Cybersecurity Today
Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
info_outline
Combating the Grandparent Scam: A Deep Dive into Cybersecurity and Law Enforcement Efforts
08/02/2025
Combating the Grandparent Scam: A Deep Dive into Cybersecurity and Law Enforcement Efforts
This episode explores the 'Grandparent Scam,' a prevalent and profitable fraud targeting seniors by exploiting their concern for their grandchildren. Experts Deirdre and John from Ireland's National Cybersecurity Center and the Ontario Provincial Police share insights into the scam's mechanics, the emotional impact on victims, and the challenges law enforcement faces in combating such crimes. They discuss the effectiveness of public-private partnerships, the importance of victim-centric approaches, and emerging fraud trends such as investment scams and bank imposter scams. The episode emphasizes the critical role of education, awareness, and reporting in preventing and mitigating the impact of these cyber frauds. 00:00 Introduction to the Grandparent Scam 00:37 The Emotional and Financial Impact on Victims 01:26 Fighting Back: The Role of Law Enforcement 02:38 Meet the Experts: Deirdre's Journey 04:44 Meet the Experts: John's Journey 06:35 The Global Scale of Cyber Fraud 08:11 Challenges in Handling Individual Fraud Cases 10:24 Community-Based Approaches to Support Victims 14:37 The Sophistication of Modern Scams 20:57 The Grandparent Scam: A Detailed Breakdown 28:01 Understanding Social Engineering 28:19 Cybersecurity Conversations with Vulnerable Populations 28:50 Fraud Prevention Initiatives 31:07 Challenges in Communicating Cybersecurity 32:35 Emerging Fraud Trends 35:35 The Importance of Reporting Fraud 37:53 Future Threats and Scams 40:58 The Role of Public-Private Partnerships 41:46 Final Thoughts and Next Steps
/episode/index/show/cybersecuritytoday/id/37639365
info_outline
Cybersecurity Today: Supply Chain Attacks, St. Paul's Cyber Emergency, and Ingram Micro's Data Breach
08/01/2025
Cybersecurity Today: Supply Chain Attacks, St. Paul's Cyber Emergency, and Ingram Micro's Data Breach
In this episode, the host Jim Love discusses the increasing sophistication of supply chain attacks, starting with an account of a blockchain developer who lost $500,000 due to a malicious extension in a popular AI-powered coding tool. The episode also covers a significant cyber emergency in St. Paul, Minnesota, which required National Guard support, and the City’s struggle to comprehend the full scope of the hack. Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) has released a new eviction strategies tool to help cybersecurity teams remove persistent threats. The episode concludes with an update on the Ingram Micro breach, where the Safe Pay ransomware gang has threatened to leak 35 terabytes of stolen data. Listeners are encouraged to focus on preventative measures even when ransomware attacks do not involve encryption. 00:00 Introduction and Headlines 00:25 The $500,000 Crypto Heist 01:26 Supply Chain Attack on Open VSX 04:50 Lessons from the Attack 06:16 Oyster Backdoor Threat 07:54 Cyber Attack on St. Paul 09:09 CISA's New Eviction Strategies Tool 10:43 Ingram Micro Data Breach Update 12:18 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37630155
info_outline
Cybersecurity Today: Major Data Leaks, Airline Disruptions, Malware in Games, and AI Bypasses Captchas
07/30/2025
Cybersecurity Today: Major Data Leaks, Airline Disruptions, Malware in Games, and AI Bypasses Captchas
In this episode of 'Cybersecurity Today,' host Jim Love covers several significant cybersecurity incidents. Hackers disrupt all Aeroflot flights, causing massive delays in Russia. The women-only dating app 'Tea' faces a second serious data leak, exposing 1.1 million private messages. A game on Steam named 'Camia' is found to contain three types of malware, including Info Stealers and a Backdoor. Additionally, researchers discover that OpenAI's GPT-4 agent can bypass CAPTCHAs, raising concerns about the future of this security measure. 00:00 Introduction and Headlines 00:28 Tea App's Major Data Breaches 02:29 Aeroflot Cyber Attack Disrupts Flights 04:22 Malware Found in Steam Game 06:27 OpenAI's GPT-4 Bypasses Captchas 08:59 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37604185
info_outline
Amazon AI Tool Hacked, Scattered Spider Attacks VMware, and Major Ransomware Takedown | Cybersecurity Today
07/28/2025
Amazon AI Tool Hacked, Scattered Spider Attacks VMware, and Major Ransomware Takedown | Cybersecurity Today
In this episode of Cybersecurity Today, host David Shipley covers several key incidents impacting the cybersecurity landscape. Amazon's generative AI coding assistant 'Q' was compromised by a hacker who injected data-wiping code into the tool's GitHub repository. Scattered Spider, a notorious cybercrime group, continues its malware attacks on VMware ESXI hypervisors using advanced social engineering techniques. In a significant enforcement action, global law enforcement dismantled the Black Suit ransomware infrastructure under Operation Checkmate. Lastly, Insurance Giant Allianz Life revealed a data breach affecting its US customer base. Stay tuned to understand the latest threats and protective measures in cybersecurity. 00:00 Introduction and Headlines 00:30 Amazon AI Coding Tool Breach 03:07 Scattered Spider's VMware ESXI Attacks 06:44 Operation Checkmate: Black Suit Ransomware Takedown 08:16 Alliance Life Insurance Data Breach 10:25 Conclusion and Call to Action
/episode/index/show/cybersecuritytoday/id/37573590
info_outline
The Evolution and Defense Against Advanced Phishing Attacks
07/26/2025
The Evolution and Defense Against Advanced Phishing Attacks
This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering. In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication. 00:00 Introduction to Cybersecurity Today 00:40 The Evolution of Phishing Attacks 01:44 Deep Dive into Phishing Techniques 03:31 History of Phishing 06:04 Types of Phishing: From Email to Whaling 10:06 Advanced Phishing Tactics 19:25 The Psychology Behind Phishing 26:03 Phishing Tactics: Free Gift Card Scams 26:33 The Power of Scarcity in Phishing 28:27 Authority and Phishing: Impersonation Tactics 29:11 Consistency: Small Requests Leading to Big Scams 30:14 Liking and Social Proof in Social Engineering 32:15 The Evolution of Phishing Techniques 35:31 The Role of MFA in Enhancing Security 38:35 Passkeys and the Future of Authentication 44:57 Building a Security-Conscious Workplace Culture 48:47 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37559940
info_outline
Sharepoint Hack Reaches Crisis Level and more: Cybersecurity Today for July 25, 2025
07/25/2025
Sharepoint Hack Reaches Crisis Level and more: Cybersecurity Today for July 25, 2025
The recent Sharepoint hack is spreading like wildfire through unpatched systems. All this and more on today's episode with guest host David Shipley.
/episode/index/show/cybersecuritytoday/id/37543610
info_outline
Having some technical problems with podcast distribution.
07/23/2025
Having some technical problems with podcast distribution.
We're having some issues with podcast distribution. We're going to take a couple of days to figure out what is going on and what, if anything, we can do about it.
/episode/index/show/cybersecuritytoday/id/37513340
info_outline
NPM Linter Packages Hijacked, Microsoft's China Issue, and AI in Phishing Attacks: Cybersecurity Today:
07/21/2025
NPM Linter Packages Hijacked, Microsoft's China Issue, and AI in Phishing Attacks: Cybersecurity Today:
In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28 using large language models for command and control. Microsoft discontinues the use of China-based engineers for US Department of Defense systems following a controversial report. Lastly, social engineering, facilitated by AI, becomes a greater threat than zero-day exploits. The episode emphasizes the need for stronger maintainer security, multifactor authentication, and a comprehensive understanding of social engineering risks. 00:00 Introduction - 10 Million Downloads 01:30 NPM Linter Packages Hijacked 05:05 Social Engineering and AI in Cybersecurity 08:57 Microsoft's China-Based Engineers Controversy 12:15 The Real Threat: Social Engineering 16:39 Conclusion and Call to Action
/episode/index/show/cybersecuritytoday/id/37475330
info_outline
Exploring the Dark Side of AI: Risks, Consciousness, and Responsibility
07/19/2025
Exploring the Dark Side of AI: Risks, Consciousness, and Responsibility
The Cybersecurity Today episode revisits a discussion on the risks and implications of AI hosted by Jim Love, with guests Marcel Gagné and John Pinard. They discuss the 'dark side of AI,' covering topics like AI misbehavior, the misuse of AI as a tool, and the importance of data protection in production environments. The conversation delves into whether AI can be conscious and the ethical considerations surrounding its deployment, particularly in highly regulated industries like finance. They emphasize the need for responsible use, critical thinking, and ongoing oversight to mitigate potential risks while capitalizing on AI's benefits. The episode concludes with a call for continued discussion and engagement through various platforms. 00:00 Introduction to Cybersecurity Today 00:33 Exploring the Dark Side of AI 02:31 AI Misbehavior and Security Concerns 07:35 Speculative Risks and Consciousness 26:09 AI in Corporate Settings 31:49 Human Weakness in Security 32:37 Social Engineering Tactics 33:08 Security in Engineering Systems 33:42 AI Data Storage and Security 35:16 AI Data Retrieval Concerns 39:36 Testing Security in Development 41:37 AI in Regulated Industries 43:57 Bias and Decision Making in AI 47:18 Critical Thinking and Debate Skills 55:06 The Role of AI as a Consultant 01:02:21 The Future of AI and Responsibility 01:04:55 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37463710
info_outline
Cybersecurity Today: DNS Malware, SonicWall Backdoor, Military Breach, and BigONE Crypto Hack
07/18/2025
Cybersecurity Today: DNS Malware, SonicWall Backdoor, Military Breach, and BigONE Crypto Hack
In today's episode, host Jim Love covers recent cybersecurity threats, including malware hidden in DNS records, a custom backdoor targeting SonicWall SMA devices, the US military assuming a network compromise after Chinese hackers targeted VPNs and email servers, and a $27 million theft from the BigONE crypto exchange. The show highlights how attackers are using innovative techniques to evade detection and emphasizes the need for increased vigilance in monitoring and securing systems. 00:00 Introduction to Cybersecurity News 00:26 Malware Hidden in DNS Records 02:26 SonicWall Devices Under Attack 04:30 US Military Breach by Chinese Hackers 07:07 $27 Million Crypto Theft 08:58 Conclusion and Listener Engagement
/episode/index/show/cybersecuritytoday/id/37452460
info_outline
Cybersecurity Today: GPU Vulnerabilities, Microsoft's Security Overhaul, and Major Flaws in Automotive Bluetooth
07/16/2025
Cybersecurity Today: GPU Vulnerabilities, Microsoft's Security Overhaul, and Major Flaws in Automotive Bluetooth
In this episode hosted by Jim Love, 'Cybersecurity Today' celebrates its recognition as number 10 on the Feed Spot list of Canadian News Podcasts and approaches a milestone of 10 million downloads. Key topics include new research identifying Nvidia GPUs as vulnerable to Rowhammer style attacks, Microsoft's significant security improvements in Microsoft 365, a critical Bluetooth vulnerability affecting 350 million cars, and a data exposure incident involving the Fredericton Police. Additionally, the official 'Elmo' account on X was hacked to post offensive content, emphasizing security gaps in high-profile social media accounts. For detailed information, visit technewsday.com or .ca. 00:00 Introduction and Milestones 00:52 Nvidia's Rowhammer Vulnerability 03:39 Microsoft's Security Overhaul 05:45 PerfektBlue Bluetooth Flaw 08:09 Police Data Leak Incident 10:12 Elmo's Twitter Account Hacked 12:43 Conclusion and Thanks
/episode/index/show/cybersecuritytoday/id/37423220
info_outline
Urgent Cyber Threats: Citrix Exploit, Fortinet RCE, and AI Vulnerabilities
07/14/2025
Urgent Cyber Threats: Citrix Exploit, Fortinet RCE, and AI Vulnerabilities
In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet’s FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code. 00:00 Introduction and Overview 00:35 Urgent Citrix Vulnerability Alert 03:26 Fortinet FortiWeb Exploit Details 06:23 Ingram Micro Ransomware Recovery 09:26 AI Coding and Security Risks 14:03 ChatGPT Security Flaw Exposed 17:20 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37394010
info_outline
Cybersecurity Month in Review: Key Insights and Emerging Threats July 11, 2025
07/12/2025
Cybersecurity Month in Review: Key Insights and Emerging Threats July 11, 2025
In this episode of 'Cybersecurity: Today's Month in Review,' the panel of experts, including Laura Payne, David Shipley, and new guest Tammy Harper, delve into major cybersecurity stories from the past month. Discussions range from the recent arrest of a Montreal scam operator, Scattered Spider's targeted attacks on various sectors, and the impacts of AI on the cybersecurity landscape. The panel also highlights industry shifts, new threat tactics, and the importance of strategic communication during incidents. The episode concludes with reflections on AI's integration into enterprise systems, emphasizing preparation and ethical considerations. 00:00 Introduction to the Cybersecurity Month in Review 00:12 Meet the Panelists 00:26 Laura Payne's Introduction 01:04 David Shipley's Introduction 01:38 Tammy Harper's Introduction 04:09 First Story: Montreal Scam Arrest 10:52 David Shipley's Big Story: Scattered Spider 16:40 The Rise of Young Cybercriminals 32:36 Ingram Micro Ransomware Attack 33:27 Government Breaches and Fast Recovery 34:56 Ingram Micro Incident and Communication Failures 35:55 Importance of Communication in Incident Response 37:39 Ransomware Trends and Threat Actor Tactics 39:55 Shift from Encryption to Exfiltration 46:41 Government Actions and Market Impact 51:27 AI in Cybersecurity: Risks and Opportunities 58:53 Ethical AI and Future Considerations 01:08:12 Final Thoughts and Wrap-Up
/episode/index/show/cybersecuritytoday/id/37382065
info_outline
Cybersecurity Today: Marks and Spencer Hack, Brazilian Bank Breach, and McDonald's Data Vulnerability
07/11/2025
Cybersecurity Today: Marks and Spencer Hack, Brazilian Bank Breach, and McDonald's Data Vulnerability
In this episode of Cybersecurity Today, host Jim Love discusses major updates on the recent cyber attack on Marks and Spencer, revealing new details and arrests. The breach involved sophisticated social engineering that infiltrated the company's network through an IT service provider, leading to 150GB of stolen data. Love then covers a massive insider breach at a Brazilian bank where an IT worker facilitated the theft of $140 million by selling login credentials. Lastly, the episode highlights a McDonald's HR data breach caused by weak security practices in an AI screening app, exposing millions of job applicant records. Key insights on these incidents emphasize the importance of robust cybersecurity measures and internal controls. 00:00 Introduction and Headlines 00:20 Marks and Spencer Hack: New Developments 04:07 Brazilian Bank Breach: An Inside Job 06:40 McDonald's HR Data Breach: A Comedy of Errors 10:21 Conclusion and Upcoming Features
/episode/index/show/cybersecuritytoday/id/37370855
info_outline
AI Threats, Enterprise Security, and Google's Confusing Gemini Release: Cybersecurity Today
07/09/2025
AI Threats, Enterprise Security, and Google's Confusing Gemini Release: Cybersecurity Today
In this episode of 'Cybersecurity Today,' host Jim Love discusses the recent deep fake attack on high-ranking US government officials using AI voice cloning technology. The conversation highlights the growing ease and risks of AI-generated impersonations. The episode also covers the advancements in AI systems connecting with enterprise data and the security implications, alongside recent updates on events like Ingram Micro's ransomware attack and Google's confusing Gemini AI rollout for Android. Additionally, the show explores a new method called Info Flood that can trick chatbots into providing dangerous information by using academic-sounding language. 00:00 Deep Fakes Hit US Government 02:40 AI Integration in Enterprise Systems 05:49 Ingram Micro Ransomware Attack Update 07:22 Google's Confusing Gemini Release 10:33 Exploiting AI with Academic Jargon 12:34 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37343675
info_outline
Ingram Micro Ransomware Attack and the Rise of Linux SSH Server Compromises
07/07/2025
Ingram Micro Ransomware Attack and the Rise of Linux SSH Server Compromises
In this episode of Cybersecurity Today, host David Shipley discusses the recent Safe Play ransomware attack on technology distributor Ingram Micro, exploring its impact and ongoing recovery efforts. The script also examines a new campaign targeting misconfigured Linux servers to build proxy networks for cybercriminal activities. Additionally, the episode highlights the significant rise in Click Fix social engineering attacks and the criminal investigation into a former ransomware negotiator accused of profiting from extortion payments. 00:00 Introduction and Headlines 00:30 Ingram Micro Ransomware Attack 03:57 Linux Servers Under Attack 07:05 Rise of Click Fix Social Engineering Attacks 08:45 Ransomware Negotiator Under Investigation 10:13 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37302880
info_outline
AI and Cybersecurity: A Deep Dive into Enterprise Applications and Digital Sovereignty with Krish Banerjee
07/04/2025
AI and Cybersecurity: A Deep Dive into Enterprise Applications and Digital Sovereignty with Krish Banerjee
In this episode of Cybersecurity Today, host Jim Love engages in a comprehensive conversation with Krish Banerjee, the Canada Managing Director at Accenture for AI and Data. They delve into the stark difference between perceived and actual preparedness for cybersecurity in the face of growing AI adoption. The discussion spans topics such as the role of AI in enterprise productivity, the need for better data management, and the integration of AI into various business functions. They also explore the importance of digital sovereignty, the challenges and opportunities in Canada's adoption of AI, and how open-source AI can benefit organizations. Krish emphasizes the significance of setting a clear value-driven goal, having the right tools and talent, and the necessity of adopting AI responsibly. The conversation wraps up with insights on how executives can navigate the AI landscape and prepare their organizations for future advancements. 00:00 Introduction to Cybersecurity and AI Concerns 02:10 Interview with Krish Banerjee: AI in Canada 03:17 The Evolution and Impact of AI 06:42 Enterprise AI: Challenges and Opportunities 15:20 Digital Sovereignty and National AI Strategies 25:07 Accelerating Technological Adoption 26:18 Dream Projects in AI 27:49 AI for Healthcare and Commercialization 31:02 The Future of AI and Economic Impact 35:31 Agentic AI: The Next Frontier 41:14 Open Source AI and Democratization 43:23 Advice for Executives and Parents 49:10 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37284040
info_outline
Criminal Organizations Exploit UTS, Airlines Hit by Cyber Attacks, and Supreme Court Upholds Porn ID Law
06/30/2025
Criminal Organizations Exploit UTS, Airlines Hit by Cyber Attacks, and Supreme Court Upholds Porn ID Law
In today's episode of Cybersecurity Today, hosted by David Shipley, a report from the US Department of Justice unveils how criminal organizations use Ubiquitous Technical Surveillance (UTS) to track and kill FBI informants. Hawaiian Airlines experiences a cyber attack, potentially involving ransomware. The Supreme Court upholds Texas's age verification law for accessing online pornographic content. Additionally, researchers discover Bluetooth vulnerabilities affecting various audio devices, posing eavesdropping risks. The show discusses Scattered Spider's successful social engineering attacks on major industries, emphasizing the need for robust cybersecurity measures. 00:00 Introduction to Cybersecurity Threats 00:27 Ubiquitous Technical Surveillance: A Growing Threat 02:33 Assassination Linked to Data Brokers 04:21 Cyber Attacks on Airlines 05:02 Scattered Spider: The Prolific Cyber Threat 08:10 Bluetooth Vulnerabilities Exposed 10:53 US Supreme Court Upholds Texas Porn ID Law 13:32 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37215995
info_outline
Bridging the Gap: AI and Cybersecurity in the Enterprise
06/28/2025
Bridging the Gap: AI and Cybersecurity in the Enterprise
In this episode of Cybersecurity Today, host Jim Love is joined by Krish Banerjee, the Canada Managing Director at Accenture for AI and Data. They begin the discussion with a report from Accenture that highlights the gap between the perceived and actual preparedness for cybersecurity as AI becomes more integrated into business operations. Jim and Krish discuss the pressing need for businesses to implement AI responsibly while addressing cybersecurity concerns. They also touch upon the current state of AI in Canada, efforts towards digital sovereignty, and the importance of integrating AI thoughtfully into various sectors. Through their insightful conversation, they explore the challenges and opportunities that lie ahead in making AI a cornerstone of productivity and innovation in the enterprise, emphasizing the need for value-driven strategies, the right tools, and skilled talent. 00:00 Introduction and Overview 02:10 AI in the Enterprise: Challenges and Opportunities 03:17 The Evolution of Data and AI 06:42 Enterprise AI: Current State and Future Prospects 15:20 Digital Sovereignty and National AI Strategies 25:07 Accelerating Technological Advancements 26:18 Dream Projects and AI for Good 27:58 Reinventing Healthcare with AI 28:42 Commercializing AI for Canadian Businesses 30:30 The Responsibility of AI Development 31:02 Economic Shifts and AI's Role 31:57 Future Predictions for AI 35:31 Agentic AI: The Next Frontier 41:14 Open Source AI and Its Implications 43:32 Advice for Executives on AI Adoption 47:13 Encouraging AI Learning in the Next Generation 49:10 Final Thoughts and Reflections
/episode/index/show/cybersecuritytoday/id/37201030
info_outline
Max Severity Flaws, Massive Exploits, and AI Security: A Cybersecurity Briefing
06/27/2025
Max Severity Flaws, Massive Exploits, and AI Security: A Cybersecurity Briefing
In this episode of 'Cybersecurity Today,' host Jim Love discusses urgent cybersecurity threats and concerns. Cisco has issued emergency patches for two maximum severity vulnerabilities in its Identity Services Engine (ISE) that could allow complete network takeover; organizations are urged to update immediately. A popular WordPress theme, Motors, has a critical vulnerability leading to mass exploitation and unauthorized admin account creation. A new ransomware group, Dire Wolf, has emerged, targeting manufacturing and technology sectors with sophisticated double extortion tactics. Lastly, an Accenture report reveals a dangerous gap between executive confidence and actual AI security preparedness, suggesting most major companies are not ready to handle AI-driven threats. The episode emphasizes the urgent need for immediate action and heightened awareness in the cybersecurity landscape. 00:00 Introduction and Headlines 00:26 Cisco's Critical Security Flaws 03:06 WordPress Theme Vulnerability Exploitation 05:57 Dire Wolf Ransomware Group Emerges 08:27 Accenture Report on AI Security Overconfidence 11:00 Conclusion and Upcoming Schedule
/episode/index/show/cybersecuritytoday/id/37172000
info_outline
Cybersecurity Today: Balancing Trust, Risks, and Innovations
06/25/2025
Cybersecurity Today: Balancing Trust, Risks, and Innovations
In this episode of Cybersecurity Today, host Jim Love discusses various pressing issues and trends in the realm of cybersecurity. The episode starts with a revelation from Okta's 2025 Customer Identity Trends report, which highlights the conflicting digital behaviors of Canadians who, despite their fear of identity theft, often reuse passwords across multiple accounts. The show also dives into the sophisticated 'Lap Dogs' campaign led by Chinese hackers who have compromised home and small office devices worldwide. Jim further touches upon the surprising decline in cyber insurance premiums despite persisting threats, alongside a story about Jeff Bezos potentially spying through smart mattresses with security vulnerabilities. The episode underscores the critical need for better security measures and the potential business risks of weak authentication systems. 00:00 Introduction and Host Welcome 00:24 Canadian Identity Theft Concerns 03:02 Chinese Hacking Operation Exposed 06:02 Cyber Insurance Premiums Drop 09:39 Smart Mattress Security Nightmare 12:46 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37143630
info_outline
Cybersecurity Today: Chinese Hackers Target Canadian Telco, U.S. on Alert for Iranian Cyber Retaliation, and Sitecore XB Critical Vulnerability
06/23/2025
Cybersecurity Today: Chinese Hackers Target Canadian Telco, U.S. on Alert for Iranian Cyber Retaliation, and Sitecore XB Critical Vulnerability
In this episode of Cybersecurity Today, hosted by David Shipley, key cybersecurity incidents and threats are discussed. The Canadian Center for Cybersecurity revealed a breach by Chinese state-sponsored hackers of a Canadian telco, with further threats expected to continue targeting Canadian critical infrastructure. The U.S. braces for potential Iranian cyber retaliation following recent attacks on Iranian nuclear sites, with officials urging increased security measures. Meanwhile, a significant vulnerability chain in Sitecore XB has been disclosed, affecting thousands of instances globally with potentially severe repercussions if not patched. Additionally, a sophisticated phishing campaign by Russian hackers bypassed Gmail MFA using app-specific passwords to target high-profile individuals. The episode emphasizes the importance of patching vulnerabilities, enforcing strong security practices, and staying vigilant against evolving cyber threats. 00:00 Introduction and Headlines 00:29 Chinese Hackers Breach Canadian Telco 03:46 US Braces for Iranian Cyber Retaliation 06:50 Sitecore XB Vulnerability Exposed 11:13 Russian Phishing Campaign Targets High-Profile Individuals 15:23 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37109445
info_outline
AI Vulnerabilities and the Gentle Singularity: A Deep Dive with Project Synapse
06/21/2025
AI Vulnerabilities and the Gentle Singularity: A Deep Dive with Project Synapse
In this thought-provoking episode of Project Synapse, host Jim and his friends Marcel Gagne and John Pinard delve into the complexities of artificial intelligence, especially in the context of cybersecurity. The discussion kicks off by revisiting a blog post by Sam Altman about reaching a 'Gentle Singularity' in AI development, where the progress towards artificial superintelligence seems inevitable. They explore the idea of AI surpassing human intelligence and the implications of machines learning to write their own code. Throughout their engaging conversation, they emphasize the need to integrate security into AI systems from the start, rather than as an afterthought, citing recent vulnerabilities like Echo Leak and Microsoft Copilot's Zero Click vulnerability. Derailing into stories from the past and pondering philosophical questions, they wrap up by urging for a balanced approach where speed and thoughtful planning coexist, and to prioritize human welfare in technological advancements. This episode serves as a captivating blend of storytelling, technical insights, and ethical debates. 00:00 Introduction to Project Synapse 00:38 AI Vulnerabilities and Cybersecurity Concerns 02:22 The Gentle Singularity and AI Evolution 04:54 Human and AI Intelligence: A Comparison 07:05 AI Hallucinations and Emotional Intelligence 12:10 The Future of AI and Its Limitations 27:53 Security Flaws in AI Systems 30:20 The Need for Robust AI Security 32:22 The Ubiquity of AI in Modern Society 32:49 Understanding Neural Networks and Model Security 34:11 Challenges in AI Security and Human Behavior 36:45 The Evolution of Steganography and Prompt Injection 39:28 AI in Automation and Manufacturing 40:49 Crime as a Business and Security Implications 42:49 Balancing Speed and Security in AI Development 53:08 Corporate Responsibility and Ethical Considerations 57:31 The Future of AI and Human Values
/episode/index/show/cybersecuritytoday/id/37096620
info_outline
Exposing Cybersecurity Threats: Breaches, Vulnerabilities, and Evolving Malware
06/20/2025
Exposing Cybersecurity Threats: Breaches, Vulnerabilities, and Evolving Malware
In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365’s enterprise security as foreign government hackers compromised the email accounts of journalists. Additionally, a critical Linux flaw allows attackers to gain root access, making millions of systems vulnerable. Upgraded Godfather malware now creates virtual banking apps on infected Android devices to steal credentials in real-time. Moreover, a record-breaking data breach has exposed 16 billion logins, including Apple accounts, underscoring the fundamental flaws of password-based security. Finally, the episode addresses the systemic vulnerabilities of SMS-based two-factor authentication, advocating for a transition to app-based or hardware key solutions. 00:00 Introduction and Major Headlines 00:24 Microsoft 365 Security Breach 03:19 Critical Linux Vulnerabilities 05:59 Godfather Malware Evolution 08:18 Massive Data Breach Exposed 11:30 The Fall of SMS Two-Factor Authentication 13:21 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37085250
info_outline
Scattered Spider Targets US Insurance, Microsoft Zero-Day, Major Database Breach, and AI Poison Pill
06/18/2025
Scattered Spider Targets US Insurance, Microsoft Zero-Day, Major Database Breach, and AI Poison Pill
In this episode, host Jim Love delves into recent cybersecurity threats and breakthroughs. The notorious Scattered Spider hacker group has shifted its focus to US insurance companies after attacking UK retailers earlier this year. Microsoft's urgent security updates address active zero-day vulnerabilities that allow complete system control. Researchers uncovered an unprotected database exposing 184 million plaintext passwords linked to major platforms. Additionally, musician Beardly Jordan has developed 'Poison Deify,' a technology to protect his music from unauthorized AI scraping by embedding adversarial noise that disrupts machine learning algorithms. These developments highlight the evolving cybersecurity landscape, from coordinated cyber-attacks to innovative countermeasures against AI exploitation. For further details and to engage with the content, listeners are encouraged to visit technewsday.ca. 00:00 Introduction and Headlines 00:30 Scattered Spider Targets US Insurance Companies 02:26 Microsoft Urges Immediate Windows Updates 04:15 Massive Database Breach Exposes 184 Million Passwords 06:59 Musician Strikes Back at AI with Audio Poison Pill 10:07 Implications for Cybersecurity 10:37 Conclusion and Listener Engagement
/episode/index/show/cybersecuritytoday/id/37050780
info_outline
Cybersecurity Today: WestJet Cyber Incident, Anubis Ransomware Evolution, Discord Exploits, and Google Cloud Outage
06/16/2025
Cybersecurity Today: WestJet Cyber Incident, Anubis Ransomware Evolution, Discord Exploits, and Google Cloud Outage
Host David Shipley discusses several critical cybersecurity incidents and developments. WestJet, Canada's second-largest airline, faced a cybersecurity breach impacting its mobile app and internal systems. The airline is working with law enforcement to investigate while emphasizing the integrity of its flight operations. Additionally, the Anubis ransomware has evolved, now incorporating a file-wiping function to heighten victim pressure and destruction. The episode also covers a novel malware campaign exploiting Discord's vanity invite system to deliver remote access trojans and info stealers, highlighting platform trust vulnerabilities. Lastly, a significant multi-hour Google Cloud outage caused by an API quota misconfiguration affected numerous services globally, emphasizing the fragility of our interconnected digital infrastructure. The episode underscores the need for robust disaster recovery plans and cautious digital practices. 00:00 Introduction and Overview 00:30 WestJet Cybersecurity Incident 02:15 Anubis Ransomware Evolution 05:35 Discord Vanity Link Hijack 08:35 Google Cloud Outage 10:50 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37020110
info_outline
The Secret CISO: Navigating the Human and Technical Challenges in Cybersecurity
06/14/2025
The Secret CISO: Navigating the Human and Technical Challenges in Cybersecurity
In this episode of 'Cybersecurity Today,' hosts John Pinard and Jim Love introduce their unique show, 'The Secret CISO,' which aims to dive deep into the lives and thoughts of CISOs and similar roles, beyond the usual interview-style format. The guest for this episode is Priya Mouli, CISO at Sheridan College, who shares her journey from engineering to cybersecurity, her global experiences, and how she manages her multifaceted role. Another guest, Mohsen Azari, Director of Cyber Defense in the financial sector, discusses his career path, which includes notable stints in entertainment and consulting. The conversation explores the pressing challenges in cybersecurity such as AI threats, burnout, and vendor tool overload, while emphasizing the importance of people skills and relationship-building within organizations. The episode wraps up with a promise of a follow-up discussion to delve deeper into the impact of AI on cybersecurity. 00:00 Introduction to the Secret CISO Show 00:51 Guest Introductions: Meet Priya Ali 01:59 Priya's Career Journey and Insights 06:44 Mohsen's Background and Career Path 13:12 John's Career and Cybersecurity Evolution 15:58 Current Cybersecurity Challenges 24:04 Adapting to New Roles in Cybersecurity 25:36 Managing People and Preventing Burnout 27:08 Servant Leadership and Team Dynamics 31:16 Strategic Hiring and Team Cohesion 33:42 Handling Stress and Personal Well-being 35:46 The Role of CISOs as Organizational Psychologists 40:54 Influencing Behavior and Building a Security Culture 44:28 Coping with the Barrage of Cybersecurity Tools 51:10 Conclusion and Future Discussions
/episode/index/show/cybersecuritytoday/id/37008590
info_outline
AI Security Threats: Echo Leak, MCP Vulnerabilities, Meta's Privacy Scandal, and the 'Peep Show'
06/13/2025
AI Security Threats: Echo Leak, MCP Vulnerabilities, Meta's Privacy Scandal, and the 'Peep Show'
In this episode of Cybersecurity Today, host Jim Love discusses critical AI-related security issues, such as the Echo Leak vulnerability in Microsoft's AI, MCP's universal integration risks, and Meta's privacy violations in Europe. The episode also explores the dangers of internet-exposed cameras as discovered by BitSight, highlighting the urgent need for enhanced AI security and the legal repercussions for companies like Meta. 00:00 Introduction to AI Security Issues 00:24 Echo Leak: The Zero-Click AI Vulnerability 03:17 MCP Protocol: Universal Interface, Universal Vulnerabilities 07:01 Meta's Privacy Scandal: Local Host Tracking 10:11 The Peep Show: Internet-Connected Cameras Exposed 12:08 Conclusion and Call to Action
/episode/index/show/cybersecuritytoday/id/36983765
info_outline
Cybersecurity Today: State-Backed ChatGPT Misuse, Dark Gaboon Attacks, and Starlink Installation Controversy
06/11/2025
Cybersecurity Today: State-Backed ChatGPT Misuse, Dark Gaboon Attacks, and Starlink Installation Controversy
This episode of 'Cybersecurity Today' hosted by Jim Love covers various significant events in the cybersecurity landscape. OpenAI has banned multiple ChatGPT accounts linked to state-sponsored hackers from countries including China, Russia, North Korea, Iran, and the Philippines for developing malware, generating disinformation, and conducting scams. The episode also discusses the Dark Gaboon hacker group, which targets Russian companies with Lock Bit 3.0 ransomware. Furthermore, it highlights the controversial installation of a Starlink satellite internet terminal at the White House by Elon Musk's DOGE team, bypassing normal security measures, and a hardware enthusiast's successful use of ChatGPT to unlock an Android tablet's BIOS, raising questions about firmware security. 00:00 Open AI Bans ChatGPT Accounts used by state backed hackers 00:25 State-Sponsored Threat Actors Exploiting ChatGPT 04:36 Dark Gaboon: A New Hacker Group Targets Russia 07:11 Elon Musk's DOGE Team Installs Starlink at the White House 09:57 Unlocking an Android Tablet with ChatGPT 12:07 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/36947400
info_outline
Cybersecurity Today: Massive Smart TV Botnets and Major US Cyber Policy Overhaul
06/09/2025
Cybersecurity Today: Massive Smart TV Botnets and Major US Cyber Policy Overhaul
In this episode of Cybersecurity Today, host David Shipley delves into alarming developments in the cybersecurity landscape. The FBI has flagged a massive malware campaign named Bad Box 2.0, which has compromised 1 million consumer devices globally, turning them into residential proxies. Additionally, a new variant of the Mirai malware is targeting DVR devices via a critical vulnerability. Meanwhile, criminals are shifting their operations from bulletproof hosts to harder-to-trace VPNs and residential proxy networks. The episode also covers urgent calls for post-quantum cryptography readiness amidst looming quantum computing threats, alongside a significant policy shift in the US. President Trump has signed an executive order dismantling former President Biden's extensive cybersecurity initiatives, including efforts focused on AI and quantum cryptography. These regulatory rollbacks emphasize minimal federal oversight and leave long-term digital defense strategies in question. 00:00 Introduction and Major Headlines 00:32 FBI Warns About Bad Box 2.0 Botnet 02:47 DVR Botnet Threats and Exploits 03:59 Shift in Cybercriminal Tactics 05:33 Quantum Computing and Encryption Concerns 07:08 Trump's Cybersecurity Policy Overhaul 11:36 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/36911950