Cyber Security Today

In this episode of 'Cybersecurity Today,' the host welcomes Tammy Harper from Flair.io for an in-depth exploration into the ransomware ecosystem. Tammy, a seasoned threat intelligence researcher and certified dark web investigator, shines a light on the complex world of ransomware, its history, business models, and the various threat actor groups involved. The discussion covers initial access brokers, notable ransomware groups like Conti and LockBit, and modern shifts in the ransomware landscape fueled by AI and affiliate models. This episode offers a comprehensive guide for understanding how ransomware operates and the tactics used by cybercriminals, making it a must-watch for anyone interested in cybersecurity. 00:00 Introduction  00:50 Meet Tammy Harper: Expert in Ransomware 01:59 Understanding the Ransomware Ecosystem 03:26 Ransomware Business Models and Initial Access Brokers 06:39 Double and Triple Extortion Explained 10:50 The Evolution of Ransomware 15:43 The Role of Cryptocurrency in Ransomware 19:22 The Rise and Fall of Conti 25:56 Tools of the Trade: EMOTET, ICEDID, and TrickBot 33:35 LockBit and the Ransomware Cartel 36:37 The National Hazard Agency and Ba Lord 38:13 LockBit Training Materials 40:23 Ransomware Negotiations 40:54 Ransom Chat Project 41:58 Conti vs. LockBit Negotiation Tactics 47:30 Modern Ransomware Groups 51:18 Medusa and Other Emerging Groups 01:04:52 Initial Access Market 01:09:41 Conclusion and Final Thoughts  

Cyber Crime Crackdown: $300 Million in Crypto Frozen, FBI Accounts Hacked, and Critical Microsoft Patches Released In this episode of Cybersecurity Today, host Jim Love covers major recent events in cybercrime and cybersecurity. Over $300 million in cryptocurrency tied to cybercrime has been frozen through coordinated efforts by the private sector and law enforcement in the US and Canada. Cyber criminals are selling active FBI and other law enforcement email accounts for as low as $40, posing significant risks of impersonation and fraud. Microsoft's latest Patch Tuesday addresses over 100 vulnerabilities, including critical flaws in various services and applications. Nova Scotia Power faces criticism for seeking to hide details about a major cybersecurity breach that affected 280,000 customers, with regulators emphasizing the need for public accountability. Jim signs off by encouraging listeners to support and provide feedback for the show. 00:00 Cybercrime Crypto Crackdown 02:34 FBI Email Accounts for Sale 04:05 Microsoft Patch Tuesday Updates 06:16 Nova Scotia Power Cybersecurity Breach 07:43 Show Wrap-Up and Listener Engagement

In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats. 00:00 Introduction and Overview 00:32 Microsoft Exchange Vulnerability 02:54 Citrix Bleed Two Exploits 05:21 Fortinet SSL VPN Brute Force Attacks 07:39 Insights from DEFCON 33 13:46 Conclusion and Final Thoughts

In today's episode of Cybersecurity Today, host David Shipley covers critical updates on recent cyber attacks and breaches impacting the US Federal judiciary's case management systems, and SonicWall firewall compromises. He also discusses researchers' new jailbreak method against GPT-5, which bypasses ethical guardrails to produce harmful instructions. Shipley shares insights and standout sessions from Hacker Summer Camp 2025, including BSides Las Vegas, the I Am the Cavalry track, and Defcon, highlighting ongoing efforts and challenges in the cybersecurity landscape. Stay informed, stay secure, and join the conversation in this detailed overview of current cybersecurity issues and innovations. 00:00 Introduction and Headlines 00:31 US Federal Judiciary Cyber Attack 02:29 SonicWall Ransomware Attacks 04:14 AI Jailbreak Techniques 07:44 Hacker Summer Camp 2025 Highlights 08:10 BSides Las Vegas and Community Insights 09:29 Healthcare Cybersecurity and Crash Cart Project 12:11 Defcon Reflections and Final Thoughts 13:45 Conclusion and Listener Engagement

Cybersecurity Today: July Review - Massive Lawsuits, AI Warnings, and Major Breaches In this episode of Cybersecurity Today: The Month in Review, host Jim Love and an expert panel, including David Shipley, Anton Levaja, and Tammy Harper, discuss the most significant cybersecurity stories from July. Key topics include the $380 million lawsuit between Clorox and Cognizant following a massive ransomware attack, the ongoing legal battle between Delta and CrowdStrike, and breached forums like XSS leading to significant law enforcement actions. The panel also dives into AI-related risks in software development, recent supply chain attacks, and legislative developments in Europe affecting cybersecurity. Watch to stay informed about the latest trends and challenges in the cybersecurity landscape. 00:00 Introduction and Panelist Introductions 01:28 Major Cybersecurity Lawsuits: Clorox vs. Cognizant and Delta vs. CrowdStrike 04:11 Reflections on Legal Implications and Industry Impact 13:01 Tammy Harper on XSS Forum Seizure 17:52 Law Enforcement Tactics and Dark Web Trust Issues 23:47 Anton Levaja on Supply Chain Attacks 30:18 AI Wiping Code and Backup Issues 31:18 Security Concerns with Model Control Protocol 31:56 Challenges with AI in Code Review 34:02 The Problem with AI-Generated Code 40:43 The SharePoint Apocalypse 43:36 Impact of Business Decisions on Technology 49:16 Final Thoughts and Upcoming Stories 49:25 Current and Upcoming Tech Legislation

In this episode, host Jim Love thanks listeners for their support of his book 'Elisa, A Tale of Quantum Kisses,' which is available for 99 cents on Kindle. The show then dives into pressing cybersecurity issues discussed at Black Hat USA, including vulnerabilities in AI assistants via prompt injection attacks, and critical flaws in Broadcom chips used by Dell laptops that can lead to stealth backdoors. Microsoft Exchange zero-day vulnerabilities actively being exploited are also covered, along with a listener report about a Canadian domain registrar's expired security certificate. The episode emphasizes the importance of keeping systems and software updated to mitigate these security risks. 00:00 Introduction and Book Promotion 00:58 Cybersecurity Headlines 01:25 AI Assistant Vulnerabilities 03:36 Broadcom Chip Flaws in Dell Laptops 06:10 Microsoft Exchange Zero-Day Exploits 08:18 Listener's Domain Registrar Experience 10:36 Show Wrap-Up and Listener Engagement

In this episode, host Jim Love explores a variety of pressing cybersecurity threats and developments. The episode begins with an invitation for listeners to share their summer reading choices. The main content highlights include North Korean operatives infiltrating US companies through fake identities and AI-generated resumes, the ability of large language models to autonomously execute cyber attacks, a vulnerability in the AI-powered code editor Cursor allowing silent RCE attacks, and the rise of malicious Progressive Web Apps targeting mobile users. The show also discusses the risks associated with clicking unsubscribe links in spam emails. Listeners are encouraged to support the show and contribute through the website. 00:00 Introduction and Summer Reading Request 00:59 North Korean Spies in US Tech Firms 03:25 AI's Role in Cyber Attacks 05:18 Critical Vulnerability in AI Code Editor 07:36 Malicious Mobile Browser Hijacks 09:30 Unsubscribe Links as Phishing Traps 10:50 Conclusion and Listener Engagement

In this episode of 'Cybersecurity Today,' host David Chipley discusses several major security incidents and threats. Hamilton, Ontario faces a $5 million insurance denial following a ransomware attack due to incomplete deployment of Multi-Factor Authentication (MFA). The episode also highlights a severe vulnerability, CVE-2025-54135, in the AI-powered Code Editor 'Cursor', which could allow prompt injection attacks. Further topics include a new ransomware attack exploiting Microsoft SharePoint vulnerabilities investigated by Palo Alto Networks, and a campaign leveraging fake OAuth apps to compromise Microsoft 365 accounts. The episode underscores the importance of robust security measures, emphasizing MFA, OAuth hygiene, and prompt patching. 00:00 Introduction and Headlines 00:38 Hamilton's Ransomware Attack and Insurance Denial 02:52 AI-Powered Code Editor Vulnerability 04:57 Palo Alto Networks Investigates SharePoint Exploitation 06:51 Fake OAuth Apps and Microsoft 365 Breaches 08:48 Conclusion and Upcoming Events

This episode explores the 'Grandparent Scam,' a prevalent and profitable fraud targeting seniors by exploiting their concern for their grandchildren. Experts Deirdre and John from Ireland's National Cybersecurity Center and the Ontario Provincial Police share insights into the scam's mechanics, the emotional impact on victims, and the challenges law enforcement faces in combating such crimes. They discuss the effectiveness of public-private partnerships, the importance of victim-centric approaches, and emerging fraud trends such as investment scams and bank imposter scams. The episode emphasizes the critical role of education, awareness, and reporting in preventing and mitigating the impact of these cyber frauds. 00:00 Introduction to the Grandparent Scam 00:37 The Emotional and Financial Impact on Victims 01:26 Fighting Back: The Role of Law Enforcement 02:38 Meet the Experts: Deirdre's Journey 04:44 Meet the Experts: John's Journey 06:35 The Global Scale of Cyber Fraud 08:11 Challenges in Handling Individual Fraud Cases 10:24 Community-Based Approaches to Support Victims 14:37 The Sophistication of Modern Scams 20:57 The Grandparent Scam: A Detailed Breakdown 28:01 Understanding Social Engineering 28:19 Cybersecurity Conversations with Vulnerable Populations 28:50 Fraud Prevention Initiatives 31:07 Challenges in Communicating Cybersecurity 32:35 Emerging Fraud Trends 35:35 The Importance of Reporting Fraud 37:53 Future Threats and Scams 40:58 The Role of Public-Private Partnerships 41:46 Final Thoughts and Next Steps

In this episode, the host Jim Love discusses the increasing sophistication of supply chain attacks, starting with an account of a blockchain developer who lost $500,000 due to a malicious extension in a popular AI-powered coding tool. The episode also covers a significant cyber emergency in St. Paul, Minnesota, which required National Guard support, and the City's struggle to comprehend the full scope of the hack. Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) has released a new eviction strategies tool to help cybersecurity teams remove persistent threats. The episode concludes with an update on the Ingram Micro breach, where the Safe Pay ransomware gang has threatened to leak 35 terabytes of stolen data. Listeners are encouraged to focus on preventative measures even when ransomware attacks do not involve encryption. 00:00 Introduction and Headlines 00:25 The $500,000 Crypto Heist 01:26 Supply Chain Attack on Open VSX 04:50 Lessons from the Attack 06:16 Oyster Backdoor Threat 07:54 Cyber Attack on St. Paul 09:09 CISA's New Eviction Strategies Tool 10:43 Ingram Micro Data Breach Update 12:18 Conclusion and Contact Information

In this episode of 'Cybersecurity Today,' host Jim Love covers several significant cybersecurity incidents. Hackers disrupt all Aeroflot flights, causing massive delays in Russia. The women-only dating app 'Tea' faces a second serious data leak, exposing 1.1 million private messages. A game on Steam named 'Camia' is found to contain three types of malware, including Info Stealers and a Backdoor. Additionally, researchers discover that OpenAI's GPT-4 agent can bypass CAPTCHAs, raising concerns about the future of this security measure. 00:00 Introduction and Headlines 00:28 Tea App's Major Data Breaches 02:29 Aeroflot Cyber Attack Disrupts Flights 04:22 Malware Found in Steam Game 06:27 OpenAI's GPT-4 Bypasses Captchas 08:59 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host David Shipley covers several key incidents impacting the cybersecurity landscape. Amazon's generative AI coding assistant 'Q' was compromised by a hacker who injected data-wiping code into the tool's GitHub repository. Scattered Spider, a notorious cybercrime group, continues its malware attacks on VMware ESXI hypervisors using advanced social engineering techniques. In a significant enforcement action, global law enforcement dismantled the Black Suit ransomware infrastructure under Operation Checkmate. Lastly, Insurance Giant Allianz Life revealed a data breach affecting its US customer base. Stay tuned to understand the latest threats and protective measures in cybersecurity. 00:00 Introduction and Headlines 00:30 Amazon AI Coding Tool Breach 03:07 Scattered Spider's VMware ESXI Attacks 06:44 Operation Checkmate: Black Suit Ransomware Takedown 08:16 Alliance Life Insurance Data Breach 10:25 Conclusion and Call to Action

This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering.   In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication. 00:00 Introduction to Cybersecurity Today 00:40 The Evolution of Phishing Attacks 01:44 Deep Dive into Phishing Techniques 03:31 History of Phishing 06:04 Types of Phishing: From Email to Whaling 10:06 Advanced Phishing Tactics 19:25 The Psychology Behind Phishing 26:03 Phishing Tactics: Free Gift Card Scams 26:33 The Power of Scarcity in Phishing 28:27 Authority and Phishing: Impersonation Tactics 29:11 Consistency: Small Requests Leading to Big Scams 30:14 Liking and Social Proof in Social Engineering 32:15 The Evolution of Phishing Techniques 35:31 The Role of MFA in Enhancing Security 38:35 Passkeys and the Future of Authentication 44:57 Building a Security-Conscious Workplace Culture 48:47 Conclusion and Final Thoughts

The recent Sharepoint hack is spreading like wildfire through unpatched systems. All this and more on today's episode with guest host David Shipley. 

We're having some issues with podcast distribution. We're going to take a couple of days to figure out what is going on and what, if anything, we can do about it. 

In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads.  Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28 using large language models for command and control. Microsoft discontinues the use of China-based engineers for US Department of Defense systems following a controversial report. Lastly, social engineering, facilitated by AI, becomes a greater threat than zero-day exploits. The episode emphasizes the need for stronger maintainer security, multifactor authentication, and a comprehensive understanding of social engineering risks.  00:00 Introduction - 10 Million Downloads 01:30 NPM Linter Packages Hijacked 05:05 Social Engineering and AI in Cybersecurity 08:57 Microsoft's China-Based Engineers Controversy 12:15 The Real Threat: Social Engineering 16:39 Conclusion and Call to Action

The Cybersecurity Today episode revisits a discussion on the risks and implications of AI hosted by Jim Love, with guests Marcel Gagné and John Pinard. They discuss the 'dark side of AI,' covering topics like AI misbehavior, the misuse of AI as a tool, and the importance of data protection in production environments. The conversation delves into whether AI can be conscious and the ethical considerations surrounding its deployment, particularly in highly regulated industries like finance. They emphasize the need for responsible use, critical thinking, and ongoing oversight to mitigate potential risks while capitalizing on AI's benefits. The episode concludes with a call for continued discussion and engagement through various platforms. 00:00 Introduction to Cybersecurity Today 00:33 Exploring the Dark Side of AI 02:31 AI Misbehavior and Security Concerns 07:35 Speculative Risks and Consciousness 26:09 AI in Corporate Settings 31:49 Human Weakness in Security 32:37 Social Engineering Tactics 33:08 Security in Engineering Systems 33:42 AI Data Storage and Security 35:16 AI Data Retrieval Concerns 39:36 Testing Security in Development 41:37 AI in Regulated Industries 43:57 Bias and Decision Making in AI 47:18 Critical Thinking and Debate Skills 55:06 The Role of AI as a Consultant 01:02:21 The Future of AI and Responsibility 01:04:55 Conclusion and Contact Information

In today's episode, host Jim Love covers recent cybersecurity threats, including malware hidden in DNS records, a custom backdoor targeting SonicWall SMA devices, the US military assuming a network compromise after Chinese hackers targeted VPNs and email servers, and a $27 million theft from the BigONE crypto exchange. The show highlights how attackers are using innovative techniques to evade detection and emphasizes the need for increased vigilance in monitoring and securing systems. 00:00 Introduction to Cybersecurity News 00:26 Malware Hidden in DNS Records 02:26 SonicWall Devices Under Attack 04:30 US Military Breach by Chinese Hackers 07:07 $27 Million Crypto Theft 08:58 Conclusion and Listener Engagement

In this episode hosted by Jim Love, 'Cybersecurity Today' celebrates its recognition as number 10 on the Feed Spot list of Canadian News Podcasts and approaches a milestone of 10 million downloads. Key topics include new research identifying Nvidia GPUs as vulnerable to Rowhammer style attacks, Microsoft's significant security improvements in Microsoft 365, a critical Bluetooth vulnerability affecting 350 million cars, and a data exposure incident involving the Fredericton Police. Additionally, the official 'Elmo' account on X was hacked to post offensive content, emphasizing security gaps in high-profile social media accounts. For detailed information, visit technewsday.com or .ca. 00:00 Introduction and Milestones 00:52 Nvidia's Rowhammer Vulnerability 03:39 Microsoft's Security Overhaul 05:45 PerfektBlue Bluetooth Flaw 08:09 Police Data Leak Incident 10:12 Elmo's Twitter Account Hacked 12:43 Conclusion and Thanks

In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet's FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code. 00:00 Introduction and Overview 00:35 Urgent Citrix Vulnerability Alert 03:26 Fortinet FortiWeb Exploit Details 06:23 Ingram Micro Ransomware Recovery 09:26 AI Coding and Security Risks 14:03 ChatGPT Security Flaw Exposed 17:20 Conclusion and Contact Information

In this episode of 'Cybersecurity: Today's Month in Review,' the panel of experts, including Laura Payne, David Shipley, and new guest Tammy Harper, delve into major cybersecurity stories from the past month. Discussions range from the recent arrest of a Montreal scam operator, Scattered Spider's targeted attacks on various sectors, and the impacts of AI on the cybersecurity landscape. The panel also highlights industry shifts, new threat tactics, and the importance of strategic communication during incidents. The episode concludes with reflections on AI's integration into enterprise systems, emphasizing preparation and ethical considerations. 00:00 Introduction to the Cybersecurity Month in Review 00:12 Meet the Panelists 00:26 Laura Payne's Introduction 01:04 David Shipley's Introduction 01:38 Tammy Harper's Introduction 04:09 First Story: Montreal Scam Arrest 10:52 David Shipley's Big Story: Scattered Spider 16:40 The Rise of Young Cybercriminals 32:36 Ingram Micro Ransomware Attack 33:27 Government Breaches and Fast Recovery 34:56 Ingram Micro Incident and Communication Failures 35:55 Importance of Communication in Incident Response 37:39 Ransomware Trends and Threat Actor Tactics 39:55 Shift from Encryption to Exfiltration 46:41 Government Actions and Market Impact 51:27 AI in Cybersecurity: Risks and Opportunities 58:53 Ethical AI and Future Considerations 01:08:12 Final Thoughts and Wrap-Up

In this episode of Cybersecurity Today, host Jim Love discusses major updates on the recent cyber attack on Marks and Spencer, revealing new details and arrests. The breach involved sophisticated social engineering that infiltrated the company's network through an IT service provider, leading to 150GB of stolen data. Love then covers a massive insider breach at a Brazilian bank where an IT worker facilitated the theft of $140 million by selling login credentials. Lastly, the episode highlights a McDonald's HR data breach caused by weak security practices in an AI screening app, exposing millions of job applicant records. Key insights on these incidents emphasize the importance of robust cybersecurity measures and internal controls. 00:00 Introduction and Headlines 00:20 Marks and Spencer Hack: New Developments 04:07 Brazilian Bank Breach: An Inside Job 06:40 McDonald's HR Data Breach: A Comedy of Errors 10:21 Conclusion and Upcoming Features

  In this episode of 'Cybersecurity Today,' host Jim Love discusses the recent deep fake attack on high-ranking US government officials using AI voice cloning technology. The conversation highlights the growing ease and risks of AI-generated impersonations. The episode also covers the advancements in AI systems connecting with enterprise data and the security implications, alongside recent updates on events like Ingram Micro's ransomware attack and Google's confusing Gemini AI rollout for Android. Additionally, the show explores a new method called Info Flood that can trick chatbots into providing dangerous information by using academic-sounding language. 00:00 Deep Fakes Hit US Government 02:40 AI Integration in Enterprise Systems 05:49 Ingram Micro Ransomware Attack Update 07:22 Google's Confusing Gemini Release 10:33 Exploiting AI with Academic Jargon 12:34 Conclusion and Contact Information

In this episode of Cybersecurity Today, host David Shipley discusses the recent Safe Play ransomware attack on technology distributor Ingram Micro, exploring its impact and ongoing recovery efforts. The script also examines a new campaign targeting misconfigured Linux servers to build proxy networks for cybercriminal activities. Additionally, the episode highlights the significant rise in Click Fix social engineering attacks and the criminal investigation into a former ransomware negotiator accused of profiting from extortion payments. 00:00 Introduction and Headlines 00:30 Ingram Micro Ransomware Attack 03:57 Linux Servers Under Attack 07:05 Rise of Click Fix Social Engineering Attacks 08:45 Ransomware Negotiator Under Investigation 10:13 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love engages in a comprehensive conversation with Krish Banerjee, the Canada Managing Director at Accenture for AI and Data. They delve into the stark difference between perceived and actual preparedness for cybersecurity in the face of growing AI adoption. The discussion spans topics such as the role of AI in enterprise productivity, the need for better data management, and the integration of AI into various business functions. They also explore the importance of digital sovereignty, the challenges and opportunities in Canada's adoption of AI, and how open-source AI can benefit organizations. Krish emphasizes the significance of setting a clear value-driven goal, having the right tools and talent, and the necessity of adopting AI responsibly. The conversation wraps up with insights on how executives can navigate the AI landscape and prepare their organizations for future advancements. 00:00 Introduction to Cybersecurity and AI Concerns 02:10 Interview with Krish Banerjee: AI in Canada 03:17 The Evolution and Impact of AI 06:42 Enterprise AI: Challenges and Opportunities 15:20 Digital Sovereignty and National AI Strategies 25:07 Accelerating Technological Adoption 26:18 Dream Projects in AI 27:49 AI for Healthcare and Commercialization 31:02 The Future of AI and Economic Impact 35:31 Agentic AI: The Next Frontier 41:14 Open Source AI and Democratization 43:23 Advice for Executives and Parents 49:10 Conclusion and Final Thoughts

In today's episode of Cybersecurity Today, hosted by David Shipley, a report from the US Department of Justice unveils how criminal organizations use Ubiquitous Technical Surveillance (UTS) to track and kill FBI informants. Hawaiian Airlines experiences a cyber attack, potentially involving ransomware. The Supreme Court upholds Texas's age verification law for accessing online pornographic content. Additionally, researchers discover Bluetooth vulnerabilities affecting various audio devices, posing eavesdropping risks. The show discusses Scattered Spider's successful social engineering attacks on major industries, emphasizing the need for robust cybersecurity measures. 00:00 Introduction to Cybersecurity Threats 00:27 Ubiquitous Technical Surveillance: A Growing Threat 02:33 Assassination Linked to Data Brokers 04:21 Cyber Attacks on Airlines 05:02 Scattered Spider: The Prolific Cyber Threat 08:10 Bluetooth Vulnerabilities Exposed 10:53 US Supreme Court Upholds Texas Porn ID Law 13:32 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love is joined by Krish Banerjee, the Canada Managing Director at Accenture for AI and Data. They begin the discussion with a report from Accenture that highlights the gap between the perceived and actual preparedness for cybersecurity as AI becomes more integrated into business operations. Jim and Krish discuss the pressing need for businesses to implement AI responsibly while addressing cybersecurity concerns. They also touch upon the current state of AI in Canada, efforts towards digital sovereignty, and the importance of integrating AI thoughtfully into various sectors. Through their insightful conversation, they explore the challenges and opportunities that lie ahead in making AI a cornerstone of productivity and innovation in the enterprise, emphasizing the need for value-driven strategies, the right tools, and skilled talent. 00:00 Introduction and Overview 02:10 AI in the Enterprise: Challenges and Opportunities 03:17 The Evolution of Data and AI 06:42 Enterprise AI: Current State and Future Prospects 15:20 Digital Sovereignty and National AI Strategies 25:07 Accelerating Technological Advancements 26:18 Dream Projects and AI for Good 27:58 Reinventing Healthcare with AI 28:42 Commercializing AI for Canadian Businesses 30:30 The Responsibility of AI Development 31:02 Economic Shifts and AI's Role 31:57 Future Predictions for AI 35:31 Agentic AI: The Next Frontier 41:14 Open Source AI and Its Implications 43:32 Advice for Executives on AI Adoption 47:13 Encouraging AI Learning in the Next Generation 49:10 Final Thoughts and Reflections

In this episode of 'Cybersecurity Today,' host Jim Love discusses urgent cybersecurity threats and concerns. Cisco has issued emergency patches for two maximum severity vulnerabilities in its Identity Services Engine (ISE) that could allow complete network takeover; organizations are urged to update immediately. A popular WordPress theme, Motors, has a critical vulnerability leading to mass exploitation and unauthorized admin account creation. A new ransomware group, Dire Wolf, has emerged, targeting manufacturing and technology sectors with sophisticated double extortion tactics. Lastly, an Accenture report reveals a dangerous gap between executive confidence and actual AI security preparedness, suggesting most major companies are not ready to handle AI-driven threats. The episode emphasizes the urgent need for immediate action and heightened awareness in the cybersecurity landscape. 00:00 Introduction and Headlines 00:26 Cisco's Critical Security Flaws 03:06 WordPress Theme Vulnerability Exploitation 05:57 Dire Wolf Ransomware Group Emerges 08:27 Accenture Report on AI Security Overconfidence 11:00 Conclusion and Upcoming Schedule

In this episode of Cybersecurity Today, host Jim Love discusses various pressing issues and trends in the realm of cybersecurity. The episode starts with a revelation from Okta's 2025 Customer Identity Trends report, which highlights the conflicting digital behaviors of Canadians who, despite their fear of identity theft, often reuse passwords across multiple accounts. The show also dives into the sophisticated 'Lap Dogs' campaign led by Chinese hackers who have compromised home and small office devices worldwide. Jim further touches upon the surprising decline in cyber insurance premiums despite persisting threats, alongside a story about Jeff Bezos potentially spying through smart mattresses with security vulnerabilities. The episode underscores the critical need for better security measures and the potential business risks of weak authentication systems. 00:00 Introduction and Host Welcome 00:24 Canadian Identity Theft Concerns 03:02 Chinese Hacking Operation Exposed 06:02 Cyber Insurance Premiums Drop 09:39 Smart Mattress Security Nightmare 12:46 Conclusion and Contact Information

In this episode of Cybersecurity Today, hosted by David Shipley, key cybersecurity incidents and threats are discussed. The Canadian Center for Cybersecurity revealed a breach by Chinese state-sponsored hackers of a Canadian telco, with further threats expected to continue targeting Canadian critical infrastructure. The U.S. braces for potential Iranian cyber retaliation following recent attacks on Iranian nuclear sites, with officials urging increased security measures. Meanwhile, a significant vulnerability chain in Sitecore XB has been disclosed, affecting thousands of instances globally with potentially severe repercussions if not patched. Additionally, a sophisticated phishing campaign by Russian hackers bypassed Gmail MFA using app-specific passwords to target high-profile individuals. The episode emphasizes the importance of patching vulnerabilities, enforcing strong security practices, and staying vigilant against evolving cyber threats. 00:00 Introduction and Headlines 00:29 Chinese Hackers Breach Canadian Telco 03:46 US Braces for Iranian Cyber Retaliation 06:50 Sitecore XB Vulnerability Exposed 11:13 Russian Phishing Campaign Targets High-Profile Individuals 15:23 Conclusion and Final Thoughts

In this thought-provoking episode of Project Synapse, host Jim and his friends Marcel Gagne and John Pinard delve into the complexities of artificial intelligence, especially in the context of cybersecurity. The discussion kicks off by revisiting a blog post by Sam Altman about reaching a 'Gentle Singularity' in AI development, where the progress towards artificial superintelligence seems inevitable. They explore the idea of AI surpassing human intelligence and the implications of machines learning to write their own code. Throughout their engaging conversation, they emphasize the need to integrate security into AI systems from the start, rather than as an afterthought, citing recent vulnerabilities like Echo Leak and Microsoft Copilot's Zero Click vulnerability. Derailing into stories from the past and pondering philosophical questions, they wrap up by urging for a balanced approach where speed and thoughtful planning coexist, and to prioritize human welfare in technological advancements. This episode serves as a captivating blend of storytelling, technical insights, and ethical debates. 00:00 Introduction to Project Synapse 00:38 AI Vulnerabilities and Cybersecurity Concerns 02:22 The Gentle Singularity and AI Evolution 04:54 Human and AI Intelligence: A Comparison 07:05 AI Hallucinations and Emotional Intelligence 12:10 The Future of AI and Its Limitations 27:53 Security Flaws in AI Systems 30:20 The Need for Robust AI Security 32:22 The Ubiquity of AI in Modern Society 32:49 Understanding Neural Networks and Model Security 34:11 Challenges in AI Security and Human Behavior 36:45 The Evolution of Steganography and Prompt Injection 39:28 AI in Automation and Manufacturing 40:49 Crime as a Business and Security Implications 42:49 Balancing Speed and Security in AI Development 53:08 Corporate Responsibility and Ethical Considerations 57:31 The Future of AI and Human Values

In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365's enterprise security as foreign government hackers compromised the email accounts of journalists.  Additionally, a critical Linux flaw allows attackers to gain root access, making millions of systems vulnerable. Upgraded Godfather malware now creates virtual banking apps on infected Android devices to steal credentials in real-time. Moreover, a record-breaking data breach has exposed 16 billion logins, including Apple accounts, underscoring the fundamental flaws of password-based security. Finally, the episode addresses the systemic vulnerabilities of SMS-based two-factor authentication, advocating for a transition to app-based or hardware key solutions. 00:00 Introduction and Major Headlines 00:24 Microsoft 365 Security Breach 03:19 Critical Linux Vulnerabilities 05:59 Godfather Malware Evolution 08:18 Massive Data Breach Exposed 11:30 The Fall of SMS Two-Factor Authentication 13:21 Conclusion and Final Thoughts

In this episode, host Jim Love delves into recent cybersecurity threats and breakthroughs. The notorious Scattered Spider hacker group has shifted its focus to US insurance companies after attacking UK retailers earlier this year.  Microsoft's urgent security updates address active zero-day vulnerabilities that allow complete system control. Researchers uncovered an unprotected database exposing 184 million plaintext passwords linked to major platforms. Additionally, musician Beardly Jordan has developed 'Poison Deify,' a technology to protect his music from unauthorized AI scraping by embedding adversarial noise that disrupts machine learning algorithms. These developments highlight the evolving cybersecurity landscape, from coordinated cyber-attacks to innovative countermeasures against AI exploitation. For further details and to engage with the content, listeners are encouraged to visit technewsday.ca. 00:00 Introduction and Headlines 00:30 Scattered Spider Targets US Insurance Companies 02:26 Microsoft Urges Immediate Windows Updates  04:15 Massive Database Breach Exposes 184 Million Passwords 06:59 Musician Strikes Back at AI with Audio Poison Pill 10:07 Implications for Cybersecurity 10:37 Conclusion and Listener Engagement

Host David Shipley discusses several critical cybersecurity incidents and developments. WestJet, Canada's second-largest airline, faced a cybersecurity breach impacting its mobile app and internal systems. The airline is working with law enforcement to investigate while emphasizing the integrity of its flight operations. Additionally, the Anubis ransomware has evolved, now incorporating a file-wiping function to heighten victim pressure and destruction. The episode also covers a novel malware campaign exploiting Discord's vanity invite system to deliver remote access trojans and info stealers, highlighting platform trust vulnerabilities. Lastly, a significant multi-hour Google Cloud outage caused by an API quota misconfiguration affected numerous services globally, emphasizing the fragility of our interconnected digital infrastructure. The episode underscores the need for robust disaster recovery plans and cautious digital practices. 00:00 Introduction and Overview 00:30 WestJet Cybersecurity Incident 02:15 Anubis Ransomware Evolution 05:35 Discord Vanity Link Hijack 08:35 Google Cloud Outage 10:50 Conclusion and Final Thoughts

In this episode of 'Cybersecurity Today,' hosts John Pinard and Jim Love introduce their unique show, 'The Secret CISO,' which aims to dive deep into the lives and thoughts of CISOs and similar roles, beyond the usual interview-style format. The guest for this episode is Priya Mouli, CISO at Sheridan College, who shares her journey from engineering to cybersecurity, her global experiences, and how she manages her multifaceted role. Another guest, Mohsen Azari, Director of Cyber Defense in the financial sector, discusses his career path, which includes notable stints in entertainment and consulting. The conversation explores the pressing challenges in cybersecurity such as AI threats, burnout, and vendor tool overload, while emphasizing the importance of people skills and relationship-building within organizations. The episode wraps up with a promise of a follow-up discussion to delve deeper into the impact of AI on cybersecurity. 00:00 Introduction to the Secret CISO Show 00:51 Guest Introductions: Meet Priya Ali 01:59 Priya's Career Journey and Insights 06:44 Mohsen's Background and Career Path 13:12 John's Career and Cybersecurity Evolution 15:58 Current Cybersecurity Challenges 24:04 Adapting to New Roles in Cybersecurity 25:36 Managing People and Preventing Burnout 27:08 Servant Leadership and Team Dynamics 31:16 Strategic Hiring and Team Cohesion 33:42 Handling Stress and Personal Well-being 35:46 The Role of CISOs as Organizational Psychologists 40:54 Influencing Behavior and Building a Security Culture 44:28 Coping with the Barrage of Cybersecurity Tools 51:10 Conclusion and Future Discussions

  In this episode of Cybersecurity Today, host Jim Love discusses critical AI-related security issues, such as the Echo Leak vulnerability in Microsoft's AI, MCP's universal integration risks, and Meta's privacy violations in Europe. The episode also explores the dangers of internet-exposed cameras as discovered by BitSight, highlighting the urgent need for enhanced AI security and the legal repercussions for companies like Meta. 00:00 Introduction to AI Security Issues 00:24 Echo Leak: The Zero-Click AI Vulnerability 03:17 MCP Protocol: Universal Interface, Universal Vulnerabilities 07:01 Meta's Privacy Scandal: Local Host Tracking 10:11 The Peep Show: Internet-Connected Cameras Exposed 12:08 Conclusion and Call to Action

This episode of 'Cybersecurity Today' hosted by Jim Love covers various significant events in the cybersecurity landscape. OpenAI has banned multiple ChatGPT accounts linked to state-sponsored hackers from countries including China, Russia, North Korea, Iran, and the Philippines for developing malware, generating disinformation, and conducting scams. The episode also discusses the Dark Gaboon hacker group, which targets Russian companies with Lock Bit 3.0 ransomware. Furthermore, it highlights the controversial installation of a Starlink satellite internet terminal at the White House by Elon Musk's DOGE team, bypassing normal security measures, and a hardware enthusiast's successful use of ChatGPT to unlock an Android tablet's BIOS, raising questions about firmware security.  00:00 Open AI Bans ChatGPT Accounts used by state backed hackers 00:25 State-Sponsored Threat Actors Exploiting ChatGPT 04:36 Dark Gaboon: A New Hacker Group Targets Russia 07:11 Elon Musk's DOGE Team Installs Starlink at the White House 09:57 Unlocking an Android Tablet with ChatGPT 12:07 Conclusion and Contact Information

In this episode of Cybersecurity Today, host David Shipley delves into alarming developments in the cybersecurity landscape. The FBI has flagged a massive malware campaign named Bad Box 2.0, which has compromised 1 million consumer devices globally, turning them into residential proxies. Additionally, a new variant of the Mirai malware is targeting DVR devices via a critical vulnerability. Meanwhile, criminals are shifting their operations from bulletproof hosts to harder-to-trace VPNs and residential proxy networks. The episode also covers urgent calls for post-quantum cryptography readiness amidst looming quantum computing threats, alongside a significant policy shift in the US. President Trump has signed an executive order dismantling former President Biden's extensive cybersecurity initiatives, including efforts focused on AI and quantum cryptography. These regulatory rollbacks emphasize minimal federal oversight and leave long-term digital defense strategies in question. 00:00 Introduction and Major Headlines 00:32 FBI Warns About Bad Box 2.0 Botnet 02:47 DVR Botnet Threats and Exploits 03:59 Shift in Cybercriminal Tactics 05:33 Quantum Computing and Encryption Concerns 07:08 Trump's Cybersecurity Policy Overhaul 11:36 Conclusion and Final Thoughts

  In this episode of the 'Cybersecurity Today: The Month in Review' show, host Jim welcomes regular guests Laura Payne and David Shipley, along with newcomer Anton Levaja. The trio dives deep into various cybersecurity stories, analyzing trends, threats, and recent incidents. Topics include the intriguing Mystery Leaker exposing cyber criminals, the rise and sophistication of LockBit ransomware, the devastating ransomware attack on Coinbase and their bold counter-response, and the physical dangers faced by cryptocurrency entrepreneurs. The episode also highlights the innovation in law enforcement tactics and the pressing need for better cybersecurity awareness and education. They wrap up on a hopeful note, showcasing a young scout's inspiring project on cyber fraud prevention that gained support from the local police. 00:00 Introduction and Panelist Welcome 00:38 Show Format and Story Introduction 01:28 The Mystery Leaker Story 03:35 Law Enforcement and Cyber Crime 10:51 Coinbase Ransomware Incident 18:04 Physical Threats in the Crypto World 24:56 Operation Shamrock and Organized Crime 25:19 Breaking News: Kidnapping Mastermind Arrested 26:18 Quishing: The Clever Side of Cybercrime 27:11 QR Code Scams and Consumer Protection 31:08 Generational Differences in Cyber Threats 32:05 The Evolution of Cyber Attacks 38:40 Physical Crime in the Digital Age 41:10 Law Enforcement and Cybersecurity 43:55 Government Surveillance and Privacy Concerns 46:08 Feel-Good Story: Young Cybersecurity Advocate

  Cybersecurity Today, hosted by Jim Love, delves into the latest in cyber threats. Cyber criminals have breached 20 organizations via convincing fake IT support calls, targeting Salesforce data for extortion. Ukraine's intelligence claims a significant cyber operation against Russia's aircraft manufacturer, stealing sensitive data and highlighting Ukraine's growing cyber capabilities. Google Chrome will stop trusting certificates from two major authorities due to compliance failures, affecting millions of web visitors. Lastly, a $400 million hack on Coinbase was executed using phone cameras, reminding us of the potency of simple attacks. 00:00 Introduction and Headlines 00:23 Fake IT Support Scam Hits 20 Companies 03:52 Ukraine's Cyber Operation Against Russia 07:05 Google Chrome Stops Trusting Two Certificate Authorities 09:11 $400 Million Hack from a Phone Camera 11:24 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love discusses the latest urgent security updates and cyber threats. Google has released an emergency Chrome patch to fix a high-severity zero-day vulnerability, while Microsoft issued an emergency patch to resolve Windows 11 boot failures caused by their May 2025 update. A mysterious whistleblower known as 'Gang Exposed' is doxing major ransomware leaders, providing invaluable intelligence for global cybersecurity efforts. Additionally, 'Quishing,' or QR code phishing, is emerging as a new threat, with cybercriminals taping malicious QR codes on public lampposts and street corners. This trend bypasses traditional digital defenses, underscoring the need for public awareness and vigilance. The episode emphasizes the importance of immediate updates, informed vigilance, and proactive cybersecurity measures. 00:00 Emergency Chrome Patch and Windows 11 Boot Fix 00:28 Google's Zero-Day Vulnerability in Chrome 02:28 Microsoft's Emergency Update for Windows 11 05:35 Gang Exposed: Unmasking Ransomware Leaders 07:55 Quishing: The New QR Code Phishing Threat 10:22 Conclusion and Viewer Engagement

  In this episode of Cybersecurity Today, host David Shipley discusses several key cyber incidents affecting organizations and individuals. A new rust-based information stealer, known as Eddie Steeler, is being distributed via deceptive CAPTCHA verification pages. ConnectWise, a management software firm, has been breached in an attack suspected to be linked to a nation-state actor, affecting a limited number of its ScreenConnect customers. Additionally, threat actors are now abusing Google App Script to bypass phishing defenses, exploiting the trusted Google brand to trick users. Lastly, a significant data breach at Nova Scotia Power has exposed the social insurance numbers of up to 140,000 customers, making it one of the largest utility data breaches in North America. 00:00 Introduction to Today's Cybersecurity News 00:31 Eddie Steeler Malware Campaign 02:32 ConnectWise Cyber Attack 04:49 Google App Script Phishing Attacks 06:50 Nova Scotia Power Data Breach 08:02 Conclusion and Listener Engagement

  In this episode, the host delves into the alarming rise of 'pig butchering' scams, a form of fraud that preys on vulnerable and trusting individuals, often leaving them financially and emotionally devastated. These scams are orchestrated by organized crime syndicates that use brutal methods, including violence and human trafficking, to sustain their operations. Erin West, a former prosecutor, discusses her transition to founding Operation Shamrock, a nonprofit focused on combatting these scams through education, law enforcement support, and victim assistance. West explains the severity of the issue, sharing insights into the terrifying environments where these scams are executed and the challenges victims face in reporting and recovering their losses. She emphasizes the need for public awareness, empathy, and collaborative efforts to tackle the global crisis. The episode concludes with actionable steps for cybersecurity professionals and the public to join the fight against this pervasive fraud. 00:00 Introduction to Cybersecurity and Pig Butchering Scams 01:42 The Human Impact of Scams 03:33 Operation Shamrock: Fighting Back 04:04 Interview with Erin West: From Prosecutor to Advocate 06:24 Understanding the Scale and Evolution of Scams 08:33 The Role of Technology in Modern Scams 12:17 Operation Shamrock's Mission and Strategies 15:13 Empowering Victims and Law Enforcement 29:28 Raising Awareness and Taking Action 37:50 Conclusion and Call to Action

  In this episode of Cybersecurity Today, host Jim Love covers critical updates in the world of cyber threats. The FBI warns of hijackers posing as IT support to infiltrate law firms, a Wisconsin city reveals a ransomware attack affecting 67,000 residents, and a Texas city refuses to pay a ransom, risking the public release of sensitive data. The episode also highlights the 3-2-1-1-0 backup strategy as a defense against ransomware and reports on sophisticated scams targeting summer travelers. Additionally, Jim previews tomorrow's discussion on scammers targeting vulnerable groups. 00:00 Introduction and Headlines 00:29 FBI Warns of IT Support Scams Targeting Law Firms 03:18 Ransomware Attack on Sheboygan, Wisconsin 05:24 Texas City Refuses Ransom Payment 07:05 Understanding the 3-2-1-1-0 Backup Strategy 09:37 Summer Travel Scams on the Rise 12:55 Conclusion and Upcoming Topics

  In this episode of Cybersecurity Today, host Jim Love explores the intricacies behind phishing emails that cleverly spoof Microsoft addresses, making many fall for scams despite appearing legitimate. Love emphasizes the need for a stringent 'zero trust' approach to counter these advanced tactics. Additionally, the episode delves into the activities of the hacking group Hazy Hawk, which exploits misconfigured DNS records to hijack trusted domains and propagate malware. Organizations are warned about the importance of regular DNS audits to prevent such attacks. The episode also covers the alarming wave of departures at the Cybersecurity and Infrastructure Security Agency (CISA), raising concerns over the agency's effectiveness amid increasing cyber threats. In another segment, Love discusses a sophisticated fraud operation out of Hanoi, where perpetrators manipulated X's Creator Revenue Sharing Program to siphon funds through fraudulent engagement metrics. The need for built-in fraud prevention mechanisms in digital reward systems is stressed. The episode concludes with a call for listener feedback and support. 00:00 Introduction and Overview 00:27 Phishing Scams: Authentic-Looking Emails 02:58 DNS Misconfigurations and Hazy Hawk 05:36 CISA Leadership Exodus 08:16 X's Creator Revenue Sharing Fraud 10:56 Conclusion and Contact Information

In this episode of Cybersecurity Today, host David Shipley dives into several alarming cyber incidents. The show starts with Nova Scotia Power's confirmation of a ransomware attack that forced the shutdown of customer-facing systems and led to data being published on the dark web. The company decided not to pay the ransom, adhering to law enforcement guidance and sanctions laws. A shocking case in New York follows, involving a crypto investor charged with kidnapping and torturing a man to obtain his Bitcoin wallet password. The next segment highlights a record-setting DDoS botnet, Aisuru, which performed a test attack that peaked at 6.3 terabits per second, posing a disproportionate threat to online retailers. The final story covers Microsoft's controversial AI feature, Recall, which takes screenshots every three seconds and raises significant privacy concerns. The episode underscores the growing need for robust cybersecurity measures and effective legislation. 00:00 Introduction and Headlines 00:30 Nova Scotia Power Ransomware Attack 02:57 Ransomware Trends and Statistics 03:51 Operation End Game: A Global Win Against Ransomware 04:25 Crypto Investor's Shocking Crime 05:57 Record-Breaking DDoS Botnet 07:36 Microsoft's Controversial AI Feature Recall 09:10 Conclusion and Sign-Off

LINKS:  https://distrust.co/software.html - Software page with OSS software Linux distro: https://codeberg.org/stagex/stagex Milksad vulnerability:  https://milksad.info/ In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with Anton Livaja  from Distrust. Anton shares his unique career transition from obtaining a BA in English literature at York University to delving into cybersecurity and tech. Anton recounts how he initially entered the tech field through a startup and quickly embraced programming and automation. The conversation covers Anton's interest in Bitcoin and blockchain technology, including the importance of stablecoins, and the frequent hacking incidents in the crypto space. Anton explains the intricacies of blockchain security, emphasizing the critical role of managing cryptographic keys. The dialogue also explores advanced security methodologies like full source bootstrapping and deterministic builds, and Anton elaborates on the significance of creating open-source software for enhanced security. As the discussion concludes, Anton highlights the need for continual curiosity, teamwork, and purpose-driven work in the cybersecurity field. 00:00 Introduction to Cybersecurity Today 00:17 Anton's Journey from Literature to Cybersecurity 01:08 First Foray into Programming and Automation 02:35 Blockchain and Its Real-World Applications 04:36 Security Challenges in Blockchain and Cryptocurrency 13:21 The Rise of Insider Threats and Social Engineering 16:40 Advanced Security Measures and Supply Chain Attacks 22:36 The Importance of Deterministic Builds and Full Source Bootstrapping 29:35 Making Open Source Software Accessible 31:29 Blockchain and Supply Chain Traceability 33:34 Ensuring Software Integrity and Security 38:20 The Role of AI in Code Review 40:37 The Milksad Incident 46:33 Introducing Distrust and Its Mission 52:23 Final Thoughts and Encouragement

  In this episode of Cybersecurity today, host Jim Love reports on various critical cyber threats and data breaches. A newly discovered flaw in Windows Server 2025 allows attackers to seize full domain control, referred to by researchers as the 'bad successor' exploit. Government messaging app Telem Message, a customized version of Signal, was hacked, exposing sensitive communications of over 60 officials, leading to its shutdown. Microsoft disrupted the global Luma Stealer malware operation, which had infected nearly 400,000 computers. Coinbase suffered a major data breach affecting over 69,000 customers due to an insider compromise. Additionally, hackers distributed a malicious version of the KeyPass password manager, embedding it with malware to steal data and deploy ransomware. Jim Love encourages listeners to stay vigilant and download software only from official sources. He teases an upcoming interview with a knowledgeable guest working on open-source solutions to cybersecurity issues. 00:00 Introduction to Cybersecurity News 00:36 Windows Server 2025 Vulnerability 03:09 Telem Messages Hack Scandal 05:37 Microsoft Disrupts Luma Malware 07:29 Coinbase Breach Details 08:54 Malicious Password Manager Alert 10:55 Conclusion and Upcoming Interview

In this episode of 'Cybersecurity Today,' host Jim Love discusses several urgent cybersecurity topics. Microsoft has released an emergency patch after a recent Windows update caused BitLocker recovery mode on certain systems, locking users out without warning. The issue stems from the May security update affecting systems using Intel, vPro chips, and TXT. Tech enthusiasts may manually download the patch through the Microsoft Update catalog, while Microsoft urges users to secure their BitLocker recovery keys. The episode also highlights day one of Pwn2Own Berlin 2025, where hackers successfully breached Windows 11, Red Hat Linux, and Oracle Virtual Box, earning a combined $260,000 in prize money. Additionally, US experts discovered hidden communication hardware in Chinese-made solar equipment, raising concerns about remote access risks to the power grid. The FBI warns of a new wave of AI-generated phishing attacks that bypass traditional security measures. Finally, the Consumer Financial Protection Bureau has quietly backed down from regulating data brokers, sparking controversy among privacy advocates. Jim Love offers insights and reminds listeners of the importance of cybersecurity. 00:00 Introduction and Headlines 00:27 Microsoft's Urgent Patch for BitLocker Issue 02:26 Pwn2Own Berlin 2025: Major Security Breaches 04:11 Hidden Devices in Chinese Solar Equipment 06:05 FBI Warns of New Linkless Phishing Attacks 07:58 CFPB Withdraws Rule on Data Brokers 09:33 Conclusion and Contact Information

In this episode of 'Cybersecurity Today', host Jim Love is joined by panelists Laura Payne from White Tuque and David Shipley from Beauceron Security to review significant cybersecurity events over the past month. The discussion covers various impactful stories such as the disappearance of a professor, a data breach at Hertz, and government officials using a commercial app during a conflict. They dive deep into the ransomware attack on PowerSchool and its implications for K-12 schools in North America. The conversation also highlights the vulnerability of critical infrastructures, including the food supply chain and the importance of robust cybersecurity measures. Finally, the panel touches upon the progression towards post-quantum encryption by major tech companies like AWS and Google, signaling advancements in securing future technologies. 00:00 Introduction and Panelist Welcome 00:20 Major Cybersecurity Incidents of the Month 02:04 PowerSchool Data Breach Analysis 04:11 Ransomware and Double Extortion Tactics 12:20 4chan Security Breach and Its Implications 16:31 Hertz Data Loss and Retail Cybersecurity 17:44 Critical Infrastructure and Cyber Regulation 27:03 The Importance of CVE Database 27:54 Debate on Vulnerability Scoring 30:17 Open Source Software and Geopolitical Risks 31:43 The Evolution and Challenges of Open Source 37:17 The Need for Software Regulation 46:50 Signal Gate and Compliance Issues 54:08 Post-Quantum Cryptography 56:10 Conclusion and Final Thoughts

In this episode, Jim Love discusses significant cybersecurity events including Coinbase's refusal to pay a $20 million ransom after a data breach, Broadcom's patch for VMware tools vulnerabilities, and Telegram's shutdown of two illegal marketplaces handling $35 billion in transactions. The episode also covers the Co-op's preemptive measures to thwart a ransomware attack and the broader implications for cybersecurity in retail. Experts urge organizations to be prepared with strategic playbooks for potential cyber-attacks. 00:00 Introduction and Headlines 00:26 Telegram's $35 Billion Black Market Shutdown 01:59 Broadcom Patches VMware Tools Vulnerability 03:20 Coinbase Ransom Refusal and Data Breach 04:57 Co-op's Ransomware Defense Strategy 07:36 Conclusion and Upcoming Episodes