Logo
    Search

    Podcast Summary

    • The Expertise of Lisa Forte in Managing Insider ThreatsCompanies must implement insider threat programs and take security seriously to prevent insider-related security incidents, which can be as sophisticated as ransomware attacks. Experts like Lisa Forte can help navigate and mitigate these threats.

      Insider threats are a major problem for companies, particularly for music venues, sports stadiums, and theatres where people try to get in for free by using insider help. Lisa Forte, a partner at Red Goat Cyber Security, started her career in security as a lawyer for private security companies, helping them identify legal ways to protect cargo ships from pirate attacks. She later moved into the operations side of things to help boats secure themselves from pirates. Her expertise in managing risks and developing insider threat programs can be valuable to companies who want to avoid insider-related security incidents. Pirates have become as sophisticated as ransomware groups in the cybersecurity space, which means companies need to take security seriously and stay ahead of potential threats.

    • Protecting Ships from Pirate AttacksWhen protecting ships from pirate attacks, various methods can be used including barbed wire, welded internal doors, citadels, water cannons, and Long-Range Acoustic Devices (LRADs) that warn approaching ships to stay away.

      To protect ships from pirate attacks, barbed wire can be put up, internal doors can be welded shut, a citadel can be built, water cannons can be installed, and LRADs can be used. LRADs are Long-Range Acoustic Devices that can warn approaching ships to stay away and can pump out noises up to 160 decibels, making them a powerful sound weapon. They were invented after the USS Cole attack in 2000, and they are often used by shipping companies to help protect their ships from potential attacks.

    • Use of Technology and Armed Guards for Protection of Cargo Ships Against ThreatsCargo ships face dangerous waters and increasing piracy threats. Technology and armed guards are critical for self-defense, but force escalation is sometimes unavoidable. Quick thinking is necessary, as pirates develop rapidly with ransom payments.

      The use of technology like earplugs and LRADs have become necessary for cargo ships passing dangerous waters to protect themselves and repel suspicious boats without using force. However, pirates have developed sophisticated tactics, and cargo ships have to escalate force, such as water cannons and warning shots in unavoidable cases. Armed guards onboard the ships became mandatory, who were trained to use lethal force as an absolute last resort. During an attack, the ship's team raised the level of force to protect themselves from approaching boats. While it is crucial to have a plan in case of attacks, incidents will hit hard and require figuring out things on the fly. The pirates' tactics developed rapidly due to well-funded resources from ransom payments.

    • Asymmetry in Cybersecurity: Insider Threats and the Battle for Online SecurityDefenders in cybersecurity are at a disadvantage due to the asymmetry in the battle against attackers who don't play by the rules. Insider threats pose a significant danger, but companies can develop effective programs and responses against it with the help of specialized cybersecurity firms like Red Goat.

      Attackers don't play by the rules, while defenders have to abide by the law, creating an asymmetry in the battle and how companies secure themselves online. Insider threats in cybersecurity are a significant danger as it involves trusted individuals within the company who might attack it, ultimately leading to a breach. LinkedIn has become a social network that scientists and professionals use to connect, share, and post content, leading to insider threats, like in the case, where an employee exchanged e-mails with someone who shared common interests and had access to sensitive information. Lisa started her Cybersecurity company, Red Goat, and specializes in cybersecurity crisis exercises, including addressing insider threats, helping companies develop programs and responses against it.

    • Preventing Insider Threats in CompaniesCompanies should be cautious during employee recruitment, employees must be aware of data protection regulations, and both parties should take necessary measures to avoid exfiltration of private information. Data security is everyone's responsibility.

      Insider threat is a common data breach in companies, especially when private information is exfiltrated by an employee. Companies should be cautious while recruiting new employees, and employees should also be aware of their actions while working in a company. Sharing proprietary information of a company can lead to severe consequences for both the employee and the company. It is essential to understand the rules and regulations of a company related to data protection and intellectual property. Employees should avoid sending sensitive information through emails and other easily accessible platforms. Data security is the responsibility of everyone associated with the company, and therefore, it is vital to create awareness and take necessary measures to prevent insider threats.

    • The Dangers of Unsolicited Job Offers and Sharing Sensitive InformationBe cautious of unsolicited job offers and never share sensitive information without verifying the identity of the requester. Disable user accounts immediately if suspicious activity is detected. Always be vigilant and cautious in communication with unknown individuals or companies.

      The story highlights the dangers of responding to unsolicited job offers and sharing sensitive information in response to them. In this case, a fake LinkedIn profile lured a scientist into downloading malware on his work device, which could have given the attackers access to sensitive company information. The attack was likely either industrial/corporate espionage or the work of nation state actors. This incident also emphasizes the importance of disabling user accounts as soon as suspicious activity is detected. Such cyber attacks should serve as a reminder to always be vigilant and cautious when communicating with unknown individuals or companies, whether it be through social media or email, especially when asked to share sensitive information.

    • Beware of Cyber Attacks through LinkedInExercise Healthy Paranoia & Limit Personal Info Shared Online. Avoid Using LinkedIn's Direct Messaging Feature and Be Cautious of Profile Posts and Comments.

      Nation state-level cyber attackers are using LinkedIn to social engineer employees of targeted companies to gain access to valuable intellectual property or to install malware. This vulnerability is due to the abundance of personal information that LinkedIn provides about an individual and their employer. While it is important to have an online presence, it is essential to exercise healthy paranoia and limit personal information shared online. LinkedIn's direct messaging feature is particularly risky since anyone with a LinkedIn Premium account can direct message any user. However, turning off direct messages may not be enough to prevent attackers from accessing personal information, as anyone can still comment on profile posts and deduce email addresses from names and employers.

    • The dangers of fake profiles on social mediaBe cautious of strangers on social media, especially those who share many similarities and interests with you, as they may have malicious intentions and seek to exploit your trust. Always verify information before taking any action.

      Beware of fake profiles on social media. The woman was tricked by a fake Peruvian girl on Facebook chat who gained her trust by having fake similarities and mirrored all her interests from a wide-open Facebook profile. The fake woman built trust over time and friendship with text conversations and approached the woman to expose an environmental scandal at their workplace. The woman was horrified after hearing about the unsafe conditions caused by their company in Peru and decided to quit her job. The fake woman suggested exposing the issue to a journalist. In the end, both the victim and fake woman left the situation after providing all the documents required to the investigative journalist.

    • Balancing Employee Privacy and Security Against Insider ThreatsCompanies should invest in educating employees about insider threats while respecting their privacy, in addition to staying vigilant about social engineering tactics used by attackers. A balanced approach can help protect against attacks without breaching employee privacy rights.

      Insider threats are a real danger for companies and investing in training employees about these dangers is essential. However, some companies make the mistake of implementing Draconian monitoring measures on staff, which is not recommended. In this case, the attackers preyed on the victim's passion for the environment and used it against her to leak sensitive company documents. This lady was manipulated into believing that she had real friends who were silenced by their employer. Companies can protect themselves from such attacks by adopting a balanced approach that does not breach employees' privacy rights. Additionally, the human element can never be disregarded, and companies should stay vigilant about educating their staff to be aware of social engineering tactics used by attackers.

    • Importance of a positive work environment in preventing insider threats.Investing in employee assistance programs and building a supportive work culture can reduce the risks of insider threats. Security measures should include prevention, detection, remediation, and investigation of attacks, and not just perimeter defense.

      Invest in employee assistance programs to identify and address employee struggles and create a supportive work environment to prevent insider threats. Happy and loyal employees are less likely to sabotage their employer. Security measures should not only focus on prevention but also on detection, remediation, and investigation of attacks to minimize damage. Building a perimeter defense is not enough, as companies have to be ready to respond to attackers and assess the extent of the compromise. The example of a secret city in Soviet Russia proves that content and privileged employees are more likely to keep agreements and be loyal to their employers. Creating a positive work culture is essential to reduce the risk of insider threats.

    Recent Episodes from Darknet Diaries

    146: ANOM

    146: ANOM

    In this episode, Joseph Cox (https://x.com/josephfcox) tells us the story of anom. A secure phone made by criminals, for criminals.

    This story comes from part of Joseph’s book “Dark Wire” which you should definitely read. Get yours here https://www.hachettebookgroup.com/titles/joseph-cox/dark-wire/9781541702691.

    Darknet Diaries
    en-usJune 04, 2024

    145: Shannen

    145: Shannen
    Shannen Rossmiller wanted to fight terrorism. So she went online and did. Read more about her from her book “The Unexpected Patriot: How an Ordinary American Mother Is Bringing Terrorists to Justice”. An affiliate link to the book on Amazon is here: https://amzn.to/3yaf5sI. Thanks to Spycast for allowing usage of the audio interview with Shannen. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    144: Rachel

    144: Rachel
    Rachel Tobac is a social engineer. In this episode we hear how she got started doing this and a few stories of how she hacked people and places using her voice and charm. Learn more about Rachel by following her on Twitter https://twitter.com/RachelTobac or by visiting https://www.socialproofsecurity.com/ Daniel Miessler also chimes in to talk about AI. Find out more about him at https://danielmiessler.com/. Sponsors Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    143: Jim Hates Scams

    143: Jim Hates Scams
    Jim Browning has dedicated himself to combatting scammers, taking a proactive stance by infiltrating their computer systems. Through his efforts, he not only disrupts these fraudulent operations but also shares his findings publicly on YouTube, shedding light on the intricacies of scam networks. His work uncovers a myriad of intriguing insights into the digital underworld, which he articulately discusses, offering viewers a behind-the-scenes look at his methods for fighting back against scammers. Jim’s YouTube channel: https://www.youtube.com/c/JimBrowning Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. This episode is sponsored by Intruder. Growing attack surfaces, dynamic cloud environments, and the constant stream of new vulnerabilities stressing you out? Intruder is here to help you cut through the chaos of vulnerability management with ease. Join the thousands of companies who are using Intruder to find and fix what matters most. Sign up to Intruder today and get 20% off your first 3 months. Visit intruder.io/darknet. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    142: Axact

    142: Axact
    Axact sells fake diplomas and degrees. What could go wrong with this business plan? Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from ThreatLocker®. ThreatLocker® is a Zero Trust Endpoint Protection Platform that strengthens your infrastructure from the ground up. With ThreatLocker® Allowlisting and Ringfencing™, you gain a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker® provides Zero Trust control at the kernel level that enables you to allow everything you need and block everything else, including ransomware! Learn more at www.threatlocker.com. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    141: The Pig Butcher

    141: The Pig Butcher
    The #1 crime which results in the biggest financial loss is BEC fraud. The #2 crime is pig butchering. Ronnie Tokazowski https://twitter.com/iHeartMalware walks us through this wild world. Sponsors Support for this episode comes from NetSuite. NetSuite gives you visibility and control of your financials, planning, budgeting, and of course - inventory - so you can manage risk, get reliable forecasts, and improve margins. NetSuite helps you identify rising costs, automate your manual business processes, and see where to save money. KNOW your numbers. KNOW your business. And get to KNOW how NetSuite can be the source of truth for your entire company. Visit www.netsuite.com/darknet to learn more. Support for this show comes from Drata. Drata streamlines your SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR & many other compliance frameworks, and provides 24-hour continuous control monitoring so you focus on scaling securely. Listeners of Darknet Diaries can get 10% off Drata and waived implementation fees at drata.com/darknetdiaries. This show is sponsored by Shopify. Shopify is the best place to go to start or grow your online retail business. And running a growing business means getting the insights you need wherever you are. With Shopify’s single dashboard, you can manage orders, shipping, and payments from anywhere. Sign up for a one-dollar-per-month trial period at https://shopify.com/darknet. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    139: D3f4ult

    139: D3f4ult
    This is the story of D3f4ult (twitter.com/_d3f4ult) from CWA. He was a hacktivist, upset with the state of the way things were, and wanted to make some changes. Changes were made. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Thinkst Canary. Their canaries attract malicious actors in your network and then send you an alert if someone tries to access them. Great early warning system for knowing when someone is snooping around where they shouldn’t be. Check them out at https://canary.tools. Support for this show comes from Quorum Cyber. Their mantra is: “We help good people win.” If you’re looking for a partner to help you reduce risk and defend against the threats that are targeting your business — and especially if you are interested in Microsoft Security — reach out to Quorum Cyber at www.quorumcyber.com/darknet-diaries. Sources https://www.vice.com/en/article/z3ekk5/kane-gamble-cracka-back-online-after-a-two-year-internet-ban https://www.wired.com/2015/10/hacker-who-broke-into-cia-director-john-brennan-email-tells-how-he-did-it/ https://www.hackread.com/fbi-server-hacked-miami-police-data-leaked/ https://archive.ph/Si79V#selection-66795.5-66795.6 https://wikileaks.org/cia-emails/John-Brennan-Draft-SF86/page-7.html Learn more about your ad choices. Visit podcastchoices.com/adchoices

    138: The Mimics of Punjab

    138: The Mimics of Punjab
    This episode is about scammers in the Punjab region. Tarun (twitter.com/taruns21) comes on the show to tell us a story of what happened to him. Naomi Brockwell (twitter.com/naomibrockwell) makes an appearance to speak about digital privacy. To learn more about protecting your digital privacy, watch Naomi’s YouTube channel https://www.youtube.com/@NaomiBrockwellTV. And check out the books Extreme Privacy (https://amzn.to/3L3ffp9) and Beginner’s Introduction to Privacy (https://amzn.to/3EjuSoY). Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from SpyCloud. It’s good practice to see what data is getting passed around out there regarding you, your employees, your customers, and your business. The dark web is a place where this data is traded and shared. SpyCloud will help you find what out there about you and give you a report so you can be aware. Then they’ll continuously monitor the dark web for any new exposures you should be aware of. To learn more visit spycloud.com/darknetdiaries. Support for this show comes from ThreatLocker. ThreatLocker has built-in endpoint security solutions that strengthen your infrastructure from the ground up with a zero trust posture. ThreatLocker’s Allowlisting gives you a more secure approach to blocking exploits of known and unknown vulnerabilities. ThreatLocker provides zero trust control at the kernel level. Learn more at www.threatlocker.com. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    137: Predator

    137: Predator
    A new type of mercenary spyware came on the radar called Predator. It’ll infect a mobile phone, and then suck up all the data from it. Contacts, text messages, location, and more. This malware is being sold to intelligence agencies around the world. In this episode we hear from Crofton Black at Lighthouse Reports who spent 6 months with a team of journalists researching this story which was published here: https://www.lighthousereports.com/investigation/flight-of-the-predator/. We also hear from Bill Marczak and John Scott-Railton from Citizen Lab. If you want to hear about other mercenary spyware, check out episodes 99 and 100, about NSO group and Pegasus. To hear another episode about Greece check out episode 64 called Athens Shadow Games. Sponsors Support for this show comes from Axonius. The Axonius solution correlates asset data from your existing IT and security solutions to provide an always up-to-date inventory of all devices, users, cloud instances, and SaaS apps, so you can easily identify coverage gaps and automate response actions. Axonius gives IT and security teams the confidence to control complexity by mitigating threats, navigating risk, decreasing incidents, and informing business-level strategy — all while eliminating manual, repetitive tasks. Visit axonius.com/darknet to learn more and try it free. Support for this show comes from Varonis. Do you wonder what your company’s ransomware blast radius is? Varonis does a free cyber resilience assessment that tells you how many important files a compromised user could steal, whether anything would beep if they did, and a whole lot more. They actually do all the work – show you where your data is too open, if anyone is using it, and what you can lock down before attackers get inside. They also can detect behavior that looks like ransomware and stop it automatically. To learn more visit www.varonis.com/darknet. Support for this show comes from Akamai Connected Cloud (formerly Linode). Akamai Connected Cloud supplies you with virtual servers. Visit linode.com/darknet and get a special offer. Learn more about your ad choices. Visit podcastchoices.com/adchoices

    Related Episodes

    The Human Firewall

    The Human Firewall

    In an era where cybersecurity breaches are rampant and data breaches make daily headlines, organizations are increasingly turning their attention to fortifying their defenses against digital threats. However, amidst the focus on sophisticated software, A.I, and firewalls, there's a critical component often overlooked: the human factor.

    Tune in to discover how you can harness the power of the human firewall to safeguard your organization's sensitive data, mitigate risks, and stay one step ahead of cyber adversaries. 

    Support the show

    Subscribe now to Darnley's Cyber Cafe and stay informed on the latest developments in the ever-evolving digital landscape.

    Ep. 239 - Security Awareness Series - Protecting Against the Perfect Storm with Marc Ashworth

    Ep. 239 - Security Awareness Series - Protecting Against the Perfect Storm with Marc Ashworth

    Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I are joined once again by Marc Ashworth. Mr. Ashworth is the Senior Vice President and Chief Information Security Officer at First Bank, is a respected IT executive with over 30 years of experience in cyber and physical security, IT/security architecture, project management, author and a public speaker. He is a member of the Webster University Cyber Advisory board, Co-Founded the State of Cyber annual security conference, and a Lifetime member of FBI Citizens Academy. He is a former board officer for the St. Louis InfraGard Alliance. Possessing security certifications in CISSP, CISM, CRISC, Security+ and other certifications. Mr. Ashworth currently oversees First Bank’s information security, fraud, physical security, and the network services departments. [Dec 18, 2023]

     

    00:00 - Intro

    00:22 - Ryan Intro

    00:53 - Intro Links:

    -          Social-Engineer.com - http://www.social-engineer.com/

    -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

    -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

    -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

    -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

    -          CLUTCH - http://www.pro-rock.com/

    -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/

    04:16 - Marc Ashworth Intro

    05:51 - Recap

    08:26 - Speaking the Same Language

    09:36 - The Threats Get Better

    11:45 - Clash of the Robots

    13:42 - AI for Bad

    17:46 - AI for Good

    19:32 - Decepticons

    22:39 - Regulations: Money Talks

    26:48 - The Perfect Storm

    30:16 - Insider Threat Safety Tips

    33:00 – Mentors

    -          Bala Nibhanupudi

    -          Shelley Seifert

    -          Tom Bakewell

    35:17 - Book Recommendations

    36:37 - Find Mark Ashworth Online

    -          LinkedIn: linkedin.com/in/marcashworth/

    38:06 - Wrap Up & Outro

    -           www.social-engineer.com

    -          www.innocentlivesfoundation.org

    Ep. 213 - The Doctor Is In Series - Everything You Remember is False

    Ep. 213 - The Doctor Is In Series - Everything You Remember is False

    Welcome to the Social-Engineer Podcast: The Doctor Is In Series – where we will discuss understandings and developments in the field of psychology.

     

    In today’s episode, Chris and Abbie are discussing: False Memories. Although memory processes and systems usually operate reliably, they are sometimes prone to distortions and illusions. Today’s discussion will examine how and why this happens. [June 5, 2023]

     

    00:00 - Intro

    00:20 - Dr. Abbie Maroño Intro

    01:02 - Intro Links

    -          Social-Engineer.com - http://www.social-engineer.com/

    -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

    -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

    -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

    -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

    -          CLUTCH - http://www.pro-rock.com/

    -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/

    07:43 - The Topic of the Day: False Memories

    08:11 - Defining Our Memories

    10:17 - Challenging Your Reality

    11:48 - Remember the Good Times

    13:01 - The Exception

    15:07 - Unintentional Ego Inflation

    17:27 - Putting it in Context

    18:46 - The Dangers of Distorting Memories

    23:19 - Not-So-Total Recall

    25:40 - Repression vs Suppression

    28:35 - Eyewitness Error

    32:10 - Shameless Plug: Ep. 134

    -          Altered Memories and Alternate Realities with Dr. Elizabeth Loftus

    34:14 - Emotional Influence

    37:22 - How Accurate Are You???

    39:56 - Emotional Defense

    44:35 - Belief System

    47:48 - Don't Be Certain (Because You're Not)

    49:31 - Confirmation Bias

    52:39 - Simple Does Not Equal Easy

    54:08 - Shades of Grey

    56:38 - Wrap Up

    56:58 - Next Month: Deception Detection

    57:45 - Outro

    -          www.social-engineer.com

    -          www.innocentlivesfoundation.org

     

    Find us online:

    -          Twitter: https://twitter.com/abbiejmarono

    -          LinkedIn: linkedin.com/in/dr-abbie-maroño-phd-35ab2611a

    -          Twitter: https://twitter.com/humanhacker

    -          LinkedIn: linkedin.com/in/christopherhadnagy

     

    References:

    Damiano, C., & Walther, D. B. (2019). Distinct roles of eye movements during memory encoding and retrieval. Cognition, 184, 119-129.

    Robins, S. K. (2019). Confabulation and constructive memory. Synthese, 196, 2135-2151.

    Schacter, D. L. (2022). Constructive memory: past and future. Dialogues in clinical neuroscience.

    Murphy, G., Loftus, E. F., Grady, R. H., Levine, L. J., & Greene, C. M. (2019). False memories for fake news during Ireland’s abortion referendum. Psychological science, 30(10), 1449-1459.

    Sedikides, C., & Skowronski, J. J. (2020). In human memory, good can be stronger than bad. Current Directions in Psychological Science, 29(1), 86-91.

    Otgaar, H., Howe, M. L., & Patihis, L. (2022). What science tells us about false and repressed memories. Memory, 30(1), 16-21.

    Loftus, E. F. (1993). The reality of repressed memories. American psychologist, 48(5), 518.

    Anderson, M. C., & Hulbert, J. C. (2021). Active forgetting: Adaptation of memory by prefrontal control. Annual review of psychology, 72, 1-36.

    Loftus, E. F., & Pickrell, J. E. (1995). The formation of false memories. Psychiatric annals, 25(12), 720-725.

    Otgaar, H., Candel, I., Merckelbach, H., & Wade, K. A. (2009). Abducted by a UFO: Prevalence information affects young children's false memories for an implausible event. Applied Cognitive Psychology: The Official Journal of the Society for Applied Research in Memory and Cognition, 23(1), 115-125.

    Otgaar, H., Candel, I., Scoboria, A., & Merckelbach, H. (2010). Script knowledge enhances the development of children’s false memories. Acta Psychologica, 133(1), 57-63.

    Ep. 224 - The SE ETC Series - Tips for Having Difficult Conversations with Chris and Patrick

    Ep. 224 - The SE ETC Series - Tips for Having Difficult Conversations with Chris and Patrick

    Welcome to the Social-Engineer Podcast: The SE Etc. Series. This series will be hosted by Chris Hadnagy, CEO of Social-Engineer LLC, and The Innocent Lives Foundation, as well as Social-Engineer.Org and The Institute for Social Engineering. Chris will be joined by his co-host Patrick Laverty as they discuss topics pertaining to the world of Social Engineering. [August 28, 2023]

     

    00:00 - Intro

    00:21 - Patrick Laverty Intro

    00:55 - Intro Links

    -          Social-Engineer.com - http://www.social-engineer.com/

    -          Managed Voice Phishing - https://www.social-engineer.com/services/vishing-service/

    -          Managed Email Phishing - https://www.social-engineer.com/services/se-phishing-service/

    -          Adversarial Simulations - https://www.social-engineer.com/services/social-engineering-penetration-test/

    -          Social-Engineer channel on SLACK - https://social-engineering-hq.slack.com/ssb

    -          CLUTCH - http://www.pro-rock.com/

    -          innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/

    07:20 - Intro Chat

    09:11 - Todays Topic: Tips for Having Difficult Conversations

    10:00 - Outline for Parents

    12:10 - Map Your Terrain

    16:22 - Define Your Goal

    17:40 - Decide on Your Pretext

    20:05 - Imagine Your Rapport Building

    21:50 - Identify Potential Influence Building Techniques

    28:47 - Run a Quick Manipulation Check

    31:31 - Pump Up the Nonverbals

    36:30 - Conduct an Authenticity Check

    39:21 - Prepare for Likely Contingencies

    40:48 - Solidify Gains

    43:40 - Next Month: ???

    44:00 - Wrap Up & Outro

    -          www.social-engineer.com

    -          www.innocentlivesfoundation.org

     

    Find us online

    -          Chris Hadnagy

    -          Twitter: @humanhacker

    -          LinkedIn: linkedin.com/in/christopherhadnagy

    -          Patrick Laverty

    -          Twitter: @plaverty9

    -          LinkedIn: linkedin.com/in/plaverty9

    Cohesity, Veritas and More on Changes in the CyberSecurity Market - Infrastructure Matters, Episode 30

    Cohesity, Veritas and More on Changes in the CyberSecurity Market - Infrastructure Matters, Episode 30

    In this episode of Infrastructure Matters, hosts Camberley Bates and Krista Macomber discuss Cohesity, Veritas and more on changes in the cybersecurity market.

    Their discussion covers:

    • Cohesity’s planned acquisition of Veritas NetBackup, NetBackup appliances and Alta Software-as-a-Service Top of Form

    • Updates on Cybersecurity Policy, including insights from Krista’s participation in a MarketScale Experts Talk

    • Cisco’s and Hitachi’s relationship

    • Infleqtion’s quantum computing