![MFA Prompt Bombing (Noun) [Word Notes]](/cdn-cgi/image/width=1200,quality=75,format=auto,fit=cover/https://megaphone.imgix.net/podcasts/8797f03a-a50b-11ea-b6c0-87ebb093948d/image/hacking-humans-cover-art-cw.png?ixlib=rails-4.3.1&max-w=3000&max-h=3000&fit=crop&auto=format,compress)
MFA Prompt Bombing (Noun) [Word Notes]
In this brief episode, host Rick Howard defines "MFA prompt bombing" as a technique where attackers flood a user with authentication prompts until they approve one out of frustration, effectively bypassing multifactor authentication. He highlights the growing relevance of this attack vector and points listeners to the CyberWire glossary for deeper context. The episode underscores the need for organizations to implement prompt throttling and user education to mitigate this social engineering threat.
It's Just Too Good to Be True.
The episode covers a wave of social‑engineering threats targeting holiday travelers, charitable donors, and taxpayers, highlighting fake booking sites, fraudulent cancer‑research crowdfunding, and IRS‑impersonation scams that promise "too‑good‑to‑be‑true" refunds. Hosts share real‑world examples—a suspicious nonprofit chair email, a BBC investigation...
Poisoned at the Source. [OMITB]
In this episode, Selena Larson, Keith Mularski, and Dave Bittner examine supply‑chain attacks, focusing on a large‑scale Android malware campaign that embeds malicious code in firmware and reseller‑installed system images before devices reach consumers. They compare this threat to other...
Hot Sauce and Hot Takes: An Only Malware in the Building Special.
In this special in‑studio episode, hosts Selena Larson, Dave Bittner, and former FBI cybercrime investigator Keith Mularski tackle a hot‑wings challenge while fielding personal and career‑focused questions, offering listeners a candid look at their backgrounds and the moments that shaped...
Scammers Are Recruiting.
The episode spotlights a surge in social engineering threats, beginning with a conference scam warning and a retired federal investigator's "Scammer Psychological Kill Chain" framework for detecting attacks. It highlights a 1,000% rise in job scams targeting desperate job seekers,...
Trust No Link, My Darling.
The episode covers the latest social engineering threats, from AI‑driven virtual kidnapping extortion and celebrity impersonation scams to Google’s dual strategy of suing phishing operations while supporting new anti‑scam legislation and AI tools. It offers practical home‑network advice, emphasizing IoT...
Microsegmentation (Noun) [Word Notes]
The episode defines microsegmentation as a zero‑trust security method that isolates individual application workloads, enabling granular protection for each. It highlights how this approach reduces lateral movement risks within networks and supports compliance by enforcing policy at the workload level....
Don’t Let Public Ports Bite.
The episode covers three major security threats: a bot‑driven Monotype font‑licensing extortion that collapsed when a knowledgeable employee disproved the claims; a massive Walmart robocall scam using AI‑generated voices to steal personal data, prompting FCC action against the U.S. voice...