On this episode of Hacker And The Fed we interview Special Agent Aron Mann with Homeland Security Investigations (HSI) Cyber Crime Center about their cyber role and career opportunities. We break down the Colonial Pipeline hack, how the dark web is intensifying the insider threat, and dig into the mother of all breaches. And finally, the SEC's X account was hacked. Links from the episode:  https://www.ice.gov/about-ice/homeland-security-investigations https://www.ice.gov/partnerships-centers/cyber-crimes-center https://www.usajobs.gov/ https://www.usajobs.gov/Search/?k=homeland%20security%20investigator   Colonial Pipeline Hack - May 2021 https://www.justice.gov/opa/speech/dag-monaco-delivers-remarks-press-conference-darkside-attack-colonial-pipeline https://www.justice.gov/opa/pr/department-justice-seizes-23-million-cryptocurrency-paid-ransomware-extortionists-darkside https://www.justice.gov/media/1159701/dl From Loyal Employees to Cybercriminals https://thesun.my/opinion_news/from-loyal-employees-to-cybercriminals-AC12012406 Mother of All Breaches Reveals 26 Billion Records: What We Know So Far https://cybernews.com/security/billions-passwords-credentials-leaked-mother-of-all-breaches/ SECGov X Account https://www.sec.gov/secgov-x-account Support our sponsors: NAXO is a premier cybersecurity and investigations firm, including blockchain forensics, whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content. Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

This week on Hacker And The Fed we interview Greg Van Houten of Haynes Boone and policyholderplaybook.com, a seasoned civil litigator who focuses on insurance recovery. We talk to Greg about the SEC's new cybersecurity disclosure rules, which went into effect this month. We also discuss a massive hack that went unreported, a train hack due to a vendor’s geofencing feature, indictments in an 80-million-dollar pig butchering scheme, and a MongoDB security breach. Links from the episode:  Greg Van Houten of Haynes Boone policyholderplaybook.com   SEC’s cyber disclosure rules: Key considerations for the board, C-suite and risk managers. Authored by Greg Van Houten (Haynes Boone), David Franzel (NAXO), and Chris Tarbell (NAXO) https://www.cybersecuritydive.com/news/secs-cyber-disclosure-rules-tips/700550/   The Biggest Hack Over the Last Few Years Has Gone Unreported https://twitter.com/mattjay/status/1735046508242780575   Train Hack Due to Vendor Geofencing Feature https://social.hackerspace.pl/@q3k/111528165627522619   Polish Hackers Repaired Trains the Manufacturer Artificially Bricked. Now The Train Company Is Threatening Them https://www.404media.co/polish-hackers-repaired-trains-the-manufacturer-artificially-bricked-now-the-train-company-is-threatening-them/   Four Men Indicted in $80 million ‘Pig Butchering’ Scheme https://www.cnbc.com/2023/12/14/pig-butchering-scam-results-in-four-indictments-two-arrests-doj.html   MongoDB Suffers Security Breach, Exposing Customer Data https://thehackernews.com/2023/12/mongodb-suffers-security-breach.html Support our sponsors: NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content. Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

This week on Hacker And The Fed we speak with Lance Taubin of Alston & Bird about being a cyber lawyer, the FBI shares the tactics of the ransomware gang Scattered Spider, a company pays a ransom and their data is exposed anyway, Alpha BlackCat uses government regulations to further pressure a victim to pay, and the FCC is trying to make SIM swapping more difficult. Links from the episode:  FBI Shares Tactics of Notorious Scattered Spider Hacker Collective https://www.bleepingcomputer.com/news/security/fbi-shares-tactics-of-notorious-scattered-spider-hacker-collective/   Dolly.com Pays Ransom, Attackers Release Data Anyway https://cybernews.com/security/dolly-data-breach-ransomware-attack/#google_vignette   Ransomware Gang Files SEC Complaint Over Victim’s Undisclosed Breach https://www.bleepingcomputer.com/news/security/ransomware-gang-files-sec-complaint-over-victims-undisclosed-breach/   FCC Enforces Stronger Rules to Protect Customers Against SIM Swapping Attacks https://thehackernews.com/2023/11/fcc-enforces-stronger-rules-to-protect.html   Lance Taubin | Technology and Privacy Attorney | Alston & Bird Support our sponsors: NAXO is a premier cybersecurity and investigations firm whose mission to fight cybercrime aligns perfectly with Hacker and the Fed’s content. Go to cloudsolvers.com tell them “Hacker and the Fed sent you” to get a free assessment of your current environment.

This week on Hacker And The Fed we break down the SolarWinds hack, there are 8 new vulnerabilities found in SolarWinds, thousands of remote IT workers have been working for North Korea, hackers are targeting a company that handles data requests for law enforcement, and we answer listener questions about VPN services, password managers and patch management. Links from the episode:  Critical SolarWinds RCE Bugs Enable Unauthorized Network Takeover https://www.darkreading.com/vulnerabilities-threats/critical-solarwinds-rce-bugs-enable-unauthorized-network-takeover   Thousands of Remote IT Workers Sent Wages to North Korea to Help Fund Weapons Program, FBI Says https://apnews.com/article/north-korea-weapons-program-it-workers-f3df7c120522b0581db5c0b9682ebc9b?taid=6531b8b29c11a80001ef2a28   Hackers Target Company That Vets Police Data Requests for Tech Giants https://www.404media.co/hackers-target-kodex-accounts-edrs/   Support our sponsors: Go to JoinDeleteMe.com/FED and use the code FED20 for 20% off Go to Cloudsolvers.com and tell them "Hacker and the Fed sent you" for a free assessment of your current environment Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com

This week on Hacker And The Fed we offer updates on the MOVEit and MGM Resorts hacks, the US State Department has no idea if its IT security actually works, the Senate's email system melts down in the face of a security test, Cisco can't stop using static passwords, and we answer listener questions about Single Sign-on, circumventing company IT rules, and LinkedIn profiles. Links from the episode: MOVEit Maker Announces New Critical Vulnerability Affecting a Different File Transfer Tool https://therecord.media/progress-new-file-transfer-vulnerability   MGM Resorts Hack Update https://x.com/brettforrest89/status/1711885567695433765   US State Dept has No Idea if its IT Security Actually Works, Say Auditors https://www.theregister.com/2023/10/02/us_state_security_gao/ https://endoflife.date/windows   The Senate’s Email System Melted Down in the Face of Security Test https://www.politico.com/minutes/congress/09-8-2023/senate-reply-all-mess/   Cisco Can't Stop Using Static Passwords https://www.schneier.com/blog/archives/2023/10/cisco-cant-stop-using-hard-coded-passwords.html Support our sponsors: Get your Hacker and the Fed merchandise at hackerandthefed.com Send HATF your questions at questions@hackerandthefed.com