DiscoverCybersecurity Today
Cybersecurity Today
Claim Ownership

Cybersecurity Today

Author: Jim Love

Subscribed: 2,324Played: 90,173
Share

Description

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
1006 Episodes
Reverse
Cybersecurity Incidents in Healthcare and AI Exposures In this episode, host Jim Love discusses recent cybersecurity incidents, including a major cyber attack on Wirral University Teaching Hospital in the UK, exposing healthcare vulnerabilities. An AI chatbot startup, WotNot, exposed 300,000 sensitive records online due to misconfigured storage. A novel phishing attack using corrupted Microsoft Word documents is also examined. The episode concludes with the takedown of the world's largest piracy network in Operation Takendown, underlining the international effort against cybercrime. Stay updated on the latest in cybersecurity and tech trends. 00:00 Introduction and Book Promotion 00:30 UK Hospital Cybersecurity Incident 03:11 AI Chatbot Data Exposure 05:05 Phishing Attack with Corrupted Word Documents 06:38 Operation Takendown: Largest Piracy Network Dismantled 08:39 Conclusion and Show Notes
AI and Cybersecurity: Addressing AI Myths and Strategies | Project Synapse Episode 3 Join Jim Love, host of Cyber Security Today, alongside Marcel Gagné and John Pinard in this weekend edition from our sister podcast, Hashtag Trending. This episode, part of the Project Synapse series, dives into a discussion on AI, focusing on security, strategic implementation, and addressing common myths. They explore the gap between AI strategies and their deployment, the relationship between strategy and action, and practical approaches to protect your data while utilizing AI. The conversation also touches on critical thinking and the need for proper training to make effective use of AI technology. 00:00 Introduction and Thanksgiving Break 00:31 Welcome to Hashtag Trending 00:48 Introducing Marcel Gagné and John Pinard 01:42 AI Strategy and Implementation 02:53 AI Myths and Misconceptions 06:17 AI Vulnerabilities and Security 07:27 The Role of Headlines in AI Perception 11:56 Guardrails and AI Control 16:19 Data Security and AI Models 25:07 Running Small Models on Private Networks 26:35 Leveraging Existing Tools for Cost Efficiency 28:07 Critical Thinking and AI Validation 30:53 Common Mistakes and AI Limitations 37:38 AI in Medical Diagnostics 43:04 Balancing AI Use and Human Oversight 46:37 Concluding Thoughts and Future Directions
A quick not to say that in our tradition of observing Holidays in both the US and Canada, we'll be taking the weekend off. We'll be back on Monday morning, bright and early with the Cyber Security News, 
Retailers Face AI Bot Attacks, Avast Exploit, and Starbucks Ransomware Challenges In this episode of 'Cybersecurity Today,' host Jim Love covers the latest cyber threats impacting retailers, including AI-powered bot attacks and ransomware incidents. Discover how hackers are exploiting an old Avast driver to deploy advanced Windows malware and how Starbucks is managing employee payments manually following a ransomware attack on its scheduling software provider, Blue Yonder. The episode highlights the increasing cyber risks retailers face during the holiday season and the importance of robust cybersecurity measures. 00:00 Introduction and Headlines 00:22 AI-Powered Bot Attacks on Retailers 02:51 Windows Malware Exploiting Avast Driver 04:09 Starbucks Ransomware Attack and Manual Pay 05:18 Ransomware Trends and Impacts 06:01 Conclusion and Show Notes
Cybersecurity Today: Palo Alto Firewalls Breached, APT28's Wi-Fi Hack, Meta Fights Scams In today's episode, over 2,000 Palo Alto firewalls were hacked via patched zero-day vulnerabilities; a Russian group, APT28, exploited Wi-Fi networks in a novel 'Nearest Neighbor Attack' to breach a U.S. firm; Meta removed more than 2 million accounts linked to pig butchering scams; and Google launched a free cybersecurity certificate on Coursera to prepare students for entry-level jobs in six months. Host Jim Love provides in-depth analysis and the latest updates in the world of cybersecurity. 00:00 Introduction and Headlines 00:29 Palo Alto Firewalls Hacked 02:43 Nearest Neighbor Wi-Fi Attack 05:09 Meta's Crackdown on Pig Butchering Scams 07:10 Google's Free Cybersecurity Certificate 08:52 Conclusion and Resources
Phishmas Alert: Tackling Holiday Season Cyber Threats In this episode of Cybersecurity Today, the weekend show, the host is joined by guest David Shipley to discuss the rise in phishing activities during the holiday season, humorously dubbed 'Phishmas.' They delve into the psychology behind phishing, the impact of seasonal stress on individuals, and the tactics cybercriminals use to exploit these conditions. The episode also highlights recent research on phishing trends, the broader scope of consumer fraud, and the challenges faced by law enforcement in combating these crimes. Practical advice for individuals and organizations to protect themselves is also provided, along with a call to action for greater governmental response and individual vigilance. 00:00 Introduction to Phishmas 00:41 The Importance of Good Research 01:01 Understanding Data vs. Facts 02:02 Phishing During the Holiday Season 03:13 The Mechanics of Phishing Scams 04:51 The Role of Typo-Squatting in Phishing 06:13 The Evolution of Phishing Techniques 09:16 The Human Factor in Phishing 13:10 The Impact of AI on Phishing 18:19 Psychological Tactics in Phishing 21:08 Retailer Perspective on Cyber Threats 22:21 Rise of Fraud in North America 22:57 Impact of Fraud on Individuals 24:01 Challenges in Combating Fraud 27:59 Strategies to Protect Yourself 32:25 Role of Retailers and Banks 35:45 Political and Legislative Actions 38:47 Final Thoughts and Call to Action
Cybersecurity Today: Zero Day Flaws, FinTech Breach, Phishing Scams & More In today's episode, host Jim Love discusses critical updates in the cybersecurity world. Discover the latest zero day vulnerabilities patched by Apple, a significant data breach at Fintech giant Finastra, emerging phishing attack tactics using Microsoft Visio files and SVG attachments, and the launch of a new privacy-focused telecom service, CAPE. Additionally, learn about Google's AI-powered OSS Fuzz tool, which uncovered a critical flaw in the OpenSSL library. Stay informed to protect yourself and your organization from sophisticated cyber threats. 00:00 Introduction and Sponsor Message 00:59 Emerging Phishing Attack Strategies 03:12 Finastra Data Breach Investigation 04:49 Launch of CAPE: A Privacy-Focused Telecom Service 06:19 Apple's Emergency Updates for Zero-Day Vulnerabilities 07:29 Google's OSS Fuzz Uncovers Critical Vulnerabilities 09:07 Conclusion and Podcast Information
Cybersecurity Today: Microsoft Updates, Gen AI Risks, and Liminal Panda Threat In this episode of Cybersecurity Today, host Jim Love discusses major cybersecurity updates from Microsoft's Ignite conference, including enhancements to Windows security and device recovery. A survey by LegitSecurity highlights the security risks associated with generative AI in software development. CrowdStrike reveals Liminal Panda, a Chinese cyber threat to telecoms. Additionally, a report from the EPA's Office of Inspector General exposes significant cybersecurity vulnerabilities in U.S. drinking water systems. This episode is brought to you by CDW Canada Tech Talks. 00:00 Introduction and Sponsor Message 00:42 Microsoft's New Cybersecurity Features 02:10 Generative AI and Software Development Risks 04:30 Liminal Panda: A New Cyber Threat 06:24 Cybersecurity Vulnerabilities in US Water Systems 08:35 Conclusion and Sponsor Acknowledgment
Cybersecurity Today: GitHub Attacks & Microsoft's November Patch Tuesday Updates In this episode of Cybersecurity Today, host Jim Love highlights critical cybersecurity updates. The episode covers malicious attacks on GitHub projects, including an orchestrated attempt to frame Texas-based security researcher Mike Bell, and the associated impact on open-source repositories. Additionally, Microsoft's November Patch Tuesday is discussed in detail, with over 90 security issues disclosed, including four critical zero-day vulnerabilities. The episode also addresses a new ransomware strain exploiting vulnerabilities in Veeam backup software, and the disruptions caused by Microsoft's flawed Exchange Server security update. Stay informed on the latest cybersecurity trends and threats. 00:00 Introduction and Sponsor Message 00:29 Cybersecurity Headlines 00:46 GitHub Malicious Code Attack 03:24 Microsoft November Patch Tuesday 05:17 Veeam Backup Software Vulnerability 07:02 Microsoft Exchange Server Update Issues 08:47 Conclusion and Sign-Off
Cybersecurity Today - Weekend Edition: Project Synapse, AI in Action (Episode 2) In this episode of Cybersecurity Today with host Jim Love, we dive into the intersection of Artificial Intelligence (AI) and cybersecurity, continuing our exploration in the series Project Synapse. Joined by Linux and open-source expert Marcel Gagné and cybersecurity professional John Pinard, we discuss practical applications of AI in business, strategies to implement AI securely, and the rapid technological advancements that pose challenges for companies. Tune in to learn how experimentation with AI can innovate business processes while figuring out what tools and strategies can add real value to your operations. This episode emphasizes the importance of maintaining security and developing a solid business strategy in the evolving landscape of artificial intelligence. 00:00 Introduction to Cybersecurity Today 01:14 Meet the Hosts and Guests 02:08 Project Synapse: AI in Action 02:20 Current State of AI and Security Concerns 04:20 Challenges and Opportunities in AI Adoption 06:36 Business Strategies in the Age of AI 11:35 The Importance of Experimentation and Play 20:26 Innovative Uses of AI in Everyday Life 23:53 Cultural Shift in Business 24:27 Rise of AI Agents 25:13 Challenges with AI Models 25:45 Specialized AI Agents 28:17 AI in Accounting and Business 32:12 AI in Customer Service 33:40 Workshops and Practical AI Applications 48:17 Security Concerns with AI 49:40 Conclusion and Future Plans
Holiday Cyber Threats, Secret Service Surveillance & AI Safety with DOE In today's episode of Cybersecurity Today, host Jim Love covers essential cybersecurity topics heating up this holiday season. A new report from B4AI unveils sophisticated scams targeting online shoppers, including brand spoofing, fake apps, and fraudulent sites designed to steal credentials. Jim also delves into the U.S. Secret Service’s controversial use of location data without warrants, exploring the debate over privacy and government surveillance. Lastly, the episode highlights Anthropics Claude AI’s collaboration with the Department of Energy to ensure AI models cannot be misused for developing nuclear weapons, setting a precedent for future AI safety measures in government. Tune in for these stories and more on Cybersecurity Today. 00:00 Cybersecurity Threats Targeting Holiday Shoppers 04:00 Secret Service's Controversial Use of Location Data 06:07 Anthropic's AI Collaboration for Nuclear Safety 08:26 Conclusion and Additional Resources
In this episode, we discuss urgent cybersecurity concerns: Cisco's critical vulnerability affecting industrial wireless systems with a CVSS 10 rating, D-Link's refusal to patch severe flaws in over 60,000 outdated NAS devices, and Amazon's data breach tied to the MoveIT vulnerability. We'll also cover the importance of strong off-boarding processes, drawing lessons from a Disney insider threat incident involving a former employee. Join us as we dive deep into the latest security alerts and best practices to safeguard your systems and data. 00:00 Critical Flaw in Cisco's Industrial Wireless Systems 02:07 D-Link's Unpatched Vulnerabilities in NAS Devices 03:22 Amazon Employee Data Exposed in MoveIT Breach 04:41 Lessons from Disney's Insider Threat Incident 06:37 Conclusion and Final Thoughts
CyberSecurity Today: Zip File Attacks, iPhone Reboots, and LLM Vulnerabilities In today's episode, host Jim Love discusses hackers leveraging zip file concatenation to evade detection, mysterious iPhone reboots hindering police investigations, and Mozilla's Odin's in-depth analysis of security issues in a large language model. Discover how cybercriminals hide Trojans in zip files, how the iOS 18 feature Before First Unlock (BFU) could be affecting forensic examinations, and explore the intricacies of prompt injections and security implications in ChatGPT. Plus, tune in for an exclusive interview with Marco Figueroa from Mozilla's Odin Bug Bounty project to delve deeper into these findings. 00:00 Introduction and Headlines 00:21 Hackers Exploit Zip File Concatenation 01:48 Phishing Campaign with Remcos RAT 03:12 Mysterious iPhone Reboots 04:18 Mozilla's Odin Project and LLM Security 06:40 Conclusion and Afterwords
Jailbreaking AI: Behind the Guardrails with Mozilla's Marco Figueroa In this episode of 'Cyber Security Today,' host Jim Love talks with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They explore the challenges and methods of bypassing guardrails in large language models like ChatGPT. Discussion points include jailbreaking, hexadecimal encoding, and the use of techniques like Deceptive Delight. Marco shares insights from his career, including his experiences at DEF CON, the NSA, McAfee, Intel, and Sentinel One. The conversation dives into Mozilla's efforts to build a secure AI landscape through the ODIN bug bounty program and the future implications of AI vulnerabilities. 00:00 Introduction and Guest Introduction 00:22 Understanding Large Language Models and Jailbreaking 01:53 Recent Jailbreaking Techniques and Examples 04:42 Interview with Marco Figueroa: Career Journey 10:12 Marco's Work at Mozilla and the ODIN Project 16:50 Exploring Prompt Injection and Hacking 23:21 Future of AI Security and Final Thoughts
FBI Warnings, TikTok's Canadian Shutdown, Major Data Breach Arrests & More | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love highlights the FBI's warning about growing phishing attacks exploiting government email credentials, leading to potential data theft and ransomware attacks. The Canadian government orders TikTok to shut down its domestic operations over national security fears, while the app plans to fight the decision. Authorities arrest Alexander Connor Moucka in conjunction with massive data breaches at companies like Ticketmaster and AT&T. Additionally, a Brampton landlord becomes a victim of an e-transfer scam, emphasizing the importance of securing email accounts. Stay informed with the latest cybersecurity news and recommendations. 00:00 Introduction and Headlines 00:22 FBI Warning on Phishing Attacks 01:53 International Law Enforcement Actions 02:26 Canada Orders TikTok Shutdown 03:45 Major Data Breach Arrests 04:22 Brampton Landlord E-Transfer Scam 05:16 Securing Personal Transfers 06:02 Conclusion and Show Notes
AI Finds Zero Day Vulnerability, MFA Mandatory on Google Cloud, French Energy Firm Hacked In today's episode of Cyber Security Today, host Jim Love discusses Google's AI-driven system Big Sleep discovering the first ever AI-identified zero day vulnerability in the SQLite database engine. He also covers Google's new requirement for Google Cloud users to implement multi-factor authentication (MFA) starting January, and a recent cyber-attack on French firm Schneider Electric, where hackers demanded a ransom in baguettes. Learn about these critical updates and their implications for the future of cybersecurity. 00:00 Introduction to Cyber Security Today 00:21 AI Discovers Zero Day Vulnerability 03:06 Google Cloud Enforces Multi-Factor Authentication 05:55 Hackers Demand Ransom in Baguettes 07:42 Conclusion and Show Notes
Chinese Cybersecurity Threats: Espionage in Silicon Valley, Canadian Government Infiltration, and Persistent Botnets In this special edition of Cyber Security Today, host Jim Love discusses three alarming stories illustrating the increasing cybersecurity threats posed by China. The episode details China's espionage activities in Silicon Valley, including a Google employee caught stealing AI trade secrets, the infiltration of Canadian government systems by Chinese state-sponsored hackers, and a persistent botnet using compromised TP-Link routers to target Microsoft Azure accounts. The stories highlight the urgent need for enhanced cybersecurity measures to counter these sophisticated threats. 00:00 Introduction: Rising Cybersecurity Threats from China 00:33 Silicon Valley Under Siege: Espionage in the Tech Hub 03:56 Canadian Government Infiltration: A Deep Dive 05:47 Persistent Botnet Threat: Covert Network 1658 07:31 Conclusion and Final Thoughts
Welcome to the weekend edition of Cybersecurity Today! Join host Jim Love as he delves into the top cybersecurity stories of the month with industry experts David Shipley of Beauceron Security, Terry Cutler of Cyology Labs, and special guest Kim Schreader from TELUS. This episode covers a range of vital topics, including AI's impact on cybersecurity, the alarming rise in API vulnerabilities, and a shocking report on the Canadian Revenue Agency's fraud losses. The panel also discusses cybersecurity awareness, the overlooked importance of protecting our libraries, and innovative ways to educate the next generation on cybersecurity. Don't miss their insights, expert opinions, and the debut of the cyber stinky award! 00:00 Introduction and Panelist Welcome 00:39 Kim Schreader's Background and Cybersecurity Insights 01:44 Cybersecurity Awareness Month Highlights 02:11 Phishing Milestones and Challenges 03:34 Home Cybersecurity and Public Engagement 04:59 SecTor Event and Cyber Insurance Study 06:10 Sextortion Emails and Ransomware Threats 07:30 Revenue Canada Fraud Scandal 14:31 Legacy Systems and Cybersecurity Accountability 17:55 AI in Cybersecurity: Threats and Opportunities 26:43 Medical Imaging Vulnerabilities 27:35 IoT Device Security Concerns 29:25 API Vulnerabilities and Exploits 31:45 Importance of Pen Testing 39:41 AI and Prompt Injection Risks 46:58 Education and Cybersecurity Awareness 52:23 Library Cyber Attacks and Conclusion
Cyber Security Today: Deceptive Delight Jailbreak, API Vulnerabilities Surge, Hex Attack on GPT-4 In this episode of Cyber Security Today, host Jim Love discusses the new jailbreak technique 'Deceptive Delight' that highlights vulnerabilities in large language models, the 21% increase in API vulnerabilities reported by Wallarm, and the hex-encoded attack on OpenAI's GPT-4. Learn about the significant rise in API security threats, including misconfigurations and cloud-native software vulnerabilities, and how cybercriminals are exploiting them. Discover how researchers are bypassing AI safety mechanisms and what this means for the future of AI security. Stay safe and informed about the latest cybersecurity trends and risks. 00:00 Introduction to Cyber Security Today 00:20 Deceptive Delight: A New Jailbreak Technique 02:22 Surge in API Vulnerabilities 04:16 Hexadecimal Exploits in AI Models 06:01 Smishing Attacks and Personal Anecdotes 06:56 Conclusion and Upcoming Shows
Massive CRA Breach Exposed & Cyber Challenges in Healthcare and Retail In this episode of Cyber Security Today, host Jim Love delves into the significant cyber security incidents impacting Canada, healthcare, and retail sectors. A report from CBC and Radio Canada reveals that the Canada Revenue Agency (CRA) has been compromised multiple times, leading to tens of thousands of hacked tax accounts and millions in fraudulent refunds. The episode also highlights a new report from Forescout Technologies that identifies critical vulnerabilities in connected medical devices, posing serious risks to patient safety and data security. Additionally, the 2024 Trustwave Retail Risk Radar Report outlines the evolving cyber threats facing retailers during the e-commerce boom, including phishing, credential stuffing, and ransomware attacks. Links to the detailed reports are provided in the show notes. Tune in for an in-depth discussion on these pressing cyber security challenges. 00:00 Introduction and Headlines 00:27 Canada Revenue Agency Hacked: Millions in Bogus Refunds 03:33 Medical Devices at Risk: Forescout's Alarming Report 06:42 Retail Cybersecurity Challenges: TrustWave's Insights 09:21 Conclusion and Show Notes
loading
Comments (3)

Daniel Lisa

Acronis Cyber Backup is a comprehensive data backup and recovery solution designed to protect data, systems, and applications. It's used by businesses and individuals to ensure that their critical information is safeguarded against data loss, hardware failures, cyberattacks, and other unexpected events. Acronis Cyber Backup offers features like full disk imaging, incremental backups, cloud storage, and quick recovery to keep operations running smoothly. It provides flexible deployment options, allowing backups to be stored locally or in the cloud, and integrates advanced cybersecurity features to defend against ransomware and other cyber threats. For a thorough cybersecurity assessment and data protection strategy, you might consider consulting with cybersecurity experts like those at https://www.wizlynxgroup.com/hk/en/

May 9th
Reply

Daniel Lisa

Acronis Cyber Backup is a comprehensive data backup and recovery solution designed to protect data, systems, and applications. It's used by businesses and individuals to ensure that their critical information is safeguarded against data loss, hardware failures, cyberattacks, and other unexpected events. Acronis Cyber Backup offers features like full disk imaging, incremental backups, cloud storage, and quick recovery to keep operations running smoothly. It provides flexible deployment options, allowing backups to be stored locally or in the cloud, and integrates advanced cybersecurity features to defend against ransomware and other cyber threats. For a thorough cybersecurity assessment and data protection strategy, you might consider consulting with cybersecurity experts like those at Wizlynx Group. They specialize in security testing and cybersecurity consulting to help businesses identify vulnerabilities and implement effective defense measures. You can learn more about their servic

May 9th
Reply

Denny Luyis

When you use a third party platform that offers an app for your on-premise platform - https://www.protectimus.com/platform/ , you are automatically taking advantage of the multi-factor security that they offer. It is easy to forget when you are using your computer, tablet, or smartphone that all of your data is being tracked in some way. With the use of a Protectimus application, your data is encrypted and protected even more. You are also provided with a second layer of security as a secondary level of protection. This helps to make your business' data secure even more.

Jul 26th
Reply