Vulnerable U
Welcome to Vulnerable U, a podcast where we explore the intersection of vulnerability and cyber security.
Each episode, we explore how vulnerability can drive growth and foster community resilience within our industry. Get ready for thought-provoking conversations, real-life stories, and curated news that inspire you to embrace discomfort on the road to a more vulnerable you.
Episodes
18 episodes
Hackers Turn Whistleblowers: Ransomware Gang Files SEC Complaint
Howdy friends. This week I discuss how ALPHV/Blackcat filed a SEC complaint against one of their ransomware victims, ALPHV/Blackcat’s use of Google Ads to target victims, LockBit’s leak of Boeing’s files, Google’s confirmation that they will...
•
Season 1
•
Episode 32
•
11:39
Biden’s 8 Rules for AI Usage & What it Means For You
Howdy friends. This week I cover Biden’s AI executive order, the pledge that 40 countries took to not pay ransom to cybercriminals, Prolific Puma, Lazarus hacking group’s focus on infecting blockchain experts with malware, the pwning of the ...
•
Season 1
•
Episode 31
•
16:02
Okta hacked! 1Password and Cloudflare caught in the splash damage
Howdy friends. This week I go over the Okta security breach, SolarWinds and their Chief Information Security Officer charged by the SEC with Fraud, Cisco’s second recent 0-day, Browser-based attacks on Apple devices, Telegram’s continued lea...
•
Season 1
•
Episode 30
•
11:16
Is Your Co-Worker a North Korean Spy?
Howdy friends. This week I discuss the North Korean IT workers found to have been sending wages from their remote jobs back to North Korea to fund weapons programs, the massive Cisco device 0-day, the fall of the ACG hacking group, a complex...
•
Season 1
•
Episode 29
•
8:28
October 10: 23andMe data breach hate crime, attack against iPhone encryption by dark-money network, the massive increase in police use of Google’s data, hacking scams on the elderly community, Cisco Emergency Responder vulnerability, the iOS 17 0-day, Qu
Howdy friends. This week I explain the 23andMe data breach, the new group responsible for attacking iPhone encryption backed by a political dark-money network, the uptick in police use of Google’s data, the increase in hacking scam on the el...
•
Season 1
•
Episode 27
•
9:44
October 2: WebP 0day, a youth hacking ring at the center of recent cybercrime sprees, the UNC3944 threat actor’s shift to ransomware attacks, University of Minnesota’s data breach, the $200 million crypto hack on Mixin, and the discovery of China-linked t
Howdy friends. This week I dive into the WebP 0day, the Youth hacking ring at the center of recent cybercrime spree, the financially motivated UNC3944 threat actor that has shifted its focus to ransomware attacks, University of Minnesota’s d...
•
Season 1
•
Episode 26
•
9:03
September 22: The MGM and Caesars hacks, Github launches passkeys, the scam on Mark Cuban's crypto wallet, Microsoft AI researchers data leak, the Microsoft teams' phishing problem, Cisco’s Splunk acquisition, and the T-mobile data breach
Howdy friends. This week I will discuss the MGM Resorts and Caesars Entertainment hacks, Github’s launch of passkeys, Mark Cuban’s crypto wallet hack, the Microsoft AI researchers accidental data leak, the Microsoft teams phishing problem, C...
•
Season 1
•
Episode 25
•
10:56
September 5: Flax Tycoon hacks, Brazilian phone spyware hack, MOVEit hack stats, the dismantling of QakBot infrastructure, a fake Signal app, and Saudi’s death penalty over a man’s tweets
Howdy friends. This week I am covering the China-backed Flax Tycoon hack on Taiwan, a Brazilian phone spyware that was hacked, the MOVEit hack statistics, the FBI and partners dismantling of Qakbot infrastructure in a massive international c...
•
Season 1
•
Episode 24
•
10:25
August 28: UK surveillance changes, CloudNordic’s ransomware incident, a SIM-Swap Crypto Hack, Citrix Sharefile flaw exploit, Tesla’s data breach, and updates on the Lapsus$ and Discord stories from last week
Howdy friends. In this video I go over UK Surveillance requirement revisions, CloudNordic’s ransomware incident, a SIM-Swap Crypto Hack perpetrated on a crypto investor, the Citrix Sharefile flaw exploit, Tesla’s massive data breach of emplo...
•
Season 1
•
Episode 23
•
10:31
August 21: GitHub’s move to Two-Factor, Discord.io’s data breach, Kubernetes misconfiguration that exposes data from Fortune 500 companies, PSNI and UK voter breaches, and the $70 device that spoofs Apple products
Howdy friends. In this video, I cover GitHub’s plans to require two-factor authentication, Discord.io’s recent data breach and shutdown, the Kubernetes misconfiguration that exposes data of several Fortune 500 companies and possibly hundreds...
•
Season 1
•
Episode 22
•
11:32
August 14: Hackers rig casino card-shuffling machine, Rapid7 layoffs, Homeland Security’s report on the Lapsus$ breaches, EvilProxy's phishing campaign, and the cyberattack that caused CardioComm to take their system offline
Howdy friends. In this video, I go over how hackers have rigged casino card-shuffling machines, my take on the Rapid7 layoffs, Homeland Security’s report on the Lapsus$ breaches, EvilProxys phishing campaign, and the cyberattack that c...
•
Season 1
•
Episode 21
•
8:01
August 8: Unlimited Airline Miles, Microsoft Called Out, and Russian Phishing in MS Teams
Howdy friends. In this video, the juiciest in infosec news including a vulnerability that led to unlimited airline miles, Microsoft gets called out, and Russian phishing in MS Teams. We’re sticking with just the...
•
Season 1
•
Episode 20
•
10:56
Vulnerable News: SEC vote requiring incident disclosures, an intentional back door, Google's 0-day year in review, malware in Call of Duty and Lazarus linked to two heists
Howdy friends. In this video, I walk through the SEC vote requiring companies to disclose cybersecurity incidents, an intentional backdoor discovered in radio comms, Google’s 0-day year in review, malware in Call of Duty, and Lazarus linked ...
•
Season 1
•
Episode 19
•
5:32
July 24, 2023 - Two Scams, Leaked Military Emails, the Death of Infosec Twitter, and Google Restricts Internet to Employees
Howdy friends. In this video, I walk through two internet scams found by non-industry experts, how a typo led to a massive US military data leak, the possible death of Infosec twitter, and Google’s pilot program restricting internet access t...
•
Season 1
•
Episode 18
•
51:11
Vulnerable News: July 17, 2023
This week we try something new, talk about China & Russia based threat actors for Microsoft, Clarence Thomas is on Venmo, and an AT&T scam by an employee. Links to articles and references here:
•
Season 1
•
Episode 17
•
22:47
The Power of Empathy in Infosec: 5 Key Steps to a Stronger Defense
In this engaging episode of VulnU, discover how empathy can enhance our defenses, improve security postures, and make us better individuals. Learn five key steps to leverage empathy effectively, including understanding threat actors, designing ...
•
Season 1
•
Episode 16
•
21:08
Cyber Security Breach Data - What Motivates the Hackers?
This week we have a short thought with a big impact. Plus, we cover some exciting news in the infosec world and show you gratitude for being part of this new and exciting journey with us.Verizon DBIR - https://www.verizon.com/business/r...
•
Season 1
•
Episode 15
•
13:10
Navigating Rejection: Learning, Growing, and Moving Forward
This week we turn obstacles into opportunities for self improvement, talk through riveting and (dare I say) comical news, and generally get comfortable in front of the mic and camera. Welcome to Vulnerable U!
•
Season 1
•
Episode 14
•
21:00
