Justin Fimlaid public
[search 0]
More

Download the App!

show episodes
 
Pwned is a weekly information and cyber security podcast addressing real-world security challenges. Occasionally funny, always informational, and driven by those who live and breathe security. Each episode we dive into the latest and greatest in technology, security frameworks, best practices, and how-tos. We’ll chat with industry leaders to learn how they got to where they are, what they see coming, and how they learned from their mistakes.
 
Loading …
show series
 
Every company operating in the United States is required to maintain a Form I-9 file on every employee to ensure that they are legally allowed to work and not subject to more restrictive immigration rules. But Form I-9 files can contain a ton of sensitive information making a good target for identity thieves. Check out NuHarbor Security for complet…
 
Geez, I guess nothing is off limits. Vastaamo was first breached in 2018, but this…just…keeps…going. Vastaamo has been requested by attackers to pay half a million USD in Bitcoin. But to make it worse employees and patients are also targets of extortion. Check out NuHarbor Security for complete cybersecurity protection for your business and a secur…
 
Long story short, somebody hacked Harvest Finance and by manipulating asset values, stole tens of millions of dollars. Soon there was a bounty on the black hat, and the relationship is still complicated – Harvest is offering the hacker $1M for their $23M back. Check out NuHarbor Security for complete cybersecurity protection for your business and a…
 
So Nitro PDF got hit. The popular PDF software had an undisclosed number of accounts and files released into the wild. Contracts, agreements, love letters, etc. were up for sale on the dark web within hours. Hear what Justin hates to say about it. Check out NuHarbor Security for complete cybersecurity protection for your business and a security par…
 
In this week’s episode, we look into a big hack at one of the last bookstore giants. Barnes and Noble got whacked in both their brick and mortar and their cyber stores preventing purchases and virtual book reading. Justin discusses why he picked the Nook over the Kindle and Zack laments that the last big bookstore is getting picked on. Check out Nu…
 
We are joined by Jeff to talk social engineering both in the real world and the digital world. Jeff talks about how the movie Sneakers sparked his interest, how he got paid to sneak into people’s buildings, and why we see so many people getting duped today. Check out NuHarbor Security for complete cybersecurity protection for your business and a se…
 
I know, another election security episode with Zack? Yes! Well this week we’re looking at strategies to stop you from getting duped because we’re about to cross the finish line and this year more than ever, cybersecurity is playing a big role in our election and each of us has a role to play. We have some more details on a recent email campaign out…
 
It’s another solo episode and we’re digging deep into the recent indictment of six Russian GRU agents belonging to Sandstorm. What did they do? What happens now? Is this going to stop future attacks? Listen in and find out! Check out NuHarbor Security for complete cybersecurity protection for your business and a security partner you can trust. Webs…
 
It’s a solo episode as Zack follows up on some of the previous discussions and updates you on some of the latest issues around election security. Russia still wants to ruin our democracy, botnets are great at spreading garbage news, and the feds are feeling pretty good so far about the overall threat to election infrastructure. Check out NuHarbor S…
 
On this week’s breach, we’re talking about an unnamed federal agency that was compromised by a fairly easy backdoor into the agency’s network. While we can only speculate about which agency was hit or what the intent was of the bad actors, we can all agree that the feds getting whacked is not a good thing. For more info: https://www.infosecurity-ma…
 
In what may be the most upsetting episode of Pwned yet, Justin and Zack discuss the implications of a coffee maker going rogue and the possibilities of our IoT appliances turning on us. Are the machines rising against us? Was the coffee maker made by Cyberdyne Systems? Pour yourself a fresh cup of java and listen in as we figure out which appliance…
 
This week we’re talking about breach at a food delivery service that appears to be the result of a disgruntled insider. Justin and Zack talk about how easy it was to get the data and how the perpetrator sent out notification of the breach themselves. You can read the article here: https://www.infosecurity-magazine.com/news/delivery-service-chowbus-…
 
Justin is back for another episode and we’re again talking about a medical system that’s been hit by ransomware. In what may be the largest attack on a US healthcare network, Universal Health Services had their entire US system impacted by a ransomware attack forcing staff to shut down computers and resort to pen and paper documentation. Justin and…
 
We’re talking QR codes this week and no, it is not 2010. QR codes are back and they’re doing more than ever. QR codes have returned to help us do contactless payments, authentication, and all the other fun stuff they could do before, however, like everything digital, the bad guys are trying to ruin everything for us. You can read the article here:h…
 
What’s the future hold for information technology in a post-COVID world? Justin is back on the podcast to talk about a recent list Microsoft put together speculating what cyber security will look when we start to get back to a new normal. Spoiler, it’s a lot of stuff cybersecurity teams have been pushing for that are finally starting to become comm…
 
Justin has returned to the podcast and this week we’re covering what could be the first death to be directly linked to a ransomware attack. We talk about why hospitals are targets, how this could become far more complicated if it’s found to be a nation state, and how the legal system will address this and whether this will result in a homicide char…
 
Kathie is one of the early members of NuHarbor and has been directly responsible for finding and curating the team that has grown into the company NuHarbor is today. Kathie joined the podcast today to talk about how NuHarbor has built a successful work culture, how it’s surviving the pandemic, and what’s next. Kathie has served as the NuHarbor gate…
 
We’re continuing our exploration of the intersection of cyber and real world disasters and this week we have a report from Cynet about unrelenting attacks that have occurred since the beginning of the COVID-19 crisis and how criminals are using this real world disaster to exploit people in the digital world. You can read the original story here htt…
 
It’s National Preparedness Month! Zack is going to tap into his previous life as an emergency manager to discuss the increasing intersection of disasters and cybersecurity. From identity theft and fraud to the increasing reliance on cybersecurity to how cybersecurity professionals can increase their knowledge and skills to respond, we’re exploring …
 
We’re back with the second half of our discussion on election security with Davis. This week we’re talking about strategies and concepts that must be considered as part of a comprehensive security plan from physical security to ensuring people don’t share bad information. If you like this episode, check out last week’s episode discussing all of the…
 
We are back with our second episode exploring how NuHarbor Security began and what sets us apart from our peers. This week we’re joined by Scott, NuHarbor’s VP and guru of marketing and sales. Scott is another one of the OG crowd and has been with NuHarbor since the very early days. We’ll talk to Scott about how he has embraced content creation, li…
 
We are just a couple of months away from the 2020 election and like many voters, we are discussing election security. This week we are joined again by Davis and we’re talking about the threats to our election and how most people focus on the wrong thing when it comes to securing elections. From voting machines to hanging chads to social engineering…
 
The original group, or OG’s as they’re referred to around the office, have seen NuHarbor grow from a scrappy little company trying to break the mold to a quickly expanding cybersecurity firm punching above their numbers. What is it that motivated the original members to take the leap and join Justin in his pursuit of building an infosec company in …
 
This week Zack is solo and is discussing a new report out from IBM Security on the costs of data breaches. To put it bluntly, it’s not cheap. However, the report shows that all is not lost and that organizations that have strong cybersecurity plans, software, and personnel, will save millions of dollars post-breach compared to those who have nothin…
 
We are back with Part II of our taking care of the team series. In this episode, Zack and Justin will address some of the challenges in keeping staff and what leaders can do to support their staff as well as how to build up team members so that someday they can take over. Justin also discusses how taking care of your team is taking care of your cus…
 
On this week’s breach, we’re talking about a breach that took years to come to fruition. How many of us have sold, recycled, or tossed a used computer with the hard drive still in it? It happens countless times a day and we likely don’t even think about the amount of data that remains, even after you “wipe” it. That’s right, your secret list of cow…
 
We’re talking team care this week with Zack and Justin. They’ll cover the challenges of leading a team in crisis (like a pandemic), how to keep up enough on the lives of your team members without being creepy, and why leaders fail to lead. This was a very long recording session so we’re breaking it up into two separate episodes. If you take care of…
 
Justin is back on the podcast and for this week’s breach, we’re talking about the big Twitter breach that opened up some of the biggest users on the system to a bitcoin scam. We were shocked at how incredibly easy it was to get into the system, access important accounts, and then waste the opportunity for a second rate bitcoin scam. We’ll talk abou…
 
We brought Travis back to give us an update on what he’s seeing for trends and issues. We talk about the biggest things on the horizon including securing remote workers, the shift away from offices, securing education from k-12 through higher ed, and even election security and the threat to democracy. We’re in a dynamic world and Travis talks about…
 
We’re joined by Kristof to dig into another compliance frontier, the Cybersecurity Maturity Model Certification (CMMC). Kristof will give us a primer on who CMMC affects, what they need to do get compliant, how you get certified, and when this certification goes live. If you fall into the Defense Industrial Base (DIB) or work with the Dept of Defen…
 
We’re joined by two NuHarbor staffers this week to explore the dark web. We posted a poll on Twitter yesterday and the people have spoken, they wanted dark web content and we are delivering. We’ll discuss what the dark web is, how it is used, and whether or not it is a good idea to visit it on your home computer. We’ll also learn what happens to yo…
 
We are back with another throwback episode, this time on Application Security Authentication Requirements. You probably would not be surprised to realize that there are still organizations out there that are not using best practices when it comes to authentication requirements and their lack of understanding often results in security headaches for …
 
Today we’re talking Blue Leaks, the massive data leak impacting law enforcement agencies at all levels, not to be confused with the classic Martin Lawrence movie Blue Streak, a comedy from 1999. We talk about the impacts of the breach, how and why it happened, and the continued risk to government agencies as they expand their online presence. More …
 
On this week’s episode we’re talking to Kristof about ISO 27001. We cover the who, what, when, why, and how of ISO and discuss how the process works from initial discussion through certification. Kristof points out some of the pitfalls and shares his thoughts on why ISO is often a better choice than some of the other standards that exist (NIST, we …
 
This week Justin and Zack realize with terror, that their favorite form of transportation has betrayed them. The NuHarbor train system of choice, Amtrak, found itself on the receiving end of a data breach and unfortunately the train has left the station. The breach appears to have originated within the app used to access your Amtrak guest points sy…
 
You shouldn’t be shocked by this, but North Korea is trying to break into your data. Seriously, check your logs. If you do not see the telltale signs, it’s only a matter of when, not if, a nation state takes a shot at you. This was originally set to be a Breach of the Week, but we got chatty and we decided to launch this as a regular full episode. …
 
For this week’s Breach of the Week, we’re talking about a software on a chip maker that got hit by our old friend, Maze Ransomware. Justin talks about the persistence of viruses after you’ve been hit and how companies can try to prevent this from happening. We also are beginning to discuss 5G. What is 5G? Well, if you believe the hype, it is litera…
 
What is up everyone! For this week’s episode we’re digging into the archives and we picked one of the most popular episodes from Season 1 of Pwned, Exim Server Vulnerabilities. What’s fascinating about Exim is that it first launched 25 years ago and still supports a lot of email systems around the globe. The software’s longevity and proliferation m…
 
We have a very special episode this week! NuHarbor Security is literally the best place to work. Seriously, NuHarbor was selected as a “Best Places to Work in Vermont” for the second time! Justin and Zack discuss why they think NuHarbor was selected and why NuHarbor staff members make the difference. Justin also talks about how having a strong corp…
 
On this week’s Breach of the Week, we’re talking CIA and a pretty epic dump of highly sensitive and classified materials including some of the most dangerous hacking tools they’ve created. Was it a nation state looking to seek revenge? Was it a hacking group that perpetrated the deepest depths of the government’s networks? Listen and find out (hint…
 
On this week’s episode Justin’s discussing cyber threat intelligence and why it takes a combination of good systems, smart people, and solid processes to stay ahead of the bad guys. Justin also shared some sources you can use to find intel and some thoughts on how to effectively use that intel including building your platform to manage all the data…
 
On this week’s episode we are digging into a specific Maze Ransomware attack that hit one of the biggest security firms on the planet. What does it mean when a security company gets hit, how they’ll probably be just fine with their billions of dollars, and whether or not we should cut them some slack. While we don’t know how much they ultimately pa…
 
Maze Ransomware has been in the headlines quite a bit recently and the way things look, we’re probably going to see it more in the future. Justin and Zack take a deep dive into what Maze is, how it works, and why businesses impacted should probably not mess around with getting it sorted out. They’ll also cover the unfortunate reality that once your…
 
Despite the mediocre R.E.M. pun, this is a good episode. We’re covering ShinyHunters and how they got busy in May dumping millions of accounts into the dark web. Zack learns that hacked data doesn’t necessarily arrive ready to start using and Justin laments at the fact that hackers only need to be right once and business need to be right 100% of th…
 
On this week’s episode we’re talking to Davis about threat analysis and how he sifts through the noise to help keep organizations safer from security threats. We are covering everything from the alphabet soup of infosec acronyms to why having some human eyes on intel can strengthen information security to what the future holds in threat analysis. D…
 
In this week’s Breach of the Week episode we talk about a big breach at Nintendo that revealed NNID, Nintendo’s ID system, which is linked to other private and payment info. Justin and Zack then discuss everything from the cost of video games to video game streaming. Also, we discuss video game currencies and how big streaming video games is. Like,…
 
This week we are welcoming Kyle to the podcast to tell us all about REDSEC. We’ll learn who they are and how they help clients find vulnerabilities before the bad guys do. Kyle will talk about why we have updated and centralized the offensive testing side of the house at NuHarbor and what sets it apart from other offensive security organizations. F…
 
In this weeks Breach of the Week, Justin and Zack discuss not one, but two, separate breaches at Marriott hotels, one releasing nearly enough data for every person in the United States! Will this stop Justin and Zack from ever staying at a Marriott again or will they cash in those reward points for a future room upgrade? Tune in to find out! You ca…
 
It’s graduation season and despite the very strange and challenging times we live in, a lot of awesome and talented students are about to be unleashed into the world and if you’re a cyber security company that’s trying to attract them, Justin has some thoughts. Maybe you already have a full roster but for some reason you just cannot seem to figure …
 
On this week’s episode, we’re testing how far a breach can go and what happens when a customer is 100% positive they’re system is bullet proof. Can Eric drop ship a very expensive item to prove a point? Can Randy print himself a badge so that he doesn’t have to wait for one? Did Justin really want a tractor for the office? Our dynamic duo of Eric a…
 
Loading …

Quick Reference Guide

Copyright 2021 | Sitemap | Privacy Policy | Terms of Service
Google login Twitter login Classic login