riot.â The Register, 28 September 2021, https://www.theregister.com/2021/09/28/in_brief_security/Story 3:
Seals, Tara. âTangleBot Malware Reaches Deep into Android Device Functions.â ThreatPost, 24 September 2021, https://threatpost.com/tanglebot-malware-device-functions/174999/ -
Nathan: REvil. They just hit for a $70 million ransomware attack.
Ham: Oh, my
word, you've been. You've been naming off these attackers who are these people?
Nathan: Know, if you're a potential target, know why you're a potential target, where you're vulnerable and what they're going to be going for. It always goes back to safe. Clicking .
Ham: I never knew cyber insurance is actually a thing. Can I bundle it with my car? My ATV.
Nathan: Hey everybody. My name's Nathan, a student on the information security team here at Minnesota state university Mankato. And I'll be your resident expert on all things cybersecurity for our second season of the CyberAware podcast.
Ham: Hey, what's happening guys? I'm Noah "Ham" Adamson, just a regular guy here on a journey becoming more cyber aware alongside
the experts,
Mercy: and I'm Mercy, a student and cybersecurity specialists on the information security team alongside Nathan.
I'll be your go to for breaking news and trends happening in the cyber-verse and beyond each week ,
Nathan: We'll walk
you through the cyber security world from the basics of personal security, fascinating topics like ransomware, the dark web, and hacking.
Ham: We'll even be joined by some special guest experts. Join us as we uncover what you need to know to stay secure
Mercy: coming this October, you're on the lookout for season two of the cyberware podcast.
-
MavLABS is a service available to students and faculty that allows remote access to specialized lab computers that offer software like ArcGIS, CAD programs, programming editors, database servers, Microsoft Access, geography labs, and more. Sherwin explains how MavLABS works using remote access technology and how you can securely access this service from your personal device.
One important piece of advice that you should follow when using MavLABS is to avoid shutting down the lab computer that you are remotely accessing, as that will require an employee to manually turn the computer back on in the lab on campus. Instead of shutting down, simply just log out of the accessed system after use. Lastly, take note that MavLABS is offline nightly from 12 am to 5 am for maintenance. If you experience issues with MavLABS or have questions, submit a ticket to IT Solutions.
In the second half of the podcast, Raj and Sherwin provide insight on the security features of Zoom, one of the most important of which is the ability to password-protect your meetings. They also cover the recent overhaul of documentation and policies that Zoom underwent to mitigate âZoom-bombingâ issues. Raj explains his preference for Zoom over other video calling platforms, stating that he enjoys Zoomâs functionality and simplicity.
All faculty, staff, and students have access to a premium Zoom account, which offers more features than the free version and is more secure â so be sure to always log in with your StarID using our secure MinnState portal at http://minnstate.zoom.us/
-
Multi-factor authentication is a powerful security tool that creates layered protection by requiring users to sign in using more than one verification method, which helps prevent cybercriminals from gaining access to your personal information. Different ways to authenticate may include an authenticator app, a text message, a code generator, or even a call on your phone. Raj explains his preferences when it comes to multi-factor authentication and also recounts a personal story about a time when multi-factor authentication saved his account from a breach! Sherwin and Raj both highly recommend using multi-factor authentication on all your accounts, especially with the increase in remote working and learning.
Multi-factor authentication is available for your University Office 365 account, including all related apps like Outlook, OneDrive, and more. Extra security is just a click away! Follow our easy set-up instructions, which include helpful images to guide you through the process.
-
In this short, Quick Tips episode, Sherwin and Raj share five simple ways to stay cybersafe. They delve into the Four Pâs of Cybersecurity, starting with the topic of phishing emails. They explain how to spot them and what to avoid in order to keep yourself and your information safe. They also touch on passwords, giving important tips such as using the appropriate character length and variety as well as how to maximize security of accounts by keeping usernames and passwords unique for each. Next, the duo discusses patching, which is all about keeping your devices and software up to date. They give suggestions on how to keep up with security patches in order to defend against malware. They also share a combination of important steps that can be implemented to further protect your devices, such as logging out after use, being aware of shoulder surfing, avoiding public Wi-Fi, and more. Lastly, Raj and Sherwin cover a variety of useful resources that are available on the CyberAware website to help you stay safe.
-
In this episode of the CyberAware Podcast, host Sherwin discusses with guest speaker Joey Kleinow the topic of cybersecurity tools and operating systems. Joey is an upcoming graduate majoring in computer information technology at Minnesota State University, Mankato and is currently employed as a cybersecurity analyst.
-
In this episode of the CyberAware Podcast, host Sherwin discusses with guest speaker Nate Johnson the topic of research and cybersecurity vulnerabilities. Nate is a penetration tester and is a co-host for another podcast series on YouTube called the Irongeek Cast.
Nate delves into his undergraduate research topic, which was proximity radio frequency identification (RFID) in card reader lock systems. For example, the technology that is used with Mav Cards. He also researched the security flaws and the encryption within card reader lock systems using open source coding. Nate then lays out a comparison between RFID and NFC (Near Field Communication) and how variable band frequencies play a major role in these systems. Nate also shares with Sherwin his study abroad experience in the Netherlands and how NFC is very common there, ranging from identification to payments at almost every location. Nate moves on to talk more about his current research, giving insight on security tactics used to prevent physical bypass on RFID and NFC card reader lock systems. Nate illustrates his experience as a penetration tester and he sheds more light on faculty and student research on cybersecurity.
Interestingly, Nate and Sherwin then pivot the conversation to discuss the latest Pentagon speculated UFO sightings and go on to imagine the security methods that could have been used to evade radar spotters. Nate then shares his public presentation experience in front of industry professionals, explaining how having expertise in recent advancements can even sometimes give you an edge over someone who has decades of experience in the industry. Finally, he suggests to incoming students some important coursework for pursuing cybersecurity from a Minnesota State University, Mankato alumniâs point of view.
-
In this episode of the CyberAware Podcast, our hosts, Raj and Sherwin, discuss with special guest Mubasser Kamal focused mainly on cyberpunks. Mubassir graduated from Minnesota State University, Mankato two years ago with a masters degree in IT and he has been currently working for a penetration testing company based in Minneapolis as a security consultant. The podcast is all about cyberpunks which simply put forward means individuals into cybertheft & other malicious criminal activities in the cyberworld.
The first major example of cyberpunk they discuss is phishing and how there has been an upsurge in SMS phishing and the number of victims during this COVID-19 timeline. They provide insights to cross-site request forgery and SQL injection which turn out to be some of the common exploits. They elaborate on penetration testing further and how institutions implement it effectively to test their cyber infrastructure like mobile and web applications to name some and to evade exploits like remote code execution attacks. They also talk about tools like âNetcatâ that they use for troubleshooting the exploits while they poke around different servers. They talk more about âmercenaryâ hackers implemented and sponsored by Governments and corporations around the world to conduct cyber-attacks & espionage too. They explain how these hackers have high-end targets and many of the times bait people close to their target to hack into, essentially implementing these innocent people as passive cyberpunks. They then give some tips to stay cybersecure like always checking the links (URL), getting back to the institution involved directly to check the validity of the e-mail or SMS or call they received, securing home networks better using WPA passwords, performing regular firmware updates on devices like routers, etc. Finally they take you through a typical day in life of an Information security analyst and the tasks they perform on a daily basis. -
Summary of episode 4:
In this episode of the CyberAware Podcast, Raj and Sherwin speak with special guest Michael Menne, the Chief Information Security Officer (CISO) at Minnesota State University, Mankato. With 28 years of experience in IT, Michael shares his thoughts on cybersecurity and how things have changed throughout the years. Michael gives insight into what his job as a CISO entails, how organizations assess security risks, and how students can pursue a career as a CISO. The group also discusses other frequently asked questions, including how IT Solutions and the security team reacted to the COVID-19 pandemic.
During the second half of the podcast, Raj, Sherwin, and Michael discuss what it means to outsource security services and how outsourcing can impact higher education organizations specifically. The group also chats about the process of implementing new technology to enhance cybersecurity, and the pros and cons of spending University resources on these projects. Lastly, Michael shares his thoughts on security regarding the Internet of things and smart devices, like smart speakers. The group ends with a few quick tips on how to stay up to date with current cybersecurity issues, including following the newsfeed on our CyberAware website or contacting Michael Menne.
CyberAware Website: https://mankato.mnsu.edu/cyberaware
Contact Michael Menne: https://mankato.mnsu.edu/it-solutions/about-it-solutions/it-solutions-staff/michael-menne/ -
In the second episode of the CyberAware Podcast, our hosts, Raj and Sherwin, delve into the world of cybersecurity to uncover the basics of passwords and device protection â the last of the two Pâs of cybersecurity. Brad Ammerman, an adjunct professor in Computer Information Science at Minnesota State University, Mankato, joins Sherwin and Raj in discussing best password tips and how to keep your devices safe.
Bradley Ammerman
Linkedin: https://www.linkedin.com/in/bradammerman\Music by our host Sherwin Bothello.
- Mostra di più