Marina Ciavatta: Going after the human error. [Social engineer]
the cyberwire
16 hours ago
Marina Ciavatta: Going after the human error. [Social engineer]
Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical pentesting "try to find other social engineers to mingle. It's in the name. We are social creatures." We thank Marina for sharing her story with us.
Career Notes
Marina Ciavatta: Going after the human error. [Social engineer]
the cyberwire
16 hours ago
Marina Ciavatta: Going after the human error. [Social engineer]
Social engineer and CEO of Hekate, Marina Ciavatta, shares her story of how people think her job is a la Mission Impossible coming from the ceiling with a rope and stealing stuff in the dead of the night. Marina does physical pentesting. Starting with an unused degree in journalism, Marina turned her talent for writing into a job as a content producer for a technology company and this appealed to her self-proclaimed nerdism. She fell in love with hacking and got into pentesting thanks to a friend. Marina recommends those interested in physical pentesting "try to find other social engineers to mingle. It's in the name. We are social creatures." We thank Marina for sharing her story with us.
Career Notes

Cybersecurity News

the cyberwire
Jan 15, 2022
Keeping APIs on the radar: Evaluating the banking industry.
This episode features guest Alissa Knight, former hacker and partner at Knight Ink, along with Karl Mattson, CISO from Noname Security, discussing findings on severe API vulnerabilities in U.S. banking applications research that was conducted by Alissa and funded by Noname Security. The research, “Scorched Earth: Hacking Bank APIs,” unveils a number of vulnerabilities in the banking, cryptocurrency exchange, and FinTech industries. In her Money 20/20 keynote presentation entitled “Scorched Earth: Hacking Bank APIs”. In her presentation, Alissa revealed that she was able to gain access to 55 different banks and change PIN codes and move money in and out of accounts. Three lessons learned include: API security vulnerabilities affect all enterprises, API security needs to be operationalized across the enterprise, and API security requires posture management, runtime security, and active testing.
Research Saturday
the cyberwire
Jan 15, 2022
Cyberattacks hit Ukrainian government sites. Iranian cyberespionage activity: attribution and TTPs. REvil members arrested in Russia.
Cyberattacks hit Ukrainian government sites. Iranian cyberespionage activity: attribution and TTPs. REvil members arrested in Russia.
Week that Was
the cyberwire
Jan 14, 2022
Influence operations in the grey zone. FSB raids REvil. Open Source Software Security Summit looks to public-private cooperation. Privateering and state-sponsored cybercrime.
A large-scale cyberattack against Ukrainian websites looks like an influence operation, and Russian intelligence services are the prime suspects. The FSB raids REvil. The White House Open Source Software Security Summit looks toward software bills of materials. MuddyWater exploits Log4shell. The DPRK is working to steal cryptocurrency. Caleb Barlow shares the consequences of the 3G network shutdown. Our guest is John Lehmann from Intellectual Point with programs that help military veterans transition to the cybersecurity industry. Honor among thieves, and spies.
CyberWire Daily
the cyberwire
Jan 14, 2022
TLDR Bill would mandate "nutrition-label" terms of service. FBI shifts cyber priorities. GAO reports on SolarWindsincident. FSB liquidates REvil. Reaction to FCC's proposed disclosure rules.
TLDR Bill would mandate "nutrition-label" terms of service. FBI shifts cyber priorities. GAO reports on SolarWinds exploitation discovery and response. FSB liquidates REvil. Reaction to the FCC's proposed disclosure rules.
Policy
the cyberwire
Jan 14, 2022
Maryland confirms ransomware attack. Austria finds a use of Google Analytics to be a GDPR violation. Accellion settles breach suit.
Maryland confirms ransomware attack. Austria finds a use of Google Analytics to be a GDPR violation. Accellion settles breach suit.
Privacy
the cyberwire
Jan 14, 2022
John Lehmann from Intellectual Point on two military programs to help veterans transition to the cybersecurity industry.
This interview from November 19th, 2021 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Dave Bittner sits down with John Lehmann from Intellectual Point to discuss two military programs to help veterans transition to the cybersecurity industry.
Interview
Load More
Grow your brand, generate leads, and fill your funnel.
With the industry’s largest B2B podcast network, popular newsletters, and influential readers and listeners all over the world, companies trust the CyberWire to get the message out.
Learn More