Less than one year ago, the worst ransomware attack in history struck dozens of organizations. Threat actors had exploited a serious flaw in the remote monitoring and management tool Kaseya VSA that, when discussed on the Lock and Code podcast, was revealed to be “not advanced at all.”

This was far from the only software vulnerability that the public learned about last year.

When Lock and Code discussed the efforts by agricultural companies to turn their physical equipment, like tractors and combines, into smart devices, we learned about simple flaws that allowed a group of hackers to uncover user IDs for pretty much every registered device in a company’s database. And we learned that the IDs could, through a simple comparison search with the Fortune 500, reveal what companies were clients of that agricultural company.

And when we discussed the famous app Clubhouse, we learned about an eavesdropping flaw that was discovered with no technical hacking requirements—all that was necessary was two iPhones.

These examples and many, many more throughout cyber-history beg the question: What is going on with how our applications are developed?

Today on the Lock and Code podcast with host David Ruiz, we speak to returning guest Tanya Janca to understand the many stages of software development and how security trainers can better work with developers to build safe, secure products. According to Janca, a good security team takes the security of their developers’ products as their own responsibility.

“It’s our job to help them make their software secure. If at the end, they have all these things wrong, guess what, it’s because our team, the security team, is not doing a good job”

Tanya Janca, Director of developer relations of Bright, founder of the online training academy We Hack Purple and author of Alice and Bob Learn Application Security.

Tune in to hear all this and more on this week’s Lock and Code podcast by Malwarebytes Labs.

Recovering from romance scams with Cindy Liebes Lock and Code

Earlier this year, a flashy documentary premiered on Netflix that shed light onto on often-ignored cybercrime—a romance scam. In this documentary, called The Tinder Swindler, the central scam artist relied on modern technologies, like Tinder, and he employed an entire team, which included actors posing as his bodyguard and potentially even his separated wife. After months of getting close to several women, the scam artist pounced, asking for money because he was supposedly in danger.  The public response to the documentary was muddy. Some viewers felt for the victims featured by the filmmakers, but others blamed them. This tendency to blame the victims is nothing new, but according to our guest Cindy Liebes, Chief Cybersecurity Evangelist for Cybercrime Support Network, it's all wrong. That's because, as we discuss in today's episode on Lock and Code with host David Ruiz, these scam artists are professional criminals.  Today, we speak with Liebes to understand how romance scams work, who the victims are, who the criminals are, what the financial and emotional damages are, and how people can find help.  Show notes and credits: Intro Music: "Spellbound” by Kevin MacLeod (incompetech.com) Licensed under Creative Commons: By Attribution 4.0 License http://creativecommons.org/licenses/by/4.0/ Outro Music: “God God” by Wowa (unminus.com)
  1. Recovering from romance scams with Cindy Liebes
  2. Why software has so many vulnerabilities, with Tanya Janca
  3. Why data protection and privacy are not the same, and why that matters
  4. Telling important stories securely, with Runa Sandvik
  5. De-Googling Carey Parker’s (and your) life

You can also find us on Apple PodcastsSpotify, and Google Podcasts, plus whatever preferred podcast platform you use.