Cyber Security Today

In this thought-provoking episode of Project Synapse, host Jim and his friends Marcel Gagne and John Pinard delve into the complexities of artificial intelligence, especially in the context of cybersecurity. The discussion kicks off by revisiting a blog post by Sam Altman about reaching a 'Gentle Singularity' in AI development, where the progress towards artificial superintelligence seems inevitable. They explore the idea of AI surpassing human intelligence and the implications of machines learning to write their own code. Throughout their engaging conversation, they emphasize the need to integrate security into AI systems from the start, rather than as an afterthought, citing recent vulnerabilities like Echo Leak and Microsoft Copilot's Zero Click vulnerability. Derailing into stories from the past and pondering philosophical questions, they wrap up by urging for a balanced approach where speed and thoughtful planning coexist, and to prioritize human welfare in technological advancements. This episode serves as a captivating blend of storytelling, technical insights, and ethical debates. 00:00 Introduction to Project Synapse 00:38 AI Vulnerabilities and Cybersecurity Concerns 02:22 The Gentle Singularity and AI Evolution 04:54 Human and AI Intelligence: A Comparison 07:05 AI Hallucinations and Emotional Intelligence 12:10 The Future of AI and Its Limitations 27:53 Security Flaws in AI Systems 30:20 The Need for Robust AI Security 32:22 The Ubiquity of AI in Modern Society 32:49 Understanding Neural Networks and Model Security 34:11 Challenges in AI Security and Human Behavior 36:45 The Evolution of Steganography and Prompt Injection 39:28 AI in Automation and Manufacturing 40:49 Crime as a Business and Security Implications 42:49 Balancing Speed and Security in AI Development 53:08 Corporate Responsibility and Ethical Considerations 57:31 The Future of AI and Human Values

In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365's enterprise security as foreign government hackers compromised the email accounts of journalists.  Additionally, a critical Linux flaw allows attackers to gain root access, making millions of systems vulnerable. Upgraded Godfather malware now creates virtual banking apps on infected Android devices to steal credentials in real-time. Moreover, a record-breaking data breach has exposed 16 billion logins, including Apple accounts, underscoring the fundamental flaws of password-based security. Finally, the episode addresses the systemic vulnerabilities of SMS-based two-factor authentication, advocating for a transition to app-based or hardware key solutions. 00:00 Introduction and Major Headlines 00:24 Microsoft 365 Security Breach 03:19 Critical Linux Vulnerabilities 05:59 Godfather Malware Evolution 08:18 Massive Data Breach Exposed 11:30 The Fall of SMS Two-Factor Authentication 13:21 Conclusion and Final Thoughts

In this episode, host Jim Love delves into recent cybersecurity threats and breakthroughs. The notorious Scattered Spider hacker group has shifted its focus to US insurance companies after attacking UK retailers earlier this year.  Microsoft's urgent security updates address active zero-day vulnerabilities that allow complete system control. Researchers uncovered an unprotected database exposing 184 million plaintext passwords linked to major platforms. Additionally, musician Beardly Jordan has developed 'Poison Deify,' a technology to protect his music from unauthorized AI scraping by embedding adversarial noise that disrupts machine learning algorithms. These developments highlight the evolving cybersecurity landscape, from coordinated cyber-attacks to innovative countermeasures against AI exploitation. For further details and to engage with the content, listeners are encouraged to visit technewsday.ca. 00:00 Introduction and Headlines 00:30 Scattered Spider Targets US Insurance Companies 02:26 Microsoft Urges Immediate Windows Updates  04:15 Massive Database Breach Exposes 184 Million Passwords 06:59 Musician Strikes Back at AI with Audio Poison Pill 10:07 Implications for Cybersecurity 10:37 Conclusion and Listener Engagement

Host David Shipley discusses several critical cybersecurity incidents and developments. WestJet, Canada's second-largest airline, faced a cybersecurity breach impacting its mobile app and internal systems. The airline is working with law enforcement to investigate while emphasizing the integrity of its flight operations. Additionally, the Anubis ransomware has evolved, now incorporating a file-wiping function to heighten victim pressure and destruction. The episode also covers a novel malware campaign exploiting Discord's vanity invite system to deliver remote access trojans and info stealers, highlighting platform trust vulnerabilities. Lastly, a significant multi-hour Google Cloud outage caused by an API quota misconfiguration affected numerous services globally, emphasizing the fragility of our interconnected digital infrastructure. The episode underscores the need for robust disaster recovery plans and cautious digital practices. 00:00 Introduction and Overview 00:30 WestJet Cybersecurity Incident 02:15 Anubis Ransomware Evolution 05:35 Discord Vanity Link Hijack 08:35 Google Cloud Outage 10:50 Conclusion and Final Thoughts

In this episode of 'Cybersecurity Today,' hosts John Pinard and Jim Love introduce their unique show, 'The Secret CISO,' which aims to dive deep into the lives and thoughts of CISOs and similar roles, beyond the usual interview-style format. The guest for this episode is Priya Mouli, CISO at Sheridan College, who shares her journey from engineering to cybersecurity, her global experiences, and how she manages her multifaceted role. Another guest, Mohsen Azari, Director of Cyber Defense in the financial sector, discusses his career path, which includes notable stints in entertainment and consulting. The conversation explores the pressing challenges in cybersecurity such as AI threats, burnout, and vendor tool overload, while emphasizing the importance of people skills and relationship-building within organizations. The episode wraps up with a promise of a follow-up discussion to delve deeper into the impact of AI on cybersecurity. 00:00 Introduction to the Secret CISO Show 00:51 Guest Introductions: Meet Priya Ali 01:59 Priya's Career Journey and Insights 06:44 Mohsen's Background and Career Path 13:12 John's Career and Cybersecurity Evolution 15:58 Current Cybersecurity Challenges 24:04 Adapting to New Roles in Cybersecurity 25:36 Managing People and Preventing Burnout 27:08 Servant Leadership and Team Dynamics 31:16 Strategic Hiring and Team Cohesion 33:42 Handling Stress and Personal Well-being 35:46 The Role of CISOs as Organizational Psychologists 40:54 Influencing Behavior and Building a Security Culture 44:28 Coping with the Barrage of Cybersecurity Tools 51:10 Conclusion and Future Discussions

  In this episode of Cybersecurity Today, host Jim Love discusses critical AI-related security issues, such as the Echo Leak vulnerability in Microsoft's AI, MCP's universal integration risks, and Meta's privacy violations in Europe. The episode also explores the dangers of internet-exposed cameras as discovered by BitSight, highlighting the urgent need for enhanced AI security and the legal repercussions for companies like Meta. 00:00 Introduction to AI Security Issues 00:24 Echo Leak: The Zero-Click AI Vulnerability 03:17 MCP Protocol: Universal Interface, Universal Vulnerabilities 07:01 Meta's Privacy Scandal: Local Host Tracking 10:11 The Peep Show: Internet-Connected Cameras Exposed 12:08 Conclusion and Call to Action

This episode of 'Cybersecurity Today' hosted by Jim Love covers various significant events in the cybersecurity landscape. OpenAI has banned multiple ChatGPT accounts linked to state-sponsored hackers from countries including China, Russia, North Korea, Iran, and the Philippines for developing malware, generating disinformation, and conducting scams. The episode also discusses the Dark Gaboon hacker group, which targets Russian companies with Lock Bit 3.0 ransomware. Furthermore, it highlights the controversial installation of a Starlink satellite internet terminal at the White House by Elon Musk's DOGE team, bypassing normal security measures, and a hardware enthusiast's successful use of ChatGPT to unlock an Android tablet's BIOS, raising questions about firmware security.  00:00 Open AI Bans ChatGPT Accounts used by state backed hackers 00:25 State-Sponsored Threat Actors Exploiting ChatGPT 04:36 Dark Gaboon: A New Hacker Group Targets Russia 07:11 Elon Musk's DOGE Team Installs Starlink at the White House 09:57 Unlocking an Android Tablet with ChatGPT 12:07 Conclusion and Contact Information

In this episode of Cybersecurity Today, host David Shipley delves into alarming developments in the cybersecurity landscape. The FBI has flagged a massive malware campaign named Bad Box 2.0, which has compromised 1 million consumer devices globally, turning them into residential proxies. Additionally, a new variant of the Mirai malware is targeting DVR devices via a critical vulnerability. Meanwhile, criminals are shifting their operations from bulletproof hosts to harder-to-trace VPNs and residential proxy networks. The episode also covers urgent calls for post-quantum cryptography readiness amidst looming quantum computing threats, alongside a significant policy shift in the US. President Trump has signed an executive order dismantling former President Biden's extensive cybersecurity initiatives, including efforts focused on AI and quantum cryptography. These regulatory rollbacks emphasize minimal federal oversight and leave long-term digital defense strategies in question. 00:00 Introduction and Major Headlines 00:32 FBI Warns About Bad Box 2.0 Botnet 02:47 DVR Botnet Threats and Exploits 03:59 Shift in Cybercriminal Tactics 05:33 Quantum Computing and Encryption Concerns 07:08 Trump's Cybersecurity Policy Overhaul 11:36 Conclusion and Final Thoughts

  In this episode of the 'Cybersecurity Today: The Month in Review' show, host Jim welcomes regular guests Laura Payne and David Shipley, along with newcomer Anton Levaja. The trio dives deep into various cybersecurity stories, analyzing trends, threats, and recent incidents. Topics include the intriguing Mystery Leaker exposing cyber criminals, the rise and sophistication of LockBit ransomware, the devastating ransomware attack on Coinbase and their bold counter-response, and the physical dangers faced by cryptocurrency entrepreneurs. The episode also highlights the innovation in law enforcement tactics and the pressing need for better cybersecurity awareness and education. They wrap up on a hopeful note, showcasing a young scout's inspiring project on cyber fraud prevention that gained support from the local police. 00:00 Introduction and Panelist Welcome 00:38 Show Format and Story Introduction 01:28 The Mystery Leaker Story 03:35 Law Enforcement and Cyber Crime 10:51 Coinbase Ransomware Incident 18:04 Physical Threats in the Crypto World 24:56 Operation Shamrock and Organized Crime 25:19 Breaking News: Kidnapping Mastermind Arrested 26:18 Quishing: The Clever Side of Cybercrime 27:11 QR Code Scams and Consumer Protection 31:08 Generational Differences in Cyber Threats 32:05 The Evolution of Cyber Attacks 38:40 Physical Crime in the Digital Age 41:10 Law Enforcement and Cybersecurity 43:55 Government Surveillance and Privacy Concerns 46:08 Feel-Good Story: Young Cybersecurity Advocate

  Cybersecurity Today, hosted by Jim Love, delves into the latest in cyber threats. Cyber criminals have breached 20 organizations via convincing fake IT support calls, targeting Salesforce data for extortion. Ukraine's intelligence claims a significant cyber operation against Russia's aircraft manufacturer, stealing sensitive data and highlighting Ukraine's growing cyber capabilities. Google Chrome will stop trusting certificates from two major authorities due to compliance failures, affecting millions of web visitors. Lastly, a $400 million hack on Coinbase was executed using phone cameras, reminding us of the potency of simple attacks. 00:00 Introduction and Headlines 00:23 Fake IT Support Scam Hits 20 Companies 03:52 Ukraine's Cyber Operation Against Russia 07:05 Google Chrome Stops Trusting Two Certificate Authorities 09:11 $400 Million Hack from a Phone Camera 11:24 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love discusses the latest urgent security updates and cyber threats. Google has released an emergency Chrome patch to fix a high-severity zero-day vulnerability, while Microsoft issued an emergency patch to resolve Windows 11 boot failures caused by their May 2025 update. A mysterious whistleblower known as 'Gang Exposed' is doxing major ransomware leaders, providing invaluable intelligence for global cybersecurity efforts. Additionally, 'Quishing,' or QR code phishing, is emerging as a new threat, with cybercriminals taping malicious QR codes on public lampposts and street corners. This trend bypasses traditional digital defenses, underscoring the need for public awareness and vigilance. The episode emphasizes the importance of immediate updates, informed vigilance, and proactive cybersecurity measures. 00:00 Emergency Chrome Patch and Windows 11 Boot Fix 00:28 Google's Zero-Day Vulnerability in Chrome 02:28 Microsoft's Emergency Update for Windows 11 05:35 Gang Exposed: Unmasking Ransomware Leaders 07:55 Quishing: The New QR Code Phishing Threat 10:22 Conclusion and Viewer Engagement

  In this episode of Cybersecurity Today, host David Shipley discusses several key cyber incidents affecting organizations and individuals. A new rust-based information stealer, known as Eddie Steeler, is being distributed via deceptive CAPTCHA verification pages. ConnectWise, a management software firm, has been breached in an attack suspected to be linked to a nation-state actor, affecting a limited number of its ScreenConnect customers. Additionally, threat actors are now abusing Google App Script to bypass phishing defenses, exploiting the trusted Google brand to trick users. Lastly, a significant data breach at Nova Scotia Power has exposed the social insurance numbers of up to 140,000 customers, making it one of the largest utility data breaches in North America. 00:00 Introduction to Today's Cybersecurity News 00:31 Eddie Steeler Malware Campaign 02:32 ConnectWise Cyber Attack 04:49 Google App Script Phishing Attacks 06:50 Nova Scotia Power Data Breach 08:02 Conclusion and Listener Engagement

  In this episode, the host delves into the alarming rise of 'pig butchering' scams, a form of fraud that preys on vulnerable and trusting individuals, often leaving them financially and emotionally devastated. These scams are orchestrated by organized crime syndicates that use brutal methods, including violence and human trafficking, to sustain their operations. Erin West, a former prosecutor, discusses her transition to founding Operation Shamrock, a nonprofit focused on combatting these scams through education, law enforcement support, and victim assistance. West explains the severity of the issue, sharing insights into the terrifying environments where these scams are executed and the challenges victims face in reporting and recovering their losses. She emphasizes the need for public awareness, empathy, and collaborative efforts to tackle the global crisis. The episode concludes with actionable steps for cybersecurity professionals and the public to join the fight against this pervasive fraud. 00:00 Introduction to Cybersecurity and Pig Butchering Scams 01:42 The Human Impact of Scams 03:33 Operation Shamrock: Fighting Back 04:04 Interview with Erin West: From Prosecutor to Advocate 06:24 Understanding the Scale and Evolution of Scams 08:33 The Role of Technology in Modern Scams 12:17 Operation Shamrock's Mission and Strategies 15:13 Empowering Victims and Law Enforcement 29:28 Raising Awareness and Taking Action 37:50 Conclusion and Call to Action

  In this episode of Cybersecurity Today, host Jim Love covers critical updates in the world of cyber threats. The FBI warns of hijackers posing as IT support to infiltrate law firms, a Wisconsin city reveals a ransomware attack affecting 67,000 residents, and a Texas city refuses to pay a ransom, risking the public release of sensitive data. The episode also highlights the 3-2-1-1-0 backup strategy as a defense against ransomware and reports on sophisticated scams targeting summer travelers. Additionally, Jim previews tomorrow's discussion on scammers targeting vulnerable groups. 00:00 Introduction and Headlines 00:29 FBI Warns of IT Support Scams Targeting Law Firms 03:18 Ransomware Attack on Sheboygan, Wisconsin 05:24 Texas City Refuses Ransom Payment 07:05 Understanding the 3-2-1-1-0 Backup Strategy 09:37 Summer Travel Scams on the Rise 12:55 Conclusion and Upcoming Topics

  In this episode of Cybersecurity Today, host Jim Love explores the intricacies behind phishing emails that cleverly spoof Microsoft addresses, making many fall for scams despite appearing legitimate. Love emphasizes the need for a stringent 'zero trust' approach to counter these advanced tactics. Additionally, the episode delves into the activities of the hacking group Hazy Hawk, which exploits misconfigured DNS records to hijack trusted domains and propagate malware. Organizations are warned about the importance of regular DNS audits to prevent such attacks. The episode also covers the alarming wave of departures at the Cybersecurity and Infrastructure Security Agency (CISA), raising concerns over the agency's effectiveness amid increasing cyber threats. In another segment, Love discusses a sophisticated fraud operation out of Hanoi, where perpetrators manipulated X's Creator Revenue Sharing Program to siphon funds through fraudulent engagement metrics. The need for built-in fraud prevention mechanisms in digital reward systems is stressed. The episode concludes with a call for listener feedback and support. 00:00 Introduction and Overview 00:27 Phishing Scams: Authentic-Looking Emails 02:58 DNS Misconfigurations and Hazy Hawk 05:36 CISA Leadership Exodus 08:16 X's Creator Revenue Sharing Fraud 10:56 Conclusion and Contact Information

In this episode of Cybersecurity Today, host David Shipley dives into several alarming cyber incidents. The show starts with Nova Scotia Power's confirmation of a ransomware attack that forced the shutdown of customer-facing systems and led to data being published on the dark web. The company decided not to pay the ransom, adhering to law enforcement guidance and sanctions laws. A shocking case in New York follows, involving a crypto investor charged with kidnapping and torturing a man to obtain his Bitcoin wallet password. The next segment highlights a record-setting DDoS botnet, Aisuru, which performed a test attack that peaked at 6.3 terabits per second, posing a disproportionate threat to online retailers. The final story covers Microsoft's controversial AI feature, Recall, which takes screenshots every three seconds and raises significant privacy concerns. The episode underscores the growing need for robust cybersecurity measures and effective legislation. 00:00 Introduction and Headlines 00:30 Nova Scotia Power Ransomware Attack 02:57 Ransomware Trends and Statistics 03:51 Operation End Game: A Global Win Against Ransomware 04:25 Crypto Investor's Shocking Crime 05:57 Record-Breaking DDoS Botnet 07:36 Microsoft's Controversial AI Feature Recall 09:10 Conclusion and Sign-Off

LINKS:  https://distrust.co/software.html - Software page with OSS software Linux distro: https://codeberg.org/stagex/stagex Milksad vulnerability:  https://milksad.info/ In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with Anton Livaja  from Distrust. Anton shares his unique career transition from obtaining a BA in English literature at York University to delving into cybersecurity and tech. Anton recounts how he initially entered the tech field through a startup and quickly embraced programming and automation. The conversation covers Anton's interest in Bitcoin and blockchain technology, including the importance of stablecoins, and the frequent hacking incidents in the crypto space. Anton explains the intricacies of blockchain security, emphasizing the critical role of managing cryptographic keys. The dialogue also explores advanced security methodologies like full source bootstrapping and deterministic builds, and Anton elaborates on the significance of creating open-source software for enhanced security. As the discussion concludes, Anton highlights the need for continual curiosity, teamwork, and purpose-driven work in the cybersecurity field. 00:00 Introduction to Cybersecurity Today 00:17 Anton's Journey from Literature to Cybersecurity 01:08 First Foray into Programming and Automation 02:35 Blockchain and Its Real-World Applications 04:36 Security Challenges in Blockchain and Cryptocurrency 13:21 The Rise of Insider Threats and Social Engineering 16:40 Advanced Security Measures and Supply Chain Attacks 22:36 The Importance of Deterministic Builds and Full Source Bootstrapping 29:35 Making Open Source Software Accessible 31:29 Blockchain and Supply Chain Traceability 33:34 Ensuring Software Integrity and Security 38:20 The Role of AI in Code Review 40:37 The Milksad Incident 46:33 Introducing Distrust and Its Mission 52:23 Final Thoughts and Encouragement

  In this episode of Cybersecurity today, host Jim Love reports on various critical cyber threats and data breaches. A newly discovered flaw in Windows Server 2025 allows attackers to seize full domain control, referred to by researchers as the 'bad successor' exploit. Government messaging app Telem Message, a customized version of Signal, was hacked, exposing sensitive communications of over 60 officials, leading to its shutdown. Microsoft disrupted the global Luma Stealer malware operation, which had infected nearly 400,000 computers. Coinbase suffered a major data breach affecting over 69,000 customers due to an insider compromise. Additionally, hackers distributed a malicious version of the KeyPass password manager, embedding it with malware to steal data and deploy ransomware. Jim Love encourages listeners to stay vigilant and download software only from official sources. He teases an upcoming interview with a knowledgeable guest working on open-source solutions to cybersecurity issues. 00:00 Introduction to Cybersecurity News 00:36 Windows Server 2025 Vulnerability 03:09 Telem Messages Hack Scandal 05:37 Microsoft Disrupts Luma Malware 07:29 Coinbase Breach Details 08:54 Malicious Password Manager Alert 10:55 Conclusion and Upcoming Interview

In this episode of 'Cybersecurity Today,' host Jim Love discusses several urgent cybersecurity topics. Microsoft has released an emergency patch after a recent Windows update caused BitLocker recovery mode on certain systems, locking users out without warning. The issue stems from the May security update affecting systems using Intel, vPro chips, and TXT. Tech enthusiasts may manually download the patch through the Microsoft Update catalog, while Microsoft urges users to secure their BitLocker recovery keys. The episode also highlights day one of Pwn2Own Berlin 2025, where hackers successfully breached Windows 11, Red Hat Linux, and Oracle Virtual Box, earning a combined $260,000 in prize money. Additionally, US experts discovered hidden communication hardware in Chinese-made solar equipment, raising concerns about remote access risks to the power grid. The FBI warns of a new wave of AI-generated phishing attacks that bypass traditional security measures. Finally, the Consumer Financial Protection Bureau has quietly backed down from regulating data brokers, sparking controversy among privacy advocates. Jim Love offers insights and reminds listeners of the importance of cybersecurity. 00:00 Introduction and Headlines 00:27 Microsoft's Urgent Patch for BitLocker Issue 02:26 Pwn2Own Berlin 2025: Major Security Breaches 04:11 Hidden Devices in Chinese Solar Equipment 06:05 FBI Warns of New Linkless Phishing Attacks 07:58 CFPB Withdraws Rule on Data Brokers 09:33 Conclusion and Contact Information

In this episode of 'Cybersecurity Today', host Jim Love is joined by panelists Laura Payne from White Tuque and David Shipley from Beauceron Security to review significant cybersecurity events over the past month. The discussion covers various impactful stories such as the disappearance of a professor, a data breach at Hertz, and government officials using a commercial app during a conflict. They dive deep into the ransomware attack on PowerSchool and its implications for K-12 schools in North America. The conversation also highlights the vulnerability of critical infrastructures, including the food supply chain and the importance of robust cybersecurity measures. Finally, the panel touches upon the progression towards post-quantum encryption by major tech companies like AWS and Google, signaling advancements in securing future technologies. 00:00 Introduction and Panelist Welcome 00:20 Major Cybersecurity Incidents of the Month 02:04 PowerSchool Data Breach Analysis 04:11 Ransomware and Double Extortion Tactics 12:20 4chan Security Breach and Its Implications 16:31 Hertz Data Loss and Retail Cybersecurity 17:44 Critical Infrastructure and Cyber Regulation 27:03 The Importance of CVE Database 27:54 Debate on Vulnerability Scoring 30:17 Open Source Software and Geopolitical Risks 31:43 The Evolution and Challenges of Open Source 37:17 The Need for Software Regulation 46:50 Signal Gate and Compliance Issues 54:08 Post-Quantum Cryptography 56:10 Conclusion and Final Thoughts

In this episode, Jim Love discusses significant cybersecurity events including Coinbase's refusal to pay a $20 million ransom after a data breach, Broadcom's patch for VMware tools vulnerabilities, and Telegram's shutdown of two illegal marketplaces handling $35 billion in transactions. The episode also covers the Co-op's preemptive measures to thwart a ransomware attack and the broader implications for cybersecurity in retail. Experts urge organizations to be prepared with strategic playbooks for potential cyber-attacks. 00:00 Introduction and Headlines 00:26 Telegram's $35 Billion Black Market Shutdown 01:59 Broadcom Patches VMware Tools Vulnerability 03:20 Coinbase Ransom Refusal and Data Breach 04:57 Co-op's Ransomware Defense Strategy 07:36 Conclusion and Upcoming Episodes

In this episode of Cybersecurity Today, host Jim Love covers recent cybersecurity incidents including a data breach at Mark's and Spencer, the FBI's alert on outdated routers being exploited, and critical Fortinet vulnerabilities actively used in attacks. Additionally, the episode discusses a researcher's proof of concept showing how ransomware can be embedded directly into a CPU, bypassing traditional security measures. Listeners are urged to stay vigilant and implement necessary security patches and updates. 00:00 Breaking News: Marks and Spencer Data Breach 01:37 FBI Alert: Outdated Routers at Risk 03:43 Fortinet Zero-Day Vulnerability 05:46 Ransomware Embedded in CPUs: A New Threat 08:13 Conclusion and Contact Information

In this episode of Cybersecurity Today, host David Shipley covers a range of cyber threats including the Venom Spider malware targeting HR professionals, the emergence of the Noodlofile info stealer disguised as an AI video generator, and misinformation campaigns amid the India-Pakistan conflict. Additionally, the episode discusses warnings from U.S. agencies about cyberattacks on the oil and gas sector, and highlights a recent interview with whistleblower Daniel Brules about security lapses at the National Labor Relations Board. 00:00 Introduction and Overview 00:33 Venom Spider Targets HR Professionals 02:12 Fake AI Video Generators and Noodlofile Malware 03:41 Misinformation Amid India-Pakistan Conflict 05:40 US Oil and Gas Infrastructure Under Threat 07:22 Conclusion and Final Thoughts

In this gripping episode of Cybersecurity Today, host Jim Love interviews Daniel Berulis, a self-described whistleblower who recently made a significant disclosure to the U.S. Congress. Berulis reveals the shocking details of tenant admin abuse within a governmental cloud environment, which allowed unauthorized data copying and wiping of audit trails. They discuss Daniel's background, the alarming red flags he observed, his attempt to escalate the issue internally, and finally, his decision to report it to higher authorities. The conversation dives deep into the complexities and moral dilemmas faced by a whistleblower, offering viewers an insider look at the challenges in maintaining transparency and security in high-stakes IT environments. 00:00 Introduction to Cybersecurity Today 00:39 Meet Daniel Berulis: Whistleblower Extraordinaire 01:05 Understanding Tenant Admin Abuse 02:12 Daniel's Career and Community Involvement 05:28 The Mysterious Meeting and Initial Red Flags 08:48 Uncovering the Data Breach 11:56 Internal Reactions and Escalation 19:08 Reporting the Incident and Facing Consequences 23:45 The Whistleblower's Journey 32:31 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host Jim Love discusses recent cybersecurity breaches and vulnerabilities. Key topics include a security flaw in the new default setting of Microsoft OneDrive, a ransom incident involving PowerSchool that compromised student data, and the breach of a DOGE staffer's computer by info-stealing malware. The episode emphasizes the importance of proper security oversight, the risks of paying ransoms to cyber criminals, and the critical need for government agencies to reevaluate their cybersecurity protocols. 00:00 Introduction to Cybersecurity Today 00:30 Microsoft OneDrive Security Vulnerability 02:52 PowerSchool Ransomware Attack 07:20 DOGE Staffer Malware Breach 10:50 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host Jim Love delves into a range of alarming cyber incidents. A six-year sleeper supply chain attack has compromised thousands of e-commerce websites, exploiting vulnerabilities in Magento extensions from vendors Tigren, Meetanshi, and Magesolution. Russian-controlled open-source tool Easy JSON raises scrutiny over potential threats in critical sectors like defense and finance. In Ontario, a sophisticated bank draft scam costs a business $108,000, emphasizing the need for verification processes. Additionally, a messaging tool used by the Trump administration to archive Signal messages has been hacked twice, highlighting serious concerns over the security of high-level US communications. Stay tuned for the latest insights and expert advice on maintaining cybersecurity. 00:00 Sleeper Supply Chain Attack Activates After Six Years 02:19 Russian Controlled Open Source Tool Raises Alarms 04:32 Fake Bank Draft Fools the Bank 05:56 Signal Archiving Tool Breached 08:33 Conclusion and Contact Information

Cybersecurity Today: Disney Data Theft, Signal Gate, and Major Apple Vulnerability In this episode of Cybersecurity Today, host David Shipley discusses several key security incidents. Hacker 'Null Bulge,' real name Ryan Kramer, pleads guilty to stealing over 1.1 TB of data from Disney's Slack via malware disguised as an AI image generation tool. Additionally, former National Security Advisor Mike Waltz's use of a compromised Signal app 'TM Signal' is explored, highlighting significant security flaws. The episode also covers critical vulnerabilities in Apple AirPlay-enabled devices that allow malicious code execution via Wi-Fi and reveals that an employee benefits administration provider breach has impacted 4 million Americans, significantly more than originally reported. 00:00 Introduction and Headlines 00:34 Disney's Slack Data Breach 02:00 Security Flaws in TM Signal App 03:18 Apple AirPlay Vulnerabilities 04:54 Massive Data Breach at Vari Source Services 06:59 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love is joined by roving correspondent David Shipley to discuss his experiences at the BSides and RSAC conferences. They dive into the significant takeaways from BSides, including highlights from notable presentations such as Truffle Hog's AI Apocalypse and Eva Galperin's talk on the 'World's Dumbest Cyber Mercenaries'. They also explore emerging trends in AI, deepfake technology, and the human side of cybersecurity. The discussion shifts to RSAC, examining vendor presence, CrowdStrike's gamified approach to engagement, and the broader implications of cybersecurity costs and industry consolidation. The episode underscores the importance of ongoing education, responsible cybersecurity practices, and the need for clear communication in the industry. 00:00 Introduction and Guest Introduction 01:24 BSides Conference Overview 03:55 Key Highlights from BSides 04:31 AI Apocalypse and Security Concerns 11:21 World's Dumbest Cyber Mercenaries 15:57 Deepfake Technology and Countermeasures 22:45 RSAC Conference Overview 28:48 Experiencing Autonomous Cars in San Francisco 30:00 The Future of High-Tech Mobility Solutions 32:22 AI in Cybersecurity: Implications and Discussions 37:26 The Role of AI in Coding and Its Challenges 40:34 Chris Krebs and the Importance of Speaking Truth to Power 44:36 Human Side of Cybersecurity: Security Champions 46:49 Operation Shamrock: Tackling Pig Butchering Scams 51:47 CrowdStrike and Vendor Strategies at Conferences 53:16 The Cost of Cybersecurity and Industry Consolidation 54:46 Conclusion and Future Interviews

In this episode, host Jim Love discusses various cybersecurity topics including a book deal from CRC Press for those interested in cybersecurity, auditing, and leadership. Major cyber incidents involving two UK retailers, Co-op and Marks & Spencer's, are detailed, highlighting the challenges they face. Apple's notifications to users in 100 countries about targeted mercenary spyware attacks are covered, emphasizing the importance of taking these alerts seriously. Additionally, a malicious WordPress plugin has been discovered that grants attackers unauthorized access, and an open letter from cybersecurity professionals calls on President Donald Trump to cease investigations into former CISA Director Chris Krebs. The episode concludes by previewing an upcoming segment covering the B Side and RSA shows. 00:00 Introduction and Special Announcement 00:16 Cybersecurity Book Deals 01:37 Major Cyber Attacks on UK Retailers 03:48 Apple's Spyware Alerts 06:22 Malicious WordPress Plugin Discovered 08:19 Open Letter Supporting Chris Krebs 10:57 Conclusion and Upcoming Events

  In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. Two members of Elon Musk's 'Department of Government Efficiency' reportedly gained access to classified US nuclear networks, though accounts were never activated. Nova Scotia Power faces a cyber attack affecting customer services but not critical infrastructure. Additionally, over 1.7 billion stolen credentials have surfaced on the dark web, primarily collected via info stealer malware, emphasizing the growing threat to corporate security. Lastly, the importance of advancing beyond traditional password security is highlighted on World Password Day. For more information, tune in to the episode or reach out via email or LinkedIn. 00:00 Introduction and Headlines 00:22 Musk's Doge Staffers and US Nuclear Networks 03:16 Nova Scotia Power Cybersecurity Incident 05:19 Massive Data Breach on World Password Day 07:56 Conclusion and Contact Information

In this episode of 'Cybersecurity Today', host David Shipley covers multiple key stories: Veritaco CEO Jeffrey Bowie is charged with attempting to infect a hospital with malware. Global Chief Information Security Officers (CISOs) call on world governments to harmonize cybersecurity regulations. Issues arise with Microsoft's recent 'Mystery Folder' security patch. Highlights from B-Side San Francisco's AI discussions include talks on weaponizing large language models and detecting deep fake technology. Additionally, the RSA Conference kicks off, promising numerous vendor announcements and updates. 00:00 Cybersecurity CEO Charged with Hospital Malware Attack 01:56 Global CISOs Call for Unified Cyber Regulations 03:59 Microsoft's Mystery Folder Fix Issues 05:37 AI Talks at B-Side San Francisco 08:08 RSA Conference Highlights and Conclusion

In this episode of Cybersecurity Today, host Jim Love delves into the topic of SaaS (Software as a Service) security. Sharing his early experiences promoting SaaS, Jim elaborates on its inevitable rise due to cost-effectiveness and shared development resources. The episode highlights security concerns with SaaS, such as shadow IT and weak access control, especially in the face of an influx of AI software. Jim introduces Yoni Shohet, CEO and Co-founder of Valence Security, who discusses the SaaS security landscape, focusing on the independent 'State of SaaS Security' report by the Cloud Security Alliance. Yoni outlines the importance of monitoring API tokens, ensuring proper configurations, and the challenges posed by non-human identities. The discussion underscores the evolving nature of SaaS security, encouraging stronger collaboration between security teams and business units to manage risks effectively. 00:00 Introduction to SaaS Security 00:01 The Evolution and Benefits of SaaS 01:33 Challenges and Security Concerns with SaaS 02:08 Introduction to the State of SaaS Security Report 02:34 Interview with Yoni Shohet: Background and Experience 03:06 Yoni Shohet's Journey in Cybersecurity 08:33 The Rise of SaaS Security Issues 14:03 Key Findings from the SaaS Security Report 17:32 The Importance of SaaS Security Measures 21:36 Managing SaaS Security in Organizations 33:43 Valence Security's Approach to SaaS Security 36:59 Conclusion and Final Thoughts

  In this episode of Cybersecurity Today, host David Shipley discusses the FBI's report on cybercrime losses in 2024, which reached a record $16.6 billion, marking a 33% increase from the previous year. The report highlights major types of cyber crimes such as phishing, spoofing, extortion, and investment fraud, with older adults being significantly impacted. Additionally, Blue Shield of California experienced a data breach affecting 4.7 million members due to a Google Analytics misconfiguration. The episode also covers global ransomware trends, revealing that 86% of affected firms paid ransoms, and the Verizon Data Breach Investigation Report's findings that ransomware is a factor in nearly half of all cyber incidents. David also previews upcoming cybersecurity events and hints at further discussions on phishing training and data security. 00:00 Record Cybercrime Losses in 2024 04:07 Blue Shield of California Data Breach 07:03 Ransomware Crisis and Global Impact 08:23 Verizon Data Breach Report Insights 09:20 Upcoming Events and Closing Remarks

In this episode of 'Cybersecurity Today,' host Jim Love discusses various pressing topics in the realm of cybersecurity. Highlights include Anthropic's prediction on AI-powered virtual employees and their potential security risks, Microsoft's introduction of AI security agents to mitigate workforce gaps and analyst burnout, and a pivotal court ruling allowing a data privacy class action against Shopify to proceed in California. Additionally, the show covers the last-minute extension of funding for the Common Vulnerabilities and Exposures (CVE) program by the US Cybersecurity and Infrastructure Security Agency, averting a potential crisis in cybersecurity coordination. These discussions underscore the evolving challenges and solutions within the cybersecurity landscape. 00:00 Introduction and Overview 00:26 AI Employees: Opportunities and Risks 01:48 Microsoft's AI Security Agents 03:58 Shopify's Legal Battle Over Data Privacy 05:12 CVE Program's Funding Crisis Averted 07:24 Conclusion and Contact Information

Cybersecurity Today: Allegations Against Elon Musk, Microsoft Lockout Issues, Cozy Bear's New Malware, and Canada's Anti-Fraud Proposals In this episode of Cybersecurity Today, hosted by David Shipley, we examine several major cybersecurity stories. A whistleblower accuses Elon Musk's team's involvement in a significant cyber breach at the National Labor Relations Board. Administrators face challenges with Microsoft's Mace feature, causing widespread account lockouts over the Easter weekend. The Russian hacking group Cozy Bear targets European diplomats using wine-themed phishing tactics. Canadian Conservative leader Pierre Poilievre proposes stringent measures against online fraud, including hefty fines and criminal charges for companies failing to act against digital scammers. 00:00 Breaking News: Doge and the US Labor Watchdog Cyber Breach 03:30 Microsoft Security Feature Causes Weekend Chaos 06:08 Russian Hackers Target European Diplomats with Wine-Themed Phishing 07:30 Canadian Conservative Leader Proposes Anti-Fraud Measures 09:25 Conclusion and Contact Information

  In this episode of Cybersecurity Today titled 'The Secret CISO,' host Jim Love, along with guests Octavia Howell, Daniel Pinsky, and John Pinard, delves into the personal and professional experiences of Chief Information Security Officers (CISOs). They share their journeys into cybersecurity, discuss the challenges and pressures of their roles, and offer insights into effective leadership and talent development. The discussion also covers the evolving nature of security threats, resource constraints, and the importance of continuous learning and strategic alignment in cybersecurity. This candid conversation aims to provide valuable perspectives for both aspiring and seasoned security professionals. 00:00 Introduction to The Secret CISO 01:11 Meet the CISOs 03:08 Career Journeys and Reflections 08:45 Challenges and Pressures of the Job 23:21 Learning and Staying Ahead 28:15 Leadership and Team Development 40:34 Advice for Aspiring CISOs 43:14 Conclusion and Audience Engagement

In this episode of Cybersecurity Today, hosted by Jim Love, the show salutes Katie Moussouris of Luta Security for her courage in speaking truth to power. The episode covers various significant news in the cybersecurity world: the explosion of identity theft in Canada's tax system, Prodaft's strategic purchase of hacker forum accounts for intelligence, Google's new security feature for Android devices, Hertz's data breach due to a vendor hack, and a US attorney's allegations against a UK intelligence firm for orchestrating a hack-for-hire scheme. Additionally, the episode discusses the troubling political ramifications following President Trump's revocation of security clearance from Chris Krebs, former CISA director, and the subsequent investigation, highlighting the importance of protecting free speech and integrity within the cybersecurity profession. 00:00 Introduction and Salute to Katie Moussoursis 00:44 Identity Theft Nightmare in Canada 03:20 Prodaft's Innovative Cybercrime Monitoring 05:22 Google's New Android Security Feature 07:08 Hertz Data Breach and Legal Implications 09:22 Controversial Hack-for-Hire Allegations 11:26 Conclusion and Final Thoughts 11:36 Speaking Truth to Power: The Case of Chris Krebs

In this episode of Cybersecurity Today, host David Shipley discusses several pressing concerns in the cybersecurity landscape. Attackers have been exploiting Fortinet VPN devices to maintain access even after patches were applied; administrators are urged to upgrade and follow recovery guidance. Microsoft has created a new INET Pub folder through its latest Windows update, advising users not to delete it due to a linked security flaw. Lastly, AI-generated code dependencies are becoming a serious supply chain risk, with attackers creating malicious packages based on AI hallucinations. Users are advised to thoroughly review AI-generated code to avoid 'slop squatting'. 00:00 Introduction and Fortinet VPN Exploits 02:46 Microsoft's INET Pub Folder Issue 04:57 AI Hallucinations and Code Dependencies 06:22 Conclusion and Contact Information

In this captivating interview, host Jim Love sits down with Licenia Rojas, Senior Vice President and Chief Architect at TD Bank. They discuss Licenia's journey in the technology sector, the importance of mentorship, and the role of continuous learning in career development. The conversation also delves into evolving topics such as cybersecurity, AI innovation, and the increasingly pivotal role of architecture in modernizing financial institutions. Whether you're early in your career or a seasoned professional, this episode offers authentic and practical advice on navigating the tech industry. 00:00 Introduction to the Interview Series 01:25 Meet Licenia Rojas: Career Journey and Early Influences 02:35 Discovering a Passion for Technology 04:43 The Importance of Continuous Learning and Mentorship 05:44 Navigating Career Transitions and Embracing New Roles 08:06 The Role of Curiosity and Asking Questions 13:24 The Value of Company Culture 15:09 Current Role and Responsibilities at TD Bank 17:08 The Evolution and Importance of Architecture in Technology 21:23 Understanding the Technology Life Cycle 22:48 Defining and Achieving Good Outcomes 24:34 Customer-Centric Innovation 26:40 Encouraging Employee Ideas and Feedback 28:34 Overcoming Cynicism in Tech Teams 31:35 Exciting Emerging Technologies 35:57 The Role of AI in Enhancing Productivity 38:50 Advice for Aspiring Technologists 41:59 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host Jim Love covers the shutdown of a spammer exploiting OpenAI's GPT model, a cybersecurity breach at the US Office of the Comptroller of the Currency, and a new malware operation called 'Operation End Game' targeting major cybercrime networks. He also discusses the emergence of a destructive RAT on GitHub that poses a significant risk to Windows systems, and a critical vulnerability in the WordPress plugin AutoKit that was exploited mere hours after its disclosure. Ensure you stay updated on these evolving threats and the necessary precautions to safeguard your systems. 00:00 Introduction and Headlines 00:25 Spammers Exploit OpenAI's GPT Model 02:14 US Bank Regulator Hacked 04:25 Operation End Game: Tackling Cybercrime 07:06 Neptune RAT: A New Threat to Windows 09:12 WordPress Plugin Vulnerability Exploited 11:25 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love covers important security updates and warnings including critical flaws in WinRAR, a patch for a high severity zero-day vulnerability in Windows CLFS, and a security vulnerability in WhatsApp's Windows desktop application. He urges users to update their software to protect against exploits. Additionally, Jim discusses Identity Management Day and the concerning findings from an OKTA survey revealing Canadians' growing worries about identity theft. He announces his plan to create a special segment on new identity solutions to address these concerns. The episode also includes a shout-out to the BSides Calgary event for information security professionals. 00:00 Introduction and Event Announcement 00:51 Critical Flaws in Compression Utility 03:33 Microsoft Patches Zero-Day Exploits 05:01 WhatsApp Security Vulnerability 06:46 Identity Management Day Insights 10:13 Conclusion and Contact Information

In this episode of Cybersecurity Today, host David Shipley covers a range of crucial issues. With tax day approaching, Microsoft reports a rise in sophisticated tax-themed phishing campaigns. The IRS has issued a warning against using its name in phishing simulations to avoid legal repercussions. Furthermore, cybersecurity journalist Brian Krebs reveals that Minnesota cybersecurity expert Mark Lanterman is under FBI investigation for potentially falsifying his credentials, impacting thousands of court cases. Lastly, several Australian superannuation funds have been targeted in a cyber scam, raising questions about the necessity of multifactor authentication for financial services. The episode emphasizes the need for stringent standards in cybersecurity expertise and shared responsibility in financial security. 00:00 Introduction and Headlines 00:24 Tax-Themed Phishing Scams on the Rise 00:36 Microsoft's Findings and IRS Warnings 01:32 Phishing Simulations and Legal Risks 02:53 Educating Employees on Phishing 03:15 Minnesota Cybersecurity Expert Under Scrutiny 04:25 Allegations and Legal Implications 05:52 Australian Retirement Funds Cyber Scam 06:16 Impact and Response to the Breach 07:07 The Need for Stronger Security Measures 08:26 Conclusion and Contact Information

In this episode of the cybersecurity month-end review, host Jim Love is joined by Daina Proctor from IBM in Ottawa, Randy Rose from The Center for Internet Security from Saratoga Springs, and David Shipley, CEO of Beauceron Security from Fredericton. The panel discusses major cybersecurity stories from the past month, including the Oracle Cloud breach and its communication failures, the misuse of Signal by U.S. government officials, and global cybersecurity regulation efforts such as the UK's new critical infrastructure laws. They also cover notable incidents like the Kuala Lumpur International Airport ransomware attack and the NHS Scotland cyberattack, the continuous challenges of EDR bypasses, and the importance of fusing anti-fraud and cybersecurity efforts. The discussion emphasizes the need for effective communication and stringent security protocols amidst increasing cyber threats. 00:00 Introduction and Panelist Introductions 01:25 Oracle Cloud Breach: A Case Study in Incident Communication 10:13 Signal Group Chat Controversy 20:16 Leadership and Cybersecurity Legislation 23:30 Cybersecurity Certification Program Overview 24:27 Challenges in Cybersecurity Leadership 24:59 Importance of Data Centers and MSPs 26:53 UK Cybersecurity Bill and MSP Standards 28:09 Cyber Essentials and CMMC Standards 32:47 EDR Bypasses and Small Business Security 39:32 Ransomware Attacks on Critical Infrastructure 43:34 Law Enforcement and Cybercrime 47:24 Conclusion and Final Thoughts

In this episode, host Jim Love discusses a rise in unauthorized network scans targeting Juniper and Palo Alto devices, raising concerns about espionage and botnet activities. The podcast also delves into the controversial use of the Signal app by National Security Advisor Mike Waltz's team for sensitive communications, sparking debates on security and legality. Additionally, the episode highlights the potential misuse of OpenAI's advanced image generation tool for creating fraudulent documents. Finally, it covers the mysterious disappearance of cybersecurity professor JF Wang and his wife, following an FBI and Homeland Security investigation. 00:00 Introduction and Overview 00:23 Unauthorized Scans on Network Devices 02:01 National Security Concerns with Signal App 05:21 Risks of AI-Generated Images 07:44 The Disappearance of a Cybersecurity Professor 09:57 Conclusion and Upcoming Events

  In this episode of Cyber Security Today, host Jim Love covers several major cybersecurity incidents and vulnerabilities. Key stories include the compromise of Windows Defender and other Endpoint Detection and Response (EDR) systems, a data breach on X (formerly known as Twitter) exposing over 200 million user records, and a security flaw in several UK-based dating apps that led to the exposure of approximately 1.5 million private images. The discussion highlights how attackers are increasingly using legitimate software tools to bypass security measures, the implications of these breaches for users, and offers practical tips for maintaining robust cybersecurity. 00:00 Introduction to Today's Cyber Security News 00:29 Compromised Endpoint Detection and Response Systems 01:06 Bypassing Windows Defender: Methods and Implications 02:52 Ransomware Tactics and Legitimate Tool Exploits 04:20 Time Traveling Attacks and EDR Limitations 06:33 Massive Data Breach on X (Twitter) 08:30 UK Dating Apps Expose Private Images 10:47 Fraud Alerts and Scams 13:25 Conclusion and Final Thoughts

Cybersecurity Today: Hacktivism, Solar Power Vulnerabilities, and Global Phishing Challenges In this episode of Cybersecurity Today, host David Shipley covers multiple cybersecurity stories including: a Canadian hacker charged for the 2021 Texas GOP hack, vulnerabilities in solar power gear, France's national phishing test for students, and the tragic impact of online fraud in India. Shipley delves into the implications for cybersecurity professionals and emphasizes the need to destigmatize fraud and support victims. 00:00 Introduction and Headlines 00:25 Canadian Hacker Charged for Texas GOP Hack 02:12 Vulnerabilities in Solar Power Gear 02:56 France's National Phishing Simulation for Students 04:19 Tragic Consequences of Online Fraud in India 05:16 Rising Online Fraud and Its Impact in Canada 06:15 Conclusion and Call to Action

In this episode, host Jim Love kicks off his new profile series with a deep dive into the compelling career of Dr. Priscilla Johnson, an environmental advocate at the crossroads of technology and sustainability. Dr. Johnson discusses her work in building a data center in South Africa amidst a severe drought, her tenure as Director of Water Strategy at Microsoft, and her transition into cyber intelligence. She explains how her unique background and empathetic approach have informed her career decisions and advocacy for responsible resource management. The conversation also touches on the importance of situational awareness in cybersecurity, making this episode a must-listen for anyone interested in the intersections of environmental engineering, infrastructure, and cybersecurity. 00:00 Introduction to the Series 00:29 Meet Dr. Priscilla Johnson 00:54 Challenges of Building a Data Center in Africa 01:16 Dr. Johnson's Background and Role at Microsoft 02:38 Addressing the Water Crisis in South Africa 06:34 Innovative Solutions and Collaborations 19:12 Dr. Johnson's Journey into Environmental Engineering 24:47 Discovering Texas and Dow Chemical 25:15 Environmental Impact and Agent Orange 27:00 Challenges in Environmental Management 29:00 Maternity Leave and Data Issues 34:46 Transition to Cybersecurity 37:19 Cybersecurity Threats and Preparedness 48:26 Mentorship and Career Advice 53:20 Conclusion and Final Thoughts

Exposing Security Flaws: Government Officials' Data Leaks, Defense Contractor Fines, and Cyber Crime Involvement In this episode of Cybersecurity Today, host Jim Love highlights significant cybersecurity breaches affecting US security officials, a government defense contractor, and a Department of Government Efficiency staffer. Personal information of senior US security officials was found accessible online, raising concerns about national security. Morse Corp, a defense contractor, was fined $4.6 million for failing to meet cybersecurity requirements. Additionally, a 19-year-old tech aide from the Department of Government Efficiency was found linked to a cyber crime group, causing alarm due to his recent advisory roles with significant government agencies. The episode underscores the need for stringent cybersecurity practices and accurate compliance within government and defense circles. 00:00 Introduction and Headlines 00:24 Exposure of US Security Officials' Personal Information 02:22 US Defense Contractor's Cybersecurity Failures 04:40 19-Year-Old Linked to Cyber Crime Ring 07:05 Conclusion and Final Thoughts

Oracle Denies Cloud Hack & Top Secret Military Leaks: Cybersecurity Today In today's episode of 'Cybersecurity Today,' host Jim Love delves into Oracle's denial of a claimed breach of its cloud systems, detailing the hacker's allegations and Oracle's firm response. Additionally, the episode explores an accidental leak of top-secret US military information to an editor at the Atlantic, revealing the astonishing lapses in secure communication. The show also covers renowned security expert Troy Hunt's phishing attack incident on his MailChimp account, highlighting vulnerabilities and lessons learned in cybersecurity. Stay tuned for comprehensive insights and expert analysis on these significant security events. 00:00 Introduction and Oracle Cloud Breach Allegations 00:52 Oracle's Response and Hacker Demands 02:07 Classified Military Details Leaked to Journalist 04:34 Troy Hunt's MailChimp Phishing Attack 06:17 Lessons Learned and Final Thoughts 07:38 Conclusion

In this episode of 'Cybersecurity Today,' host Jim Love covers several major cybersecurity events. A devastating breach at Oracle Cloud Infrastructure has exposed 6 million records affecting 140,000 businesses, linked to a threat actor known as Rose87168. The attack exploited vulnerabilities in Oracle Fusion Middleware 11G. New browser-in-the-middle attack techniques are discussed, which can steal data by bypassing multi-factor authentication. The episode also highlights a severe vulnerability in Synology's DiskStation Manager software that could allow remote attackers to take full control of affected systems. Lastly, significant budget cuts in the Cybersecurity and Infrastructure Security Agency's (CISA) Red Team might weaken US government cyber defenses. Critical insights and mitigation strategies for these emerging threats are provided. 00:00 Massive Oracle Supply Chain Attack 03:08 Browser in the Middle Attack Explained 06:03 Synology's Major Security Flaw 08:08 US Government Red Team Disruptions 10:31 Conclusion and Final Thoughts

The Escalating Cyber Threats Against K-12 Schools: Insights and Solutions In this episode of 'Cybersecurity Today,' host Jim Love discusses the rising trends and severe impacts of cyber attacks on K-12 schools with Randy Rose, VP of Security Operations and Intelligence at the Center for Internet Security (CIS). They scrutinize recent studies showing a surge in cyber threats targeting educational institutions, emphasizing the vulnerability of schools and the motives behind these attacks. The discussion covers how cyber criminals exploit budgetary information and schedules to maximize impact, the profound repercussions of ransomware attacks on school communities, and the critical need for better cybersecurity practices and support. Randy Rose shares insights from the 2025 CIS MS-ISAC K-12 Cyber​security Report and offers practical advice on elevating security standards and fostering community resilience to protect sensitive school data from cyber threats. 00:00 Introduction to Cybersecurity in Schools 00:02 Iconic Hacking Movies and Real-Life Cyber Threats 00:41 The Seriousness of School Cybersecurity 01:10 Interview with Randy Rose: Introduction and CIS Overview 01:40 CIS's Role and Randy's Journey 03:27 Supporting Various Organizations 04:26 Challenges Faced by Schools and Local Governments 06:21 Cybersecurity Threats and Attack Patterns 09:11 Impact of Cyber Attacks on Schools 13:22 Detailed Findings from the CIS Report 19:16 Human Factor in Cybersecurity 19:29 Supply Chain and Data Security 27:13 The Role of AI in Cybersecurity 30:49 Ransomware and Its Devastating Effects 32:27 Recommendations for Improving School Cybersecurity 34:01 Conclusion and Final Thoughts