Cybersecurity Today
Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
info_outline
Ingram Micro Ransomware Attack and the Rise of Linux SSH Server Compromises
07/07/2025
Ingram Micro Ransomware Attack and the Rise of Linux SSH Server Compromises
In this episode of Cybersecurity Today, host David Shipley discusses the recent Safe Play ransomware attack on technology distributor Ingram Micro, exploring its impact and ongoing recovery efforts. The script also examines a new campaign targeting misconfigured Linux servers to build proxy networks for cybercriminal activities. Additionally, the episode highlights the significant rise in Click Fix social engineering attacks and the criminal investigation into a former ransomware negotiator accused of profiting from extortion payments. 00:00 Introduction and Headlines 00:30 Ingram Micro Ransomware Attack 03:57 Linux Servers Under Attack 07:05 Rise of Click Fix Social Engineering Attacks 08:45 Ransomware Negotiator Under Investigation 10:13 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37302880
info_outline
AI and Cybersecurity: A Deep Dive into Enterprise Applications and Digital Sovereignty with Krish Banerjee
07/04/2025
AI and Cybersecurity: A Deep Dive into Enterprise Applications and Digital Sovereignty with Krish Banerjee
In this episode of Cybersecurity Today, host Jim Love engages in a comprehensive conversation with Krish Banerjee, the Canada Managing Director at Accenture for AI and Data. They delve into the stark difference between perceived and actual preparedness for cybersecurity in the face of growing AI adoption. The discussion spans topics such as the role of AI in enterprise productivity, the need for better data management, and the integration of AI into various business functions. They also explore the importance of digital sovereignty, the challenges and opportunities in Canada's adoption of AI, and how open-source AI can benefit organizations. Krish emphasizes the significance of setting a clear value-driven goal, having the right tools and talent, and the necessity of adopting AI responsibly. The conversation wraps up with insights on how executives can navigate the AI landscape and prepare their organizations for future advancements. 00:00 Introduction to Cybersecurity and AI Concerns 02:10 Interview with Krish Banerjee: AI in Canada 03:17 The Evolution and Impact of AI 06:42 Enterprise AI: Challenges and Opportunities 15:20 Digital Sovereignty and National AI Strategies 25:07 Accelerating Technological Adoption 26:18 Dream Projects in AI 27:49 AI for Healthcare and Commercialization 31:02 The Future of AI and Economic Impact 35:31 Agentic AI: The Next Frontier 41:14 Open Source AI and Democratization 43:23 Advice for Executives and Parents 49:10 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37284040
info_outline
Criminal Organizations Exploit UTS, Airlines Hit by Cyber Attacks, and Supreme Court Upholds Porn ID Law
06/30/2025
Criminal Organizations Exploit UTS, Airlines Hit by Cyber Attacks, and Supreme Court Upholds Porn ID Law
In today's episode of Cybersecurity Today, hosted by David Shipley, a report from the US Department of Justice unveils how criminal organizations use Ubiquitous Technical Surveillance (UTS) to track and kill FBI informants. Hawaiian Airlines experiences a cyber attack, potentially involving ransomware. The Supreme Court upholds Texas's age verification law for accessing online pornographic content. Additionally, researchers discover Bluetooth vulnerabilities affecting various audio devices, posing eavesdropping risks. The show discusses Scattered Spider's successful social engineering attacks on major industries, emphasizing the need for robust cybersecurity measures. 00:00 Introduction to Cybersecurity Threats 00:27 Ubiquitous Technical Surveillance: A Growing Threat 02:33 Assassination Linked to Data Brokers 04:21 Cyber Attacks on Airlines 05:02 Scattered Spider: The Prolific Cyber Threat 08:10 Bluetooth Vulnerabilities Exposed 10:53 US Supreme Court Upholds Texas Porn ID Law 13:32 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37215995
info_outline
Bridging the Gap: AI and Cybersecurity in the Enterprise
06/28/2025
Bridging the Gap: AI and Cybersecurity in the Enterprise
In this episode of Cybersecurity Today, host Jim Love is joined by Krish Banerjee, the Canada Managing Director at Accenture for AI and Data. They begin the discussion with a report from Accenture that highlights the gap between the perceived and actual preparedness for cybersecurity as AI becomes more integrated into business operations. Jim and Krish discuss the pressing need for businesses to implement AI responsibly while addressing cybersecurity concerns. They also touch upon the current state of AI in Canada, efforts towards digital sovereignty, and the importance of integrating AI thoughtfully into various sectors. Through their insightful conversation, they explore the challenges and opportunities that lie ahead in making AI a cornerstone of productivity and innovation in the enterprise, emphasizing the need for value-driven strategies, the right tools, and skilled talent. 00:00 Introduction and Overview 02:10 AI in the Enterprise: Challenges and Opportunities 03:17 The Evolution of Data and AI 06:42 Enterprise AI: Current State and Future Prospects 15:20 Digital Sovereignty and National AI Strategies 25:07 Accelerating Technological Advancements 26:18 Dream Projects and AI for Good 27:58 Reinventing Healthcare with AI 28:42 Commercializing AI for Canadian Businesses 30:30 The Responsibility of AI Development 31:02 Economic Shifts and AI's Role 31:57 Future Predictions for AI 35:31 Agentic AI: The Next Frontier 41:14 Open Source AI and Its Implications 43:32 Advice for Executives on AI Adoption 47:13 Encouraging AI Learning in the Next Generation 49:10 Final Thoughts and Reflections
/episode/index/show/cybersecuritytoday/id/37201030
info_outline
Max Severity Flaws, Massive Exploits, and AI Security: A Cybersecurity Briefing
06/27/2025
Max Severity Flaws, Massive Exploits, and AI Security: A Cybersecurity Briefing
In this episode of 'Cybersecurity Today,' host Jim Love discusses urgent cybersecurity threats and concerns. Cisco has issued emergency patches for two maximum severity vulnerabilities in its Identity Services Engine (ISE) that could allow complete network takeover; organizations are urged to update immediately. A popular WordPress theme, Motors, has a critical vulnerability leading to mass exploitation and unauthorized admin account creation. A new ransomware group, Dire Wolf, has emerged, targeting manufacturing and technology sectors with sophisticated double extortion tactics. Lastly, an Accenture report reveals a dangerous gap between executive confidence and actual AI security preparedness, suggesting most major companies are not ready to handle AI-driven threats. The episode emphasizes the urgent need for immediate action and heightened awareness in the cybersecurity landscape. 00:00 Introduction and Headlines 00:26 Cisco's Critical Security Flaws 03:06 WordPress Theme Vulnerability Exploitation 05:57 Dire Wolf Ransomware Group Emerges 08:27 Accenture Report on AI Security Overconfidence 11:00 Conclusion and Upcoming Schedule
/episode/index/show/cybersecuritytoday/id/37172000
info_outline
Cybersecurity Today: Balancing Trust, Risks, and Innovations
06/25/2025
Cybersecurity Today: Balancing Trust, Risks, and Innovations
In this episode of Cybersecurity Today, host Jim Love discusses various pressing issues and trends in the realm of cybersecurity. The episode starts with a revelation from Okta's 2025 Customer Identity Trends report, which highlights the conflicting digital behaviors of Canadians who, despite their fear of identity theft, often reuse passwords across multiple accounts. The show also dives into the sophisticated 'Lap Dogs' campaign led by Chinese hackers who have compromised home and small office devices worldwide. Jim further touches upon the surprising decline in cyber insurance premiums despite persisting threats, alongside a story about Jeff Bezos potentially spying through smart mattresses with security vulnerabilities. The episode underscores the critical need for better security measures and the potential business risks of weak authentication systems. 00:00 Introduction and Host Welcome 00:24 Canadian Identity Theft Concerns 03:02 Chinese Hacking Operation Exposed 06:02 Cyber Insurance Premiums Drop 09:39 Smart Mattress Security Nightmare 12:46 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/37143630
info_outline
Cybersecurity Today: Chinese Hackers Target Canadian Telco, U.S. on Alert for Iranian Cyber Retaliation, and Sitecore XB Critical Vulnerability
06/23/2025
Cybersecurity Today: Chinese Hackers Target Canadian Telco, U.S. on Alert for Iranian Cyber Retaliation, and Sitecore XB Critical Vulnerability
In this episode of Cybersecurity Today, hosted by David Shipley, key cybersecurity incidents and threats are discussed. The Canadian Center for Cybersecurity revealed a breach by Chinese state-sponsored hackers of a Canadian telco, with further threats expected to continue targeting Canadian critical infrastructure. The U.S. braces for potential Iranian cyber retaliation following recent attacks on Iranian nuclear sites, with officials urging increased security measures. Meanwhile, a significant vulnerability chain in Sitecore XB has been disclosed, affecting thousands of instances globally with potentially severe repercussions if not patched. Additionally, a sophisticated phishing campaign by Russian hackers bypassed Gmail MFA using app-specific passwords to target high-profile individuals. The episode emphasizes the importance of patching vulnerabilities, enforcing strong security practices, and staying vigilant against evolving cyber threats. 00:00 Introduction and Headlines 00:29 Chinese Hackers Breach Canadian Telco 03:46 US Braces for Iranian Cyber Retaliation 06:50 Sitecore XB Vulnerability Exposed 11:13 Russian Phishing Campaign Targets High-Profile Individuals 15:23 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37109445
info_outline
AI Vulnerabilities and the Gentle Singularity: A Deep Dive with Project Synapse
06/21/2025
AI Vulnerabilities and the Gentle Singularity: A Deep Dive with Project Synapse
In this thought-provoking episode of Project Synapse, host Jim and his friends Marcel Gagne and John Pinard delve into the complexities of artificial intelligence, especially in the context of cybersecurity. The discussion kicks off by revisiting a blog post by Sam Altman about reaching a 'Gentle Singularity' in AI development, where the progress towards artificial superintelligence seems inevitable. They explore the idea of AI surpassing human intelligence and the implications of machines learning to write their own code. Throughout their engaging conversation, they emphasize the need to integrate security into AI systems from the start, rather than as an afterthought, citing recent vulnerabilities like Echo Leak and Microsoft Copilot's Zero Click vulnerability. Derailing into stories from the past and pondering philosophical questions, they wrap up by urging for a balanced approach where speed and thoughtful planning coexist, and to prioritize human welfare in technological advancements. This episode serves as a captivating blend of storytelling, technical insights, and ethical debates. 00:00 Introduction to Project Synapse 00:38 AI Vulnerabilities and Cybersecurity Concerns 02:22 The Gentle Singularity and AI Evolution 04:54 Human and AI Intelligence: A Comparison 07:05 AI Hallucinations and Emotional Intelligence 12:10 The Future of AI and Its Limitations 27:53 Security Flaws in AI Systems 30:20 The Need for Robust AI Security 32:22 The Ubiquity of AI in Modern Society 32:49 Understanding Neural Networks and Model Security 34:11 Challenges in AI Security and Human Behavior 36:45 The Evolution of Steganography and Prompt Injection 39:28 AI in Automation and Manufacturing 40:49 Crime as a Business and Security Implications 42:49 Balancing Speed and Security in AI Development 53:08 Corporate Responsibility and Ethical Considerations 57:31 The Future of AI and Human Values
/episode/index/show/cybersecuritytoday/id/37096620
info_outline
Exposing Cybersecurity Threats: Breaches, Vulnerabilities, and Evolving Malware
06/20/2025
Exposing Cybersecurity Threats: Breaches, Vulnerabilities, and Evolving Malware
In this episode of 'Cybersecurity Today,' host Jim Love discusses several alarming cybersecurity developments. A recent Washington Post breach raises critical questions about Microsoft 365’s enterprise security as foreign government hackers compromised the email accounts of journalists. Additionally, a critical Linux flaw allows attackers to gain root access, making millions of systems vulnerable. Upgraded Godfather malware now creates virtual banking apps on infected Android devices to steal credentials in real-time. Moreover, a record-breaking data breach has exposed 16 billion logins, including Apple accounts, underscoring the fundamental flaws of password-based security. Finally, the episode addresses the systemic vulnerabilities of SMS-based two-factor authentication, advocating for a transition to app-based or hardware key solutions. 00:00 Introduction and Major Headlines 00:24 Microsoft 365 Security Breach 03:19 Critical Linux Vulnerabilities 05:59 Godfather Malware Evolution 08:18 Massive Data Breach Exposed 11:30 The Fall of SMS Two-Factor Authentication 13:21 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37085250
info_outline
Scattered Spider Targets US Insurance, Microsoft Zero-Day, Major Database Breach, and AI Poison Pill
06/18/2025
Scattered Spider Targets US Insurance, Microsoft Zero-Day, Major Database Breach, and AI Poison Pill
In this episode, host Jim Love delves into recent cybersecurity threats and breakthroughs. The notorious Scattered Spider hacker group has shifted its focus to US insurance companies after attacking UK retailers earlier this year. Microsoft's urgent security updates address active zero-day vulnerabilities that allow complete system control. Researchers uncovered an unprotected database exposing 184 million plaintext passwords linked to major platforms. Additionally, musician Beardly Jordan has developed 'Poison Deify,' a technology to protect his music from unauthorized AI scraping by embedding adversarial noise that disrupts machine learning algorithms. These developments highlight the evolving cybersecurity landscape, from coordinated cyber-attacks to innovative countermeasures against AI exploitation. For further details and to engage with the content, listeners are encouraged to visit technewsday.ca. 00:00 Introduction and Headlines 00:30 Scattered Spider Targets US Insurance Companies 02:26 Microsoft Urges Immediate Windows Updates 04:15 Massive Database Breach Exposes 184 Million Passwords 06:59 Musician Strikes Back at AI with Audio Poison Pill 10:07 Implications for Cybersecurity 10:37 Conclusion and Listener Engagement
/episode/index/show/cybersecuritytoday/id/37050780
info_outline
Cybersecurity Today: WestJet Cyber Incident, Anubis Ransomware Evolution, Discord Exploits, and Google Cloud Outage
06/16/2025
Cybersecurity Today: WestJet Cyber Incident, Anubis Ransomware Evolution, Discord Exploits, and Google Cloud Outage
Host David Shipley discusses several critical cybersecurity incidents and developments. WestJet, Canada's second-largest airline, faced a cybersecurity breach impacting its mobile app and internal systems. The airline is working with law enforcement to investigate while emphasizing the integrity of its flight operations. Additionally, the Anubis ransomware has evolved, now incorporating a file-wiping function to heighten victim pressure and destruction. The episode also covers a novel malware campaign exploiting Discord's vanity invite system to deliver remote access trojans and info stealers, highlighting platform trust vulnerabilities. Lastly, a significant multi-hour Google Cloud outage caused by an API quota misconfiguration affected numerous services globally, emphasizing the fragility of our interconnected digital infrastructure. The episode underscores the need for robust disaster recovery plans and cautious digital practices. 00:00 Introduction and Overview 00:30 WestJet Cybersecurity Incident 02:15 Anubis Ransomware Evolution 05:35 Discord Vanity Link Hijack 08:35 Google Cloud Outage 10:50 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/37020110
info_outline
The Secret CISO: Navigating the Human and Technical Challenges in Cybersecurity
06/14/2025
The Secret CISO: Navigating the Human and Technical Challenges in Cybersecurity
In this episode of 'Cybersecurity Today,' hosts John Pinard and Jim Love introduce their unique show, 'The Secret CISO,' which aims to dive deep into the lives and thoughts of CISOs and similar roles, beyond the usual interview-style format. The guest for this episode is Priya Mouli, CISO at Sheridan College, who shares her journey from engineering to cybersecurity, her global experiences, and how she manages her multifaceted role. Another guest, Mohsen Azari, Director of Cyber Defense in the financial sector, discusses his career path, which includes notable stints in entertainment and consulting. The conversation explores the pressing challenges in cybersecurity such as AI threats, burnout, and vendor tool overload, while emphasizing the importance of people skills and relationship-building within organizations. The episode wraps up with a promise of a follow-up discussion to delve deeper into the impact of AI on cybersecurity. 00:00 Introduction to the Secret CISO Show 00:51 Guest Introductions: Meet Priya Ali 01:59 Priya's Career Journey and Insights 06:44 Mohsen's Background and Career Path 13:12 John's Career and Cybersecurity Evolution 15:58 Current Cybersecurity Challenges 24:04 Adapting to New Roles in Cybersecurity 25:36 Managing People and Preventing Burnout 27:08 Servant Leadership and Team Dynamics 31:16 Strategic Hiring and Team Cohesion 33:42 Handling Stress and Personal Well-being 35:46 The Role of CISOs as Organizational Psychologists 40:54 Influencing Behavior and Building a Security Culture 44:28 Coping with the Barrage of Cybersecurity Tools 51:10 Conclusion and Future Discussions
/episode/index/show/cybersecuritytoday/id/37008590
info_outline
AI Security Threats: Echo Leak, MCP Vulnerabilities, Meta's Privacy Scandal, and the 'Peep Show'
06/13/2025
AI Security Threats: Echo Leak, MCP Vulnerabilities, Meta's Privacy Scandal, and the 'Peep Show'
In this episode of Cybersecurity Today, host Jim Love discusses critical AI-related security issues, such as the Echo Leak vulnerability in Microsoft's AI, MCP's universal integration risks, and Meta's privacy violations in Europe. The episode also explores the dangers of internet-exposed cameras as discovered by BitSight, highlighting the urgent need for enhanced AI security and the legal repercussions for companies like Meta. 00:00 Introduction to AI Security Issues 00:24 Echo Leak: The Zero-Click AI Vulnerability 03:17 MCP Protocol: Universal Interface, Universal Vulnerabilities 07:01 Meta's Privacy Scandal: Local Host Tracking 10:11 The Peep Show: Internet-Connected Cameras Exposed 12:08 Conclusion and Call to Action
/episode/index/show/cybersecuritytoday/id/36983765
info_outline
Cybersecurity Today: State-Backed ChatGPT Misuse, Dark Gaboon Attacks, and Starlink Installation Controversy
06/11/2025
Cybersecurity Today: State-Backed ChatGPT Misuse, Dark Gaboon Attacks, and Starlink Installation Controversy
This episode of 'Cybersecurity Today' hosted by Jim Love covers various significant events in the cybersecurity landscape. OpenAI has banned multiple ChatGPT accounts linked to state-sponsored hackers from countries including China, Russia, North Korea, Iran, and the Philippines for developing malware, generating disinformation, and conducting scams. The episode also discusses the Dark Gaboon hacker group, which targets Russian companies with Lock Bit 3.0 ransomware. Furthermore, it highlights the controversial installation of a Starlink satellite internet terminal at the White House by Elon Musk's DOGE team, bypassing normal security measures, and a hardware enthusiast's successful use of ChatGPT to unlock an Android tablet's BIOS, raising questions about firmware security. 00:00 Open AI Bans ChatGPT Accounts used by state backed hackers 00:25 State-Sponsored Threat Actors Exploiting ChatGPT 04:36 Dark Gaboon: A New Hacker Group Targets Russia 07:11 Elon Musk's DOGE Team Installs Starlink at the White House 09:57 Unlocking an Android Tablet with ChatGPT 12:07 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/36947400
info_outline
Cybersecurity Today: Massive Smart TV Botnets and Major US Cyber Policy Overhaul
06/09/2025
Cybersecurity Today: Massive Smart TV Botnets and Major US Cyber Policy Overhaul
In this episode of Cybersecurity Today, host David Shipley delves into alarming developments in the cybersecurity landscape. The FBI has flagged a massive malware campaign named Bad Box 2.0, which has compromised 1 million consumer devices globally, turning them into residential proxies. Additionally, a new variant of the Mirai malware is targeting DVR devices via a critical vulnerability. Meanwhile, criminals are shifting their operations from bulletproof hosts to harder-to-trace VPNs and residential proxy networks. The episode also covers urgent calls for post-quantum cryptography readiness amidst looming quantum computing threats, alongside a significant policy shift in the US. President Trump has signed an executive order dismantling former President Biden's extensive cybersecurity initiatives, including efforts focused on AI and quantum cryptography. These regulatory rollbacks emphasize minimal federal oversight and leave long-term digital defense strategies in question. 00:00 Introduction and Major Headlines 00:32 FBI Warns About Bad Box 2.0 Botnet 02:47 DVR Botnet Threats and Exploits 03:59 Shift in Cybercriminal Tactics 05:33 Quantum Computing and Encryption Concerns 07:08 Trump's Cybersecurity Policy Overhaul 11:36 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/36911950
info_outline
Cybersecurity Month in Review: Uncovering Digital and Physical Threats
06/07/2025
Cybersecurity Month in Review: Uncovering Digital and Physical Threats
In this episode of the 'Cybersecurity Today: The Month in Review' show, host Jim welcomes regular guests Laura Payne and David Shipley, along with newcomer Anton Levaja. The trio dives deep into various cybersecurity stories, analyzing trends, threats, and recent incidents. Topics include the intriguing Mystery Leaker exposing cyber criminals, the rise and sophistication of LockBit ransomware, the devastating ransomware attack on Coinbase and their bold counter-response, and the physical dangers faced by cryptocurrency entrepreneurs. The episode also highlights the innovation in law enforcement tactics and the pressing need for better cybersecurity awareness and education. They wrap up on a hopeful note, showcasing a young scout's inspiring project on cyber fraud prevention that gained support from the local police. 00:00 Introduction and Panelist Welcome 00:38 Show Format and Story Introduction 01:28 The Mystery Leaker Story 03:35 Law Enforcement and Cyber Crime 10:51 Coinbase Ransomware Incident 18:04 Physical Threats in the Crypto World 24:56 Operation Shamrock and Organized Crime 25:19 Breaking News: Kidnapping Mastermind Arrested 26:18 Quishing: The Clever Side of Cybercrime 27:11 QR Code Scams and Consumer Protection 31:08 Generational Differences in Cyber Threats 32:05 The Evolution of Cyber Attacks 38:40 Physical Crime in the Digital Age 41:10 Law Enforcement and Cybersecurity 43:55 Government Surveillance and Privacy Concerns 46:08 Feel-Good Story: Young Cybersecurity Advocate
/episode/index/show/cybersecuritytoday/id/36899960
info_outline
Cyber Extortion, Ukraine's Cyber Offensive, and Chrome Trust Shake-up
06/06/2025
Cyber Extortion, Ukraine's Cyber Offensive, and Chrome Trust Shake-up
Cybersecurity Today, hosted by Jim Love, delves into the latest in cyber threats. Cyber criminals have breached 20 organizations via convincing fake IT support calls, targeting Salesforce data for extortion. Ukraine's intelligence claims a significant cyber operation against Russia's aircraft manufacturer, stealing sensitive data and highlighting Ukraine's growing cyber capabilities. Google Chrome will stop trusting certificates from two major authorities due to compliance failures, affecting millions of web visitors. Lastly, a $400 million hack on Coinbase was executed using phone cameras, reminding us of the potency of simple attacks. 00:00 Introduction and Headlines 00:23 Fake IT Support Scam Hits 20 Companies 03:52 Ukraine's Cyber Operation Against Russia 07:05 Google Chrome Stops Trusting Two Certificate Authorities 09:11 $400 Million Hack from a Phone Camera 11:24 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/36884835
info_outline
Emergency Patches, Ransomware Exposes, and Rising QR Code Scams
06/04/2025
Emergency Patches, Ransomware Exposes, and Rising QR Code Scams
In this episode of Cybersecurity Today, host Jim Love discusses the latest urgent security updates and cyber threats. Google has released an emergency Chrome patch to fix a high-severity zero-day vulnerability, while Microsoft issued an emergency patch to resolve Windows 11 boot failures caused by their May 2025 update. A mysterious whistleblower known as 'Gang Exposed' is doxing major ransomware leaders, providing invaluable intelligence for global cybersecurity efforts. Additionally, 'Quishing,' or QR code phishing, is emerging as a new threat, with cybercriminals taping malicious QR codes on public lampposts and street corners. This trend bypasses traditional digital defenses, underscoring the need for public awareness and vigilance. The episode emphasizes the importance of immediate updates, informed vigilance, and proactive cybersecurity measures. 00:00 Emergency Chrome Patch and Windows 11 Boot Fix 00:28 Google's Zero-Day Vulnerability in Chrome 02:28 Microsoft's Emergency Update for Windows 11 05:35 Gang Exposed: Unmasking Ransomware Leaders 07:55 Quishing: The New QR Code Phishing Threat 10:22 Conclusion and Viewer Engagement
/episode/index/show/cybersecuritytoday/id/36843795
info_outline
Cybersecurity Incidents: Eddie Steeler Malware, ConnectWise Breach, and Nova Scotia Power Data Theft
06/02/2025
Cybersecurity Incidents: Eddie Steeler Malware, ConnectWise Breach, and Nova Scotia Power Data Theft
In this episode of Cybersecurity Today, host David Shipley discusses several key cyber incidents affecting organizations and individuals. A new rust-based information stealer, known as Eddie Steeler, is being distributed via deceptive CAPTCHA verification pages. ConnectWise, a management software firm, has been breached in an attack suspected to be linked to a nation-state actor, affecting a limited number of its ScreenConnect customers. Additionally, threat actors are now abusing Google App Script to bypass phishing defenses, exploiting the trusted Google brand to trick users. Lastly, a significant data breach at Nova Scotia Power has exposed the social insurance numbers of up to 140,000 customers, making it one of the largest utility data breaches in North America. 00:00 Introduction to Today's Cybersecurity News 00:31 Eddie Steeler Malware Campaign 02:32 ConnectWise Cyber Attack 04:49 Google App Script Phishing Attacks 06:50 Nova Scotia Power Data Breach 08:02 Conclusion and Listener Engagement
/episode/index/show/cybersecuritytoday/id/36809660
info_outline
Pig Butchering: Operation Shamrock Fights Back
05/31/2025
Pig Butchering: Operation Shamrock Fights Back
In this episode, the host delves into the alarming rise of 'pig butchering' scams, a form of fraud that preys on vulnerable and trusting individuals, often leaving them financially and emotionally devastated. These scams are orchestrated by organized crime syndicates that use brutal methods, including violence and human trafficking, to sustain their operations. Erin West, a former prosecutor, discusses her transition to founding Operation Shamrock, a nonprofit focused on combatting these scams through education, law enforcement support, and victim assistance. West explains the severity of the issue, sharing insights into the terrifying environments where these scams are executed and the challenges victims face in reporting and recovering their losses. She emphasizes the need for public awareness, empathy, and collaborative efforts to tackle the global crisis. The episode concludes with actionable steps for cybersecurity professionals and the public to join the fight against this pervasive fraud. 00:00 Introduction to Cybersecurity and Pig Butchering Scams 01:42 The Human Impact of Scams 03:33 Operation Shamrock: Fighting Back 04:04 Interview with Erin West: From Prosecutor to Advocate 06:24 Understanding the Scale and Evolution of Scams 08:33 The Role of Technology in Modern Scams 12:17 Operation Shamrock's Mission and Strategies 15:13 Empowering Victims and Law Enforcement 29:28 Raising Awareness and Taking Action 37:50 Conclusion and Call to Action
/episode/index/show/cybersecuritytoday/id/36793940
info_outline
Cybersecurity Today: Hijacker Scams, Ransomware Attacks, and Summer Travel Threats
05/30/2025
Cybersecurity Today: Hijacker Scams, Ransomware Attacks, and Summer Travel Threats
In this episode of Cybersecurity Today, host Jim Love covers critical updates in the world of cyber threats. The FBI warns of hijackers posing as IT support to infiltrate law firms, a Wisconsin city reveals a ransomware attack affecting 67,000 residents, and a Texas city refuses to pay a ransom, risking the public release of sensitive data. The episode also highlights the 3-2-1-1-0 backup strategy as a defense against ransomware and reports on sophisticated scams targeting summer travelers. Additionally, Jim previews tomorrow’s discussion on scammers targeting vulnerable groups. 00:00 Introduction and Headlines 00:29 FBI Warns of IT Support Scams Targeting Law Firms 03:18 Ransomware Attack on Sheboygan, Wisconsin 05:24 Texas City Refuses Ransom Payment 07:05 Understanding the 3-2-1-1-0 Backup Strategy 09:37 Summer Travel Scams on the Rise 12:55 Conclusion and Upcoming Topics
/episode/index/show/cybersecuritytoday/id/36783910
info_outline
Phishing Scams, DNS Hijacking, and Cybersecurity Leadership Shakeup
05/28/2025
Phishing Scams, DNS Hijacking, and Cybersecurity Leadership Shakeup
In this episode of Cybersecurity Today, host Jim Love explores the intricacies behind phishing emails that cleverly spoof Microsoft addresses, making many fall for scams despite appearing legitimate. Love emphasizes the need for a stringent 'zero trust' approach to counter these advanced tactics. Additionally, the episode delves into the activities of the hacking group Hazy Hawk, which exploits misconfigured DNS records to hijack trusted domains and propagate malware. Organizations are warned about the importance of regular DNS audits to prevent such attacks. The episode also covers the alarming wave of departures at the Cybersecurity and Infrastructure Security Agency (CISA), raising concerns over the agency's effectiveness amid increasing cyber threats. In another segment, Love discusses a sophisticated fraud operation out of Hanoi, where perpetrators manipulated X's Creator Revenue Sharing Program to siphon funds through fraudulent engagement metrics. The need for built-in fraud prevention mechanisms in digital reward systems is stressed. The episode concludes with a call for listener feedback and support. 00:00 Introduction and Overview 00:27 Phishing Scams: Authentic-Looking Emails 02:58 DNS Misconfigurations and Hazy Hawk 05:36 CISA Leadership Exodus 08:16 X's Creator Revenue Sharing Fraud 10:56 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/36741540
info_outline
Unraveling Cyber Threats: Ransomware, Kidnapping, and Record-Breaking DDoS Attacks
05/26/2025
Unraveling Cyber Threats: Ransomware, Kidnapping, and Record-Breaking DDoS Attacks
In this episode of Cybersecurity Today, host David Shipley dives into several alarming cyber incidents. The show starts with Nova Scotia Power's confirmation of a ransomware attack that forced the shutdown of customer-facing systems and led to data being published on the dark web. The company decided not to pay the ransom, adhering to law enforcement guidance and sanctions laws. A shocking case in New York follows, involving a crypto investor charged with kidnapping and torturing a man to obtain his Bitcoin wallet password. The next segment highlights a record-setting DDoS botnet, Aisuru, which performed a test attack that peaked at 6.3 terabits per second, posing a disproportionate threat to online retailers. The final story covers Microsoft's controversial AI feature, Recall, which takes screenshots every three seconds and raises significant privacy concerns. The episode underscores the growing need for robust cybersecurity measures and effective legislation. 00:00 Introduction and Headlines 00:30 Nova Scotia Power Ransomware Attack 02:57 Ransomware Trends and Statistics 03:51 Operation End Game: A Global Win Against Ransomware 04:25 Crypto Investor's Shocking Crime 05:57 Record-Breaking DDoS Botnet 07:36 Microsoft's Controversial AI Feature Recall 09:10 Conclusion and Sign-Off
/episode/index/show/cybersecuritytoday/id/36708520
info_outline
From English Literature to Cybersecurity: A Journey Through Blockchain and Security
05/24/2025
From English Literature to Cybersecurity: A Journey Through Blockchain and Security
LINKS: - Software page with OSS software Linux distro: Milksad vulnerability: In this episode of Cybersecurity Today on the Weekend, host Jim Love engages in a captivating discussion with Anton Livaja from Distrust. Anton shares his unique career transition from obtaining a BA in English literature at York University to delving into cybersecurity and tech. Anton recounts how he initially entered the tech field through a startup and quickly embraced programming and automation. The conversation covers Anton's interest in Bitcoin and blockchain technology, including the importance of stablecoins, and the frequent hacking incidents in the crypto space. Anton explains the intricacies of blockchain security, emphasizing the critical role of managing cryptographic keys. The dialogue also explores advanced security methodologies like full source bootstrapping and deterministic builds, and Anton elaborates on the significance of creating open-source software for enhanced security. As the discussion concludes, Anton highlights the need for continual curiosity, teamwork, and purpose-driven work in the cybersecurity field. 00:00 Introduction to Cybersecurity Today 00:17 Anton's Journey from Literature to Cybersecurity 01:08 First Foray into Programming and Automation 02:35 Blockchain and Its Real-World Applications 04:36 Security Challenges in Blockchain and Cryptocurrency 13:21 The Rise of Insider Threats and Social Engineering 16:40 Advanced Security Measures and Supply Chain Attacks 22:36 The Importance of Deterministic Builds and Full Source Bootstrapping 29:35 Making Open Source Software Accessible 31:29 Blockchain and Supply Chain Traceability 33:34 Ensuring Software Integrity and Security 38:20 The Role of AI in Code Review 40:37 The Milksad Incident 46:33 Introducing Distrust and Its Mission 52:23 Final Thoughts and Encouragement
/episode/index/show/cybersecuritytoday/id/36696620
info_outline
Cybersecurity Threats and Breaches: Critical Updates and Insights
05/23/2025
Cybersecurity Threats and Breaches: Critical Updates and Insights
In this episode of Cybersecurity today, host Jim Love reports on various critical cyber threats and data breaches. A newly discovered flaw in Windows Server 2025 allows attackers to seize full domain control, referred to by researchers as the 'bad successor' exploit. Government messaging app Telem Message, a customized version of Signal, was hacked, exposing sensitive communications of over 60 officials, leading to its shutdown. Microsoft disrupted the global Luma Stealer malware operation, which had infected nearly 400,000 computers. Coinbase suffered a major data breach affecting over 69,000 customers due to an insider compromise. Additionally, hackers distributed a malicious version of the KeyPass password manager, embedding it with malware to steal data and deploy ransomware. Jim Love encourages listeners to stay vigilant and download software only from official sources. He teases an upcoming interview with a knowledgeable guest working on open-source solutions to cybersecurity issues. 00:00 Introduction to Cybersecurity News 00:36 Windows Server 2025 Vulnerability 03:09 Telem Messages Hack Scandal 05:37 Microsoft Disrupts Luma Malware 07:29 Coinbase Breach Details 08:54 Malicious Password Manager Alert 10:55 Conclusion and Upcoming Interview
/episode/index/show/cybersecuritytoday/id/36685195
info_outline
Microsoft Emergency Patch, Pwn2Own Berlin 2025 Highlights, and Emerging Cybersecurity Threats
05/21/2025
Microsoft Emergency Patch, Pwn2Own Berlin 2025 Highlights, and Emerging Cybersecurity Threats
In this episode of 'Cybersecurity Today,' host Jim Love discusses several urgent cybersecurity topics. Microsoft has released an emergency patch after a recent Windows update caused BitLocker recovery mode on certain systems, locking users out without warning. The issue stems from the May security update affecting systems using Intel, vPro chips, and TXT. Tech enthusiasts may manually download the patch through the Microsoft Update catalog, while Microsoft urges users to secure their BitLocker recovery keys. The episode also highlights day one of Pwn2Own Berlin 2025, where hackers successfully breached Windows 11, Red Hat Linux, and Oracle Virtual Box, earning a combined $260,000 in prize money. Additionally, US experts discovered hidden communication hardware in Chinese-made solar equipment, raising concerns about remote access risks to the power grid. The FBI warns of a new wave of AI-generated phishing attacks that bypass traditional security measures. Finally, the Consumer Financial Protection Bureau has quietly backed down from regulating data brokers, sparking controversy among privacy advocates. Jim Love offers insights and reminds listeners of the importance of cybersecurity. 00:00 Introduction and Headlines 00:27 Microsoft's Urgent Patch for BitLocker Issue 02:26 Pwn2Own Berlin 2025: Major Security Breaches 04:11 Hidden Devices in Chinese Solar Equipment 06:05 FBI Warns of New Linkless Phishing Attacks 07:58 CFPB Withdraws Rule on Data Brokers 09:33 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/36651425
info_outline
The Monthly Cybersecurity Review: Data Breaches, Ransomware, and Critical Infrastructure
05/17/2025
The Monthly Cybersecurity Review: Data Breaches, Ransomware, and Critical Infrastructure
In this episode of 'Cybersecurity Today', host Jim Love is joined by panelists Laura Payne from White Tuque and David Shipley from Beauceron Security to review significant cybersecurity events over the past month. The discussion covers various impactful stories such as the disappearance of a professor, a data breach at Hertz, and government officials using a commercial app during a conflict. They dive deep into the ransomware attack on PowerSchool and its implications for K-12 schools in North America. The conversation also highlights the vulnerability of critical infrastructures, including the food supply chain and the importance of robust cybersecurity measures. Finally, the panel touches upon the progression towards post-quantum encryption by major tech companies like AWS and Google, signaling advancements in securing future technologies. 00:00 Introduction and Panelist Welcome 00:20 Major Cybersecurity Incidents of the Month 02:04 PowerSchool Data Breach Analysis 04:11 Ransomware and Double Extortion Tactics 12:20 4chan Security Breach and Its Implications 16:31 Hertz Data Loss and Retail Cybersecurity 17:44 Critical Infrastructure and Cyber Regulation 27:03 The Importance of CVE Database 27:54 Debate on Vulnerability Scoring 30:17 Open Source Software and Geopolitical Risks 31:43 The Evolution and Challenges of Open Source 37:17 The Need for Software Regulation 46:50 Signal Gate and Compliance Issues 54:08 Post-Quantum Cryptography 56:10 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/36600315
info_outline
Cybersecurity Updates: Major Ransomware Attacks Thwarted and Illegal Marketplaces Shut Down
05/16/2025
Cybersecurity Updates: Major Ransomware Attacks Thwarted and Illegal Marketplaces Shut Down
In this episode, Jim Love discusses significant cybersecurity events including Coinbase's refusal to pay a $20 million ransom after a data breach, Broadcom's patch for VMware tools vulnerabilities, and Telegram's shutdown of two illegal marketplaces handling $35 billion in transactions. The episode also covers the Co-op’s preemptive measures to thwart a ransomware attack and the broader implications for cybersecurity in retail. Experts urge organizations to be prepared with strategic playbooks for potential cyber-attacks. 00:00 Introduction and Headlines 00:26 Telegram's $35 Billion Black Market Shutdown 01:59 Broadcom Patches VMware Tools Vulnerability 03:20 Coinbase Ransom Refusal and Data Breach 04:57 Co-op's Ransomware Defense Strategy 07:36 Conclusion and Upcoming Episodes
/episode/index/show/cybersecuritytoday/id/36587770
info_outline
Mark's and Spencer Data Breach, Vulnerable Routers, Fortinet Exploits, and New Ransomware Threats
05/14/2025
Mark's and Spencer Data Breach, Vulnerable Routers, Fortinet Exploits, and New Ransomware Threats
In this episode of Cybersecurity Today, host Jim Love covers recent cybersecurity incidents including a data breach at Mark's and Spencer, the FBI's alert on outdated routers being exploited, and critical Fortinet vulnerabilities actively used in attacks. Additionally, the episode discusses a researcher’s proof of concept showing how ransomware can be embedded directly into a CPU, bypassing traditional security measures. Listeners are urged to stay vigilant and implement necessary security patches and updates. 00:00 Breaking News: Marks and Spencer Data Breach 01:37 FBI Alert: Outdated Routers at Risk 03:43 Fortinet Zero-Day Vulnerability 05:46 Ransomware Embedded in CPUs: A New Threat 08:13 Conclusion and Contact Information
/episode/index/show/cybersecuritytoday/id/36558455
info_outline
Cyber Threats Target HR, AI Tools, and Critical Infrastructure: A Comprehensive Update
05/12/2025
Cyber Threats Target HR, AI Tools, and Critical Infrastructure: A Comprehensive Update
In this episode of Cybersecurity Today, host David Shipley covers a range of cyber threats including the Venom Spider malware targeting HR professionals, the emergence of the Noodlofile info stealer disguised as an AI video generator, and misinformation campaigns amid the India-Pakistan conflict. Additionally, the episode discusses warnings from U.S. agencies about cyberattacks on the oil and gas sector, and highlights a recent interview with whistleblower Daniel Brules about security lapses at the National Labor Relations Board. 00:00 Introduction and Overview 00:33 Venom Spider Targets HR Professionals 02:12 Fake AI Video Generators and Noodlofile Malware 03:41 Misinformation Amid India-Pakistan Conflict 05:40 US Oil and Gas Infrastructure Under Threat 07:22 Conclusion and Final Thoughts
/episode/index/show/cybersecuritytoday/id/36527150