What the Hack? Podcast
What the Hack? Podcast
What the Hack? Podcast
What the Hack? Podcast

Data Security

The latest on data breaches and cybersecurity and data security by Adam K Levin.

Business Email Compromise
Cybercriminals are increasingly registering email addresses with legitimate services and using them in the commission of business email compromise (BEC) attacks. A recent study of hacking methods published by Barracuda found that more than 6,000 email accounts using legitimate services had been linked to more than 100,000 BEC attacks on roughly 6,600 organizations this year.  Gmail accounted for 59% of the...
Windows 7 EOL
The FBI warned in a private industry notification published August 3 that companies and organizations still using Windows 7 are at risk. Microsoft’s end of life (EOL) announcement for version 7 of its flagship Windows operating system means most customers still using it would no longer receive security updates or technical support. According to the FBI notification, continued use of...
Simple spelling errors in URLs can expose you to phishing, malware, and other kinds of cyber trickery. In the latest episode of Third Certainty, Adam Levin discusses typosquatting and how it can put your data security in jeopardy.
GPS location tracking
The NSA has issued a cybersecurity advisory about the use of location data on personal devices, social media accounts, mobile applications, as well as Internet of Things-enabled devices. The advisory, titled “Limiting Location Data Exposure,” was released August 4. While it is directed at government officials, the advice could also help the general public mitigate risks to data and privacy...
spear phishing
With the arrest of 17-year-old hacker Graham Ivan Clark in Tampa, Florida and more than 30 charges later, we’re starting to get a better understanding of the July 15 hack that compromised 130 Twitter high-profile accounts.  As suspected by many, including us, the hack deployed a spearphishing attack on Twitter employees.  An official statement from Twitter confirmed the method of attack,...
data leak
A collection of source code from companies including General Electric, Disney, Microsoft, Motorola, Qualcomm, Adobe, Nintendo and Microsoft has been aggregated and posted online.  The repository was released onto Gitlab by software developer and IT consultant Tillie Kottmann and was collected from publicly available leaked data that had been stored on misconfigured online servers. Kottmann has indicated that the bulk...
Email dots, pluses, and burners
If you find your personal email account bombarded with unwanted marketing emails, there’s a good chance your account was compromised in a breach. That said, email these days is a minefield we all need to learn how to traverse safely.  Your email address could present the greatest liability when it comes to cybersecurity and privacy. A recent report found that...
Garmin ransomware
Navigation and wearable device company Garmin experienced a widespread outage after a successful ransomware attack July 23. Recent reports have confirmed that the outage was caused by WastedLocker, a ransomware often used to specifically target and disrupt business operations, and closely associated with Evil Corp, the hacking group behind a $100 million crime spree that began in 2011. Evil Corp was...
Chinese covid hacking
The U.S. Justice Department has accused two Chinese hackers of conducting a massive campaign of intellectual property theft, including Covid-19 vaccine research. In the indictment filed in early July and unsealed earlier this week, the Justice Department accused Li Xiaoyu and Dong Jiazhi of stealing terabytes of research and data over the last several years. Their targets allegedly included high...
Cyberattacks are constantly getting more sophisticated. Barely a day goes by without news of an elite hacking team creating a more stealth exploit--malware, elaborate spear-phishing attacks, trojans, and a killer array of ransomware that can take factories and other organizations offline, or even hobble entire cities. With so many vectors of attack, it's easy to overlook the more basic tricks hackers use. The most common one is...