Cybersecurity Today (Jim Love)

This episode reports on complaints about the proposed UN cybercrime treaty, servers used by Islamic State terrorists shut, and more 

Massive Data Breach, Outlook's Phishing Risk, and Windows Downgrade Attack Vulnerabilities

In this episode of Cybersecurity Today, host Jim Love delves into one of the largest data breaches in history involving 2.9 billion records leaked without user consent by National Public Data. He also covers the backlash against Microsoft Outlook's email interface, which has inadvertently facilitated phishing attacks, and discusses a Black Hat presentation revealing vulnerabilities that allow attackers to unpatch fully updated Windows systems. Join us for insights and the latest updates in the world of cybersecurity.

00:00 Introduction and Major Data Breach Overview
00:31 Details of the National Public Data Breach
01:07 Implications and Legal Actions
02:42 Microsoft Outlook Phishing Vulnerability
04:08 Windows Security Vulnerability Exposed at Black Hat
05:57 Conclusion and Upcoming Content

In today's episode of Cybersecurity Today, host Jim Love covers stories including, Cisco releases an emergency patch for a vulnerability exploited in brute force attacks, Delta Airlines sues CrowdStrike over a problematic software update leading to flight disruptions, UnitedHealth confirms the massive data breach at Change Healthcare affecting 100 million people, and Apple announces a $1 million bug bounty for hacking Apple Intelligence servers. Stay informed on these pivotal issues impacting the tech and cybersecurity landscape.

00:00 Emergency Patch for Cisco Vulnerability
02:02 Delta Sues CrowdStrike Over Flight Disruptions
03:48 Apple's $1 Million Bug Bounty Program
05:14 UnitedHealth Data Breach Impact
07:17 Show Wrap-Up and Contact Information

Cybersecurity Insights: Malvertising, Phishing Trends, and North Korean Hackers

In this weekend edition of 'Cybersecurity Today,' host Jim Love brings together experts Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Greg Monson from Trustwave.

The panel explores the latest trends in cybersecurity, including a deep dive into a report on 'Malvertising,' the use of social media advertising to distribute malware.

They also discuss a significant rise in phishing attempts and the challenges of detecting them, revealing a worrying leakage rate of up to 50%.

The panel delves into a fascinating and concerning trend: North Korean hackers being hired as remote workers to infiltrate companies.

Finally, they analyze the recent Delta lawsuit against CrowdStrike and Microsoft's involvement in the case.

Tune in for expert insights, practical advice, and the latest updates in the ever-evolving field of cybersecurity.

00:00 Introduction and Panelist Introductions
01:27 Malvertising: A New Cyber Threat
04:13 The Rise of Alternative Communication Channels
07:39 Corporate Dangers of Facebook Account Takeovers
12:04 North Korean Hackers in Remote Work
20:11 Navigating Reference Checks and Hiring Challenges
20:27 The Intricacies of the Prisoner Swap
21:49 CrowdStrike's Legal Battle with Delta
24:24 The IT Professional's Dilemma
30:25 Phishing Email Statistics and Security Measures
35:59 Concluding Thoughts and Future Topics

Phishmas Alert: Tackling Holiday Season Cyber Threats

In this episode of Cybersecurity Today, the weekend show, the host is joined by guest David Shipley to discuss the rise in phishing activities during the holiday season, humorously dubbed 'Phishmas.' They delve into the psychology behind phishing, the impact of seasonal stress on individuals, and the tactics cybercriminals use to exploit these conditions. The episode also highlights recent research on phishing trends, the broader scope of consumer fraud, and the challenges faced by law enforcement in combating these crimes. Practical advice for individuals and organizations to protect themselves is also provided, along with a call to action for greater governmental response and individual vigilance.

00:00 Introduction to Phishmas
00:41 The Importance of Good Research
01:01 Understanding Data vs. Facts
02:02 Phishing During the Holiday Season
03:13 The Mechanics of Phishing Scams
04:51 The Role of Typo-Squatting in Phishing
06:13 The Evolution of Phishing Techniques
09:16 The Human Factor in Phishing
13:10 The Impact of AI on Phishing
18:19 Psychological Tactics in Phishing
21:08 Retailer Perspective on Cyber Threats
22:21 Rise of Fraud in North America
22:57 Impact of Fraud on Individuals
24:01 Challenges in Combating Fraud
27:59 Strategies to Protect Yourself
32:25 Role of Retailers and Banks
35:45 Political and Legislative Actions
38:47 Final Thoughts and Call to Action

Cyber Security Today: Navigating Novel Phishing Campaigns and Ransomware Tactics

Join host Jim Love and the Cyber Security Today panel featuring Terry Cutler of Cyology Labs, David Shipley of Beauceron Security, and cybersecurity executive John Pinard. In this episode, they delve into pressing cybersecurity challenges such as novel phishing tactics using corrupted Word documents, the importance of robust offboarding processes in light of breaches at major companies like Disney, and the ramifications of a major ransomware attack on the City of Hamilton. Topics also include the recurring issue of session cookie theft, the implications of third-party cybersecurity risk as seen in the Blue Yonder ransomware attack impacting Starbucks, and the rise of hacktivism. Tune in for valuable insights and discussions aimed at improving cybersecurity measures in an ever-evolving threat landscape.

00:00 Introduction and Panelist Introductions
00:40 David Shipley's Cyber Risk Talk
02:39 Novel Phishing Campaign Discussion
06:08 Fileless Malware and Human Error
10:44 Offboarding and Internal Audits
19:48 Vendor Responsibility and Ransomware
27:06 City of Hamilton Cyber Attack
28:19 Keynote Talks and Cybersecurity Challenges
29:30 The Reality of Cyber Attacks
29:46 Ransomware and Business Email Compromise
31:21 Cyber Insurance and Its Pitfalls
32:44 Andrew Tate Hack and Hacktivism
36:04 Chinese State-Sponsored Hacks
41:26 Canadian Cybersecurity Issues
44:53 Session Cookies and Two-Factor Authentication
49:45 AI in Software Development
56:42 Concluding Thoughts and Final Remarks

Welcome to the weekend edition of Cybersecurity Today! Join host Jim Love as he delves into the top cybersecurity stories of the month with industry experts David Shipley of Beauceron Security, Terry Cutler of Cyology Labs, and special guest Kim Schreader from TELUS. This episode covers a range of vital topics, including AI's impact on cybersecurity, the alarming rise in API vulnerabilities, and a shocking report on the Canadian Revenue Agency's fraud losses. The panel also discusses cybersecurity awareness, the overlooked importance of protecting our libraries, and innovative ways to educate the next generation on cybersecurity. Don't miss their insights, expert opinions, and the debut of the cyber stinky award!

00:00 Introduction and Panelist Welcome
00:39 Kim Schreader's Background and Cybersecurity Insights
01:44 Cybersecurity Awareness Month Highlights
02:11 Phishing Milestones and Challenges
03:34 Home Cybersecurity and Public Engagement
04:59 SecTor Event and Cyber Insurance Study
06:10 Sextortion Emails and Ransomware Threats
07:30 Revenue Canada Fraud Scandal
14:31 Legacy Systems and Cybersecurity Accountability
17:55 AI in Cybersecurity: Threats and Opportunities
26:43 Medical Imaging Vulnerabilities
27:35 IoT Device Security Concerns
29:25 API Vulnerabilities and Exploits
31:45 Importance of Pen Testing
39:41 AI and Prompt Injection Risks
46:58 Education and Cybersecurity Awareness
52:23 Library Cyber Attacks and Conclusion

In this episode of 'Cybersecurity Today: The Week in Review,' host Jim Love discusses critical cybersecurity incidents with guests Terry Cutler, CEO of Cyology Labs, and David Shipley from Beauceron Security. The panel delves into the devastating effects of a ransomware attack on the blood donation nonprofit OneBlood, emphasizing the broader implications for healthcare and emergency services. They also address the Canadian investigation into Ticketmaster's security practices and Microsoft's recent global outage, highlighting the significant challenges and necessary responses in safeguarding IT infrastructure. The discussion underscores the urgency of improving cybersecurity measures, particularly in healthcare, and the complexities of implementing effective regulations.

00:00 Introduction and Panel Introduction
00:19 Ransomware Attack on OneBlood
01:46 Healthcare System Vulnerabilities
04:05 Challenges in Cybersecurity for Healthcare
13:03 Ticketmaster Investigation and Government Inaction
20:03 Delta Airlines Lawsuit and Insurance Implications
28:38 Microsoft Global Service Interruption
35:12 Conclusion and Final Thoughts

This episode features a discussion on the latest MOVEit vulnerability, a report on recruiting cybersecurity pros and how an API coding error is being blamed for a large cyber breach in Australia

This episode reports on new reports on vulnerabilities and software supply chain security

Cybersecurity Failures: Lawsuits, Outages, and International Threats

In this episode of Cybersecurity Today, host Jim Love covers a range of critical cybersecurity issues. The U.S. sues Georgia Tech for not meeting cybersecurity standards as a Pentagon contractor. A potential cyber attack disrupts operations at Seattle’s port and airport. Microsoft plans a security summit following a major global IT outage caused by CrowdStrike. The effectiveness of publicly naming and shaming countries sponsoring cyberattacks is questioned. Join us as we delve into these pressing topics and their implications for cybersecurity policy and infrastructure resilience.

00:00 Cybersecurity Headlines: U.S. Sues Georgia Tech and Seattle Port Outage
00:24 Seattle Port and SeaTac Airport Cyber Attack Details
01:56 U.S. Government Sues Georgia Tech Over Cybersecurity Failures
03:27 Microsoft Security Summit and CrowdStrike Outage
04:11 Debate Over Microsoft's Proposed Security Changes
05:13 Effectiveness of Naming and Shaming in Cybersecurity
06:41 Challenges in Combating State-Sponsored Cyber Attacks
07:05 Conclusion and Show Notes

This episode reports on a warning to patch Serv-U applications, the workings of the Rafel trojan, and more 

Cybersecurity Insights: Vulnerabilities, Insider Threats, and the Future of Online Safety

In this weekend edition of Cybersecurity Today, host Jim Love is joined by regulars Terry Cutler of Cyology Labs and David Shipley of Beauceron Security, alongside special guest Laura Payne from White Tuque. They discuss significant cybersecurity news including the new additions to CISA's known exploited vulnerabilities catalog, a hilarious yet eye-opening domain purchase incident, and the ongoing issue of insider threats. The panel also dives into the complexities surrounding recent breaches like the one at Avis and the broader implications of data vulnerabilities. Stay tuned for the latest insights and expert opinions on what's happening in the cybersecurity world.

00:00 Introduction and Panelist Introductions
01:31 Format Overview and First Cybersecurity Story
01:47 Discussion on CISA's Vulnerability Catalog
02:51 Challenges in Patch Management
06:45 Microsoft's Patch Tuesday Controversy
10:49 The $20 Domain Vulnerability
15:42 Insider Threats and Real-World Incidents
18:11 Handling Disgruntled Employees
18:51 Insider Threats: Real-Life Examples
19:41 Preventing Insider Threats
21:30 Password Management and Security
22:53 Case Study: Sales Employee Walks Out with Client List
23:42 Jurassic Park and Risk Management
24:32 Avis Data Breach: What Happened?
25:51 The Importance of Identity Theft Protection
29:44 Challenges in Cybersecurity Awareness
34:27 Microsoft's New Security Measures
35:07 Conclusion and Farewell

This episode reports on an updated explanation of the hack of Los Angeles County's health department, an API coding error that led to a huge data breach in Australia, and more

A new ransomware group that has been discovered is highlighted in this edition

In this special edition of Cybersecurity Today, your deepfake host Jim Love dives into the world of cybersecurity with new guests Marcel Gagné, an open-source guru, and Andréanne Bergeron, the director of research at GoSecure. The panel, including regular David Shipley, discusses the increasing threat of deepfakes in corporate and political spheres, the resilience required to combat modern cyber threats, and the necessity of critical thinking and education to navigate the ever-evolving landscape. From CrowdStrike's humble admission of a major security lapse to the growing concerns around AI-driven attacks, this episode offers insights and practical advice for both IT professionals and the general public. Don't miss out on this engaging discussion on how to stay ahead of cybersecurity challenges!

00:00 Introduction to Cybersecurity Today
00:22 Meet the Panel: Experts in Cybersecurity
02:08 CrowdStrike's Humility at DEF CON
03:54 Elon Musk and Infrastructure Failures
12:05 The Debate on Digital Identification
21:02 Deep Fakes: The New Frontier
23:59 The Rise of Digital Avatars
24:28 Open Source and Security Concerns
24:55 Commercial Availability and Control Issues
26:08 Media and Public Perception
26:56 Deepfakes in Politics and Business
27:29 Ease of Creating Deepfakes
27:57 Real-Time Deepfake Threats
29:12 Organizational Resilience and Culture
29:59 Human Psychology and Cybercrime
33:19 The Future of AI and Human Intelligence
35:23 Critical Thinking and Education
37:19 Balancing Technology and Human Factors
39:33 Final Thoughts and Recommendations
50:14 Closing Remarks and Acknowledgements

Cybersecurity News: Microsoft Patch Issues, Chrome Vulnerabilities, and T-Mobile Settlement

In this episode of Cybersecurity Today, Jim Love discusses several pressing issues in the tech world. Early feedback on Microsoft's Windows 11 October Patch Tuesday update reveals significant stability issues. Google Chrome receives a second major security update in ten days due to four new high severity vulnerabilities. The Canadian Internet Registration Authority (CIRA) publishes its annual cybersecurity study highlighting the costs and damages from cyberattacks on Canadian businesses. A coalition of major security agencies releases a report on detecting and mitigating Active Directory compromises. Lastly, T-Mobile agrees to a $31.5 million settlement with the FCC over multiple data breaches affecting millions of U.S. customers. Stay tuned for more insights and updates!

00:00 Introduction and Podcast Promotion
00:38 Microsoft's October Patch Tuesday Issues
02:29 Urgent Chrome Security Update
03:27 CIRA's Annual Cybersecurity Study
05:18 Active Directory Compromise Report
06:57 T-Mobile's FCC Settlement
08:38 Conclusion and Sponsor Message

In this episode of Cybersecurity Today, host Jim Love explores the aftermath of Microsoft's 10-hour global outage due to a DDoS attack, the Canadian Privacy Commissioner's investigation into Ticketmaster, the severe impact of a ransomware attack on U.S. blood bank OneBlood, and the cascading legal ramifications CrowdStrike faces after a disastrous software update. The episode delves into the broader implications of these cyber incidents and stresses the urgent need for robust cybersecurity measures.

00:00 Introduction and Major Headlines
00:29 Microsoft's 10-Hour Outage: Causes and Consequences
02:39 Ticketmaster Under Investigation: Privacy Concerns
03:45 OneBlood Ransomware Attack: Impact on Blood Supply
05:13 CrowdStrike Legal Battles: Fallout from Software Update
07:21 Conclusion and Upcoming Shows

Critical Cyber Security Alerts: Major Vulnerabilities and Exploits Unveiled

In today's episode of Cyber Security Today, host Jim Love discusses a series of alarming cyber security incidents. Topics include a sophisticated attack exploiting a zero-day vulnerability in a popular network management platform, critical patches from SonicWall and Google addressing severe vulnerabilities, and an update on the National Public Data hack revealing deeper security issues. Learn about the latest threats and essential security measures you need to take now.

00:00 Introduction and Headlines
00:22 Sophisticated Cyber Attack on ISPs
02:43 SonicWall Firewall Vulnerability
04:29 Google Chrome Zero-Day Exploit
06:23 National Public Data Breach Update
07:58 Conclusion and Additional Resources

Security Risks with Apple's OS Update, Disney Ditches Slack, and GitHub Hack Alert

In this episode of Cyber Security Today, host Jim Love discusses pressing issues in the cybersecurity landscape: Apple's latest macOS update, Sequoia version 15, causing compatibility issues with major security tools; Disney's move to scrap Slack after a significant data breach; a sophisticated GitHub phishing attack leveraging GitHub's notification system; and German police's breakthrough in unmasking anonymous Tor users. Key takeaways include advice for IT professionals on managing OS updates, the implications of corporate messaging app breaches, precautions for GitHub users, and recommendations for maintaining anonymity on the Tor network.

00:00 Introduction and Headlines
00:21 Apple's Mac OS Sequoia Update Issues
02:00 Disney Dumps Slack After Data Breach
03:13 GitHub Phishing Campaign Exploits Developers
04:44 German Police Unmask Tor Users
07:19 Conclusion and Show Notes

Cybersecurity Today: Wayback Machine Read-Only, AI-Driven Phishing, and Quantum Computing Breakthroughs

In this episode of Cybersecurity Today, host Jim Love discusses the recent cyber incident with the Internet Archive's Wayback Machine, which is now back online in read-only mode. He outlines sophisticated AI-driven Gmail phishing schemes that are fooling even tech experts and reports on Chinese researchers' breakthrough using a Canadian quantum computer to potentially crack military-grade encryption. Jim also shares practical advice on staying vigilant against such cyber threats.

00:00 Introduction and Schedule Update
00:22 Cybersecurity News Highlights
00:44 Internet Archive's Wayback Machine Breach
02:06 Sophisticated AI-Driven Gmail Phishing Scams
05:45 Quantum Computing Breakthrough in Encryption
07:10 Conclusion and Sign-Off

North Korean State Actor Infiltrates US Security Firm | Cybersecurity Today

In this episode of Cybersecurity Today, host Jim Love covers two major incidents. The first is an American firm, KnowBe4, inadvertently hiring a North Korean state actor posing as a software engineer, leading to an attempted malware installation. He discusses the techniques used by the threat actor and the broader implications for cybersecurity. The second story involves CrowdStrike's post-incident review of a system crash, detailing the causes, the company's response, and criticisms of their crisis communication strategy. Tune in to learn about these pressing cybersecurity challenges and how companies are handling them.

00:00 A Shocking Cybersecurity Incident
00:20 North Korean State Actor Infiltration
01:59 CrowdStrike's Post Incident Review
05:07 CrowdStrike's Crisis Communication Failure
06:31 Conclusion and Upcoming Shows

Toronto School Board Hack & Cybersecurity Best Practices: Expert Panel Discussion

Welcome to the weekend edition of Cybersecurity Today, hosted by Jim Love! Join our expert panel featuring Terry Cutler from Cyology Labs, David Shipley of Beauceron Security, and special guest Daina Proctor from IBM Security Services Canada. This episode dives into recent cybersecurity stories including a major data breach at the Toronto District School Board and continued fallout from the MoveIT software hack. Our experts discuss the importance of robust security measures, the cultural shift needed in organizations to handle cyber threats, and the increasing role of cybersecurity insurance. We’ll also explore fascinating stories like active listening on Android phones and Disney's legal backtrack. Don't miss out on this insightful and engaging conversation!

00:00 Introduction and Panelist Welcome
01:26 Toronto School Board Cyber Attack
02:16 Challenges in School Cybersecurity
10:52 MoveIT Hack and Its Implications
15:43 Insurance and Cybersecurity
25:19 City of Columbus Data Breach
26:21 Spotting the Problem: Data Overload
26:31 Columbus Breach: Encryption and Legal Battles
27:25 The Streisand Effect and Legal Protections
28:20 Personal Story: Public Information and Security
29:19 Human Element in Cyber Attacks
34:20 Incident Response Planning and Simulations
39:13 Proactive Cybersecurity Measures
46:40 Consumer Data Privacy Concerns
54:01 Conclusion and Final Thoughts

Terry referred to CyologyLab.com/start for the video and the free tools.

Join Jim Love on a special edition of Cybersecurity Today and Hashtag Trending as he delves into the recent CrowdStrike incident that led to a global IT meltdown. With over 8.5 million Windows devices affected by a faulty CrowdStrike Falcon update, this event is being compared to Y2K and WannaCry. Discover the widespread impacts across key industries, the technical details behind the kernel-crashing error, and the fallout for companies and IT professionals. Learn why this disaster has created such frustration and anger in the cybersecurity community and what steps are being taken to recover. Tune in to understand the broader economic and societal implications of what is being called the 'worst cyber event in history.'

00:00 Introduction and Host Introduction
00:19 CrowdStrike Incident Overview
00:46 Community Reactions and Frustrations
02:29 Understanding CrowdStrike's Role
04:49 Technical Breakdown of the Issue
07:59 Impact and Consequences
09:04 Response and Fixes
12:33 Lessons and Future Precautions
13:20 Final Thoughts and Warnings
13:58 Conclusion

Cybersecurity Today: Microsoft Updates, Gen AI Risks, and Liminal Panda Threat

In this episode of Cybersecurity Today, host Jim Love discusses major cybersecurity updates from Microsoft's Ignite conference, including enhancements to Windows security and device recovery. A survey by LegitSecurity highlights the security risks associated with generative AI in software development. CrowdStrike reveals Liminal Panda, a Chinese cyber threat to telecoms. Additionally, a report from the EPA's Office of Inspector General exposes significant cybersecurity vulnerabilities in U.S. drinking water systems. This episode is brought to you by CDW Canada Tech Talks.

00:00 Introduction and Sponsor Message
00:42 Microsoft's New Cybersecurity Features
02:10 Generative AI and Software Development Risks
04:30 Liminal Panda: A New Cyber Threat
06:24 Cybersecurity Vulnerabilities in US Water Systems
08:35 Conclusion and Sponsor Acknowledgment

In this episode of Cybersecurity Today, host Jim Love dives into the alarming rise of deepfake scams, highlighting how threat actors are using AI-generated videos to lure victims into fraudulent schemes. A notable campaign involves deepfake videos of Elon Musk promoting 'Quantum AI.' Additionally, the episode covers a sophisticated cyber attack where fake Palo Alto's Global Protect VPN is used to deploy malware. Lastly, it discusses Russia's potential threats against undersea communication cables and GPS systems, emphasizing the growing vulnerabilities in global infrastructure. Stay informed and secure with this essential update.

00:00 Introduction and Headlines
00:23 Deepfake Scams: The New Frontier
01:26 Quantum AI Scam Breakdown
02:47 Fake Palo Alto VPN: A Sophisticated Cyber Attack
04:21 Russia's Threat to Global Communications
06:35 Conclusion and Upcoming Show

A report on business email compromise attacks is highlighted in this edition

This episode reports on how outdated software played a role in a lengthy hack, the latest VMware security update, and more

CyberSecurity Today: Zip File Attacks, iPhone Reboots, and LLM Vulnerabilities

In today's episode, host Jim Love discusses hackers leveraging zip file concatenation to evade detection, mysterious iPhone reboots hindering police investigations, and Mozilla's Odin's in-depth analysis of security issues in a large language model. Discover how cybercriminals hide Trojans in zip files, how the iOS 18 feature Before First Unlock (BFU) could be affecting forensic examinations, and explore the intricacies of prompt injections and security implications in ChatGPT. Plus, tune in for an exclusive interview with Marco Figueroa from Mozilla's Odin Bug Bounty project to delve deeper into these findings.

00:00 Introduction and Headlines
00:21 Hackers Exploit Zip File Concatenation
01:48 Phishing Campaign with Remcos RAT
03:12 Mysterious iPhone Reboots
04:18 Mozilla's Odin Project and LLM Security
06:40 Conclusion and Afterwords

A Hacker's Perspective on Vulnerable Civic Infrastructure

In this episode, host Jim Love explores the vulnerabilities of civic infrastructure with cybersecurity expert Nick Aleks. They discuss how hackers view and exploit city systems, the dangers of default passwords and outdated firmware, and the risks associated with smart buildings and operational technology. Nick provides insights on how bad actors can leverage these weaknesses for massive attacks and offers recommendations for improving security through collaboration, proactive measures, and the incorporation of AI technologies. This enlightening discussion highlights the urgent need for better security practices in our increasingly connected urban environments.

00:00 Introduction and Context
00:18 Meet the Expert: Nick Aleks
00:51 A Hacker's Perspective on City Infrastructure
03:20 Penetration Testing and Vulnerabilities
04:26 Targeting Civic Infrastructure
20:30 Smart Buildings and IoT Security
25:12 Defensive Strategies and Collaboration
32:29 The Role of AI in Security
35:06 Conclusion and Final Thoughts

Cyber Security Today: Fortinet Data Breach, Seattle Ransomware Attack, and Lazarus Targeting Developers

In this episode of Cyber Security Today, host Jim Love covers Fortinet's confirmation of a data breach after a hacker claims to have stolen 440GB of data. The episode also discusses the cyber attack on Seattle Tacoma International Airport by the Rysida ransomware group and the port's refusal to pay the ransom. Additionally, North Korean hacker group Lazarus is targeting Python developers via malicious coding tests as part of the VM connect campaign. Stay tuned to learn more about these pressing cybersecurity issues.

00:00 Introduction to Cyber Security Today
00:27 Fortinet Data Breach Details
02:15 Seattle Tacoma Airport Ransomware Attack
03:41 Lazarus Group Targets Python Developers
05:30 Conclusion and Final Thoughts

Unveiling the Truth: Insights into Cyber Security Awareness and Phishing

In a special crossover episode of Cyber Security Today and Hashtag Trending, host Jim Love discusses the biases and challenges in technology marketing research with guest David Shipley, head of Beauceron Security. The conversation examines the significance of security awareness, focusing on phishing simulations. Shipley shares insights from his research, emphasizing the optimal frequency of monthly phishing tests and the importance of reporting rates. The episode also covers the psychological aspects of cyber security, sustainability of gamification in training, and highlights the need for balancing training demands to avoid negative impacts of overtraining. Listeners are encouraged to reflect on the insights shared and respond with their thoughts on the program's format.

00:00 Introduction and Overview
00:15 The Problem with Technology Marketing Research
00:46 Bias in Research and Media
01:33 Importance of Objective Research
02:24 Introducing David Shipley and His Research
03:08 Understanding Human Behavior in Cybersecurity
05:38 Phishing Research and Findings
07:19 Effective Phishing Simulations
15:02 Insights from Phishing Data
22:14 The Importance of Reporting and Feedback
22:32 Multi-Channel Communication Strategies
23:53 Gamification and Personal Cyber Risk Scores
25:16 Behavioral Economics in Cybersecurity
27:07 The Impact of Intrinsic Motivation
29:22 The Role of Psychology in Cybersecurity
30:15 The Framing Effect and Security Perception
32:19 Optimism Bias and Security Awareness
35:00 The Dunning-Kruger Effect in Training
37:29 Anchoring Bias and Phishing Indicators
39:03 Key Takeaways and Final Thoughts

Cybersecurity Today: Supply Chain Attacks, Data Breaches, and Botnet Threat Disruptions

In this episode of 'Cybersecurity Today,' host Jim Love covers pressing issues in the cybersecurity world, including a supply chain attack in Lebanon, a major data breach at AT&T resulting in a $13 million fine, and the disruption of the Chinese botnet known as Raptor Train. The AT&T breach underscores the risks of weak vendor data protection, while the weaponization of communication devices in Lebanon signals new threats in cyber-physical warfare. The episode also highlights the resilience of the Raptor Train botnet, attributed to the Chinese state-sponsored group Flax Typhoon, and the steps taken by the FBI to mitigate this threat. Listeners are advised to enhance their cybersecurity practices to protect against these multifaceted attacks.

00:00 Introduction to Cybersecurity Today
00:23 AT&T's $13 Million Fine for Data Breach
02:03 Weaponized Communication Devices in Lebanon
03:50 Disruption of the Chinese Botnet Raptor Train
05:28 Conclusion and Sign-Off

This episode includes a discussion on Microsoft and Google's offer to help U.S. rural hospitals tighten their cybersecurity, a report on top network vulnerabilities found by penetration testers and the latest news on hacks of Snowflake customers.

Cybersecurity Today: Cloudflare's DDoS Victory, Russian Hacker Arrests, and Truth Social Scams

In this episode of Cybersecurity Today, host Jim Love discusses Cloudflare's successful mitigation of the largest recorded DDoS attack, showcasing the company's advanced defense capabilities. The episode also covers the arrest of nearly 100 individuals in Russia linked to illegal cryptocurrency transactions and ransomware laundering through the Crypteks crypto exchange. Additionally, it highlights Truth Social's vulnerability to pig butchering scams, where users face significant financial losses. These stories reflect ongoing cybersecurity challenges and responses from different stakeholders.

00:00 Introduction and Headlines
00:28 Cloudflare's DDoS Defense Triumph
02:57 Russia's Crackdown on Cryptex Crypto Exchange
04:57 Truth Social's Pig Butchering Scams
07:02 Conclusion and Show Notes

Cybersecurity Today: NVD Backlogs & Emerging Threats

Host Jim Love discusses the backlog in the National Vulnerability Database and its implications for cybersecurity, highlighting two new Linux vulnerabilities. The episode also covers a sophisticated malware, Perfctl, attacking Linux servers, vulnerabilities in CUPS, and security risks of Meta's smart glasses. Additionally, insights are provided from a CIRA study on ransomware payment trends and the challenges posed by AI in cybersecurity. The podcast ends with announcements for new vulnerability threats and a preview of upcoming research with co-host David Shipley.

00:00 Introduction and Podcast Promotion
00:45 National Vulnerability Database Backlog
02:54 Linux Vulnerabilities: Perfctl Malware
04:42 CUPS Vulnerability Alert
05:56 Privacy Concerns with Meta's Smart Glasses
07:23 Critical Vulnerabilities in Zimbra and Ivanti
08:55 CIRA's Ransomware Study Insights
12:12 AI in Cybersecurity: Survey Findings
14:02 Conclusion and Upcoming Features

Microsoft Cloud Outage, WhatsApp Vulnerability, and AI-Powered Screen Reading

In today's episode of Cyber Security Today, host Jim Love covers a significant global outage affecting Microsoft's cloud services, a vulnerability in WhatsApp that allows malicious scripts to run without warning, and a new AI-powered method that can read your screen by intercepting HDMI signals. Stay informed about these pressing cybersecurity issues and learn how to protect yourself.

00:00 Microsoft Service Takes a Nosedive
00:16 Global Impact and Response
02:12 WhatsApp Vulnerability Warning
04:02 AI Decoding Screens from Afar
05:12 Show Wrap-Up and Future Episodes

Canadian SMBs Face Rising Fraud Threats & New AI-Powered Gmail Security

In this episode of Cyber Security Today, host Jim Love discusses the increasing fraud threats faced by Canadian small and medium-sized businesses, revealing that half have experienced attempted or successful fraud in the past year. The transportation sector is hit hardest, with 61% reporting fraud attempts. Google’s new Gemini AI technology offers enhanced security for Gmail, notably for smaller businesses. InfoStealer malware developments are circumventing Google Chrome’s app-bound encryption, posing significant threats. Additionally, severe vulnerabilities have been uncovered in fuel storage tank monitoring systems, emphasizing the urgency for robust security measures in critical infrastructure.

00:00 Introduction and Overview
00:25 Fraud Threats Facing Canadian SMBs
02:15 Google's AI-Powered Security Enhancements
03:54 InfoStealer Malware Targeting Google Chrome
06:11 Critical Vulnerabilities in Fuel Storage Technology
08:28 Conclusion and Final Thoughts

Exploring IT Trends and AI Opportunities with Brian Jackson

In this crossover episode of Hashtag Trending, host Jim Love interviews Brian Jackson, Principal Research Director at InfoTech Research Group, to discuss emerging IT trends and their intersection with cybersecurity. The conversation covers AI advancements, quantum computing, and digital humans, focusing on how to leverage technology for business opportunities while mitigating associated risks. Brian also emphasizes the importance of AI specialization and sovereignty, and the necessity for organizations to adapt encryption in preparation for quantum computing breakthroughs. Tune in for insights on current technology trends and strategies to harness emerging tools effectively.

00:00 Introduction and Overview
00:42 Meet Brian Jackson
01:51 Brian's Role at InfoTech
02:47 Tech Trends 2025
04:07 AI Opportunities and Risks
05:41 Quantum Computing and Cryptography
06:29 Digital Humans and Deepfakes
09:22 AI in Business Applications
22:32 AI Sovereignty and Cost Management
33:48 Quantum Computing in Practice
38:30 Conclusion and Final Thoughts

Cybersecurity Today: GitHub Attacks & Microsoft's November Patch Tuesday Updates

In this episode of Cybersecurity Today, host Jim Love highlights critical cybersecurity updates. The episode covers malicious attacks on GitHub projects, including an orchestrated attempt to frame Texas-based security researcher Mike Bell, and the associated impact on open-source repositories. Additionally, Microsoft's November Patch Tuesday is discussed in detail, with over 90 security issues disclosed, including four critical zero-day vulnerabilities. The episode also addresses a new ransomware strain exploiting vulnerabilities in Veeam backup software, and the disruptions caused by Microsoft's flawed Exchange Server security update. Stay informed on the latest cybersecurity trends and threats.

00:00 Introduction and Sponsor Message
00:29 Cybersecurity Headlines
00:46 GitHub Malicious Code Attack
03:24 Microsoft November Patch Tuesday
05:17 Veeam Backup Software Vulnerability
07:02 Microsoft Exchange Server Update Issues
08:47 Conclusion and Sign-Off

Evilginx: MFA Bypass Tool, Kaspersky's Exit & FTC's Data Surveillance Report - Cyber Security Today

In this episode of Cyber Security Today, host Jim Love discusses a new cyber security tool called Evilginx that bypasses multi factor authentication (MFA), Kaspersky's unexpected software replacement for North American users, ESET's patches for critical vulnerabilities, and a scathing FTC report on data collection by major tech companies. Learn about the latest cyber security threats and updates to stay informed and protected.

00:00 Introduction to Today's Cyber Security News
00:26 Evilginx: The New Threat to Multi-Factor Authentication
02:45 Kaspersky's Controversial Exit from the U.S. Market
04:36 ESET Patches Critical Vulnerabilities
06:33 FTC's Scathing Report on Big Tech's Data Practices
08:11 Conclusion and Show Notes

This episode features a discussion on an undiscovered three-year hack, the cause of Snowflake attacks and allegations of how an Australian health insurer was compromised

Cybersecurity Insights: Paris Olympics and Deepfake Technologies

In this episode, host Jim Love discusses proactive cybersecurity measures taken during the Paris 2024 Olympics to combat threats such as domain abuse, counterfeit shops, unauthorized live streaming, cryptocurrency scams, and betting fraud. He highlights a report from before AI on pre-Olympic threats and emphasizes the importance of relying on official sources. Additionally, Love covers advancements in deepfake technologies, including new offerings like Hey Gen, Elon Musk's GROK, and the open-source Deep Live Cam, which raise significant concerns about digital impersonation and fraud. Simple verification strategies, like safe words, are suggested as countermeasures as these technologies become more accessible. Tune in for a Week in Review panel on these topics.

00:00 Introduction and Overview
00:23 Cybersecurity Measures for the Paris Olympics
00:53 Key Findings from the Before AI Report
01:55 Proactive Measures and Advice for Viewers
02:48 Deep Fake Technology Demonstrations at DEF CON
03:54 Concerns Over Deep Live Cam and Digital Security
05:32 Ethical Implications and Future Considerations
05:40 Conclusion and Week in Review Preview

BlackBerry's Cylance Sale, Major AWS Breach, Klopp Ransomware Strikes Again, and Russian Cyber Attacks

In this episode of Cybersecurity Today, host Jim Love discusses BlackBerry's sale of Cylance to Arctic Wolf for significantly less than its purchase price, the massive AWS breach linked to the Shiny Hunters, Klopp ransomware attacks on Cleo's platforms, and the escalation of Russian cyber attacks on Western critical infrastructure. Tune in to get the details on these major cybersecurity developments and their implications.

00:00 Introduction and Sponsor Message
00:32 BlackBerry's Cylance Sale: A Strategic Move?
02:36 AWS Data Breach: Shiny Hunters Strike Again
04:54 Cleo Data Theft: Klopp Ransomware's Latest Exploit
06:39 Russian Cyber Attacks on Critical Infrastructure
08:32 Conclusion and Contact Information

With Howard away and today's episode of Hashtag Trending being all about security stories, I took the liberty of doing a cross posting. Hope we'll have Howard back next week.

In today's episode of Hashtag Trending, host Jim Love covers significant cybersecurity news. Microsoft faces criticism for mishandling a reported MSHTML browser engine vulnerability, and Disney investigates a hack by 'Null Bulge,' a group accusing the company of unethical AI use. Additionally, Kaspersky Labs announces its exit from the U.S. market due to government sanctions. The episode also discusses the FBI's swift unlocking of a shooter's phone, indicating advanced law enforcement capabilities. Tune in for these updates and more.

00:00 Introduction and Overview
00:43 Microsoft's Vulnerability Disclosure Controversy
02:28 Disney Hacked: Internal Messages Leaked
03:42 Kaspersky Exits the U.S. Market
04:59 FBI Cracks Encrypted Phones
06:54 Conclusion and Upcoming Shows

Massive CRA Breach Exposed & Cyber Challenges in Healthcare and Retail

In this episode of Cyber Security Today, host Jim Love delves into the significant cyber security incidents impacting Canada, healthcare, and retail sectors. A report from CBC and Radio Canada reveals that the Canada Revenue Agency (CRA) has been compromised multiple times, leading to tens of thousands of hacked tax accounts and millions in fraudulent refunds. The episode also highlights a new report from Forescout Technologies that identifies critical vulnerabilities in connected medical devices, posing serious risks to patient safety and data security. Additionally, the 2024 Trustwave Retail Risk Radar Report outlines the evolving cyber threats facing retailers during the e-commerce boom, including phishing, credential stuffing, and ransomware attacks. Links to the detailed reports are provided in the show notes. Tune in for an in-depth discussion on these pressing cyber security challenges.

00:00 Introduction and Headlines
00:27 Canada Revenue Agency Hacked: Millions in Bogus Refunds
03:33 Medical Devices at Risk: Forescout's Alarming Report
06:42 Retail Cybersecurity Challenges: TrustWave's Insights
09:21 Conclusion and Show Notes

Retailers Face AI Bot Attacks, Avast Exploit, and Starbucks Ransomware Challenges

In this episode of 'Cybersecurity Today,' host Jim Love covers the latest cyber threats impacting retailers, including AI-powered bot attacks and ransomware incidents. Discover how hackers are exploiting an old Avast driver to deploy advanced Windows malware and how Starbucks is managing employee payments manually following a ransomware attack on its scheduling software provider, Blue Yonder. The episode highlights the increasing cyber risks retailers face during the holiday season and the importance of robust cybersecurity measures.

00:00 Introduction and Headlines
00:22 AI-Powered Bot Attacks on Retailers
02:51 Windows Malware Exploiting Avast Driver
04:09 Starbucks Ransomware Attack and Manual Pay
05:18 Ransomware Trends and Impacts
06:01 Conclusion and Show Notes

A quick not to say that in our tradition of observing Holidays in both the US and Canada, we'll be taking the weekend off. We'll be back on Monday morning, bright and early with the Cyber Security News, 

AI and Cybersecurity: Addressing AI Myths and Strategies | Project Synapse Episode 3

Join Jim Love, host of Cyber Security Today, alongside Marcel Gagné and John Pinard in this weekend edition from our sister podcast, Hashtag Trending. This episode, part of the Project Synapse series, dives into a discussion on AI, focusing on security, strategic implementation, and addressing common myths. They explore the gap between AI strategies and their deployment, the relationship between strategy and action, and practical approaches to protect your data while utilizing AI. The conversation also touches on critical thinking and the need for proper training to make effective use of AI technology.

00:00 Introduction and Thanksgiving Break
00:31 Welcome to Hashtag Trending
00:48 Introducing Marcel Gagné and John Pinard
01:42 AI Strategy and Implementation
02:53 AI Myths and Misconceptions
06:17 AI Vulnerabilities and Security
07:27 The Role of Headlines in AI Perception
11:56 Guardrails and AI Control
16:19 Data Security and AI Models
25:07 Running Small Models on Private Networks
26:35 Leveraging Existing Tools for Cost Efficiency
28:07 Critical Thinking and AI Validation
30:53 Common Mistakes and AI Limitations
37:38 AI in Medical Diagnostics
43:04 Balancing AI Use and Human Oversight
46:37 Concluding Thoughts and Future Directions

In this episode of Cyber Security Today, host Jim Love delves into recent data breaches affecting the Toronto District School Board, Texas Dow Employees Credit Union, and the city of Columbus. Discover details on the ransomware attacks, the compromised data, and the implications for the victims involved. Additionally, explore critical questions raised about cybersecurity practices and the handling of whistleblowers. Tune in for an in-depth analysis of these significant cybersecurity incidents.

00:00 Introduction and Headlines
00:22 Toronto District School Board Data Breach
01:32 MoveIT Breach: A Continuing Saga
03:19 City of Columbus Ransomware Attack
05:04 Whistleblower Controversy in Columbus
05:42 Host's Editorial and Personal Experience
07:39 Conclusion and Contact Information

This episode reports on some of the new ways threat actors are bypassing phishing defences

Cybersecurity Today: Email Frauds, Google Warnings, and U.S. Telecom Hacks

In this episode of Cybersecurity Today, host Jim Love discusses a personal encounter with email fraud attempts, including invoice scams and fake payroll changes. Google issues a stark warning to Gmail users about session cookie thefts leading to email takeovers. Additionally, the U.S. telecom industry grapples with the fallout from a major breach by Chinese hackers exploiting legacy systems. Love shares insights on improving email security and safeguarding against such sophisticated cyber threats. Tune in to learn more about the latest cyber challenges and solutions.

00:00 Introduction and Personal Encounter with Email Fraud
03:20 Google's Warning on Email Takeovers
05:12 Session Cookie Theft: A Rising Threat
06:48 U.S. Telecom Industry Infiltration by Chinese Hackers
08:44 Conclusion and Final Thoughts

In this episode, we discuss urgent cybersecurity concerns: Cisco's critical vulnerability affecting industrial wireless systems with a CVSS 10 rating, D-Link's refusal to patch severe flaws in over 60,000 outdated NAS devices, and Amazon's data breach tied to the MoveIT vulnerability. We'll also cover the importance of strong off-boarding processes, drawing lessons from a Disney insider threat incident involving a former employee. Join us as we dive deep into the latest security alerts and best practices to safeguard your systems and data.

00:00 Critical Flaw in Cisco's Industrial Wireless Systems
02:07 D-Link's Unpatched Vulnerabilities in NAS Devices
03:22 Amazon Employee Data Exposed in MoveIT Breach
04:41 Lessons from Disney's Insider Threat Incident
06:37 Conclusion and Final Thoughts

SEC Cyber Disclosure Rules, Deloitte Hack Denial, and Critical Microsoft & SAP Patches | Cybersecurity Today

In this episode of Cybersecurity Today, host Jim Love delves into the ongoing confusion and compliance struggles faced by companies one year after the SEC's cyber disclosure rules were introduced. We analyze a BreachRx report revealing that less than 17% of public companies provide specific details in their cyber incident filings. Deloitte's recent denial of a data theft claim by the BrainCypher ransomware group is also discussed, along with the firm's history of cybersecurity challenges. Additionally, Microsoft and SAP have rolled out critical patches addressing severe vulnerabilities, emphasizing the urgency for users and organizations to apply these updates. Stay informed on these pressing cybersecurity issues.

00:00 Introduction and Headlines
00:20 SEC Cyber Disclosure Rules: One Year Later
02:30 Deloitte Denies BrainCypher Ransomware Allegations
04:23 Microsoft and SAP Issue Critical Patches
07:19 Conclusion and Show Notes

In this episode of Cybersecurity Today, guest host Jim Love covers major events impacting the cybersecurity world, including CrowdStrike CEO George Kurtz's summons to testify before a U.S. House Committee on Homeland Security following a massive IT outage and a new malware strain, Frosty Goop, attacking critical infrastructure in Ukraine. The episode also discusses cybersecurity firm Wiz's surprising decision to decline a $23 billion acquisition offer from Google's parent company, Alphabet, opting instead to aim for an IPO. Stay informed about the latest in cybersecurity, and what these developments mean for the industry.

00:00 Introduction and Headlines
00:24 CrowdStrike CEO Summoned by U.S. House Committee
00:38 Impact and Response to the IT Outage
01:41 Frosty Goop: New Malware Threat
03:09 Wiz Rejects Alphabet's Acquisition Offer
04:45 Conclusion and Show Notes

SEC Fines, WordPress Hacks, & Okta's New Security Standards | Cybersecurity Today

Join host Jim Love in this episode of Cybersecurity Today, sponsored by CDW Canada Tech Talks. We delve into the SEC's $7 million fine on four companies for misleading cybersecurity disclosures, the hacking of over 6,000 WordPress sites by malicious plugins, and Okta's introduction of a new identity security standard in response to rising SaaS breaches. Get detailed insights on these key topics and more. Tune in to stay updated on the most pressing cybersecurity issues!

00:00 Introduction to Cybersecurity Today
00:28 SEC Fines for Misleading Cybersecurity Disclosures
02:39 Massive WordPress Site Hacks
04:58 Okta's New Security Standards
07:49 Conclusion and Sponsor Message

Cybersecurity Incidents in Healthcare and AI Exposures

In this episode, host Jim Love discusses recent cybersecurity incidents, including a major cyber attack on Wirral University Teaching Hospital in the UK, exposing healthcare vulnerabilities. An AI chatbot startup, WotNot, exposed 300,000 sensitive records online due to misconfigured storage. A novel phishing attack using corrupted Microsoft Word documents is also examined. The episode concludes with the takedown of the world's largest piracy network in Operation Takendown, underlining the international effort against cybercrime. Stay updated on the latest in cybersecurity and tech trends.

00:00 Introduction and Book Promotion
00:30 UK Hospital Cybersecurity Incident
03:11 AI Chatbot Data Exposure
05:05 Phishing Attack with Corrupted Word Documents
06:38 Operation Takendown: Largest Piracy Network Dismantled
08:39 Conclusion and Show Notes

Cybersecurity Today - Weekend Edition: Project Synapse, AI in Action (Episode 2)

In this episode of Cybersecurity Today with host Jim Love, we dive into the intersection of Artificial Intelligence (AI) and cybersecurity, continuing our exploration in the series Project Synapse. Joined by Linux and open-source expert Marcel Gagné and cybersecurity professional John Pinard, we discuss practical applications of AI in business, strategies to implement AI securely, and the rapid technological advancements that pose challenges for companies. Tune in to learn how experimentation with AI can innovate business processes while figuring out what tools and strategies can add real value to your operations. This episode emphasizes the importance of maintaining security and developing a solid business strategy in the evolving landscape of artificial intelligence.

00:00 Introduction to Cybersecurity Today
01:14 Meet the Hosts and Guests
02:08 Project Synapse: AI in Action
02:20 Current State of AI and Security Concerns
04:20 Challenges and Opportunities in AI Adoption
06:36 Business Strategies in the Age of AI
11:35 The Importance of Experimentation and Play
20:26 Innovative Uses of AI in Everyday Life
23:53 Cultural Shift in Business
24:27 Rise of AI Agents
25:13 Challenges with AI Models
25:45 Specialized AI Agents
28:17 AI in Accounting and Business
32:12 AI in Customer Service
33:40 Workshops and Practical AI Applications
48:17 Security Concerns with AI
49:40 Conclusion and Future Plans

Mastering Cybersecurity: From AI Threats to Quantum Encryption - Insights with CDW

Join host Jim Love in a riveting discussion with Ivo Wiens, Field CTO for CDW Canada, as they review CDW's cyber security research and discussions with CISO's about the state of cyber security in Canada. 

Delve into the sophistication of cyber attacks driven by organized crime and nation-states, and learn about the importance of cyber security frameworks like zero trust and NIST standards. The conversation also explores the role of AI in both enhancing phishing attacks and defending against cyber threats, as well as the challenges and strategies in implementing AI security within organizations.

Gain insights on vendor management complexities, platformization, quantum cryptography, and the future of cyber encryption. Listen to practical advice on navigating business risks, enhancing user experiences, and adopting zero trust models in today's digital landscape. 

00:00 Introduction to Cybersecurity Today
00:26 Understanding CDW and Its Role
01:08 CDW's Approach to Cybersecurity
04:16 Research and Insights from CDW
05:40 The Growing Sophistication of Cyber Attacks
08:24 Adopting Cybersecurity Frameworks
12:12 The Importance of Tabletop Exercises
17:01 Human Vulnerabilities and AI in Cybersecurity
18:12 The Sophistication of Phishing Attacks
19:03 Emotional Manipulation in Cyber Attacks
21:09 AI in Cybersecurity: Opportunities and Risks
22:30 Implementing AI in Business Operations
25:08 Balancing AI and Privacy Concerns
34:09 The Future of Cybersecurity: Quantum Computing
36:53 Final Thoughts and Advice for Organizations

PumaKit Linux Rootkit, Windows Defender Flaw, and Android Malware Outbreak!

In today's episode of Cybersecurity Today, host Jim Love delves into the discovery of the advanced Linux rootkit PumaKit, critical vulnerabilities in Microsoft's Windows Defender, a new multi-platform malware campaign downgrading browser security, and Germany's recent outbreak of pre-installed malware on 30,000 Android devices. We discuss the implications of these cybersecurity threats and the measures being taken to mitigate them. Stay informed and vigilant with our detailed analysis of these emerging cyber risks.

00:00 Introduction to Cybersecurity News
00:27 Advanced Linux Rootkit: PumaKit
01:59 Critical Windows Defender Vulnerability
03:42 Malware Downgrades Browser Security
05:08 Pre-installed Malware on Android Devices in Germany
07:02 Conclusion and Final Thoughts

Exposing Hidden Secrets: DEF CON Revelations, Ransomware Surge & GPS Spoofing Woes

Join host Jim Love in this insightful episode of Cybersecurity Today. Discover the shocking revelation of over 15,000 hard-coded secrets uncovered at DEF CON by researcher Bill Dermacapi, and learn about a new ransomware attack targeting home users. We also delve into a startling rise in GPS spoofing attacks on commercial airlines that are causing chaos in-flight. Stay informed with our latest updates and expert advice to keep you and your data secure.

00:00 Introduction and Headlines
00:22 North Korean Hackers Arrested
01:12 DEFCON Security Conference Highlights
04:05 Magniber Ransomware Attacks
05:52 GPS Spoofing Threats to Airlines
07:15 Conclusion and Listener Feedback

AI Summer Recap: OpenAI's GPT 5, GPT Next, and Beyond

Join host Jim Love as he navigates through the major AI and cybersecurity stories that dominated summer 2023. From CrowdStrike's impact on Windows security to OpenAI's tantalizing announcements of GPT 4.0 Omni and the anticipated GPT Next, this episode reflects on the giant strides in AI technology. Understand the strategic buzz created by OpenAI, the unrecognized achievements by Google, and the intricate gossip surrounding futuristic AI models like QSTAR and Strawberry. This comprehensive recap highlights why the advancements in AI could significantly shape business processes and technological systems in the near future. Don't miss the rerun of the highly informative Practical AI episode featuring industry experts, plus a hint at what's to come in tech news.

00:00 Introduction and Host Welcome
00:37 Summer's Blockbuster Stories: AI and Cybersecurity
01:06 OpenAI's Strategy and GPT 4.0 Omni
03:11 The Mystery of Sora and Other Rumors
04:53 Google's AI Achievements and OpenAI's Mastery
07:27 The GPT Next Announcement
10:27 Conclusion and Future AI Developments
11:57 Practical AI Episode Rerun and Closing Remarks

Cybersecurity Today: Data Breaches and Malware Threats

In this episode of Cybersecurity Today, host Jim Love discusses the hacking incidents involving the Internet Archive and Fidelity, exposing millions of users' data. Highlights include the Internet Archive breach attributed to the Black Meta Hacktivist group, affecting 31 million users, and Fidelity's data breach impacting 77,000 customers. Additionally, the bankruptcy of National Public Data after a massive leak and North Korean cyberattacks on tech job seekers are detailed. These incidents emphasize the importance of robust cybersecurity measures and industry regulations.

00:00 Major Data Breaches: Internet Archive and Fidelity
00:26 Internet Archive Breach: Details and Impact
01:49 Fidelity Data Breach: What Happened?
03:17 National Public Data Files for Bankruptcy
05:23 North Korean Hackers Target Tech Job Seekers
07:38 Conclusion and Resources

Cybersecurity Today: Microsoft Office 2024, Data Breach, CrowdStrike Fallout, & Ford's Privacy Concerns

In this episode of Cybersecurity Today with your host Jim Love, we discuss Microsoft's decision to disable ActiveX controls by default in Office 2024 to enhance security, the data breach at SlimCD affecting 1.7 million credit card owners, CrowdStrike's ongoing response to the July IT disruption, and privacy concerns over Ford's new patent application for in-car conversation monitoring. Learn about the implications and what these developments mean for IT professionals and end-users.

00:00 Introduction and Headlines
00:24 Microsoft Office 2024 Security Changes
01:50 Major Data Breach at SlimCD
03:51 CrowdStrike's Crisis Management
05:35 Ford's Controversial Patent Application
06:54 Conclusion and Show Notes

Join host Jim Love in this weekend edition of Cyber Security Today, featuring a distinguished panel including Terry Cutler (Cyology Labs), David Shipley (Beauceron Security), and special guest Tara Gold (Cado Security).

The episode delves into key cybersecurity topics including the value of IT certifications, the rising trend in ransomware payouts, and the novel attack vectors targeting macOS systems. The show also explores the impact of poisoned search terms and the rising threats to small and medium-sized businesses. Don't miss this engaging and insightful discussion on the latest cybersecurity trends and best practices.

00:00 Welcome to Cyber Security Today
00:05 Meet the Panel and Special Guest
02:31 Introduction to Key Stories
03:04 Debate on IT Certifications
12:07 Ransomware Trends and Insights
18:46 Search Terms as Attack Vectors
23:26 Mac OS Vulnerabilities and Malware
30:17 Conclusion and Farewell

Are attacks cybercrime or hiding espionage? Researchers investigate in this episode

In this episode of Cybersecurity Today, host Jim Love delves into Elon Musk's claim that a DDoS attack delayed his live interview with Donald Trump, the revelation of a massive data breach compromising most U.S. social security numbers, and CrowdStrike's president accepting the 'Most Epic Fail' award at DEF CON. The episode covers the skepticism around Musk's DDoS claim, details on the National Public Data hack, and CrowdStrike's approach to owning up to its global IT outage. Tune in for the latest updates in cybersecurity!

00:00 Introduction and Headlines
00:21 Elon Musk's DDoS Claim and Technical Issues
02:06 Trump Campaign Hacked
03:00 National Public Data Breach
05:16 CrowdStrike's Epic Fail at DEF CON
06:34 Conclusion and Show Notes

Cybersecurity Today: From Data Theft to Total Destruction

In today's episode, we cover the latest shifts in cybercrime as hackers move from data theft to complete system destruction, impacting businesses on a massive scale. We discuss Palo Alto Networks' insights on these damaging attacks, Veeam's critical vulnerability patches, and a major breach affecting thousands in Saskatchewan. Additionally, we report on Russia's life sentence for a notorious cyber criminal leader and a significant European takedown of a cybercrime network. Stay informed with the latest in cybersecurity and learn about the steps being taken to counter these escalating threats.

00:00 Introduction: Cybersecurity Headlines
00:26 Evolving Cyber Threats: From Ransomware to Destruction
02:42 Veeam's Critical Vulnerability Patch
04:17 Saskatchewan Data Breach and Privacy Concerns
05:14 Massive Data Breach at SL Data Services
06:29 Russia's Crackdown on Cybercrime
08:21 Operation Passionflower: Dismantling Matrix
10:11 Conclusion and Show Notes

New NIST Password Guidelines, Octo2 Trojan & ChatGPT Vulnerabilities | Cybersecurity Today

Join Jim Love in today's episode of Cybersecurity Today as he discusses the latest password security guidelines from NIST focusing on length and usability, the emergence of the Octo2 Trojan targeting bank accounts on Android by posing as VPN and Chrome apps, and a significant vulnerability in ChatGPT allowing attackers to plant false memories. Additionally, learn about Google's new password rules for Gmail access and the recent glitch causing ChatGPT to initiate conversations on its own. Don't miss this insightful episode to stay updated on the latest cybersecurity trends and measures.

00:00 Introduction and Podcast Promotion
00:50 NIST's New Password Guidelines
02:26 Octo2 Trojan: New Android Threat
03:27 ChatGPT Vulnerability: False Memories
04:40 Google's New Password Rules for Gmail
05:35 ChatGPT's Unprompted Messaging Bug
06:54 Conclusion and Sponsor Message

Cyber Security Today: TfL Data Breach, Critical Vulnerabilities, and Insider Threats

Join host Jim Love in 'Cyber Security Today' as we delve into the latest cyber security incidents and updates. Learn about Transport for London's data breach affecting thousands of customers, critical vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, and the recent Microsoft Patch Tuesday addressing over 70 security flaws. We also discuss significant breaches at Avis, shocking domain purchase by a researcher highlighting internet trust issues, and insider threats exemplified by Daniel Rhyne's rogue actions against an industrial company. Stay informed with expert insights and essential recommendations!

00:00 Introduction and Breaking News
00:05 Transport for London Cyber Attack
01:04 New Vulnerabilities Added to CISA's KEV Catalog
02:38 Microsoft and Other Major Tech Companies Release Patches
04:02 Avis Data Breach
05:15 Security Researcher Buys Critical Domain
07:58 Insider Threat: The Daniel Rhyne Case
09:53 Conclusion and Final Thoughts

In today's episode of Cyber Security Today, sponsored by CDW Canada Tech Talks, host Jim Love dives into the latest tech news and cybersecurity updates. Key stories include the FBI arrest of Eric Council Jr. for hacking the SEC's social media, the release of VulnHuntr, an AI tool designed to detect zero-day vulnerabilities in Python, and the arrest of two Sudanese brothers running a cybercrime business. Additional updates cover a security flaw in the WordPress Jetpack plugin, ongoing attacks on the Internet Archive, and the Golden Chickens spear-phishing campaign targeting HR personnel. Tune in for these stories and more.

00:00 Introduction to Cyber Security Today
00:27 FBI Arrests in SEC Social Media Hacks
02:49 Open Source Tools for Python Vulnerabilities
05:20 Cyber Crime Arrests and Scams
07:25 Golden Chickens Spear Phishing Campaign
09:15 Show Wrap-Up and Announcements

Is Your Phone Spying on You? D Link Vulnerabilities & Government Data Requests

In this episode of Cyber Security Today, host Jim Love discusses critical remote code execution vulnerabilities in D Link routers, impacting their discontinued DIR 846 series. These flaws, including CVE 2024 44341 and CVE 2024 44342, pose significant risks, prompting D Link to recommend users replace outdated devices. The episode also examines the considerable amount of data governments gather from big tech companies, with a study by Surfshark highlighting the increasing user data requests. Lastly, Jim covers a report from 404 Media that reveals Facebook's partner, Cox Media Group, using smartphone microphones for targeted ads, raising severe privacy concerns. Stay informed about the latest in cybersecurity by tuning in!

00:00 Introduction: Is Your Smartphone Listening?
00:15 D-Link Router Vulnerabilities Exposed
02:24 Government Data Requests from Big Tech
04:15 Tech Companies' Compliance with Data Requests
05:38 Facebook's Active Listening Scandal
08:20 Conclusion and Show Notes

Chinese Cybersecurity Threats: Espionage in Silicon Valley, Canadian Government Infiltration, and Persistent Botnets

In this special edition of Cyber Security Today, host Jim Love discusses three alarming stories illustrating the increasing cybersecurity threats posed by China. The episode details China's espionage activities in Silicon Valley, including a Google employee caught stealing AI trade secrets, the infiltration of Canadian government systems by Chinese state-sponsored hackers, and a persistent botnet using compromised TP-Link routers to target Microsoft Azure accounts. The stories highlight the urgent need for enhanced cybersecurity measures to counter these sophisticated threats.

00:00 Introduction: Rising Cybersecurity Threats from China
00:33 Silicon Valley Under Siege: Espionage in the Tech Hub
03:56 Canadian Government Infiltration: A Deep Dive
05:47 Persistent Botnet Threat: Covert Network 1658
07:31 Conclusion and Final Thoughts

Top 5 Phishing Exploits of 2024: Abnormal Security Report and More | Cybersecurity Today

In this episode of Cybersecurity Today, host Jim Love delves into Abnormal Security's end-of-year report outlining the top five phishing exploits of 2024 and their predictions for 2025. The episode covers cryptocurrency fraud, weaponized file sharing services, multi-channel phishing, business email compromise, and email account takeovers. Additionally, it highlights the alarming rise of text-based job scams, the takedown of a major vishing ring in Spain and Peru, and a $5 million U.S. reward to disrupt North Korean IT schemes. Stay informed on the latest cybersecurity threats and protections.

00:00 Introduction to Cybersecurity Today
00:27 Top Phishing Exploits of 2024
00:37 Cryptocurrency Fraud and File Sharing Scams
01:54 Multi-Channel Phishing and Business Email Compromise
03:10 Email Account Takeover and Future Predictions
04:39 Rise of Task Scams
06:53 Massive Vishing Operation Busted
08:42 North Korean IT Worker Fraud
11:15 Conclusion and Final Thoughts

This episode reports on the latest ransomware news, another North Korean threat actor putting  malicious packages on the NPM registry, vulnerabilities in some open source AI apps, and more

FBI Warnings, TikTok's Canadian Shutdown, Major Data Breach Arrests & More | Cybersecurity Today

In this episode of Cybersecurity Today, host Jim Love highlights the FBI's warning about growing phishing attacks exploiting government email credentials, leading to potential data theft and ransomware attacks. The Canadian government orders TikTok to shut down its domestic operations over national security fears, while the app plans to fight the decision. Authorities arrest Alexander Connor Moucka in conjunction with massive data breaches at companies like Ticketmaster and AT&T. Additionally, a Brampton landlord becomes a victim of an e-transfer scam, emphasizing the importance of securing email accounts. Stay informed with the latest cybersecurity news and recommendations.

00:00 Introduction and Headlines
00:22 FBI Warning on Phishing Attacks
01:53 International Law Enforcement Actions
02:26 Canada Orders TikTok Shutdown
03:45 Major Data Breach Arrests
04:22 Brampton Landlord E-Transfer Scam
05:16 Securing Personal Transfers
06:02 Conclusion and Show Notes

Holiday Cyber Threats, Secret Service Surveillance & AI Safety with DOE

In today's episode of Cybersecurity Today, host Jim Love covers essential cybersecurity topics heating up this holiday season. A new report from B4AI unveils sophisticated scams targeting online shoppers, including brand spoofing, fake apps, and fraudulent sites designed to steal credentials. Jim also delves into the U.S. Secret Service’s controversial use of location data without warrants, exploring the debate over privacy and government surveillance. Lastly, the episode highlights Anthropics Claude AI’s collaboration with the Department of Energy to ensure AI models cannot be misused for developing nuclear weapons, setting a precedent for future AI safety measures in government. Tune in for these stories and more on Cybersecurity Today.

00:00 Cybersecurity Threats Targeting Holiday Shoppers
04:00 Secret Service's Controversial Use of Location Data
06:07 Anthropic's AI Collaboration for Nuclear Safety
08:26 Conclusion and Additional Resources

This episode features an interview with a cybersecurity and privacy lawyer about responding to cyber attacks

Navigating Ransomware Response: Insights from Cybersecurity Expert Imran Ahmad

In this episode features an interview between Howard Solomon and Imran Ahmad, a partner at Norton Rose Fulbright, discussing effective strategies for managing ransomware attacks. Ahmad, with his extensive background in cybersecurity law, shares practical advice on incident response, the importance of having a structured plan, and the dynamic nature of cyber threats. He elucidates the common pitfalls companies face, the role of communication, and the legal nuances of dealing with cyber incidents. Ahmad also touches on the increasing sophistication of attackers, including the use of AI, and the balance organizations must strike between cybersecurity investments and other business priorities.

00:00 Introduction and Host Welcome
00:26 Meet Imran Ahmad: Cybersecurity Expert
01:37 The Reality of Ransomware Attacks
04:05 Elements of a Good Ransomware Response Plan
07:07 Inside the Incident Response Room
11:49 Legal and Communication Challenges
20:11 Government Policies and Ransomware Payments
22:29 Why Organizations Struggle with Cyber Preparedness
24:02 Conclusion and Farewell

In this episode, host Jim Love delves into significant cybersecurity news, including a rise in FakeBat malware infections from malvertising campaigns, car companies selling driver data to brokers without consent, and McAfee's new deepfake detection tool. Highlights include the sophisticated methods of the FakeBat campaign, privacy concerns from automakers' data practices, and McAfee's innovative on-device solution for detecting AI-generated content.

00:00 Introduction to Cybersecurity Today
00:24 Malvertising Campaigns and FakeBat Malware
02:21 Automakers Selling Driver Data
04:22 McAfee's Deepfake Detection Tool
06:14 Show Wrap-Up and Additional Insights

Cyber Security Week in Review: Data Breaches, MFA Bypassing, and Surveillance Insights

Join host Jim Love along with an expert panel featuring Terry Cutler, David Shipley, and Laura Payne to discuss this week in cybersecurity. Topics include the latest methods of bypassing MFA, data breaches and how to deal with compromised information, the implications of the FTC's report on tech company data collection, new findings on fraud affecting small businesses, and an intriguing German police technique to unmask TOR users. The episode also introduces the 'Stinkies' award for unnecessary fearmongering by cybersecurity vendors. Don't miss this in-depth analysis and practical advice for staying secure in an increasingly digital world.

00:00 Introduction and Panelist Introductions
02:55 Jessica's Question on Data Breaches
09:18 Small Business Fraud and Cybersecurity
17:44 Evilginx and MFA Vulnerabilities
22:44 MFA Security: Myths and Realities
25:26 The FTC's Staggering Surveillance Report
28:44 Surveillance Capitalism and Marketing Tactics
28:54 Tim Hortons' Data Collection Scandal
37:00 The German Police and TOR Anonymity
42:49 The Inaugural Stinky Awards
44:58 Final Thoughts and Farewell

This episode reports on how gullible employees are falling for a scam and cutting and pasting malware into their organization's IT systems, and more 

Cyber Security Pros: Awareness vs. Action & The CrowdStrike Controversy Explained

Join host Jim Love in this episode of 'Cyber Security Today' as he delves into a recent survey revealing a disconnect between awareness and action among global security professionals regarding unauthorized software use. Learn about the risks of shadow IT and AI applications, and the startling admittance of security pros themselves using unapproved SaaS. Additionally, explore the two latest stories from the CrowdStrike disaster, including the fallout between CrowdStrike and Delta Airlines, and the surprising involvement of Microsoft. Finally, hear about the importance of having a solid resiliency and recovery plan amidst these challenges. Tune in for these insights and more.

00:00 Introduction and Survey Findings
00:45 Shadow IT Risks and AI Concerns
02:17 CrowdStrike Controversy: Delta Airlines Incident
04:36 Microsoft's Response to Delta's Criticism
05:43 Lessons for IT Leaders
06:23 Show Conclusion and Host Announcement

Cybersecurity Today: OpenAI's Action Against Iranian Disinformation & Chrome's New Privacy Features

In this episode of Cybersecurity Today, host Jim Love discusses OpenAI's recent identification and neutralization of chat GPT accounts linked to Iranian disinformation campaigns, Google's upcoming privacy enhancements in Chrome for Android, and the cybersecurity concerns raised by U.S. lawmakers over Chinese-made TP Link routers. The episode also highlights a new study revealing the cybersecurity risks posed by employees using work laptops for personal activities. Tune in to stay informed about the latest developments in cybersecurity.

00:00 Introduction and Headlines
00:22 OpenAI's Battle Against Iranian Disinformation
02:05 Google Chrome's New Privacy Features
03:29 Domain Hijacking Risks Highlighted
05:14 Concerns Over Chinese-Made Routers
07:25 Risks of Using Work Laptops for Personal Use
09:29 Conclusion

In this episode, host Jim Love delves into sophisticated phishing attacks, cybersecurity initiatives, and significant changes in data security protocols. Listeners will learn about a national survey revealing that 53% of Canadians would switch banks after a data breach and hear insights on Apple's proposal to shorten SSL/TLS certificate lifespans. The episode also covers 23andMe's data breach and settlement, and introduces the FIDO Alliance's new protocol designed to enhance passkey portability across platforms. Emphasizing the importance of robust cybersecurity measures and user education, the discussion highlights advancements in passwordless authentication, as demonstrated by major implementations from companies like Amazon. This episode offers an in-depth look at current cybersecurity challenges and forward-thinking solutions in the realm of user authentication.

00:00 Introduction and Show Format Update
00:48 Canadian Banking Cybersecurity Concerns
01:14 Survey Insights and Financial Sector Responses
03:25 Customer Concerns and Communication Gaps
04:17 Financial Impact of Data Breaches
05:13 Apple's SSL/TLS Certificate Lifespan Proposal
06:20 Google's Push for Shorter Certificate Lifespans
07:24 23andMe Data Breach Settlement
09:55 FIDO Alliance and Passwordless Authentication
12:38 Conclusion and Show Notes

Welcome to a special weekend edition of Cyber Security Today! In this long weekend episode, we delve into the world of artificial intelligence (AI) and its impact on various sectors, particularly as organizations ramp up their plans for the upcoming year. Join our host Jim Love and a distinguished panel of experts: Evgeny Koloda, Marcel Gagne, John Pinard, and Nicole Bendrich, as they explore the current state of AI, its promises, practical implementations, and the cybersecurity challenges associated with it. Discover valuable takeaways on developing an effective AI strategy and understanding the multi-modal advancements poised to revolutionize industries.

00:00 Introduction to the Special Weekend Edition
00:45 Meet the Expert Panel
02:25 The Promise and Challenges of AI
03:31 The Evolution of AI in Various Industries
06:41 Generative AI and Its Impact
07:53 AI in Cybersecurity
19:00 Human vs. AI: Decision Making and Errors
23:50 The Future of AI and Human Interaction
33:04 Expanding Human Capabilities with AI
35:04 Choosing the Right AI Model
40:09 Navigating AI in Regulated Industries
46:23 The Rise of Deepfakes and Cybersecurity Concerns
59:35 Building an Effective AI Strategy
01:04:15 Conclusion and Final Thoughts

Resources:

https://jan.ai/

Google's Password Bug Hits Millions & French Police Battle Malware - Cybersecurity Today

In this episode of Cybersecurity Today, Jim Love covers Google's recent apology after a bug caused the passwords of 15 million Chrome users to vanish. The episode also dives into the French authorities' unique approach to combating the PlugX malware by deploying a disinfection solution. Lastly, it sheds light on the ongoing struggles with patch management in many organizations, particularly following the CrowdStrike disruption. Tune in for these stories and more, along with the challenges and solutions in today's cybersecurity landscape.

00:00 Google Apologizes for Password Vanishing Bug
01:55 French Authorities Combat PlugX Malware
03:44 The Unsexy Challenge of Patch Management
05:41 Conclusion and Show Notes

Dodging the Biggest Supply Chain Attack Ever: An Insight with JFrog's Security Research Team

In this weekend edition of Cyber Security Today, host Jim Love discusses with Brian Moussalli, the Security Research Team Lead at JFrog, how potentially the biggest supply chain attack was averted. They delve into the intricacies of supply chain attacks, the risks associated with leaked tokens, and the importance of checking binary files for vulnerabilities. The conversation also touches on securing open source software and the role of JFrog in making the cyber world safer. Tune in to learn critical lessons on cybersecurity from this insightful interview.

00:00 Introduction and Host Update
00:32 Understanding Supply Chain Attacks
02:47 Interview with Brian Moussalli, the Security Research Team Lead at JFrog
06:15 The Python Token Leak Incident
17:01 Lessons Learned and Future Outlook
23:06 Conclusion and Sign-Off

Massive Healthcare Data Breach, Google's Move to Rust, and New Sextortion Scams - Cybersecurity Today

In this episode of Cybersecurity Today, hosted by Jim Love, we discuss a major healthcare data breach at Confident Health where 5.3 terabytes of sensitive mental health data were exposed due to a misconfigured server. Google advocates for replacing legacy C and C++ code with Rust for better security and productivity. We also explore the disturbing new trend in sextortion scams that now include photos of victims' homes to enhance threats, and the importance of addressing such scams in corporate security programs.

00:00 Introduction and Headlines
00:18 Major Data Breach at Confident Health
02:08 Google's Move to Rust for Enhanced Security
03:59 The Rising Threat of Sextortion Scams
05:50 Conclusion and Resources

Cyber Security Today: Deceptive Delight Jailbreak, API Vulnerabilities Surge, Hex Attack on GPT-4

In this episode of Cyber Security Today, host Jim Love discusses the new jailbreak technique 'Deceptive Delight' that highlights vulnerabilities in large language models, the 21% increase in API vulnerabilities reported by Wallarm, and the hex-encoded attack on OpenAI's GPT-4. Learn about the significant rise in API security threats, including misconfigurations and cloud-native software vulnerabilities, and how cybercriminals are exploiting them. Discover how researchers are bypassing AI safety mechanisms and what this means for the future of AI security. Stay safe and informed about the latest cybersecurity trends and risks.

00:00 Introduction to Cyber Security Today
00:20 Deceptive Delight: A New Jailbreak Technique
02:22 Surge in API Vulnerabilities
04:16 Hexadecimal Exploits in AI Models
06:01 Smishing Attacks and Personal Anecdotes
06:56 Conclusion and Upcoming Shows

Cybersecurity Alert: White House Urges Insurance Reform & Major Hacks Revealed

In this episode of Cybersecurity Today, host Jim Love covers significant developments in cybersecurity policy and breaches. The White House, represented by U.S. Deputy National Security Advisor Ann Neuberger, calls for an end to insurance policies that incentivize ransomware payments. The episode also discusses a major ransomware attack affecting Comcast and highlights a significant breach by China-backed hackers targeting U.S. telecom providers. Additionally, American Water faces a security breach impacting its customer systems. The episode emphasizes the growing threats and debates around cybersecurity practices.

00:00 Introduction and Headlines
00:41 White House Calls to End Ransomware Payments
02:11 Comcast Data Breach Exposes 230,000 Customers
03:57 Chinese Hackers Compromise U.S. Telecom Systems
06:24 American Water Cybersecurity Incident
08:02 Conclusion and Show Notes

Cybersecurity Weekly Review: CrowdStrike, Malware, and Major IT Outages

Join Jim Love and a panel of experts as they delve into the top cybersecurity stories of the week. This episode covers the major CrowdStrike incident, AT&T's February outage affecting millions of calls, a new strain of malware in Ukraine targeting industrial control systems, and much more. Listen in as experts Terry Cutler, David Shipley, and Mike Walters discuss the implications, lessons learned, and future strategies needed to tackle these cybersecurity challenges.

00:00 Introduction and Overview
00:18 CrowdStrike Dominates the Headlines
00:27 AT&T's Major Outage
01:14 New Malware in Ukraine
01:51 Whiz Startup's Bold Move
02:33 Panel Discussion Begins
02:55 Introduction of Mike Walters
03:31 Whiz's Market Valuation Debate
06:59 Modbus Protocol Vulnerabilities
07:35 Penetration Testing Insights
12:50 CrowdStrike Incident Analysis
22:24 Media Focus on Airport Chaos
22:36 The Real Impact on Patient Care
23:53 Who Pays for the Outage?
25:40 CrowdStrike's Quick Response
26:27 Future Prevention Strategies
28:27 Challenges in Cybersecurity Updates
38:14 Lessons Learned and Moving Forward
42:17 Conclusion and Acknowledgements

Phishing and Cybersecurity: Evolution, Tactics, and Human Factors

In this deep dive into the world of cybersecurity, join experts Jim Love and David Shipley as they unravel the ever-evolving landscape of phishing attacks and modern cyber threats. Through discussing the history and sophisticated evolution of phishing, including innovative methods like quishing, vishing, and smishing, this episode reveals the severe impacts on businesses and individuals. Discover how cybercriminals use psychological manipulation, including principles from Robert Cialdini's influence framework, to dupe unsuspecting victims. Uncover real-world examples, such as the dangers posed by AI-driven datasets, and the critical importance of Multi-Factor Authentication (MFA) in enhancing account security. The episode also delves into the human elements of cybersecurity, emphasizing the role of workplace culture, emotional intelligence Training, and assertiveness in creating a resilient defense against social engineering attacks. Join us for practical tips and insights to bolster your cybersecurity posture.

00:00 Introduction to Cybersecurity Today
00:31 Emerging Phishing Threats
01:36 Deep Dive into Phishing
03:22 History of Phishing
05:55 Types of Phishing Attacks
19:16 Social Engineering and Phishing
20:06 Research Hypothesis on Phishing
25:55 Phishing Tactics: Free Gift Card Scams
26:24 The Power of Scarcity in Phishing
28:18 Authority Figures and Phishing
29:02 Consistency: Small Requests to Big Scams
30:06 Liking and Social Proof in Phishing
32:19 The Evolution of Phishing Techniques
35:15 Fighting Back: Technical Solutions
42:57 Emotional Intelligence and Workplace Culture
46:58 Conclusion and Final Thoughts

Ransomware Record Highs, North Korean Exploits, Toyota Data Breach, and Mac Security Flaws - Aug 21, 2024

In this episode of Cybersecurity Today, host Jim Love discusses the latest cybersecurity threats and incidents making headlines. Topics include record-high ransomware payments in 2024, a sophisticated malware exploit by North Korean hackers, a significant data breach at Toyota, and newly uncovered vulnerabilities in Microsoft's Office Suite for Mac users. Stay informed on these critical issues and more.

00:00 Record-Breaking Ransomware Payments in 2024
02:38 North Korea's Advanced Malware Exploits Windows Zero Day
04:53 Toyota's Massive Data Breach Exposed
06:37 Mac Users Beware: Vulnerabilities in Microsoft Office Suite
09:03 Show Wrap-Up and Listener Appreciation

AI Finds Zero Day Vulnerability, MFA Mandatory on Google Cloud, French Energy Firm Hacked

In today's episode of Cyber Security Today, host Jim Love discusses Google's AI-driven system Big Sleep discovering the first ever AI-identified zero day vulnerability in the SQLite database engine. He also covers Google's new requirement for Google Cloud users to implement multi-factor authentication (MFA) starting January, and a recent cyber-attack on French firm Schneider Electric, where hackers demanded a ransom in baguettes. Learn about these critical updates and their implications for the future of cybersecurity.

00:00 Introduction to Cyber Security Today
00:21 AI Discovers Zero Day Vulnerability
03:06 Google Cloud Enforces Multi-Factor Authentication
05:55 Hackers Demand Ransom in Baguettes
07:42 Conclusion and Show Notes

Emerging Cyber Threats: Repellent Scorpius, TfL Cyber Attack, and Online Safety for Children

In this episode, we discuss the emergence of the new ransomware group Repellent Scorpius and their use of the Ciccada 3301 ransomware. We cover the London Transport Authority's (TfL) in-person password resets following a significant cyber attack, and examine the case of Chinese national Song Wu's multi-year spear-phishing campaign. Additionally, we delve into the C community's proposal for a safe C extension to enhance memory safety and address vulnerabilities. Finally, we highlight the urgent online dangers targeting children and teens, and the measures required to combat these threats.

00:00 Emergence of Repellent Scorpius Ransomware Group
01:53 TfL's Response to Cyber Attack
02:53 Chinese National Charged in Spear Phishing Campaign
04:13 C Community's Safe C Extension Proposal
05:33 Online Dangers Targeting Children and Teens
07:19 Conclusion and Final Thoughts

Cybersecurity Today: Zero Day Flaws, FinTech Breach, Phishing Scams & More

In today's episode, host Jim Love discusses critical updates in the cybersecurity world. Discover the latest zero day vulnerabilities patched by Apple, a significant data breach at Fintech giant Finastra, emerging phishing attack tactics using Microsoft Visio files and SVG attachments, and the launch of a new privacy-focused telecom service, CAPE. Additionally, learn about Google's AI-powered OSS Fuzz tool, which uncovered a critical flaw in the OpenSSL library. Stay informed to protect yourself and your organization from sophisticated cyber threats.

00:00 Introduction and Sponsor Message
00:59 Emerging Phishing Attack Strategies
03:12 Finastra Data Breach Investigation
04:49 Launch of CAPE: A Privacy-Focused Telecom Service
06:19 Apple's Emergency Updates for Zero-Day Vulnerabilities
07:29 Google's OSS Fuzz Uncovers Critical Vulnerabilities
09:07 Conclusion and Podcast Information

Jailbreaking AI: Behind the Guardrails with Mozilla's Marco Figueroa

In this episode of 'Cyber Security Today,' host Jim Love talks with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They explore the challenges and methods of bypassing guardrails in large language models like ChatGPT. Discussion points include jailbreaking, hexadecimal encoding, and the use of techniques like Deceptive Delight. Marco shares insights from his career, including his experiences at DEF CON, the NSA, McAfee, Intel, and Sentinel One. The conversation dives into Mozilla's efforts to build a secure AI landscape through the ODIN bug bounty program and the future implications of AI vulnerabilities.

00:00 Introduction and Guest Introduction
00:22 Understanding Large Language Models and Jailbreaking
01:53 Recent Jailbreaking Techniques and Examples
04:42 Interview with Marco Figueroa: Career Journey
10:12 Marco's Work at Mozilla and the ODIN Project
16:50 Exploring Prompt Injection and Hacking
23:21 Future of AI Security and Final Thoughts

Cybersecurity Today: Palo Alto Firewalls Breached, APT28's Wi-Fi Hack, Meta Fights Scams

In today's episode, over 2,000 Palo Alto firewalls were hacked via patched zero-day vulnerabilities; a Russian group, APT28, exploited Wi-Fi networks in a novel 'Nearest Neighbor Attack' to breach a U.S. firm; Meta removed more than 2 million accounts linked to pig butchering scams; and Google launched a free cybersecurity certificate on Coursera to prepare students for entry-level jobs in six months. Host Jim Love provides in-depth analysis and the latest updates in the world of cybersecurity.

00:00 Introduction and Headlines
00:29 Palo Alto Firewalls Hacked
02:43 Nearest Neighbor Wi-Fi Attack
05:09 Meta's Crackdown on Pig Butchering Scams
07:10 Google's Free Cybersecurity Certificate
08:52 Conclusion and Resources

Massive Telecom Hack and the Future of Cybersecurity

In this episode of Cybersecurity Today, host Jim Love covers a series of crucial topics including a major cyber attack by Chinese hackers on U.S. telecom networks labeled as the biggest in history, the challenges tied to hardware upgrades for enhanced security, and the U.S. Department of Defense's efforts to combat deepfakes. The discussion underscores the importance of encryption, highlights moves by Microsoft and Google for hardware security, and explores the implications of AI-generated deepfakes for national security.

00:00 Introduction and Book Promotion
00:30 Major Cyber Attack on U.S. Telecom Networks
02:31 Encryption and Security Measures
03:59 Hardware Upgrades for Enhanced Security
06:19 Combating Deep Fakes
08:39 Conclusion and Upcoming Panel Discussion