Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.
SEC Fines Four Companies $7 Million for Misleading Cybersecurity Disclosures: Cyber Security Today for Thursday, October 23, 2024
SEC Fines, WordPress Hacks, & Okta's New Security Standards | Cybersecurity Today Join host Jim Love in this episode of Cybersecurity Today, sponsored by CDW Canada Tech Talks. We delve into the SEC's $7 million fine on four companies for misleading cybersecurity disclosures, the hacking of over 6,000 WordPress sites by malicious plugins, and Okta's introduction of a new identity security standard in response to rising SaaS breaches. Get detailed insights on these key topics and more. Tune in to stay updated on the most pressing cybersecurity issues! 00:00 Introduction to Cybersecurity Today 00:28 SEC Fines for Misleading Cybersecurity Disclosures 02:39 Massive WordPress Site Hacks 04:58 Okta's New Security Standards 07:49 Conclusion and Sponsor Message
10/24/2024 • 8 minutes, 25 seconds
FBI Arrests Alabama Man in Connection to SEC Social Media Hack: Cyber Security Today for Monday, October 21st, 2024
In today's episode of Cyber Security Today, sponsored by CDW Canada Tech Talks, host Jim Love dives into the latest tech news and cybersecurity updates. Key stories include the FBI arrest of Eric Council Jr. for hacking the SEC's social media, the release of VulnHuntr, an AI tool designed to detect zero-day vulnerabilities in Python, and the arrest of two Sudanese brothers running a cybercrime business. Additional updates cover a security flaw in the WordPress Jetpack plugin, ongoing attacks on the Internet Archive, and the Golden Chickens spear-phishing campaign targeting HR personnel. Tune in for these stories and more. 00:00 Introduction to Cyber Security Today 00:27 FBI Arrests in SEC Social Media Hacks 02:49 Open Source Tools for Python Vulnerabilities 05:20 Cyber Crime Arrests and Scams 07:25 Golden Chickens Spear Phishing Campaign 09:15 Show Wrap-Up and Announcements
10/21/2024 • 10 minutes, 8 seconds
Gone Phishin' - Everything you need to know (and more). Cyber Security Today Weekend for October 19, 2024
Phishing and Cybersecurity: Evolution, Tactics, and Human Factors In this deep dive into the world of cybersecurity, join experts Jim Love and David Shipley as they unravel the ever-evolving landscape of phishing attacks and modern cyber threats. Through discussing the history and sophisticated evolution of phishing, including innovative methods like quishing, vishing, and smishing, this episode reveals the severe impacts on businesses and individuals. Discover how cybercriminals use psychological manipulation, including principles from Robert Cialdini's influence framework, to dupe unsuspecting victims. Uncover real-world examples, such as the dangers posed by AI-driven datasets, and the critical importance of Multi-Factor Authentication (MFA) in enhancing account security. The episode also delves into the human elements of cybersecurity, emphasizing the role of workplace culture, emotional intelligence Training, and assertiveness in creating a resilient defense against social engineering attacks. Join us for practical tips and insights to bolster your cybersecurity posture. 00:00 Introduction to Cybersecurity Today 00:31 Emerging Phishing Threats 01:36 Deep Dive into Phishing 03:22 History of Phishing 05:55 Types of Phishing Attacks 19:16 Social Engineering and Phishing 20:06 Research Hypothesis on Phishing 25:55 Phishing Tactics: Free Gift Card Scams 26:24 The Power of Scarcity in Phishing 28:18 Authority Figures and Phishing 29:02 Consistency: Small Requests to Big Scams 30:06 Liking and Social Proof in Phishing 32:19 The Evolution of Phishing Techniques 35:15 Fighting Back: Technical Solutions 42:57 Emotional Intelligence and Workplace Culture 46:58 Conclusion and Final Thoughts
10/19/2024 • 49 minutes, 24 seconds
53% would switch banks if their institution had a data breach: Cyber Security Today for Thursday, October 17, 2024
In this episode, host Jim Love delves into sophisticated phishing attacks, cybersecurity initiatives, and significant changes in data security protocols. Listeners will learn about a national survey revealing that 53% of Canadians would switch banks after a data breach and hear insights on Apple's proposal to shorten SSL/TLS certificate lifespans. The episode also covers 23andMe's data breach and settlement, and introduces the FIDO Alliance's new protocol designed to enhance passkey portability across platforms. Emphasizing the importance of robust cybersecurity measures and user education, the discussion highlights advancements in passwordless authentication, as demonstrated by major implementations from companies like Amazon. This episode offers an in-depth look at current cybersecurity challenges and forward-thinking solutions in the realm of user authentication. 00:00 Introduction and Show Format Update 00:48 Canadian Banking Cybersecurity Concerns 01:14 Survey Insights and Financial Sector Responses 03:25 Customer Concerns and Communication Gaps 04:17 Financial Impact of Data Breaches 05:13 Apple's SSL/TLS Certificate Lifespan Proposal 06:20 Google's Push for Shorter Certificate Lifespans 07:24 23andMe Data Breach Settlement 09:55 FIDO Alliance and Passwordless Authentication 12:38 Conclusion and Show Notes
10/17/2024 • 13 minutes, 6 seconds
Canadian Quantum computing used in Chinese researcher's early advances to break military level encryption: Cyber Security Today for Tuesday, October 14, 2024
Cybersecurity Today: Wayback Machine Read-Only, AI-Driven Phishing, and Quantum Computing Breakthroughs In this episode of Cybersecurity Today, host Jim Love discusses the recent cyber incident with the Internet Archive's Wayback Machine, which is now back online in read-only mode. He outlines sophisticated AI-driven Gmail phishing schemes that are fooling even tech experts and reports on Chinese researchers' breakthrough using a Canadian quantum computer to potentially crack military-grade encryption. Jim also shares practical advice on staying vigilant against such cyber threats. 00:00 Introduction and Schedule Update 00:22 Cybersecurity News Highlights 00:44 Internet Archive's Wayback Machine Breach 02:06 Sophisticated AI-Driven Gmail Phishing Scams 05:45 Quantum Computing Breakthrough in Encryption 07:10 Conclusion and Sign-Off
10/15/2024 • 7 minutes, 30 seconds
Tech Trends for 2025 with Brian Jackson, Principal Research Director for Info-Tech: Cyber Security Today Weekend for October 12, 2024
Exploring IT Trends and AI Opportunities with Brian Jackson In this crossover episode of Hashtag Trending, host Jim Love interviews Brian Jackson, Principal Research Director at InfoTech Research Group, to discuss emerging IT trends and their intersection with cybersecurity. The conversation covers AI advancements, quantum computing, and digital humans, focusing on how to leverage technology for business opportunities while mitigating associated risks. Brian also emphasizes the importance of AI specialization and sovereignty, and the necessity for organizations to adapt encryption in preparation for quantum computing breakthroughs. Tune in for insights on current technology trends and strategies to harness emerging tools effectively. 00:00 Introduction and Overview 00:42 Meet Brian Jackson 01:51 Brian's Role at InfoTech 02:47 Tech Trends 2025 04:07 AI Opportunities and Risks 05:41 Quantum Computing and Cryptography 06:29 Digital Humans and Deepfakes 09:22 AI in Business Applications 22:32 AI Sovereignty and Cost Management 33:48 Quantum Computing in Practice 38:30 Conclusion and Final Thoughts
10/12/2024 • 40 minutes, 12 seconds
North Korean sponsored hackers target tech job seekers with phoney job interviews. Cyber Security Today for Friday, October 11, 2024
Cybersecurity Today: Data Breaches and Malware Threats In this episode of Cybersecurity Today, host Jim Love discusses the hacking incidents involving the Internet Archive and Fidelity, exposing millions of users' data. Highlights include the Internet Archive breach attributed to the Black Meta Hacktivist group, affecting 31 million users, and Fidelity's data breach impacting 77,000 customers. Additionally, the bankruptcy of National Public Data after a massive leak and North Korean cyberattacks on tech job seekers are detailed. These incidents emphasize the importance of robust cybersecurity measures and industry regulations. 00:00 Major Data Breaches: Internet Archive and Fidelity 00:26 Internet Archive Breach: Details and Impact 01:49 Fidelity Data Breach: What Happened? 03:17 National Public Data Files for Bankruptcy 05:23 North Korean Hackers Target Tech Job Seekers 07:38 Conclusion and Resources
10/11/2024 • 8 minutes
White House official says insurance companies need to stop paying ransoms. Cyber Security Today for Wednesday, October 9, 2024
Cybersecurity Alert: White House Urges Insurance Reform & Major Hacks Revealed In this episode of Cybersecurity Today, host Jim Love covers significant developments in cybersecurity policy and breaches. The White House, represented by U.S. Deputy National Security Advisor Ann Neuberger, calls for an end to insurance policies that incentivize ransomware payments. The episode also discusses a major ransomware attack affecting Comcast and highlights a significant breach by China-backed hackers targeting U.S. telecom providers. Additionally, American Water faces a security breach impacting its customer systems. The episode emphasizes the growing threats and debates around cybersecurity practices. 00:00 Introduction and Headlines 00:41 White House Calls to End Ransomware Payments 02:11 Comcast Data Breach Exposes 230,000 Customers 03:57 Chinese Hackers Compromise U.S. Telecom Systems 06:24 American Water Cybersecurity Incident 08:02 Conclusion and Show Notes
10/9/2024 • 8 minutes, 28 seconds
Russia finally cracks down on cyber crimes: Cyber Security Today for Monday, October 7th, 2024
Cybersecurity Today: Cloudflare's DDoS Victory, Russian Hacker Arrests, and Truth Social Scams In this episode of Cybersecurity Today, host Jim Love discusses Cloudflare's successful mitigation of the largest recorded DDoS attack, showcasing the company's advanced defense capabilities. The episode also covers the arrest of nearly 100 individuals in Russia linked to illegal cryptocurrency transactions and ransomware laundering through the Crypteks crypto exchange. Additionally, it highlights Truth Social's vulnerability to pig butchering scams, where users face significant financial losses. These stories reflect ongoing cybersecurity challenges and responses from different stakeholders. 00:00 Introduction and Headlines 00:28 Cloudflare's DDoS Defense Triumph 02:57 Russia's Crackdown on Cryptex Crypto Exchange 04:57 Truth Social's Pig Butchering Scams 07:02 Conclusion and Show Notes
10/7/2024 • 6 minutes, 59 seconds
New research provides insights into Cyber Security Awareness and Phishing: Cyber Security Today Weekend for October 5, 2024
Unveiling the Truth: Insights into Cyber Security Awareness and Phishing In a special crossover episode of Cyber Security Today and Hashtag Trending, host Jim Love discusses the biases and challenges in technology marketing research with guest David Shipley, head of Beauceron Security. The conversation examines the significance of security awareness, focusing on phishing simulations. Shipley shares insights from his research, emphasizing the optimal frequency of monthly phishing tests and the importance of reporting rates. The episode also covers the psychological aspects of cyber security, sustainability of gamification in training, and highlights the need for balancing training demands to avoid negative impacts of overtraining. Listeners are encouraged to reflect on the insights shared and respond with their thoughts on the program's format. 00:00 Introduction and Overview 00:15 The Problem with Technology Marketing Research 00:46 Bias in Research and Media 01:33 Importance of Objective Research 02:24 Introducing David Shipley and His Research 03:08 Understanding Human Behavior in Cybersecurity 05:38 Phishing Research and Findings 07:19 Effective Phishing Simulations 15:02 Insights from Phishing Data 22:14 The Importance of Reporting and Feedback 22:32 Multi-Channel Communication Strategies 23:53 Gamification and Personal Cyber Risk Scores 25:16 Behavioral Economics in Cybersecurity 27:07 The Impact of Intrinsic Motivation 29:22 The Role of Psychology in Cybersecurity 30:15 The Framing Effect and Security Perception 32:19 Optimism Bias and Security Awareness 35:00 The Dunning-Kruger Effect in Training 37:29 Anchoring Bias and Phishing Indicators 39:03 Key Takeaways and Final Thoughts
10/5/2024 • 42 minutes, 23 seconds
National Vulnerability Database backlog, update on CIRA study: Cyber Security Today for Friday, October 4, 2024
Cybersecurity Today: NVD Backlogs & Emerging Threats Host Jim Love discusses the backlog in the National Vulnerability Database and its implications for cybersecurity, highlighting two new Linux vulnerabilities. The episode also covers a sophisticated malware, Perfctl, attacking Linux servers, vulnerabilities in CUPS, and security risks of Meta's smart glasses. Additionally, insights are provided from a CIRA study on ransomware payment trends and the challenges posed by AI in cybersecurity. The podcast ends with announcements for new vulnerability threats and a preview of upcoming research with co-host David Shipley. 00:00 Introduction and Podcast Promotion 00:45 National Vulnerability Database Backlog 02:54 Linux Vulnerabilities: Perfctl Malware 04:42 CUPS Vulnerability Alert 05:56 Privacy Concerns with Meta's Smart Glasses 07:23 Critical Vulnerabilities in Zimbra and Ivanti 08:55 CIRA's Ransomware Study Insights 12:12 AI in Cybersecurity: Survey Findings 14:02 Conclusion and Upcoming Features
10/4/2024 • 14 minutes, 58 seconds
Patch Tuesday early release has huge issues: Cyber Security Today for Wednesday, October 2, 2024
Cybersecurity News: Microsoft Patch Issues, Chrome Vulnerabilities, and T-Mobile Settlement In this episode of Cybersecurity Today, Jim Love discusses several pressing issues in the tech world. Early feedback on Microsoft's Windows 11 October Patch Tuesday update reveals significant stability issues. Google Chrome receives a second major security update in ten days due to four new high severity vulnerabilities. The Canadian Internet Registration Authority (CIRA) publishes its annual cybersecurity study highlighting the costs and damages from cyberattacks on Canadian businesses. A coalition of major security agencies releases a report on detecting and mitigating Active Directory compromises. Lastly, T-Mobile agrees to a $31.5 million settlement with the FCC over multiple data breaches affecting millions of U.S. customers. Stay tuned for more insights and updates! 00:00 Introduction and Podcast Promotion 00:38 Microsoft's October Patch Tuesday Issues 02:29 Urgent Chrome Security Update 03:27 CIRA's Annual Cybersecurity Study 05:18 Active Directory Compromise Report 06:57 T-Mobile's FCC Settlement 08:38 Conclusion and Sponsor Message
10/2/2024 • 9 minutes, 11 seconds
NIST issues new password guidelines: Cyber Security Today for Monday, September 30, 2024
New NIST Password Guidelines, Octo2 Trojan & ChatGPT Vulnerabilities | Cybersecurity Today Join Jim Love in today's episode of Cybersecurity Today as he discusses the latest password security guidelines from NIST focusing on length and usability, the emergence of the Octo2 Trojan targeting bank accounts on Android by posing as VPN and Chrome apps, and a significant vulnerability in ChatGPT allowing attackers to plant false memories. Additionally, learn about Google's new password rules for Gmail access and the recent glitch causing ChatGPT to initiate conversations on its own. Don't miss this insightful episode to stay updated on the latest cybersecurity trends and measures. 00:00 Introduction and Podcast Promotion 00:50 NIST's New Password Guidelines 02:26 Octo2 Trojan: New Android Threat 03:27 ChatGPT Vulnerability: False Memories 04:40 Google's New Password Rules for Gmail 05:35 ChatGPT's Unprompted Messaging Bug 06:54 Conclusion and Sponsor Message
9/30/2024 • 7 minutes, 25 seconds
Cyber Security Today - Week in Review for September 28th, 2024
Cyber Security Week in Review: Data Breaches, MFA Bypassing, and Surveillance Insights Join host Jim Love along with an expert panel featuring Terry Cutler, David Shipley, and Laura Payne to discuss this week in cybersecurity. Topics include the latest methods of bypassing MFA, data breaches and how to deal with compromised information, the implications of the FTC's report on tech company data collection, new findings on fraud affecting small businesses, and an intriguing German police technique to unmask TOR users. The episode also introduces the 'Stinkies' award for unnecessary fearmongering by cybersecurity vendors. Don't miss this in-depth analysis and practical advice for staying secure in an increasingly digital world. 00:00 Introduction and Panelist Introductions 02:55 Jessica's Question on Data Breaches 09:18 Small Business Fraud and Cybersecurity 17:44 Evilginx and MFA Vulnerabilities 22:44 MFA Security: Myths and Realities 25:26 The FTC's Staggering Surveillance Report 28:44 Surveillance Capitalism and Marketing Tactics 28:54 Tim Hortons' Data Collection Scandal 37:00 The German Police and TOR Anonymity 42:49 The Inaugural Stinky Awards 44:58 Final Thoughts and Farewell
9/28/2024 • 45 minutes, 45 seconds
Vulnerabilities in OT systems pose real environmental and safety issues in fuel storage. Cyber Security Today for Friday, September 27, 2024
Canadian SMBs Face Rising Fraud Threats & New AI-Powered Gmail Security In this episode of Cyber Security Today, host Jim Love discusses the increasing fraud threats faced by Canadian small and medium-sized businesses, revealing that half have experienced attempted or successful fraud in the past year. The transportation sector is hit hardest, with 61% reporting fraud attempts. Google’s new Gemini AI technology offers enhanced security for Gmail, notably for smaller businesses. InfoStealer malware developments are circumventing Google Chrome’s app-bound encryption, posing significant threats. Additionally, severe vulnerabilities have been uncovered in fuel storage tank monitoring systems, emphasizing the urgency for robust security measures in critical infrastructure. 00:00 Introduction and Overview 00:25 Fraud Threats Facing Canadian SMBs 02:15 Google's AI-Powered Security Enhancements 03:54 InfoStealer Malware Targeting Google Chrome 06:11 Critical Vulnerabilities in Fuel Storage Technology 08:28 Conclusion and Final Thoughts
9/27/2024 • 8 minutes, 41 seconds
Evilginx - an open source program to bypass MFA: Cyber Security Today for Wednesday, September 25, 2024
Evilginx: MFA Bypass Tool, Kaspersky's Exit & FTC's Data Surveillance Report - Cyber Security Today In this episode of Cyber Security Today, host Jim Love discusses a new cyber security tool called Evilginx that bypasses multi factor authentication (MFA), Kaspersky's unexpected software replacement for North American users, ESET's patches for critical vulnerabilities, and a scathing FTC report on data collection by major tech companies. Learn about the latest cyber security threats and updates to stay informed and protected. 00:00 Introduction to Today's Cyber Security News 00:26 Evilginx: The New Threat to Multi-Factor Authentication 02:45 Kaspersky's Controversial Exit from the U.S. Market 04:36 ESET Patches Critical Vulnerabilities 06:33 FTC's Scathing Report on Big Tech's Data Practices 08:11 Conclusion and Show Notes
9/25/2024 • 8 minutes, 30 seconds
Tor browser anonymity cracked by German police: Cyber Security Today for Monday, September 23, 2024
Security Risks with Apple's OS Update, Disney Ditches Slack, and GitHub Hack Alert In this episode of Cyber Security Today, host Jim Love discusses pressing issues in the cybersecurity landscape: Apple's latest macOS update, Sequoia version 15, causing compatibility issues with major security tools; Disney's move to scrap Slack after a significant data breach; a sophisticated GitHub phishing attack leveraging GitHub's notification system; and German police's breakthrough in unmasking anonymous Tor users. Key takeaways include advice for IT professionals on managing OS updates, the implications of corporate messaging app breaches, precautions for GitHub users, and recommendations for maintaining anonymity on the Tor network. 00:00 Introduction and Headlines 00:21 Apple's Mac OS Sequoia Update Issues 02:00 Disney Dumps Slack After Data Breach 03:13 GitHub Phishing Campaign Exploits Developers 04:44 German Police Unmask Tor Users 07:19 Conclusion and Show Notes
9/23/2024 • 7 minutes, 31 seconds
A hacker's view of civic infrastructure: Cyber Security Today - Special Feature
A Hacker's Perspective on Vulnerable Civic Infrastructure In this episode, host Jim Love explores the vulnerabilities of civic infrastructure with cybersecurity expert Nick Aleks. They discuss how hackers view and exploit city systems, the dangers of default passwords and outdated firmware, and the risks associated with smart buildings and operational technology. Nick provides insights on how bad actors can leverage these weaknesses for massive attacks and offers recommendations for improving security through collaboration, proactive measures, and the incorporation of AI technologies. This enlightening discussion highlights the urgent need for better security practices in our increasingly connected urban environments. 00:00 Introduction and Context 00:18 Meet the Expert: Nick Aleks 00:51 A Hacker's Perspective on City Infrastructure 03:20 Penetration Testing and Vulnerabilities 04:26 Targeting Civic Infrastructure 20:30 Smart Buildings and IoT Security 25:12 Defensive Strategies and Collaboration 32:29 The Role of AI in Security 35:06 Conclusion and Final Thoughts
9/21/2024 • 35 minutes, 38 seconds
Supply chain targets 3,000 users. Cyber Security Today for Friday, September 20, 2024
Cybersecurity Today: Supply Chain Attacks, Data Breaches, and Botnet Threat Disruptions In this episode of 'Cybersecurity Today,' host Jim Love covers pressing issues in the cybersecurity world, including a supply chain attack in Lebanon, a major data breach at AT&T resulting in a $13 million fine, and the disruption of the Chinese botnet known as Raptor Train. The AT&T breach underscores the risks of weak vendor data protection, while the weaponization of communication devices in Lebanon signals new threats in cyber-physical warfare. The episode also highlights the resilience of the Raptor Train botnet, attributed to the Chinese state-sponsored group Flax Typhoon, and the steps taken by the FBI to mitigate this threat. Listeners are advised to enhance their cybersecurity practices to protect against these multifaceted attacks. 00:00 Introduction to Cybersecurity Today 00:23 AT&T's $13 Million Fine for Data Breach 02:03 Weaponized Communication Devices in Lebanon 03:50 Disruption of the Chinese Botnet Raptor Train 05:28 Conclusion and Sign-Off
9/20/2024 • 6 minutes, 43 seconds
London Transport requires in person password validation for 30,000 employees, Cyber Security Today for Wednesday, September 18, 2024
Emerging Cyber Threats: Repellent Scorpius, TfL Cyber Attack, and Online Safety for Children In this episode, we discuss the emergence of the new ransomware group Repellent Scorpius and their use of the Ciccada 3301 ransomware. We cover the London Transport Authority's (TfL) in-person password resets following a significant cyber attack, and examine the case of Chinese national Song Wu's multi-year spear-phishing campaign. Additionally, we delve into the C community's proposal for a safe C extension to enhance memory safety and address vulnerabilities. Finally, we highlight the urgent online dangers targeting children and teens, and the measures required to combat these threats. 00:00 Emergence of Repellent Scorpius Ransomware Group 01:53 TfL's Response to Cyber Attack 02:53 Chinese National Charged in Spear Phishing Campaign 04:13 C Community's Safe C Extension Proposal 05:33 Online Dangers Targeting Children and Teens 07:19 Conclusion and Final Thoughts
9/18/2024 • 7 minutes, 34 seconds
Fortinet experiences another major breech with hacker claiming 440 GB of data stolen. Cyber Security Today for Monday, September 16, 2024
Cyber Security Today: Fortinet Data Breach, Seattle Ransomware Attack, and Lazarus Targeting Developers In this episode of Cyber Security Today, host Jim Love covers Fortinet's confirmation of a data breach after a hacker claims to have stolen 440GB of data. The episode also discusses the cyber attack on Seattle Tacoma International Airport by the Rysida ransomware group and the port's refusal to pay the ransom. Additionally, North Korean hacker group Lazarus is targeting Python developers via malicious coding tests as part of the VM connect campaign. Stay tuned to learn more about these pressing cybersecurity issues. 00:00 Introduction to Cyber Security Today 00:27 Fortinet Data Breach Details 02:15 Seattle Tacoma Airport Ransomware Attack 03:41 Lazarus Group Targets Python Developers 05:30 Conclusion and Final Thoughts
9/16/2024 • 5 minutes, 42 seconds
Cyber Security Today Week in Review for September 14, 2024
Cybersecurity Insights: Vulnerabilities, Insider Threats, and the Future of Online Safety In this weekend edition of Cybersecurity Today, host Jim Love is joined by regulars Terry Cutler of Cyology Labs and David Shipley of Beauceron Security, alongside special guest Laura Payne from White Tuque. They discuss significant cybersecurity news including the new additions to CISA's known exploited vulnerabilities catalog, a hilarious yet eye-opening domain purchase incident, and the ongoing issue of insider threats. The panel also dives into the complexities surrounding recent breaches like the one at Avis and the broader implications of data vulnerabilities. Stay tuned for the latest insights and expert opinions on what's happening in the cybersecurity world. 00:00 Introduction and Panelist Introductions 01:31 Format Overview and First Cybersecurity Story 01:47 Discussion on CISA's Vulnerability Catalog 02:51 Challenges in Patch Management 06:45 Microsoft's Patch Tuesday Controversy 10:49 The $20 Domain Vulnerability 15:42 Insider Threats and Real-World Incidents 18:11 Handling Disgruntled Employees 18:51 Insider Threats: Real-Life Examples 19:41 Preventing Insider Threats 21:30 Password Management and Security 22:53 Case Study: Sales Employee Walks Out with Client List 23:42 Jurassic Park and Risk Management 24:32 Avis Data Breach: What Happened? 25:51 The Importance of Identity Theft Protection 29:44 Challenges in Cybersecurity Awareness 34:27 Microsoft's New Security Measures 35:07 Conclusion and Farewell
9/14/2024 • 36 minutes, 21 seconds
20 dollars exposes a huge flaw in Internet security: Cyber Security Today for Friday the 13th September, 2024
Cyber Security Today: TfL Data Breach, Critical Vulnerabilities, and Insider Threats Join host Jim Love in 'Cyber Security Today' as we delve into the latest cyber security incidents and updates. Learn about Transport for London's data breach affecting thousands of customers, critical vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, and the recent Microsoft Patch Tuesday addressing over 70 security flaws. We also discuss significant breaches at Avis, shocking domain purchase by a researcher highlighting internet trust issues, and insider threats exemplified by Daniel Rhyne's rogue actions against an industrial company. Stay informed with expert insights and essential recommendations! 00:00 Introduction and Breaking News 00:05 Transport for London Cyber Attack 01:04 New Vulnerabilities Added to CISA's KEV Catalog 02:38 Microsoft and Other Major Tech Companies Release Patches 04:02 Avis Data Breach 05:15 Security Researcher Buys Critical Domain 07:58 Insider Threat: The Daniel Rhyne Case 09:53 Conclusion and Final Thoughts
9/13/2024 • 10 minutes, 15 seconds
1.7 million credit card records leaked by payment gateway. Cyber Security Today for Wednesday, September 11, 2024
Cybersecurity Today: Microsoft Office 2024, Data Breach, CrowdStrike Fallout, & Ford's Privacy Concerns In this episode of Cybersecurity Today with your host Jim Love, we discuss Microsoft's decision to disable ActiveX controls by default in Office 2024 to enhance security, the data breach at SlimCD affecting 1.7 million credit card owners, CrowdStrike's ongoing response to the July IT disruption, and privacy concerns over Ford's new patent application for in-car conversation monitoring. Learn about the implications and what these developments mean for IT professionals and end-users. 00:00 Introduction and Headlines 00:24 Microsoft Office 2024 Security Changes 01:50 Major Data Breach at SlimCD 03:51 CrowdStrike's Crisis Management 05:35 Ford's Controversial Patent Application 06:54 Conclusion and Show Notes
9/11/2024 • 7 minutes, 11 seconds
5.9 terabytes of sensitive medical data leaked: Cyber Security Today for Monday, September 9th, 2024
Massive Healthcare Data Breach, Google's Move to Rust, and New Sextortion Scams - Cybersecurity Today In this episode of Cybersecurity Today, hosted by Jim Love, we discuss a major healthcare data breach at Confident Health where 5.3 terabytes of sensitive mental health data were exposed due to a misconfigured server. Google advocates for replacing legacy C and C++ code with Rust for better security and productivity. We also explore the disturbing new trend in sextortion scams that now include photos of victims' homes to enhance threats, and the importance of addressing such scams in corporate security programs. 00:00 Introduction and Headlines 00:18 Major Data Breach at Confident Health 02:08 Google's Move to Rust for Enhanced Security 03:59 The Rising Threat of Sextortion Scams 05:50 Conclusion and Resources
9/9/2024 • 6 minutes, 21 seconds
Cyber Security Today - Week In Review for the September 7th, 2024
Toronto School Board Hack & Cybersecurity Best Practices: Expert Panel Discussion Welcome to the weekend edition of Cybersecurity Today, hosted by Jim Love! Join our expert panel featuring Terry Cutler from Cyology Labs, David Shipley of Beauceron Security, and special guest Daina Proctor from IBM Security Services Canada. This episode dives into recent cybersecurity stories including a major data breach at the Toronto District School Board and continued fallout from the MoveIT software hack. Our experts discuss the importance of robust security measures, the cultural shift needed in organizations to handle cyber threats, and the increasing role of cybersecurity insurance. We’ll also explore fascinating stories like active listening on Android phones and Disney's legal backtrack. Don't miss out on this insightful and engaging conversation! 00:00 Introduction and Panelist Welcome 01:26 Toronto School Board Cyber Attack 02:16 Challenges in School Cybersecurity 10:52 MoveIT Hack and Its Implications 15:43 Insurance and Cybersecurity 25:19 City of Columbus Data Breach 26:21 Spotting the Problem: Data Overload 26:31 Columbus Breach: Encryption and Legal Battles 27:25 The Streisand Effect and Legal Protections 28:20 Personal Story: Public Information and Security 29:19 Human Element in Cyber Attacks 34:20 Incident Response Planning and Simulations 39:13 Proactive Cybersecurity Measures 46:40 Consumer Data Privacy Concerns 54:01 Conclusion and Final Thoughts Terry referred to CyologyLab.com/start for the video and the free tools.
9/6/2024 • 55 minutes, 7 seconds
AI - What did you miss this summer? Hasthtag Trending for Friday, September 5th, 2024
AI Summer Recap: OpenAI's GPT 5, GPT Next, and Beyond Join host Jim Love as he navigates through the major AI and cybersecurity stories that dominated summer 2023. From CrowdStrike's impact on Windows security to OpenAI's tantalizing announcements of GPT 4.0 Omni and the anticipated GPT Next, this episode reflects on the giant strides in AI technology. Understand the strategic buzz created by OpenAI, the unrecognized achievements by Google, and the intricate gossip surrounding futuristic AI models like QSTAR and Strawberry. This comprehensive recap highlights why the advancements in AI could significantly shape business processes and technological systems in the near future. Don't miss the rerun of the highly informative Practical AI episode featuring industry experts, plus a hint at what's to come in tech news. 00:00 Introduction and Host Welcome 00:37 Summer's Blockbuster Stories: AI and Cybersecurity 01:06 OpenAI's Strategy and GPT 4.0 Omni 03:11 The Mystery of Sora and Other Rumors 04:53 Google's AI Achievements and OpenAI's Mastery 07:27 The GPT Next Announcement 10:27 Conclusion and Future AI Developments 11:57 Practical AI Episode Rerun and Closing Remarks
9/6/2024 • 13 minutes, 36 seconds
"Active Listening" software reportedly used to listen in on smart phone conversations. Cyber Security Today for Thursday, September 5, 2024
Is Your Phone Spying on You? D Link Vulnerabilities & Government Data Requests In this episode of Cyber Security Today, host Jim Love discusses critical remote code execution vulnerabilities in D Link routers, impacting their discontinued DIR 846 series. These flaws, including CVE 2024 44341 and CVE 2024 44342, pose significant risks, prompting D Link to recommend users replace outdated devices. The episode also examines the considerable amount of data governments gather from big tech companies, with a study by Surfshark highlighting the increasing user data requests. Lastly, Jim covers a report from 404 Media that reveals Facebook's partner, Cox Media Group, using smartphone microphones for targeted ads, raising severe privacy concerns. Stay informed about the latest in cybersecurity by tuning in! 00:00 Introduction: Is Your Smartphone Listening? 00:15 D-Link Router Vulnerabilities Exposed 02:24 Government Data Requests from Big Tech 04:15 Tech Companies' Compliance with Data Requests 05:38 Facebook's Active Listening Scandal 08:20 Conclusion and Show Notes
9/5/2024 • 8 minutes, 42 seconds
Major Data Breaches: Toronto Schools, TDECU, and Columbus Hacked: Cyber Security Today for Tuesday, September 3rd, 2024
In this episode of Cyber Security Today, host Jim Love delves into recent data breaches affecting the Toronto District School Board, Texas Dow Employees Credit Union, and the city of Columbus. Discover details on the ransomware attacks, the compromised data, and the implications for the victims involved. Additionally, explore critical questions raised about cybersecurity practices and the handling of whistleblowers. Tune in for an in-depth analysis of these significant cybersecurity incidents. 00:00 Introduction and Headlines 00:22 Toronto District School Board Data Breach 01:32 MoveIT Breach: A Continuing Saga 03:19 City of Columbus Ransomware Attack 05:04 Whistleblower Controversy in Columbus 05:42 Host's Editorial and Personal Experience 07:39 Conclusion and Contact Information
9/3/2024 • 8 minutes, 3 seconds
Mastering AI & Cybersecurity: Navigating the Future - A Special Panel Discussion
Welcome to a special weekend edition of Cyber Security Today! In this long weekend episode, we delve into the world of artificial intelligence (AI) and its impact on various sectors, particularly as organizations ramp up their plans for the upcoming year. Join our host Jim Love and a distinguished panel of experts: Evgeny Koloda, Marcel Gagne, John Pinard, and Nicole Bendrich, as they explore the current state of AI, its promises, practical implementations, and the cybersecurity challenges associated with it. Discover valuable takeaways on developing an effective AI strategy and understanding the multi-modal advancements poised to revolutionize industries. 00:00 Introduction to the Special Weekend Edition 00:45 Meet the Expert Panel 02:25 The Promise and Challenges of AI 03:31 The Evolution of AI in Various Industries 06:41 Generative AI and Its Impact 07:53 AI in Cybersecurity 19:00 Human vs. AI: Decision Making and Errors 23:50 The Future of AI and Human Interaction 33:04 Expanding Human Capabilities with AI 35:04 Choosing the Right AI Model 40:09 Navigating AI in Regulated Industries 46:23 The Rise of Deepfakes and Cybersecurity Concerns 59:35 Building an Effective AI Strategy 01:04:15 Conclusion and Final Thoughts Resources: - AI Enterprise level HIPAA complaint GPT platform https://www.aivia.ai/ - EMR with AI capabilities eCW (eClinicalWorks) https://www.eclinicalworks.com/ - Digital Video Twin platform - HeyGen https://www.heygen.com/ - Canadian Digital Twin creation platform - Synthesia https://www.synthesia.io/ - Voice Cloning platform - Eleven Labs https://elevenlabs.io/ - Automation with AI - https://www.make.com Open Router https://openrouter.ai Jan.ai https://jan.ai/
8/31/2024 • 1 hour, 4 minutes, 55 seconds
Deepfake Scams, Fake Global Protect Malware, and Russian Threats:Cybersecurity Today: for Friday, August 30th, 2024
In this episode of Cybersecurity Today, host Jim Love dives into the alarming rise of deepfake scams, highlighting how threat actors are using AI-generated videos to lure victims into fraudulent schemes. A notable campaign involves deepfake videos of Elon Musk promoting 'Quantum AI.' Additionally, the episode covers a sophisticated cyber attack where fake Palo Alto's Global Protect VPN is used to deploy malware. Lastly, it discusses Russia's potential threats against undersea communication cables and GPS systems, emphasizing the growing vulnerabilities in global infrastructure. Stay informed and secure with this essential update. 00:00 Introduction and Headlines 00:23 Deepfake Scams: The New Frontier 01:26 Quantum AI Scam Breakdown 02:47 Fake Palo Alto VPN: A Sophisticated Cyber Attack 04:21 Russia's Threat to Global Communications 06:35 Conclusion and Upcoming Show
8/30/2024 • 6 minutes, 58 seconds
Four Internet Service Providers are breached by sophisticated cyber attack. Cyber Security Today for Wednesday, August 28, 2024
Critical Cyber Security Alerts: Major Vulnerabilities and Exploits Unveiled In today's episode of Cyber Security Today, host Jim Love discusses a series of alarming cyber security incidents. Topics include a sophisticated attack exploiting a zero-day vulnerability in a popular network management platform, critical patches from SonicWall and Google addressing severe vulnerabilities, and an update on the National Public Data hack revealing deeper security issues. Learn about the latest threats and essential security measures you need to take now. 00:00 Introduction and Headlines 00:22 Sophisticated Cyber Attack on ISPs 02:43 SonicWall Firewall Vulnerability 04:29 Google Chrome Zero-Day Exploit 06:23 National Public Data Breach Update 07:58 Conclusion and Additional Resources
8/28/2024 • 8 minutes, 31 seconds
Seattle port systems shut down due to possible cyber attack: Cyber Security Today for Monday August 26, 2024
Cybersecurity Failures: Lawsuits, Outages, and International Threats In this episode of Cybersecurity Today, host Jim Love covers a range of critical cybersecurity issues. The U.S. sues Georgia Tech for not meeting cybersecurity standards as a Pentagon contractor. A potential cyber attack disrupts operations at Seattle’s port and airport. Microsoft plans a security summit following a major global IT outage caused by CrowdStrike. The effectiveness of publicly naming and shaming countries sponsoring cyberattacks is questioned. Join us as we delve into these pressing topics and their implications for cybersecurity policy and infrastructure resilience. 00:00 Cybersecurity Headlines: U.S. Sues Georgia Tech and Seattle Port Outage 00:24 Seattle Port and SeaTac Airport Cyber Attack Details 01:56 U.S. Government Sues Georgia Tech Over Cybersecurity Failures 03:27 Microsoft Security Summit and CrowdStrike Outage 04:11 Debate Over Microsoft's Proposed Security Changes 05:13 Effectiveness of Naming and Shaming in Cybersecurity 06:41 Challenges in Combating State-Sponsored Cyber Attacks 07:05 Conclusion and Show Notes
8/26/2024 • 7 minutes, 29 seconds
Cyber Security Today Week In Review: Saturday, August 24th, 2024
Join host Jim Love in this weekend edition of Cyber Security Today, featuring a distinguished panel including Terry Cutler (Cyology Labs), David Shipley (Beauceron Security), and special guest Tara Gold (Cado Security). The episode delves into key cybersecurity topics including the value of IT certifications, the rising trend in ransomware payouts, and the novel attack vectors targeting macOS systems. The show also explores the impact of poisoned search terms and the rising threats to small and medium-sized businesses. Don't miss this engaging and insightful discussion on the latest cybersecurity trends and best practices. 00:00 Welcome to Cyber Security Today 00:05 Meet the Panel and Special Guest 02:31 Introduction to Key Stories 03:04 Debate on IT Certifications 12:07 Ransomware Trends and Insights 18:46 Search Terms as Attack Vectors 23:26 Mac OS Vulnerabilities and Malware 30:17 Conclusion and Farewell
8/24/2024 • 31 minutes, 8 seconds
Popular search terms are leveraged in cyber attacks: Cyber Security Today for Friday, August 23, 2024
In this episode, host Jim Love delves into significant cybersecurity news, including a rise in FakeBat malware infections from malvertising campaigns, car companies selling driver data to brokers without consent, and McAfee's new deepfake detection tool. Highlights include the sophisticated methods of the FakeBat campaign, privacy concerns from automakers' data practices, and McAfee's innovative on-device solution for detecting AI-generated content. 00:00 Introduction to Cybersecurity Today 00:24 Malvertising Campaigns and FakeBat Malware 02:21 Automakers Selling Driver Data 04:22 McAfee's Deepfake Detection Tool 06:14 Show Wrap-Up and Additional Insights
8/23/2024 • 7 minutes, 13 seconds
Ransomware hits record high amounts: Cyber Security Today for Tuesday, August 21, 2024
Ransomware Record Highs, North Korean Exploits, Toyota Data Breach, and Mac Security Flaws - Aug 21, 2024 In this episode of Cybersecurity Today, host Jim Love discusses the latest cybersecurity threats and incidents making headlines. Topics include record-high ransomware payments in 2024, a sophisticated malware exploit by North Korean hackers, a significant data breach at Toyota, and newly uncovered vulnerabilities in Microsoft's Office Suite for Mac users. Stay informed on these critical issues and more. 00:00 Record-Breaking Ransomware Payments in 2024 02:38 North Korea's Advanced Malware Exploits Windows Zero Day 04:53 Toyota's Massive Data Breach Exposed 06:37 Mac Users Beware: Vulnerabilities in Microsoft Office Suite 09:03 Show Wrap-Up and Listener Appreciation
8/21/2024 • 9 minutes, 56 seconds
OpenAI takes action against Iranian disinformation campaigns using ChatGPT: Cyber Security Today for Monday, August 19th, 2024
Cybersecurity Today: OpenAI's Action Against Iranian Disinformation & Chrome's New Privacy Features In this episode of Cybersecurity Today, host Jim Love discusses OpenAI's recent identification and neutralization of chat GPT accounts linked to Iranian disinformation campaigns, Google's upcoming privacy enhancements in Chrome for Android, and the cybersecurity concerns raised by U.S. lawmakers over Chinese-made TP Link routers. The episode also highlights a new study revealing the cybersecurity risks posed by employees using work laptops for personal activities. Tune in to stay informed about the latest developments in cybersecurity. 00:00 Introduction and Headlines 00:22 OpenAI's Battle Against Iranian Disinformation 02:05 Google Chrome's New Privacy Features 03:29 Domain Hijacking Risks Highlighted 05:14 Concerns Over Chinese-Made Routers 07:25 Risks of Using Work Laptops for Personal Use 09:29 Conclusion
8/19/2024 • 9 minutes, 38 seconds
Cyber Security Today - Week In Review: The challenge of Deep Fakes and more
In this special edition of Cybersecurity Today, your deepfake host Jim Love dives into the world of cybersecurity with new guests Marcel Gagné, an open-source guru, and Andréanne Bergeron, the director of research at GoSecure. The panel, including regular David Shipley, discusses the increasing threat of deepfakes in corporate and political spheres, the resilience required to combat modern cyber threats, and the necessity of critical thinking and education to navigate the ever-evolving landscape. From CrowdStrike's humble admission of a major security lapse to the growing concerns around AI-driven attacks, this episode offers insights and practical advice for both IT professionals and the general public. Don't miss out on this engaging discussion on how to stay ahead of cybersecurity challenges! 00:00 Introduction to Cybersecurity Today 00:22 Meet the Panel: Experts in Cybersecurity 02:08 CrowdStrike's Humility at DEF CON 03:54 Elon Musk and Infrastructure Failures 12:05 The Debate on Digital Identification 21:02 Deep Fakes: The New Frontier 23:59 The Rise of Digital Avatars 24:28 Open Source and Security Concerns 24:55 Commercial Availability and Control Issues 26:08 Media and Public Perception 26:56 Deepfakes in Politics and Business 27:29 Ease of Creating Deepfakes 27:57 Real-Time Deepfake Threats 29:12 Organizational Resilience and Culture 29:59 Human Psychology and Cybercrime 33:19 The Future of AI and Human Intelligence 35:23 Critical Thinking and Education 37:19 Balancing Technology and Human Factors 39:33 Final Thoughts and Recommendations 50:14 Closing Remarks and Acknowledgements
8/17/2024 • 51 minutes, 6 seconds
Deepfake Technology advancements pose a real and present threat: Cyber Security Today for Friday, August 16, 2024
Cybersecurity Insights: Paris Olympics and Deepfake Technologies In this episode, host Jim Love discusses proactive cybersecurity measures taken during the Paris 2024 Olympics to combat threats such as domain abuse, counterfeit shops, unauthorized live streaming, cryptocurrency scams, and betting fraud. He highlights a report from before AI on pre-Olympic threats and emphasizes the importance of relying on official sources. Additionally, Love covers advancements in deepfake technologies, including new offerings like Hey Gen, Elon Musk's GROK, and the open-source Deep Live Cam, which raise significant concerns about digital impersonation and fraud. Simple verification strategies, like safe words, are suggested as countermeasures as these technologies become more accessible. Tune in for a Week in Review panel on these topics. 00:00 Introduction and Overview 00:23 Cybersecurity Measures for the Paris Olympics 00:53 Key Findings from the Before AI Report 01:55 Proactive Measures and Advice for Viewers 02:48 Deep Fake Technology Demonstrations at DEF CON 03:54 Concerns Over Deep Live Cam and Digital Security 05:32 Ethical Implications and Future Considerations 05:40 Conclusion and Week in Review Preview
8/16/2024 • 6 minutes, 2 seconds
Elon Musk's claim of DDoS attack greeted with skepticism: Cyber Security Today for Wednesday, August 14th, 2024
In this episode of Cybersecurity Today, host Jim Love delves into Elon Musk's claim that a DDoS attack delayed his live interview with Donald Trump, the revelation of a massive data breach compromising most U.S. social security numbers, and CrowdStrike's president accepting the 'Most Epic Fail' award at DEF CON. The episode covers the skepticism around Musk's DDoS claim, details on the National Public Data hack, and CrowdStrike's approach to owning up to its global IT outage. Tune in for the latest updates in cybersecurity! 00:00 Introduction and Headlines 00:21 Elon Musk's DDoS Claim and Technical Issues 02:06 Trump Campaign Hacked 03:00 National Public Data Breach 05:16 CrowdStrike's Epic Fail at DEF CON 06:34 Conclusion and Show Notes
8/14/2024 • 6 minutes, 56 seconds
Over 15,000 hard coded secrets found by researcher at Defcon: Cyber Security Today for Monday, August 12, 2024
Exposing Hidden Secrets: DEF CON Revelations, Ransomware Surge & GPS Spoofing Woes Join host Jim Love in this insightful episode of Cybersecurity Today. Discover the shocking revelation of over 15,000 hard-coded secrets uncovered at DEF CON by researcher Bill Dermacapi, and learn about a new ransomware attack targeting home users. We also delve into a startling rise in GPS spoofing attacks on commercial airlines that are causing chaos in-flight. Stay informed with our latest updates and expert advice to keep you and your data secure. 00:00 Introduction and Headlines 00:22 North Korean Hackers Arrested 01:12 DEFCON Security Conference Highlights 04:05 Magniber Ransomware Attacks 05:52 GPS Spoofing Threats to Airlines 07:15 Conclusion and Listener Feedback
8/12/2024 • 7 minutes, 49 seconds
Cyber Security Today - Week In Review: August 10, 2024
Cybersecurity Insights: Malvertising, Phishing Trends, and North Korean Hackers In this weekend edition of 'Cybersecurity Today,' host Jim Love brings together experts Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Greg Monson from Trustwave. The panel explores the latest trends in cybersecurity, including a deep dive into a report on 'Malvertising,' the use of social media advertising to distribute malware. They also discuss a significant rise in phishing attempts and the challenges of detecting them, revealing a worrying leakage rate of up to 50%. The panel delves into a fascinating and concerning trend: North Korean hackers being hired as remote workers to infiltrate companies. Finally, they analyze the recent Delta lawsuit against CrowdStrike and Microsoft's involvement in the case. Tune in for expert insights, practical advice, and the latest updates in the ever-evolving field of cybersecurity. 00:00 Introduction and Panelist Introductions 01:27 Malvertising: A New Cyber Threat 04:13 The Rise of Alternative Communication Channels 07:39 Corporate Dangers of Facebook Account Takeovers 12:04 North Korean Hackers in Remote Work 20:11 Navigating Reference Checks and Hiring Challenges 20:27 The Intricacies of the Prisoner Swap 21:49 CrowdStrike's Legal Battle with Delta 24:24 The IT Professional's Dilemma 30:25 Phishing Email Statistics and Security Measures 35:59 Concluding Thoughts and Future Topics
8/10/2024 • 37 minutes, 43 seconds
One of the largest data breaches in history? Cyber Security Today for Friday, August 9th, 2024
Massive Data Breach, Outlook's Phishing Risk, and Windows Downgrade Attack Vulnerabilities In this episode of Cybersecurity Today, host Jim Love delves into one of the largest data breaches in history involving 2.9 billion records leaked without user consent by National Public Data. He also covers the backlash against Microsoft Outlook's email interface, which has inadvertently facilitated phishing attacks, and discusses a Black Hat presentation revealing vulnerabilities that allow attackers to unpatch fully updated Windows systems. Join us for insights and the latest updates in the world of cybersecurity. 00:00 Introduction and Major Data Breach Overview 00:31 Details of the National Public Data Breach 01:07 Implications and Legal Actions 02:42 Microsoft Outlook Phishing Vulnerability 04:08 Windows Security Vulnerability Exposed at Black Hat 05:57 Conclusion and Upcoming Content
8/9/2024 • 6 minutes, 20 seconds
Is shadow IT being brought in to organizations by security professionals? Cyber Security Today for Wednesday, August 7th, 2024
Cyber Security Pros: Awareness vs. Action & The CrowdStrike Controversy Explained Join host Jim Love in this episode of 'Cyber Security Today' as he delves into a recent survey revealing a disconnect between awareness and action among global security professionals regarding unauthorized software use. Learn about the risks of shadow IT and AI applications, and the startling admittance of security pros themselves using unapproved SaaS. Additionally, explore the two latest stories from the CrowdStrike disaster, including the fallout between CrowdStrike and Delta Airlines, and the surprising involvement of Microsoft. Finally, hear about the importance of having a solid resiliency and recovery plan amidst these challenges. Tune in for these insights and more. 00:00 Introduction and Survey Findings 00:45 Shadow IT Risks and AI Concerns 02:17 CrowdStrike Controversy: Delta Airlines Incident 04:36 Microsoft's Response to Delta's Criticism 05:43 Lessons for IT Leaders 06:23 Show Conclusion and Host Announcement
8/7/2024 • 7 minutes, 4 seconds
Cybersecurity Today Week in Review for August 3rd, 2024 with Terry Cutler, David Shipley and host Jim Love
In this episode of 'Cybersecurity Today: The Week in Review,' host Jim Love discusses critical cybersecurity incidents with guests Terry Cutler, CEO of Cyology Labs, and David Shipley from Beauceron Security. The panel delves into the devastating effects of a ransomware attack on the blood donation nonprofit OneBlood, emphasizing the broader implications for healthcare and emergency services. They also address the Canadian investigation into Ticketmaster's security practices and Microsoft's recent global outage, highlighting the significant challenges and necessary responses in safeguarding IT infrastructure. The discussion underscores the urgency of improving cybersecurity measures, particularly in healthcare, and the complexities of implementing effective regulations. 00:00 Introduction and Panel Introduction 00:19 Ransomware Attack on OneBlood 01:46 Healthcare System Vulnerabilities 04:05 Challenges in Cybersecurity for Healthcare 13:03 Ticketmaster Investigation and Government Inaction 20:03 Delta Airlines Lawsuit and Insurance Implications 28:38 Microsoft Global Service Interruption 35:12 Conclusion and Final Thoughts
8/3/2024 • 35 minutes, 52 seconds
Microsoft confirms cyber attack cause outage and it's own defences may have made the impact worse: Cybersecurity Today for Friday, August 2, 2024
In this episode of Cybersecurity Today, host Jim Love explores the aftermath of Microsoft's 10-hour global outage due to a DDoS attack, the Canadian Privacy Commissioner's investigation into Ticketmaster, the severe impact of a ransomware attack on U.S. blood bank OneBlood, and the cascading legal ramifications CrowdStrike faces after a disastrous software update. The episode delves into the broader implications of these cyber incidents and stresses the urgent need for robust cybersecurity measures. 00:00 Introduction and Major Headlines 00:29 Microsoft's 10-Hour Outage: Causes and Consequences 02:39 Ticketmaster Under Investigation: Privacy Concerns 03:45 OneBlood Ransomware Attack: Impact on Blood Supply 05:13 CrowdStrike Legal Battles: Fallout from Software Update 07:21 Conclusion and Upcoming Shows
8/2/2024 • 7 minutes, 54 seconds
Microsoft world wide outage: Cybersecurity Today for Wednesday, July 31, 2024
Microsoft Cloud Outage, WhatsApp Vulnerability, and AI-Powered Screen Reading In today's episode of Cyber Security Today, host Jim Love covers a significant global outage affecting Microsoft's cloud services, a vulnerability in WhatsApp that allows malicious scripts to run without warning, and a new AI-powered method that can read your screen by intercepting HDMI signals. Stay informed about these pressing cybersecurity issues and learn how to protect yourself. 00:00 Microsoft Service Takes a Nosedive 00:16 Global Impact and Response 02:12 WhatsApp Vulnerability Warning 04:02 AI Decoding Screens from Afar 05:12 Show Wrap-Up and Future Episodes
7/31/2024 • 5 minutes, 39 seconds
Google's Password Bug Hits Millions: Cybersecurity Today for Monday, July 29, 2024
Google's Password Bug Hits Millions & French Police Battle Malware - Cybersecurity Today In this episode of Cybersecurity Today, Jim Love covers Google's recent apology after a bug caused the passwords of 15 million Chrome users to vanish. The episode also dives into the French authorities' unique approach to combating the PlugX malware by deploying a disinfection solution. Lastly, it sheds light on the ongoing struggles with patch management in many organizations, particularly following the CrowdStrike disruption. Tune in for these stories and more, along with the challenges and solutions in today's cybersecurity landscape. 00:00 Google Apologizes for Password Vanishing Bug 01:55 French Authorities Combat PlugX Malware 03:44 The Unsexy Challenge of Patch Management 05:41 Conclusion and Show Notes
7/29/2024 • 6 minutes, 4 seconds
Cybersecurity Today Week in Review: CrowdStrike and more.
Cybersecurity Weekly Review: CrowdStrike, Malware, and Major IT Outages Join Jim Love and a panel of experts as they delve into the top cybersecurity stories of the week. This episode covers the major CrowdStrike incident, AT&T's February outage affecting millions of calls, a new strain of malware in Ukraine targeting industrial control systems, and much more. Listen in as experts Terry Cutler, David Shipley, and Mike Walters discuss the implications, lessons learned, and future strategies needed to tackle these cybersecurity challenges. 00:00 Introduction and Overview 00:18 CrowdStrike Dominates the Headlines 00:27 AT&T's Major Outage 01:14 New Malware in Ukraine 01:51 Whiz Startup's Bold Move 02:33 Panel Discussion Begins 02:55 Introduction of Mike Walters 03:31 Whiz's Market Valuation Debate 06:59 Modbus Protocol Vulnerabilities 07:35 Penetration Testing Insights 12:50 CrowdStrike Incident Analysis 22:24 Media Focus on Airport Chaos 22:36 The Real Impact on Patient Care 23:53 Who Pays for the Outage? 25:40 CrowdStrike's Quick Response 26:27 Future Prevention Strategies 28:27 Challenges in Cybersecurity Updates 38:14 Lessons Learned and Moving Forward 42:17 Conclusion and Acknowledgements
7/27/2024 • 43 minutes, 29 seconds
North Korean state hacker infiltrates US security firm; Cybersecurity Today for Friday, July 26, 2024
North Korean State Actor Infiltrates US Security Firm | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love covers two major incidents. The first is an American firm, KnowBe4, inadvertently hiring a North Korean state actor posing as a software engineer, leading to an attempted malware installation. He discusses the techniques used by the threat actor and the broader implications for cybersecurity. The second story involves CrowdStrike's post-incident review of a system crash, detailing the causes, the company's response, and criticisms of their crisis communication strategy. Tune in to learn about these pressing cybersecurity challenges and how companies are handling them. 00:00 A Shocking Cybersecurity Incident 00:20 North Korean State Actor Infiltration 01:59 CrowdStrike's Post Incident Review 05:07 CrowdStrike's Crisis Communication Failure 06:31 Conclusion and Upcoming Shows
7/26/2024 • 6 minutes, 51 seconds
CrowdStrike CEO is summoned before the Homeland Security committee. Cyber Security Today for Wednesday, July 24, 2023
In this episode of Cybersecurity Today, guest host Jim Love covers major events impacting the cybersecurity world, including CrowdStrike CEO George Kurtz's summons to testify before a U.S. House Committee on Homeland Security following a massive IT outage and a new malware strain, Frosty Goop, attacking critical infrastructure in Ukraine. The episode also discusses cybersecurity firm Wiz's surprising decision to decline a $23 billion acquisition offer from Google's parent company, Alphabet, opting instead to aim for an IPO. Stay informed about the latest in cybersecurity, and what these developments mean for the industry. 00:00 Introduction and Headlines 00:24 CrowdStrike CEO Summoned by U.S. House Committee 00:38 Impact and Response to the IT Outage 01:41 Frosty Goop: New Malware Threat 03:09 Wiz Rejects Alphabet's Acquisition Offer 04:45 Conclusion and Show Notes
7/24/2024 • 5 minutes, 8 seconds
Worst Cyber Event in History: CrowdStrike Update Causes Global Chaos. Cyber Security Today Special Edition for Monday, July 22, 2024
Join Jim Love on a special edition of Cybersecurity Today and Hashtag Trending as he delves into the recent CrowdStrike incident that led to a global IT meltdown. With over 8.5 million Windows devices affected by a faulty CrowdStrike Falcon update, this event is being compared to Y2K and WannaCry. Discover the widespread impacts across key industries, the technical details behind the kernel-crashing error, and the fallout for companies and IT professionals. Learn why this disaster has created such frustration and anger in the cybersecurity community and what steps are being taken to recover. Tune in to understand the broader economic and societal implications of what is being called the 'worst cyber event in history.' 00:00 Introduction and Host Introduction 00:19 CrowdStrike Incident Overview 00:46 Community Reactions and Frustrations 02:29 Understanding CrowdStrike's Role 04:49 Technical Breakdown of the Issue 07:59 Impact and Consequences 09:04 Response and Fixes 12:33 Lessons and Future Precautions 13:20 Final Thoughts and Warnings 13:58 Conclusion
7/22/2024 • 14 minutes, 12 seconds
Researcher detects what could have been one of the largest supply chain vulnerabilities to date. Cyber Security Today Weekend for July 20th
Dodging the Biggest Supply Chain Attack Ever: An Insight with JFrog's Security Research Team In this weekend edition of Cyber Security Today, host Jim Love discusses with Brian Moussalli, the Security Research Team Lead at JFrog, how potentially the biggest supply chain attack was averted. They delve into the intricacies of supply chain attacks, the risks associated with leaked tokens, and the importance of checking binary files for vulnerabilities. The conversation also touches on securing open source software and the role of JFrog in making the cyber world safer. Tune in to learn critical lessons on cybersecurity from this insightful interview. 00:00 Introduction and Host Update 00:32 Understanding Supply Chain Attacks 02:47 Interview with Brian Moussalli, the Security Research Team Lead at JFrog 06:15 The Python Token Leak Incident 17:01 Lessons Learned and Future Outlook 23:06 Conclusion and Sign-Off
7/19/2024 • 23 minutes, 29 seconds
Microsoft's Bug Reporting Criticized, Disney Hacked, and Kaspersky Exits US. Cyber Security Today Special Edition from Hashtag Trending
With Howard away and today's episode of Hashtag Trending being all about security stories, I took the liberty of doing a cross posting. Hope we'll have Howard back next week. In today's episode of Hashtag Trending, host Jim Love covers significant cybersecurity news. Microsoft faces criticism for mishandling a reported MSHTML browser engine vulnerability, and Disney investigates a hack by 'Null Bulge,' a group accusing the company of unethical AI use. Additionally, Kaspersky Labs announces its exit from the U.S. market due to government sanctions. The episode also discusses the FBI's swift unlocking of a shooter's phone, indicating advanced law enforcement capabilities. Tune in for these updates and more. 00:00 Introduction and Overview 00:43 Microsoft's Vulnerability Disclosure Controversy 02:28 Disney Hacked: Internal Messages Leaked 03:42 Kaspersky Exits the U.S. Market 04:59 FBI Cracks Encrypted Phones 06:54 Conclusion and Upcoming Shows
7/17/2024 • 7 minutes, 24 seconds
Cyber Security Today, July 8, 2024 - A New Ransomware Group Is Discovered
A new ransomware group that has been discovered is highlighted in this edition
7/8/2024 • 2 minutes, 9 seconds
Cyber Security Today, Week in Review for week ending July 5, 2024
This episode features an interview with a cybersecurity and privacy lawyer about responding to cyber attacks Navigating Ransomware Response: Insights from Cybersecurity Expert Imran Ahmad In this episode features an interview between Howard Solomon and Imran Ahmad, a partner at Norton Rose Fulbright, discussing effective strategies for managing ransomware attacks. Ahmad, with his extensive background in cybersecurity law, shares practical advice on incident response, the importance of having a structured plan, and the dynamic nature of cyber threats. He elucidates the common pitfalls companies face, the role of communication, and the legal nuances of dealing with cyber incidents. Ahmad also touches on the increasing sophistication of attackers, including the use of AI, and the balance organizations must strike between cybersecurity investments and other business priorities. 00:00 Introduction and Host Welcome 00:26 Meet Imran Ahmad: Cybersecurity Expert 01:37 The Reality of Ransomware Attacks 04:05 Elements of a Good Ransomware Response Plan 07:07 Inside the Incident Response Room 11:49 Legal and Communication Challenges 20:11 Government Policies and Ransomware Payments 22:29 Why Organizations Struggle with Cyber Preparedness 24:02 Conclusion and Farewell
7/6/2024 • 24 minutes, 36 seconds
Cyber Security Today, July 5, 2024 - Prepare for business email compromise attacks
A report on business email compromise attacks is highlighted in this edition
7/5/2024 • 3 minutes, 30 seconds
Cyber Security Today, July 3, 3034 - Beware of advanced attack tactics
This episode reports on some of the new ways threat actors are bypassing phishing defences
7/3/2024 • 3 minutes, 41 seconds
Cyber Security Today, July 1, 2024 - A critical patch for GitLab
This episode reports on new reports on vulnerabilities and software supply chain security
7/1/2024 • 5 minutes, 19 seconds
Cyber Security Today, Week in Review for week ending Friday, June 28, 2024
This episode features a discussion on the latest MOVEit vulnerability, a report on recruiting cybersecurity pros and how an API coding error is being blamed for a large cyber breach in Australia
6/29/2024 • 25 minutes, 53 seconds
Cyber Security Today, June 28, 2024 - Cyber authorities remind developers to switch to memory-safe coding languages
Are attacks cybercrime or hiding espionage? Researchers investigate in this episode
6/28/2024 • 6 minutes, 22 seconds
Cyber Security Today, June 26, 2024 - New vulnerability in MOVEit and a warning to WordPress administrators on poisoned plugins
This episode reports on an updated explanation of the hack of Los Angeles County's health department, an API coding error that led to a huge data breach in Australia, and more
6/26/2024 • 8 minutes, 44 seconds
Cyber Security Today, June 24, 2024 - Ransomware gang reportedly behind the hack of car dealership software provider
This episode reports on a warning to patch Serv-U applications, the workings of the Rafel trojan, and more
6/24/2024 • 7 minutes, 12 seconds
Cyber Security Today, Week in Review for week ending Friday, June 21, 2024
This episode features a discussion on an undiscovered three-year hack, the cause of Snowflake attacks and allegations of how an Australian health insurer was compromised Join Howard Solomon and David Shipley in the weekend review edition of Cybersecurity Today for insights into major cybersecurity incidents. Topics include a three-year undetected hack by the Velvet Ant gang, major breaches involving personal data theft, the Medibank hack, misuse of Snowflake passwords, and the recent CDK Global cyberattack affecting car dealerships. Learn about the latest developments and cybersecurity lessons from these significant events. 00:00 Introduction and Overview 00:40 Weekly Headlines Recap 04:15 In-Depth Analysis: Three-Year Undetected Hack 14:27 Medibank Data Breach Investigation 25:18 Snowflake Data Breaches Update 30:04 CDK Global Cyber Attack 33:47 Conclusion and Final Thoughts
6/22/2024 • 34 minutes, 29 seconds
Cyber Security Today, June 21, 2024 - US to ban Kaspersky for consumers and businesses
This episode reports on how gullible employees are falling for a scam and cutting and pasting malware into their organization's IT systems, and more
6/21/2024 • 6 minutes, 32 seconds
Cyber Security Today, June 19, 2024 - How an attacker hid on an IT network for three years
This episode reports on how outdated software played a role in a lengthy hack, the latest VMware security update, and more
6/19/2024 • 7 minutes, 57 seconds
Cyber Security Today, June 17, 2024 - Microsoft faces heat in Congress, alleged cybercrook arrested, and more
This episode reports on complaints about the proposed UN cybercrime treaty, servers used by Islamic State terrorists shut, and more
6/17/2024 • 8 minutes, 9 seconds
Cyber Security Today, Week in Review for week ending Friday June 14, 2024
This episode includes a discussion on Microsoft and Google's offer to help U.S. rural hospitals tighten their cybersecurity, a report on top network vulnerabilities found by penetration testers and the latest news on hacks of Snowflake customers.
6/15/2024 • 23 minutes, 22 seconds
Cyber Security Today, June 14, 2024 - Employee downloaded file that led to hospital chain's ransomware attack
This episode reports on the latest ransomware news, another North Korean threat actor putting malicious packages on the NPM registry, vulnerabilities in some open source AI apps, and more
6/14/2024 • 7 minutes, 52 seconds
Cyber Security Today, June 12, 2024 - More Snowflake storage victims found, Microsoft issues new Windows patches, and more
This episode reports on the latest patches from Microsoft, Nvidia, JetBrains and ARM, as well as action by the Privacy Commissioner of Canada
6/12/2024 • 7 minutes, 1 second
Cyber Security Today, June 10, 2024 - Microsoft backs down on Recall
Microsoft has listened to criticism about the supposedly helpful tool, and more
6/10/2024 • 4 minutes, 8 seconds
Cyber Security Today, Week in Review for week ending June 7, 2024
This episode features a discussion of data thefts from Snowflake data stores, more on the controversy over Microsoft Recall and the Auditor-General's report on Canada's cyber fighting agencies
6/7/2024 • 31 minutes, 21 seconds
Cyber Security Today, June 7, 2024 - More news about Snowflake attacks, and a warning to better protect Docker containers
This episode reports on Snowflake users' credentials for sale, how Docker containers are being exploited, and more
6/7/2024 • 4 minutes, 57 seconds
Cyber Security Today, June 5, 2024 - New threat actor going after American IT firms, Canada's Auditor General slams federal cybercrime-fighting agencies
This episode reports on vulnerabilities in unpatched versions of Progress Software's Telerik Report Server, the spread of the Remcos remote access trojan, and more
6/5/2024 • 7 minutes, 33 seconds
Cyber Security Today, June 3, 2024 - Four cloud-related data breaches
This episode reports on confirmation of cyber attacks on Ticketmaster, Santander bank, a Canadian broadcaster, and more
6/3/2024 • 7 minutes, 37 seconds
Cyber Security Today Week in Review for week ending May 31, 2024
This week guest Terry Cutler of Cyology Labs and I discuss the controversy around Microsoft's new Recall feature, lessons learned from the MITRE hack, and more
5/31/2024 • 25 minutes, 20 seconds
Cyber Security Today, May 31, 2024 - Hundreds of thousands of routers are wiped, warnings to Okta and Snowflake administrators, and more
This episode reports on police takedowns of criminal IT infrastructure, and more
5/30/2024 • 6 minutes, 59 seconds
Cyber Security Today, May 29, 2024 - A new North Korean ransomware gang spotted, and more
This episode reports on ransomware news, US sanctions against Chinese citizens for running a botnet, and more
5/29/2024 • 7 minutes, 16 seconds
Cyber Security Today, May 27, 2024 - Security controversy over a new Microsoft tool, a new open source threat intelligence service
This episode reports on fake antivirus web sites to stay away from, and more
5/27/2024 • 6 minutes, 14 seconds
Cyber Security Today, Week in Review for week ending May 24, 2024
This episode features an interview with Treasury Board President Anita Anand, who announced the first cyber security strategy for the Canadian government's IT departments and agencies
5/24/2024 • 18 minutes, 58 seconds
Cyber Security Today, May 24, 2024 - A threat actor leverages Windows BitLocker in ransomware attacks, beware of ORB networks, and more
This episode reports on unwanted data your WiFi router may be giving out and more
5/24/2024 • 7 minutes, 3 seconds
Cyber Security Today, May 22, 2024 - LockBit ransomware gang hits more victims, Fluent Bit servers need to be updated, and more
This episode reports on a cyber warning to American drinking water utilities from a regulator, a ransomware attack on a prescription drug distributor and more
5/22/2024 • 7 minutes, 45 seconds
Cyber Security Today, May 20, 2024 - A ransomware gang claims it hit a Canadian internet provider
This episode reports on fake WinSCP file transfer and PuTTY telnet utilities, malware that steals bank login credentials, and more
5/20/2024 • 6 minutes, 5 seconds
Cyber Security Today, Week in Review for Friday, May 17, 2024
This episode features a discussion on the FBI takedown of the BreachForums criminal marketplace, and more
5/17/2024 • 26 minutes, 44 seconds
Cyber Security Today, May 17, 2024 - Malware hiding in Apache Tomcat servers, new backdoors found, and more
This episode reports on the break up of a North Korean scheme tricking American firms into hiring who they thought were Americans app developers to work remotely, and more
5/17/2024 • 5 minutes, 51 seconds
Cyber Security Today, May 15, 2024 - Ebury botnet still exploiting Linux servers, Microsoft, SAP and Apple issue security updates, and more
This episode reports on the Phorpiex botnet spreading LockBit ransomware, the sentencing of a man behind the Tornado Cash cryptocurrency mixer for money laundering, and more
5/15/2024 • 8 minutes, 29 seconds
Cyber Security Today, May 13, 2024 - Europol police portal hacked, report on Black Basta ransomware gang is released, and more
This episode reports on a warning from security researchers about a VPN vulnerability, a suspected Russian threat actor using generative AI tools to plagiarize or modify legitimate news stories from mainstream media to pump pro-Russian themes, and more
5/13/2024 • 5 minutes, 34 seconds
Cyber Towns - and Interview with Francois Guay: Cyber Security Today Weekend for May 11, 2024
Join us for an interview with Francois Guay, founder of the Canadian Cyber Security Network and a new study of Canadian municipalities and how they rate in terms of attracting and retaining cybersecurity professionals.
5/10/2024 • 28 minutes, 12 seconds
Cyber Security Today, May 10 ,2024 - Patches for F5's Next Central Manager released, Dell discovers data theft covering millions of buyers, and more
This episode reports on Anit-Ransomware Day , big tech companies vowing to make their products and services Secure By Design, and more
5/10/2024 • 6 minutes, 39 seconds
Cyber Security Today, May 8, 2024 - Alleged LockBit ransomware leader is identified, the gang makes false claims of new victims
This episode reports on the RSA Conference, a Canadian ruling on whether solicitor-client privilege applies when a privacy regulator demands documents after a data breach, and more
5/8/2024 • 7 minutes, 20 seconds
Cyber Security Today, May 6, 2024 - Ransomware gang claims responsibility for attacking Italian healthcare service, Russian gang blamed for attacks in Europe, and more
This episode reports on vulnerable routers, an attack on a Canadian digital library service and more
5/6/2024 • 7 minutes, 4 seconds
Cybersecurity professional Madison Horn runs for Congress. Cyber Security Today Weekend Show May 3, 2024
If you've ever been frustrated by how poorly you think politicians are dealing with the issues that face us in Cyber Security, maybe you've thought we should have more cyber security professionals in government. Madison Horn, cyber security professional feels the same way. So she's running for the a seat in the House of Representatives. This is my interview with Madison, originally published on Hashtag Trending, the Weekend Edition. I hope you enjoy it.
5/4/2024 • 42 minutes, 2 seconds
Cyber Security Today, May 3, 2024 - North Korea exploits weak email DMARC settings, and the latest Verizon analysis of thousands of data breaches
This episode reports on warnings about threats from China, Russia and North Korea, the hack of Dropbox Sign's infrastructure, and more
5/3/2024 • 8 minutes, 7 seconds
Cyber Security Today, May 1, 2024 - Data may have been stolen in London Drugs cyber attack, Congressional testimony today by UnitedHealth CEO on ransomware attack, and more
This episode reports on a vulnerability in the R programming language, fines against large American wireless carriers, and more
5/1/2024 • 7 minutes, 32 seconds
Cyber Security Today, April 29, 2024 - Credential stuffing attacks are hitting firms using Okta ID management solutions, and more
This episode reports on a job scam aimed at app developers, the latest data breach notifications and more
4/29/2024 • 7 minutes, 10 seconds
Cyber Security Today, Week in Review for week ending Friday, April 26, 2024
This episode features a discussion on the latest in the Change Healthcare ransomware attack, a vulnerability in an abandoned Apache open-source project, the next step in Canada's proposed critical infrastructure cybersecurity law and the future of TikTok
4/26/2024 • 32 minutes, 18 seconds
Cyber Security Today, April 26, 2024 - Patch warnings for Cisco ASA gateways and a WordPress plugin
This episode reports on the malicious plugin worm that refuses to die, and more
4/26/2024 • 6 minutes, 42 seconds
Cyber Security Today, April 24, 2024 - Good news/bad news in Mandiant report, UnitedHealth admits paying a ransomware gang, and more
This episode reports on the danger of using expired open-source packages, a tool used by a Russian hacking group and password advice
4/24/2024 • 8 minutes, 16 seconds
Cyber Security Today, April 22, 2024 - Vulnerability found in CrushFTP file transfer software, security updates for Cisco's controller management application, and more
This episode reports on a new campaign to steal credentials from LastPass users, a warning to admits of Ivanti Avalanche mobile device management software, and more
4/22/2024 • 6 minutes, 10 seconds
Cyber Security Today, Week in Review for week ending Friday April 19, 2024
On this episode Jen Ellis, co-chair of the Ransomware Task Force, talks about ways of fighting one of the biggest cyber threats to IT departments
4/19/2024 • 41 minutes, 57 seconds
Cyber Security Today, April 19, 2024 - Police bust phishing rental platform, a nine-year old virus found on Ukrainian computers, and more
This episode reports on a threat actor targeting governments in the Middle East with a novel way of hiding malware is going international, and more
4/19/2024 • 4 minutes, 46 seconds
Cyber Security Today, April 17, 2024 - More suspicious attempts to take over open source projects, a data theft at a Cisco Duo partner, and more
This episode reports on security updates from Delinea and PuTTY, and reports on bad bots and threat actors going after Zoom meetings
4/17/2024 • 8 minutes, 25 seconds
Cyber Security Today, April 15, 2024 - Act fast to a plug hole in Palo Alto Networks firewall, Canadian comedy festival loses over $800K in email scam, and more
This episode reports on a new anti-ransomware strategy, and more
4/15/2024 • 8 minutes, 4 seconds
Cyber Security Today, Week in Review for week ending Friday, April 12, 2024
This episode features a discussion on Microsoft's cybersecurity troubles, worries about open source, a warning about abusing IT help desks to launch attacks and more
4/12/2024 • 27 minutes, 10 seconds
Cyber Security Today, April 12, 2024 - A warning to Sisense customers, a new tactic for spreading the Raspberry Robin worm, and more
This episode reports on a new way threat actors are planting malware on GitHub, why you should watch for the running of unexpected automated scripts on your network, and more
4/12/2024 • 5 minutes, 43 seconds
Cyber Security Today, April 10, 2024 - RansomHub gang trying to extort Change Healthcare, large number of Microsoft security updates are released, and more
This episode reports on a warning to application developers using the Rust language, the need to unplug end of life D-Link NAS devices, and more
4/10/2024 • 7 minutes, 45 seconds
Cyber Security Today, April 8, 2024 - Crooks are hijacking Facebook pages to spread phoney AI applications
This episode reports on AI and Magento scams, and more
4/8/2024 • 7 minutes, 34 seconds
Cyber Security Today, Week in Review for the week ending Friday, April 5, 2024
This episode features a discussion on a highly critical report on the hacking of Microsoft Exchange Online email accounts, a case study of a ransomware attack and the discovery of a years-long infiltration of an open source group to insert a backdoor into Linux
4/5/2024 • 32 minutes, 22 seconds
Cyber Security Today, April 5, 2024 - New ransomware gang claims 11 victims, Ivanti promises to overhaul product security, and more.
This episode reports on vulnerabilities in HTTP/2, RDP weaknesses a major cause of successful cyber attacks, and more
4/5/2024 • 6 minutes, 25 seconds
Cyber Security Today, April 3, 2024 - New Linux vulnerability is found, and a must-read ransomware case study
This episode reports on a data breach at OWASP, Google to delete data it collected in Incognito Mode, and more
4/3/2024 • 5 minutes, 14 seconds
Cyber Security Today, April 1, 2024 - An alert about a critical Linux vulnerability, a warning about password-spray attacks on Cisco VPNs, and more
This episode reports on a way threat actors can get around cloud-based email filtering systems, the latest information on an AT&T data theft, and more
4/1/2024 • 8 minutes, 9 seconds
Cyber Security Today, Week in Review for the week ending Friday, March 29, 2024
This episode features a discussion on World Backup Day, a security awareness report and more
3/29/2024 • 32 minutes, 48 seconds
Cyber Security Today, March 29, 2024 - PyPI repository shuts to stop malicious uploads, a plea to developers to stop creating apps with SQL vulnerabilities, and more
This episode reports on a US$10 million reward for a ransomware gang, a new Linux version of a backdoor, and more
3/29/2024 • 7 minutes, 3 seconds
Cyber Security Today, March 27, 2024 - A botnet exploits old routers, a new malware loader discovered, and more warnings about downloading code from open source repositories
This episode reports on a new network of 40,000 infected small and home office routers and other devices that are part of a criminal botnet, and more
3/27/2024 • 9 minutes, 44 seconds
Cyber Security Today, March 25, 2024 - A suspected China threat actor going after unpatched F5 and ScreenConnet installations
This episode reports on a new campaign stealing email passwords, the latest data breaches, and more
3/25/2024 • 9 minutes, 7 seconds
Cyber Security Today, Week in Review for week ending Friday, March 22, 2024
This episode features discussion on lessons learned from the ransomware attack on the British Library, advice for managing expectations of IT/security teams, why firms are leaving Google Firebase unprotected and more
3/22/2024 • 31 minutes, 10 seconds
Cyber Security Today, March 22, 2024 - Mac CPUs are vulnerable to encrypted key theft, white hat hackers win a second Tesla, and more
This episode reports on the discovery of a side-channel vulnerability in Apple M-series chips and more
3/22/2024 • 5 minutes, 26 seconds
Cyber Security Today, March 20, 2024 - Misconfigured Firebase instances are leaking passwords, a China-related threat actor is hacking governments and more
This episode reports on new backdoors, a new paper giving advice to OT network operators and more
3/20/2024 • 7 minutes, 22 seconds
Cyber Security Today, March 18, 2024 - Fix this Python vulnerability, patch these industrial control system products, the latest data breaches and more
This episode reports on bugs, holes, data breaches, a coming cybersecurity trust mark for US wireless consumer products and more
3/18/2024 • 7 minutes, 55 seconds
Cyber Security Today Week in Review with David Shipley, Beauceron Security: Mach 16th, 2024
Here's our week in review stories that David and guest host Jim Love will discuss: Cyber Pros flock to cybercrime side hustles. I covered this earlier this week. This story came out of the UK and a report that an ex-cop went undercover on the dark web and discovered that there were a lot of cybersecurity professionals who were moonlighting or offering their services the Dark Web. A second municipality fell victim to a ransomware attack. First it was the city of Hamilton just outside of Toronto, a relatively large municipality – about 600,000 people hit by Ransomware on Feb 25th. Microsoft had to admit that those Russian state hackers were still doing damage. For those who don’t remember the story, Microsoft had a very severe breach where email accounts of senior company executives were hacked in November. The cause of the breach, if I remember it right, was a “non-production” instance that was left without two factor authentication and allowed hackers to breach that system and get into a lot more including the executive emails. Ransomware talent moves to Akira after Lockbit’s “demise” Lockbit, a big player in ransomware got taken down very publicly by an international law enforcement group. They took Lockbit’s servers and even publicly tried humiliate the group, taking the counter that the group used to terrorize it’s victims. It had a countdown clock that showed the time left to pay the ransom or they’d release the company’s information on the dark web. The agencies that brought them down and took over their site put up their own countdown – only this was the time it would take them to nail the leader of Lockbit referred to as LockBitSupp.
3/16/2024 • 31 minutes, 12 seconds
Kubernetes bug allows remote execution in Windows nodes: Cyber Security Today for Friday, March 15, 2024
Google adds real time phishing protection to Chrome. A security bug is found in Kubernetes that allows attackers to remotely execute code on Windows nodes. The French government suffers an enormous cyber-attack and vulnerabilities in ChatGPT plug-ins. Welcome to Cybersecurity Today for Friday March 15th, 2024. I’m your host Jim Love, filling in for Howard Solomon.
3/15/2024 • 7 minutes, 10 seconds
New phishing scam uses car insurance savings to lure victims: Cyber Security Today for Wednesday, March 13, 2024
A new phishing scam uses car insurance savings as to lure its victims, a report by Sophos shows that small businesses are being targeted by cybercriminals at an increasing rate. Okta says that data claiming to be from hacking them is not their customer data. These stories and more… Welcome to Cybersecurity Today for Wednesday March 13th, 2024. I’m your host Jim Love, filling in for Howard Solomon.
3/13/2024 • 9 minutes, 12 seconds
Cyber Security Today for Monday, March 11, 2024
Breaking Bad in cybersecurity - UK companies are warned that cybersecurity employees may moonlight on the dark web. Microsoft reveals that Russians hackers’ attack is still ongoing. A system used by US government states and agencies has a critical flaw and a new attack vector using fonts has been detected by marketing software Canva. Welcome to Cybersecurity Today for Monday March 11th, 2024. I’m your host Jim Love, filling in for Howard Solomon.
3/11/2024 • 9 minutes, 16 seconds
Adam Evans, CISO at RBC: Cybersecurity Today Weekend Show
JIm Love, host of the daily news podcast Hashtag Trending fills in for Howard this Saturday with a replay of a show that Jim did which featured Adam Evans, CISO at RBC. It's a little different but we hope you enjoy it.
3/9/2024 • 34 minutes, 47 seconds
Cyber Security Today, March 6, 2024 - VMware and Apple rush out security updates, a new ScreenConnect malware is found, and more
This episode reports on a survey of IT pros on insider attacks, US sanctions on a group that markets commercial spyware, and more
3/6/2024 • 5 minutes, 46 seconds
Cyber Security Today, March 4, 2024 - A hacker is trying to trick the U.S. telecom regulator, WhatsApp gets to see Pegasus code and more
This episode reports on the latest IT support scam trying to trick employees, and more
3/4/2024 • 6 minutes, 23 seconds
Cyber Security Today, Week in Review for week ending Friday, March 1, 2024
This episode features a discussion on how hard it is to kill a ransomware gang, Canada's proposed new online harms bill, why organizations still allow staff to use vulnerable software, and more
3/1/2024 • 25 minutes, 7 seconds
Cyber Security Today, March 1, 2024 - Warnings to GitHub users and Ivanti gateway administrators, and more
This episode reports on a recommendation that enterprises drop Ivanti Pulse Secure and Connect Secure devices because threat actors can get around mitigations for recent vulnerabilities
3/1/2024 • 6 minutes, 14 seconds
Cyber Security Today, Feb. 28, 2024 - Thousands of subdomains abused for phishing, the latest ransomware news and more
This episode reports on a threat actor taking advantage of abandoned subdomains once used by big brands, ransomwmare attacks and more
2/28/2024 • 6 minutes, 29 seconds
Cyber Security Today, Feb. 26, 2024 - Canadian online harms legislation to be revealed today, and more
This episode reports on hackers using an open source tool aimed at helping network administrators, the latest data breaches in the U.S., and Australia, and more
2/26/2024 • 5 minutes, 39 seconds
Cyber Security Today, Week in Review for week ending Friday, Feb. 23, 2024
This episode features a discussion on the takedown of the LockBit ransomware gang, and more
2/23/2024 • 22 minutes, 49 seconds
Cyber Security Today, Feb. 23, 2024 - A cyber warning on the second anniversary of Russia's invasion of Ukraine, and more LockBit news
This episode reports on advice for protecting water utilities from cyber attacks, Avast agrees to a settlement with FTC on allegations it wrongly sold consumer data, and more
2/23/2024 • 4 minutes, 48 seconds
Cyber Security Today, Feb. 21, 2024 - A patch warning from ConnectWise, the latest ransomware news, and more
This episode reports on a patch for a critical vulnerability in a help desk application, threat actors using the Greatness phishing-as-a-service kit and more
2/21/2024 • 7 minutes, 7 seconds
Cyber Security Today, Feb. 19, 2024 - Fake police data breach notification fools Maine's AG office
This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution, and more
2/19/2024 • 8 minutes, 23 seconds
Cyber Security Today, Week in Review for week ending Feb. 16, 2024
This episode features a discussion on new cyber incident and data breach reporting obligations for American telecom companies, the progress of Canada's proposed cybersecurity law, and more
2/16/2024 • 27 minutes, 2 seconds
Cyber Security Today, Feb. 16, 20924 - US takes down Russian botnet of routers
This episode reports on mulit-million dollar rewards for information on the AlphV ransomware gang, a decryptor is available for the Rhysida ransomware strain, and more
2/16/2024 • 6 minutes, 28 seconds
Cyber Security Today, Feb. 14, 2024 - Get cracking on Patch Tuesday fixes
This episode reports on the latest patches released by major IT companies, and more
2/14/2024 • 4 minutes, 55 seconds
Cyber Security Today, Feb. 12, 2024 - US seizes a website selling the Warzone malware
This episode reports on huge data breaches in France and the US, , a new Mac backdoor and more
2/12/2024 • 6 minutes, 7 seconds
Cyber Security Today, Week in Review for week ending Friday, Feb. 9,. 2024
This episode features discussion on a deepfake video conference call that tricked an employee into wiring US$25 million to crooks, why the U.S. Federal Trade Commission called the cybersecurity of a company "shoddy," and more
2/9/2024 • 25 minutes, 29 seconds
Cyber Security Today, Feb. 9, 2024 - A record US$1 billion paid to ransomware gangs last year
This episode reports on ransomware payments, a US$10 million bounty on a ransomware gang, and more
2/8/2024 • 4 minutes, 23 seconds
Cyber Security Today, Feb. 7, 2024 - Deepfake video costs company US$25 million
This episode reports on a sophisticated scam that cost a company big money, and more
2/7/2024 • 5 minutes, 56 seconds
Cyber Security Today, Feb. 5, 2024 - Warnings to AnyDesk and Mastodon administrators, a lesson from a Cloudflare breach, and more
This episode reports on a US regulator hammering Blackbaud for a data breach, a former CIA application developer jailed for 40 years and more
2/5/2024 • 7 minutes, 31 seconds
Cyber Security Today, Week in Review for Feb. 2, 2024
This episode features discussion on hacks at 23andMe, Microsoft, the Canadian government, and on the FBI's warning on the cyber threat from China
2/2/2024 • 30 minutes, 2 seconds
Cyber Security Today, Feb. 2, 2024 - AI fakes are making trouble for facial recognition logins, and more
This episode reports on US government action on vulnerable Ivanti gateways and more
2/2/2024 • 4 minutes, 47 seconds
Cyber Security Today, Jan. 31, 2024 -A new ransomware strain found, and questions about the level of ransomware payments
This episode reports on ransomware news, a survey of infosec pros in the financial sector and more
1/31/2024 • 5 minutes, 10 seconds
Cyber Security Today, Jan. 29, 2024 - SolarWinds demands fraud allegation be dropped, a Canadian sentenced for ransomware attacks, and more
This episode reports on the need for every organization to have contact information on security issues, and more
1/29/2024 • 8 minutes, 21 seconds
Cyber Security Today, Week in Review for Friday, Jan. 26, 2024
This episode features a discussion on a hack at Microsoft, the recommendations of the Network Resilience Coalition, a report on AI and cyber threats and more
1/26/2024 • 27 minutes, 10 seconds
Cyber Security Today, Jan. 26, 2024 - US government employees slammed for backing forbidden videocam purchases, and more
This episode reports on an investigation into why US federal IT staff pushed for the purchase of forbidden video cameras, record data breach numbers last year in the US, and more
1/26/2024 • 5 minutes, 46 seconds
Cyber Security Today, Jan. 24, 2024 - The latest ransomware news and a controversy over alleged viruses in HP printer cartridges
This episode reports on ransomware attacks on a North American firm that manages water utilities ,and more
1/24/2024 • 6 minutes, 34 seconds
Cyber Security Today, Jan. 22, 2024 - the LockBit ransomware gang hits the Subway fast food chain, and this is the start of Data Privacy Week
This episode reports on ransomware attacks, an undetected attack on a VMware hole and more
1/22/2024 • 5 minutes, 56 seconds
Cyber Security Today, Week in Review for Friday Jan. 19, 2024
This episode features a discussion on cryptocurrency scammers hacking X accounts, the arrest of a Ukrainian man for using hacked cloud accounts to create 1 million virtual servers for mining cryptocurrency and how an accounting firm employee fell for a phishing email pretending to be from the CEO led to a data breach
1/19/2024 • 28 minutes, 16 seconds
Cyber Security Today, Jan. 19, 2024 - Vulnerabilities found in server firmware, a warning to Docker administrators, and more
This episode reports on firmware updates from hardware manufacturers that IT admins should be watching for, a phishing warning to Middle Eastern expets and more
1/19/2024 • 4 minutes, 59 seconds
Cyber Security Today, Jan. 17, 2024 - Security updates issued for Atlassian, Citrix, VMware and Chrome products
This epsiode reports on the latest security updates for a range of products
1/17/2024 • 7 minutes, 23 seconds
Cyber Security Today, Jan. 15, 2024 - Three warnings to application developers
This episode covers reports with warnings to application developers from Recorded Future and Gitlab; how an accounting company was victimized by a phishing message, and more
1/15/2024 • 7 minutes, 14 seconds
Cyber Security Today, Week in Review for the week ending Friday, Jan. 12, 2024
This episode features a discussion about the state of cybersecurity jobs
1/12/2024 • 22 minutes
Cyber Security Today, Jan. 12, 2024 - A Chinese hacking group's reach may be bigger than we thought
This episode reports on scams aimed at employees, a report on the Medusa ransomware group, the latest on the number of data breach victims and more
1/12/2024 • 6 minutes, 40 seconds
Cyber Security Today, Jan. 10, 2024 - Vulnerabilities found in internet-connected factory torque wrenches
This episode reports on a hole found in Bosch industrial torque wrenches, attacks on Microsoft SQL servers, and more
1/10/2024 • 4 minutes, 23 seconds
Cyber Security Today, Jan 8, 2024 - How a Spanish cellular carrier's network was knocked offline, and more
This episode reports on basic cybersecurity oversights that led to the hacking of a teclo, the increased number of victims of a US law firm hack, a data breach at a Canadian provider of midwives and more
1/8/2024 • 9 minutes, 11 seconds
Cyber Security Today, Jan. 5, 2024 - 23andMe blames poor user password practices for a data breach
Russian hackers were inside the biggest Ukrainian telecom provider for at least seven months before knocking it offline last month. This and other news are in the podcast
1/5/2024 • 5 minutes, 16 seconds
Cyber Security Today, Jan 3, 2024 - Prepare for upcoming privacy legislation
This episode reports on Canadian and American privacy bills before legislatures, ransomware news and more
1/4/2024 • 6 minutes, 30 seconds
Cyber Security Today, Dec. 29, 2023 - Get cracking on your cybersecurity strategic plan
Don't have a cybersecurity strategic plan? Here's how to start building one
12/29/2023 • 5 minutes, 4 seconds
Cyber Security Today, Dec. 27, 2023 - A record year for ransomware
This episode reports on the latest ransomware and vulnerability numbers for 2023
12/27/2023 • 2 minutes, 56 seconds
Cyber Security Today, Year in Review for 2023
This episode features a discussion about the biggest cybersecurity stories of 2023, and predictions for 2024
12/22/2023 • 56 minutes, 14 seconds
Cyber Security Today, Dec. 20, 2023 - Data on over 35 million Comcast customers stolen because patching wasn't fast enough
This episode reports on a warning of a vulnerability in the SSH protocol, the latest multi-million person data breaches and more
12/20/2023 • 5 minutes, 59 seconds
Cyber Security Today, Dec. 18, 2023 - Customer contact info stolen from MongoDB, more stringent American cyber attack reporting rules start today, and more
This episode reports on the new SEC cyber attack rules that come into effect today, guidance from the NSA on creating a software bill of rights, and more
12/18/2023 • 8 minutes
Cyber Security Today, Week in Review for Friday Dec. 15, 2023
This epsiode features discussion on how much responsibility governments should shoulder to fight ransomware, why North Korea's Lazarus group is still exploiting the two-year old Log4j vulnerability and the latest on insider attacks
12/15/2023 • 34 minutes, 9 seconds
Cyber Security Today, Dec. 15, 2023 - A botnet expands, threats to unpatched TeamCity servers, and more
This episode reports on the growth of the KV-botnet, the discovery of another unprotected database on the internet, and more
12/15/2023 • 5 minutes, 33 seconds
Cyber Security Today, Dec. 13, 2023 - Mystery surrounds the outage at a ransomware gang's site, and more
This episode reports on a new phishing scam aimed at job recruiters, and more
12/13/2023 • 7 minutes, 6 seconds
Cyber Security Today, Dec. 11, 2023 - Irish water treatment plant shut by cyber attack, WordPress issues a security patch, and more
This episode reports on a US hospital chain notifying 2.5 million patients and employees about data stolen in a ransomware attack, and more
12/11/2023 • 7 minutes, 52 seconds
Cyber Security Today, Week in Review for Friday, Dec. 8, 2023
This episode features discussion on cyber attacks against OT networks, the discovery of exposed servers with medical images and why outdated Microsoft Exchange servers are still alive
12/8/2023 • 26 minutes, 40 seconds
Cyber Security Today, Ransomware is increasingly impacting OT systems, and more
This episode reports on how hackers break into AWS cloud instances, fake anti-Ukraine online ads using photos of celebrities, and more
12/8/2023 • 6 minutes, 12 seconds
Cyber Security Today, Dec. 6, 2023 - Warnings about Russian-based cyber attacks, and more
This episode reports on abuse of Go language repositories, unpatched Outlook servers targeted by Russian group, and more
12/6/2023 • 5 minutes, 50 seconds
Cyber Security Today, Dec. 4, 2023 - A warning to water treatment utilities, a boot vulnerability could affect millions of PCs, and more
This episode reports on a campaign against critical infrastructure using PLCs, a vulnerability in PCs, and more
12/4/2023 • 7 minutes, 8 seconds
Cyber Security Today, Week in Review for Friday, Dec. 1, 2023
This episode features a discussion on ransomware, the latest explanation from Okta of a support hack and a survey of infosec pros whose firms were hacked
12/1/2023 • 28 minutes, 4 seconds
Cyber Security Today, December 1, 2023 -More on Booking.com compromises
This episode reports on how a hotel allowed its reservation system to be abused by a crook, US hits at a cyrptocurrency mixer used by North Korea, and more
12/1/2023 • 4 minutes, 58 seconds
Cyber Security Today, Nov. 29, 2023 - More ransomware attacks on the healthcare sector
This episode reports on a company hit twice by a ransomware gang, the arrest in Ukraine of the alleged head of a ransomware gang, and more
11/29/2023 • 5 minutes, 4 seconds
Cyber Security Today, Nov. 27, 2023 - Ransomware gang posts data stolen from Canadian Point of sale provider, and more
This episode reports on the latest ransomware attacks, and details of how a gang that scams people selling used products online works
11/27/2023 • 5 minutes, 45 seconds
Cyber Security Today, Week in Review for Friday, Nov. 24, 2023
This episode features discussion on Australia's decision to not make ransomware payments illegal, huge hacks of third-party service suppliers in Canada and the U.S. and whether email and smartphone service providers are doing enough to protect customers
11/24/2023 • 27 minutes, 22 seconds
Cyber Security Today, Nov. 24, 2023 - A warning to tighten security on Kubernetes containers, and more
This episode reports on the increasing number of vulnerable Kubernetes containers online, the latest acknowledged data breaches, a browser scam aimed at Macs, and more
11/24/2023 • 5 minutes, 43 seconds
Cyber Security Today, Nov. 22, 2023 -Boeing division hacked through NetScaler vulnerability, and more
This episode reports on unpatched holes that are being exploited by threat actors, and more
11/22/2023 • 5 minutes, 58 seconds
Cyber Security Today, Nov. 20, 2023 - Forbid ransomware payments, says a Canadian hospital
This episode reports on ransomware attacks and 1.6 million more victims of MOVEit hacks
11/20/2023 • 6 minutes, 20 seconds
Cyber Security Today, Week in Review for week ending Friday, Nov. 17, 2023
This episode features a discussion on lessons learned from a huge cyber attack in Denmark, and more
11/17/2023 • 28 minutes, 58 seconds
Cyber Security Today, Nov. 17, 2023 - A company's slip may have led to a hack, free AI and incident response advice, and more
This episode reports on claims by a threat actor that they used a former employee's still active credentials for a data theft, and more
11/17/2023 • 5 minutes, 42 seconds
Cyber Security Today, Nov. 15, 2023 - A new ransomware gang emerges, a patching failure was behind a co-ordinated cyber attack on Denmark, and more
This episode reports on the latest ransomware news, why a sophisticated attack on Denmark's critical infrastructure providers was so effective, and more
11/15/2023 • 5 minutes, 46 seconds
Cyber Security Today, Nov. 13, 2023 - Booking.com attack may be widespread, ransomware operator calls it quits, and more
This episode reports on a cyber attack on the operator of ports in Australia, the hack of a reporter's Experian account, the latest data breaches, and more
11/13/2023 • 6 minutes, 19 seconds
Cyber Security Today, Week in Review for the week ending Friday, Nov. 10,. 2023
This episode features discussion on Okta explanation of a hack, Cloudflare's explanation of a power outage and more
11/10/2023 • 33 minutes, 8 seconds
Cyber Security Today, Nov.10, 2023 - Patch SysAid software fast, how Ukraine's power system was crippled by Russia and more
This episode reports on a sophisticated OT and IT attack on Ukraine by Russia's Sandworm gang, how failing to patch a firewall fast led to a regulatory fine and more
11/9/2023 • 5 minutes, 52 seconds
Cyber Security Today, Nov. 8, 2023 - Personal data on US military members is easily bought from data brokers, and more
This episode reports on a university investigation into data brokers, new malware and how hackers could have gotten into medical software
11/8/2023 • 6 minutes, 59 seconds
Cyber Security Today, Nov. 6, 2023 - Okta employee is faulted for a hack, another US school board's data stolen, and more
This episode reports on the cause of a recent hack at Okta, personal data stolen from the emaill of employees at a fast food chain, a proxy botnet found and more
11/6/2023 • 7 minutes, 42 seconds
Cyber Security Today, Week in Review for the week ending Friday Nov. 3, 2023
This episode features a discussion on changes laid by the SEC against SolarWinds, the latest meeting of the International Counter Ransomware Initiative, cyber attacks on libraries and the departure of CEO John Chen from BlackBerry.
11/3/2023 • 26 minutes, 26 seconds
Cyber Security Today, Nov. 3, 2023 - Hackers are after vulnerable Apache and Citrix products
This episode reports on threat actors going after holes in Apache ActiveMQ and Airflow, as well as Citrix NetScaler Gateway appliances
11/3/2023 • 5 minutes, 39 seconds
Cyber Security Today, Nov. 1, 2023 - Atlassian warns admins to patch Confluence servers, GitHub being raided for AWS credentials and more
This episode reports on a huge haul of US government workers email addresses stolen in a MOVEit hack, malware in the NuGet open source code respository and more
11/1/2023 • 6 minutes, 3 seconds
Cyber Security Today, Oct. 30, 2023 - Hackers warn Las Vegas-area parents they have their children's data
This episode reports on the results of the latest Toronto edition of Pwn2Own contest, hacks at a US hospital, an e-commerce processor and more MOVEit victims
10/30/2023 • 8 minutes, 15 seconds
Cyber Security Today, Week in Review for the week ending Friday, Oct. 27, 2023
This episode features a discussion on the recent Okta hack, an attack on a Canadian shared services provider to five Canadian hospitals, the SecTOR conference and more.
10/27/2023 • 30 minutes, 15 seconds
Cyber Security Today, Oct. 27, 2023 - Malware hiding as a cryptominer may have infected 1 million PCs since 2017
This episode reports on a data-stealing gang that's added ransomware to its arsenal, a new UK law forcing social media platforms to police harmful content and more
10/27/2023 • 5 minutes, 44 seconds
Cyber Security Today, Oct. 25, 2023 - Ransomware attacks hit a record in September, and more
This episode reports on a security update warning from VMware, the discovery of a new ransomware strain and more
10/25/2023 • 4 minutes, 43 seconds
Cyber Security Today, Oct. 23, 2023 - Okta's support system hacked, and examples to use for cyber awareness training
This episode reports on the latest security updates from Cisco, SolarWinds and Siemens, and tricks hackers use to pass on to employees in awareness training
10/23/2023 • 7 minutes, 19 seconds
Cyber Security Today, Week in Review for the week ending Friday, Oct. 20, 2023
It's early but already experts are making cybersecurity predictions for 2024. We take a look at four of them
10/20/2023 • 21 minutes, 17 seconds
Cyber Security Today, Oct. 20, 2023 - Free anti-phishing guidance, ransomware gang sunk for not patching Confluence servers, and more
This episode reports on what could be a fatal mistake for a ransomware gang
10/20/2023 • 4 minutes, 19 seconds
Cyber Security Today, Oct. 18, 2023 - Patch this Cisco vulnerability now
This episode reports on another warning to patch Confluence servers and a WordPress plugin, an advanced threat actor leveraging Discord, and more
10/18/2023 • 5 minutes, 14 seconds
Cyber Security Today, Oct. 16, 2023 - Why a hacker created a fake conference website after the event, and more
This episode reports on Equifax UK fined US$13 million, Microsoft paying for finding AI vulnerabilities and more
10/16/2023 • 5 minutes, 10 seconds
Cyber Security Today, Week in Review for Friday, Oct. 11, 2023
This episode features discussion on a possible SEC investigation of the MOVEit hacks, the theft of data from 23andMe, the Top 10 cybersecurity misconfigurations, and more
10/13/2023 • 26 minutes, 59 seconds
Cyber Security Today, Oct. 13, 2023 -- A ransomware gang offers cash for employees to betray their firms
Hackers are trying to exploit unpatched Atlassian Confluence servers and Progress Software WS_FTP file transfer software, and more
10/13/2023 • 5 minutes
Cyber Security Today, Oct. 11, 2023 - IT administrators warned of serious vulnerabilities in web servers and in cURL
This episode reports on the latest security updates for a wide variety of applications
10/11/2023 • 7 minutes, 9 seconds
Cyber Security Today, Oct. 9, 2023 - US bank notifies over 800,000 of a MOVEit hack, data stolen from a DNA test service, and more
This episode reports on more MOVEit hack news, a US settlement in the Blackbaud ransomware attack and more
10/9/2023 • 6 minutes, 36 seconds
Cyber Security Today, Week in Review for the week ending Friday, Oct. 6, 2023
This episode features a discussion on how to create an effective cybersecurity awareness program
10/6/2023 • 23 minutes, 49 seconds
Cyber Security Today, Oct. 6, 2023 - The Qakbot gang is still operating
This episode reports on a malware gang that wasn't completely taken out by police, a warning to admins overseeing Confluence servers and more
10/6/2023 • 4 minutes, 39 seconds
Cyber Security Today, Oct. 4, 2023 - Critical vulnerabilities found in Linux and TorchServe
This episode reports on phishing email messages leveraging a hold in the Indeed job platform, warnings on poor firmware patching and on internet-connected ICS systems
10/4/2023 • 5 minutes, 43 seconds
Cyber Security Today, Oct. 2, 2023 - Advice for creating a cybersecurity awareness program
For October Cyber Security Awareness Month this episode offers tips on how to build an effective awareness program
10/2/2023 • 6 minutes, 20 seconds
Cyber Security Today, Week in Review for the week ending Friday, Sept. 29 ,20023
This episode features discussion on October Security Awareness Month, ransomware, teenage hackers and the start of hearings into proposed Canadian privacy and AI laws
9/29/2023 • 26 minutes, 37 seconds
Cyber Security Today, Sept. 29, 2023 - Protect your routers from this attacker, new open source malware packages found, and more
This episode reports on a China-based group that specializes in hacking branch office routers of major companies
9/29/2023 • 5 minutes, 56 seconds
Cyber Security Today, Sept. 27, 2023 - Hackers are targeting luxury hotels, a Red Cross scam and more
This episode reports on phishing campaigns against the hospitality sector, a new ransomware operator and more
9/27/2023 • 4 minutes, 41 seconds
Cyber Security Today, Sept. 25, 2023 - Hackers from India say they are targeting Canadian web sites
This episode reports on a retaliation threat against Canadian websites, the impact of the Dallas ransomware attack, and more
9/25/2023 • 6 minutes, 3 seconds
Cyber Security Today, Week in Review for the week ending Friday, Sept. 22, 2023
This episode features discussion about the MGM Resorts ransomware attack, and on recent DDoS attacks against Canadian websites
9/22/2023 • 27 minutes, 5 seconds
Cyber Security Today, Sept. 23, 2023 - Nova Scotia details MOVEit victims, a new ransomware strain found and more
This podcast reports on the latest number of MOVEit victims, new ransomware numbers and more
9/22/2023 • 5 minutes, 28 seconds
Cyber Security Today, Sept. 20, 2023 - A new online card-skimming campaign, new WinServer backdoors and more
This episode reports on the possiblity that thousands of internet-facing Juniper SRX firewalls and EX switches may be at risk from a new way to exploit a recently discovered vulnerability, and more
9/20/2023 • 5 minutes, 30 seconds
Cyber Security Today, Sept. 18, 2023 - How a deepfake voice caused a company to be hacked
This episode reports on a sophisticated scam, and lessons that can be taught for security awareness training
9/18/2023 • 5 minutes, 33 seconds
Cyber Security Today, Week in Review for the week ending Friday, Sept. 15, 2023
This episode features discussion on Microsoft's explanation of how the hack of one of its software developers led to one of the most amazing breaches of email security, a ransomware report from the U.K., a Business Council of Canada report on security and why the .US domain is being used so much for phishing attacks.
9/15/2023 • 26 minutes, 39 seconds
Cyber Security Today, Sept. 15, 2023 podcast - Warning: This group specializes in SMS texting scams
An alert about a group that focuses on tricking IT support staff by claiming to be an employee who needs to reset their password, and more
9/15/2023 • 5 minutes, 4 seconds
Cyber Security Today, Sept. 13, 2023 - Crooks target Facebook Messenger accounts of businesses, a warning to IT support staff and more
This episode reports on the latest security updates, a scam aimed at IT service desk staff of American organizations that use access management solutions from Okta, and more
9/13/2023 • 5 minutes, 56 seconds
Cyber Security Today, Sept 11, 2023 - Warnings from Cisco, a huge DDoS attack and more MOVEit and ransomware victims
This episode reports on vulnerabilities that have to be dealt with in Cisco applications, the sentencing of a Russian businessman in the US to nine years in prison for his role in a nearly US$100 million stock market cheating scheme, and more
9/11/2023 • 8 minutes, 17 seconds
Cyber Security Today, Week in Review for Friday, September 8, 2023
This episode features a discussion between IT World Canada CIO Jim Love and Adam Evans, chief information and security officer of Royal Bank of Canada
9/8/2023 • 35 minutes, 2 seconds
Cyber Security Today, Sept. 8, 2023 - Are boards and CISOs communicating, the latest ransomware data and more
This episode reports on the latest survey of boards on cybersecurity, and more
This episode reports on what your organization might need to get and keep cyber insurance -- or whether you should self-insure by setting up a rigorous cybersecurity program
9/6/2023 • 3 minutes, 45 seconds
Cyber Security Today, Sept. 4, 2023 - Cybersecurity tips for parents as the new school year starts
This episode offers cybersecurity and privacy advice and links to websites for parents about to send their kids back to school
9/4/2023 • 3 minutes, 10 seconds
Cyber Security Today, Week in Review for the week ending Sept. 1, 2023
This episode features discussion on International Women in Cybersecurity Day, a Canadian cybercrime report, the takedown of the Quakbot bot and the attacks on Barracuda Networks' ESG email gateways
9/1/2023 • 24 minutes, 48 seconds
Cyber Security Today, Sept. 1, 2023 - Celebrate Women in Cyber Security
This episode reports on more bad packages in open-source repositories, and why you shouldn't play the date game
9/1/2023 • 5 minutes, 4 seconds
Cyber Security Today, August 30, 2023 - More ransomware and MOVEit attack numbers, and an attack on a Rust repository
This episode reports on QR codes being used by threat actors, statistics on ransomware and MOVEit hacks, and more
8/30/2023 • 5 minutes, 36 seconds
Cyber Security Today, August 28, 2023 -- SIM card swap led to a Kroll data breach, supplier hack led to a London police data theft, and more
This episode reports on several newly revealed hacks, including the theft of the names and ranks of 47,000 London police and staff stolen after a hacker got into the IT systems of a firm that prints police warrant cards and staff passes
8/28/2023 • 6 minutes, 43 seconds
Cyber Security Today, Week in Review for Friday, August 25, 2023
This episode features a discussion about zero trust and the cyber attack on Tesla by former employees
8/25/2023 • 22 minutes, 34 seconds
Cyber Security Today, August 25, 2023 - FBI warning about Barracuda ESG gateways and thousands of more US MOVEit victims
This episode reports on what some crooks are doing with stolen personal data, and more
8/25/2023 • 4 minutes, 54 seconds
Cyber Security Today, August 23, 2023 -Public exposure doesn't deter this attacker, and more
This episode reports on a persistent attacker, security updates for Ivanti Sentry and more
8/23/2023 • 4 minutes, 36 seconds
Cyber Security Today, August 21, 2023 - The latest ransomware news, and security patches issued by Cisco, Juniper and Jenkins
This episode includes reports on how much Dallas paid for a ransomware incident response, data released by the Black Basta ransomware gang after an attack on a U.S. housing authority and more
8/21/2023 • 6 minutes, 14 seconds
Cyber Security Today, Week in Review for Friday, August 18, 2023
This episode features a discussion on a report into the successes of the Lapsus$ extortion gang, a ransomware attack against a Canadian non-profit, a vulnerability in the WiFi module of the infotainment system of some Ford vehicles and whether governments should mandate minimum cybersecurity standards for internet-connected devices
8/18/2023 • 30 minutes, 34 seconds
Cyber Security Today, August 18, 2023 -- CISA urges action on a Citrix File Share vulnerability, and more
This episode reports on a hole in the naming policies of modules developers can put in Microsoft's PowerShell Gallery, lessons from a honeypot test and more
8/18/2023 • 5 minutes, 40 seconds
Cyber Security Today, August 16, 2023 - Discord.io database of 760,000 up for sale, LinkedIn under attack and more MOVEit victims
This episode reports on the most recent data breaches and an extortion campaign against LinkedIn users who lose access to their accounts
8/15/2023 • 7 minutes, 32 seconds
Cyber Security Today, August 14, 2023 - A huge insurance company hack, presentations at the Black Hat conference, and more
This episode reports on the hack of Hub International, advantages of honeypots, artificial intelligence and more
8/14/2023 • 7 minutes, 51 seconds
Cyber Security Today, Week in Review for Friday, August 11, 2023
This episode features discussion on preventing ransomware in schools, a UK report on ransomware and insurance, the MOVEit hacks and sports teams and venues as cyber targets
8/11/2023 • 25 minutes, 7 seconds
Cyber Security Today, August 11, 2023 - Employee mistake leads to Northern Ireland police data breach, why employee awareness training is vital, and more
This episode reports on the latest phishing attacks, attacks on unsupported and unpatched Zyxel routers and more
8/11/2023 • 4 minutes, 44 seconds
Cyber Security Today, August 9, 2023 - The latest ransomware news, and more
This episode reports on the latest trends in ransomware attacks, and security updates from Microsoft, SAP and PaperCut
8/9/2023 • 7 minutes, 1 second
Cyber Security Today, August 7, 2023 - Ransomware attack hits US hospitals, a Canadian insurer is sideswiped by MOVEit hacks, and more
This episode reports on the latest victims of MOVEit hacks, data thefts at Colorado's Department of Higher Education, and more
8/7/2023 • 7 minutes, 42 seconds
Cyber Security Today, Week in Review for Friday, August 4, 2023
This repeat episode is a conversation with Aaron McIntosh, co-author of the Ransomware Task Forces' Blueprint for Ransomware Defence.
8/4/2023 • 29 minutes, 39 seconds
Cyber Security Today, August 4, 2023 -- The shadow hanging over your IT network
This episode looks at a recent from the UK National Cyber Security Centre on shadow IT
8/4/2023 • 2 minutes, 51 seconds
Cyber Security Today, August 2, 2023 - A valuable report from the CISA
This episode reports on lessons from an analysis by the U.S. Cybersecurity and Infrastructure Security Agency (CISA) on 121 assessments it did on security incidents last year
8/2/2023 • 3 minutes, 2 seconds
Cyber Security Today, July 31, 2023 - Warning to Linux administrators, and more
This episode reports on two alerts to admins with Linux in their environments and a caution for web site and web application developers
7/31/2023 • 4 minutes, 15 seconds
Cyber Security Today, Week in Review for Friday July 28, 2023
This episode features a discussion on the latest news in artificial intelligence, women in cybersecurity and data breach reporting
7/28/2023 • 24 minutes, 22 seconds
Cyber Security Today, July 28, 2023 - At least 8 million Americans hit in the latest MOVEit hack, and more
This podcast reports on the need to patch MikroTik routers and Ivanti's Endpoint Manager Mobile and more
7/28/2023 • 4 minutes, 55 seconds
Cyber Security Today, July 26, 2023 - Reports on successful ransomware attacks, on stolen credentials for accessing business applications, and more
This episode reports on the slow adoption of DMARC protection, infected packages in open source repositories and more
7/26/2023 • 7 minutes, 45 seconds
Cyber Security Today, July 24, 2023 - MOVEit hacker tries to squeeze victims, an apology for a data leak from VirusTotal, and more
This episode reports on a patch for Adobe OpenMeetings, a lack of patching of Zyxel devices, allegations that Microsoft's security breach may be worse than thought, and more
7/24/2023 • 7 minutes, 48 seconds
Cyber Security Today, Week in Review for Friday, July 21, 2023
This episode features a discussion on an attacker forging a Microsoft authentication key for cloud access, developers including private keys in Docker containers, the continuing increase in ransomware attacks and more
7/21/2023 • 24 minutes, 30 seconds
Cyber Security Today, July 21, 2023 - MOVEit victim numbers climb higher, news on spyware, and more
This episode reports on the latest news in the MOVEIt hack, spyware, attribution in the JumpCloud hack and more
7/21/2023 • 4 minutes, 1 second
Cyber Security Today, July 19, 2023 - The Sturmous ransomware group is back, a ransomware gang adds a new backdoor, and more
This episode reports on the jailing of an IT security analyst who tried leverage a cyber attack to extort money from the U.K. company he worked for, an AI chatbot for crooks, and more
7/19/2023 • 7 minutes, 31 seconds
Cyber Security Today, July 17, 2023 - USB-based attacks rising, attacks on AWS increasing and more
This episode reports on attacks on AWS, Azure and Google Cloud environments, Russia's attempt to disconnect from the global internet and more
7/17/2023 • 7 minutes, 33 seconds
Cyber Security Today, Week in Review for Friday, July 14, 2023
This episode features discussion on insider threats, the pace of cybersecurity spending by the private sector, how hackers are creating voice fakes and the responsibilities of CEOs during a cyber attack
7/14/2023 • 24 minutes, 26 seconds
Cyber Security Today, July 14, 2023 - Ransomware payments are up, Google is squeezing bad Android developers, and more
This episode reports on ransomware statistics, the release of the source code for the BlackLotus bootkit and the release of the implementation plan for the U.S. National Cybersecurity Strategy
7/14/2023 • 4 minutes, 40 seconds
Cyber Security Today, July 12, 2023 - There are now over 270 MOVEit hack victims, a record number of Patch Tuesday fixes, and more
This episode reports on the cyber trial of a British teen, NATO cyber strategy, how a CEO should respond to a cyber attack and more
7/12/2023 • 7 minutes, 43 seconds
Cyber Security Today, July 10, 2023 - A second insurance company sideswiped by the MOVEit hack, a Truebot malware warning, and more
This episode reports on the discovery of another unprotected database of personal information, an analysis of new ransomware variants and more
7/10/2023 • 9 minutes, 11 seconds
Cyber Security Today, Week in Review for Friday July 7, 2023
This episode features a discussion with Aaron McIntosh, co-author of the Ransomware Task Force's Blueprint for Ransomware Defense
7/7/2023 • 29 minutes, 48 seconds
Cyber Security Today, July 7, 2023 - Sour news from a honeypot network
How much can infosec pros learn from a honeypot? This podcast answers that question
7/7/2023 • 3 minutes, 51 seconds
Cyber Security Today, July 5, 2023 - Advice to firms on the right way to collect personal data
A look back at Canadian privacy commissioners' report into problems with the Tim Hortons mobile app
7/5/2023 • 3 minutes, 15 seconds
Cyber Security Today, July 3, 2023 - The latest ransomware news, a warning to WordPress Ultimate Member administrators, and more
This episode reports on the availability of a decryptor for Akira ransomware, a $70 million ransomware demand and more
7/3/2023 • 6 minutes, 27 seconds
Cyber Security Today, Week in Review for Friday, June 30, 2023
This episode features a discussion on the Suncor cyber attack, the costs of the Indigo ransomware attack and the value of SIEMs
6/30/2023 • 24 minutes, 11 seconds
Cyber Security Today, June 30, 2023 - Good news and bad news about ransomware
This episode reports on a new information-stealing malware, crooks cloning voices for virtual kidnapping and more
6/30/2023 • 5 minutes, 10 seconds
Cyber Security Today, June 28, 2023 - More banks added to the target list of Android malware, and the latest data breach news
This episode reports on the latest victim of the MOVEit vulnerability, the impact of Europol's dismantling of an encrypted communications service used by crooks and more
6/28/2023 • 6 minutes, 48 seconds
Cyber Security Today, June 26, 2023 - The latest data breaches, and a Twitter hacker sentenced to five years
This episode reports on a US insurance firm and a state employees' pension fund caught in the MOVEit hack of a supplier, pilots of two airlines caught in the hack of one of their partners, an infected USB key that led to a hospital being hacked, and more
6/26/2023 • 8 minutes, 29 seconds
Cyber Security Today, Week in Review for June 23, 2023
This episode features a discussion on calls by several civil rights groups for the Canadian government to tighten up its proposed cybersecurity law, the proper way companies should notify victims of a data breach, why cybercrooks like using the Telegram Messaging service and more
6/23/2023 • 28 minutes, 38 seconds
Cyber Security Today, June 23, 2023 - New ransomware data, a salary transfer scam that victimize employees and more
This episode reports on the increasing number of ransomware attacks, an email scam that tricks firms into switching payment bank accounts of employees and more
6/23/2023 • 4 minutes, 36 seconds
Cyber Security Today, June 21, 2023 - More MOVEit victims, more ransomware news and 100,000 stolen ChatGPT credentials are up for sale
This episode reports on patches for Asus routers, a new Russian email server attack on Ukraine, a ransomware gang takes credit for an attack on Reddit and more
6/21/2023 • 6 minutes, 58 seconds
Cyber Security Today, June 19, 2023 - Millions of Americans caught in MOVEit hacks, the latest DDoS news, and more
This episode reports on the latest news on MOVEit hacks, a DDoS site taken down by police in Poland and more
6/19/2023 • 7 minutes, 35 seconds
Cyber Security Today, Week in Review for Friday, June 16, 2023
This episode features a discussion on paying ransomware demands, a crimeware gang whose targets include small and medium businesses and why some developers are less than careful with their API keys.
6/16/2023 • 21 minutes, 48 seconds
Cyber Security Today, June 16, 2023 - Beware of fake profiles on GitHub, and are you an optimist or pessimist CISO?
This episode reports on GitHub being abused by a threat actor, surveys of infosec pros and more
6/16/2023 • 4 minutes, 24 seconds
Cyber Security Today, June 14, 2023 - A warning for users of Microsoft's digital signature tool, an alert to VMware administrators, and more
This episode reports on crime and punishment, civil fines for Microsoft and Spotify and more
6/14/2023 • 6 minutes, 45 seconds
Cyber Security Today, June 12, 2023 - Replace compromised Barracuda email gateways, and more holes found in MOVEit
This episode reports on the latest news in the MOVEit compromise saga, a successful attack on a SharePoint online customer, recent data breaches and more
6/12/2023 • 9 minutes, 16 seconds
Cyber Security Today, Week in Review for the week ending Friday June 9, 2023
This episode features a discussion on the Nova Scotia health data breach, the compromise of the MOVEit file transfer application and more
6/9/2023 • 26 minutes, 25 seconds
Cyber Security Today, June 9, 2023 - The annual Data Breach Investigations Report is here
This episode looks at some of the numbers gathered from 16,000 cybersecurity incidents in the annual Verizon report
6/9/2023 • 3 minutes, 44 seconds
Cyber Security Today, June 7, 2023 - Why a CISO should be on your board
This episode looks at the traits a firm should consider if appointing a CISO to the board of directors
6/7/2023 • 3 minutes, 36 seconds
Cyber Security Today, June 5, 2023 - Data stolen from Swiss authorities, a new skimmer attack on Web sites, and more
This episode reports on the BlackSuit ransomware strain, an expected EU privacy fine against Microsoft, a warning about an attack on web sites and more
6/5/2023 • 6 minutes, 30 seconds
Cyber Security Today, Week in Review for the week ending Friday, June 2, 2023
This episode features a discussion on a report into the ransomware attack on Newfoundland's IT healthcare system, a penalty paid by a US medical billing supplier over a data breach, an Australian company's estimate of the costs of a ransomware attack and the sentencing in the U.S. of two Nigerian cyber crooks.
6/2/2023 • 26 minutes, 28 seconds
Cyber Security Today, June 2, 2023 - A new way of compromising the PyPI repository found, warning for MOVEit file transfer users, and more
This episode reports on ransomware attacks, a proposed US$25 million fine against Amazon and more
6/2/2023 • 5 minutes, 58 seconds
Cyber Security Today, May 31, 2023 - Almost 9 million victims in a data breach, a database of crooks is published, and more
This episode reports on CAPTCHA evasion, more exploits added to the Murai botnet and more
5/31/2023 • 7 minutes, 27 seconds
Cyber Security Today, May 29, 2023 - Two US companies pay $850,000 for data breaches, and more
This episode reports on a new ransomware gang, new industrial control malware and advice for infosec leaders from a CISO whose firm suffered a ransomware attack
5/29/2023 • 7 minutes, 11 seconds
Cyber Security Today, Week in Review for Friday, May 26, 2023
This episode features a discussion on employees who contributed to a company hack by sharing a password to an email account the spread of a fake image posted on Twitter of an explosion supposedly near the Pentagon and more
5/26/2023 • 21 minutes, 3 seconds
Cyber Security Today, May 26, 2023 - Hackers are using YouTube to flog pirated software, and more
This episode reports on data breach notifications, an updated hacking tool, surveys of infosec pros and more
5/26/2023 • 4 minutes, 7 seconds
Cyber Security Today, May 24, 2023 - Generative AI used for child porn, Google to pay Washington state millions for misleading location practices, and more
This episode reports on an IT security analyst convicted of trying to extort his own company, cybersecurity problems with government agencies in Utah and more
5/24/2023 • 5 minutes, 42 seconds
Cyber Security Today, May 22, 2023 - G7 nations speak out on cybercrime and artificial intelligence, the latest ransomware news, and more
This episode reports on more financial penalties for a US firm's data breach, the PyPI registry can't keep up with added malware, Dole pays $US10.5 million to repair computers after ransomware attack and more
5/22/2023 • 8 minutes, 22 seconds
Cyber Security Today, Week in Review for Friday, May 19, 2023
This episode features discussion about this week's U.S. Senate hearing on regulating artificial intelligence, the release of school schematics by a ransomware gang, a cybersecurity company fooled by a fake onboarded employee and the latest use of facial recognition software
5/19/2023 • 28 minutes, 20 seconds
Cyber Security Today, May 19, 2023 - Beware of .zip websites, Dropbox is abused by crooks, infected Android phones and more
This episode reports on how crooks are leveraging Dropbox and the new .,zip domain, offers tips for vacation travelers and more
5/19/2023 • 4 minutes, 58 seconds
Cyber Security Today, May 17, 2023 - An email invoice scam that impersonates your boss, a new ransomware gang discovered and more
This episode reports on a new DDoS attack tactic, a U.S. pharmaceuticals company reports a data breach of 5.8 million people, attacks on TP-Link routers and more
5/17/2023 • 6 minutes, 16 seconds
Cyber Security Today, May 15, 2023 - Patch this WordPress plugin hole fast, a data breach at a Discord provider and more
This episode reports on man-in-the-middle attacks, a new GitHub security tool, a warning about possibly fake MSI firmware updates and more
5/15/2023 • 7 minutes, 34 seconds
Cyber Security Today, Week in Review for Friday May 12, 2023
This week's review features a discussion between Jim Love and David Shipley on the progress in the fight against ransomware
5/12/2023 • 23 minutes, 42 seconds
Cyber Security Today: May 12, 2023 - How Dragos was fooled by an attacker impersonating a new employee, and more
This episode reports on lessons learned in a breach of security controls, a data breach at SchoolDude, a ransomware warning to admins with VMware hypervisors and more
5/12/2023 • 8 minutes, 14 seconds
Cyber Security Today: May 10, 2023 - A new ransomware strain called Cactus is found, and more
This episode reports on a survey of CISOs and more
5/10/2023 • 2 minutes, 48 seconds
Cyber Security Today, May 8, 2023 - Sheriff's office pays a $1 million ransom, American health records provider hacked, and more
This episode reports on a new ransomware gang, an update on a ransomware attack on an American private university and more
5/8/2023 • 4 minutes, 26 seconds
Cyber Security Today, Week in Review for Friday May 5th, 2023
This episode features a discussion on the latest news about ChatGPT, data thefts of from test and decommissioned servers and whether the FBI needs more money to fight cybercrime
5/5/2023 • 20 minutes, 58 seconds
Cyber Security Today, May 5, 2023 - Data breach at the Metropolitan Opera, and more GoAnywhere MFT victims
This episode reports on PayPal being used to send fake invoices and more
5/5/2023 • 5 minutes, 2 seconds
Cyber Security Today, May 3, 2023 - A ransomware gang threatens American university students, Samsung tells staff to stop using ChatGPT, and more
This episode reports on ransomware, a data theft at Yellow Pages Canada, ra[od Apple patches and more
5/3/2023 • 5 minutes, 33 seconds
Cyber Security Today, May 1, 2023 - Another Amnesty International branch hacked, the Catholic Diocese of Las Vegas compromised and more
This episode reports on increasingly good fake checkout pages being used on compromised e-commerce sites, malware hiding in supposedly free versions of utilities and games and more
5/1/2023 • 7 minutes, 20 seconds
Cyber Security Today, Week in Review for Friday, April 28, 2023
This episode includes a discussion on the merits of the supervised super-penetration tests major Canadian banks and insurance companies will have to undergo
4/28/2023 • 28 minutes, 40 seconds
Cyber Security Today, April 28, 2023 - Data on over 340 million people exposed so far this year
This episode reports on the need to update applications from Veeam, Apache, VMware, and more
4/28/2023 • 5 minutes, 6 seconds
Cyber Security Today, April 26, 2023 - New reports on ransomware and cyber attacks, new tools used by attackers, and more
This episode reports on common factors in successful ransomware attacks, new tools used by threat actors and a call to update PaperCut servers
4/26/2023 • 5 minutes, 49 seconds
Cyber Security Today, April 24, 2023 podcast
This episode reports on infected versions of popular business apps circulating on the internet, attackers are getting into Kubernetes access control and the impact of the X_Trader supply chain attack
4/24/2023 • 4 minutes, 8 seconds
Cyber Security Today, Week in Review for the week ending Friday, April 21, 2023
This episode features a discussion on the supply chain attack that led to the 3CX supply chain attack, how organizations using Fortra's vulnerable GoAnywhere MFT platform might have stopped ransomware attacks, sensitive data found on used routers and more
4/21/2023 • 25 minutes, 9 seconds
Cyber Security Today, April 21, 2023 - Is the LockBit ransomware gang slipping, or is IT allowing them to look good?
This podcast looks at slips by the LockBit ransomware gang, and how one attack was helped by poor cyber hygiene
4/21/2023 • 5 minutes, 41 seconds
Cyber Security Today, April 19, 2023 - Ransomware gang hits CommScope, unsanitized routers being re-sold and more
This episode reports on a new collaboration to create new malware, the latest email campaign using the QBot malware and more
4/19/2023 • 5 minutes, 19 seconds
Cyber Security Today, Apri 17, 2023 - NCR's Aloha POS system hit by ransomware, attackers ask big money from Western Digital, and more
This episode reports on new macOS ransomware, a warning to accounting and tax preparation firms on a scam, and more
4/17/2023 • 7 minutes, 3 seconds
Cyber Security Today, Week in Review for Friday, April 14, 2023
This episode features a discussion on the alleged cyber attack against a Canadian gas pipeline, identity management, Windows patches and a new piece of commercial spyware
4/14/2023 • 25 minutes, 3 seconds
Cyber Security Today, April 14, 2023 -More DDoS attacks against Canada, Russia's Nobelium group targeting NATO countries and more
This episode reports on the latest data breaches, an attack on internet-connected irrigation systems in Israel and more
4/14/2023 • 5 minutes, 19 seconds
Cyber Security Today, April 12, 2023 - Install this Windows Server patch fast, a warning to Azure administrators and more
This episode reports on details of a commercial spyware company, an issue in Microsoft's Azure storage accounts, how crooks try to bypass Google's Play store with malicious apps and more
4/12/2023 • 7 minutes, 16 seconds
Cyber Security Today, April 10 2023 - Cyber attack hits PC maker MSI, another GoAnywhere MFT victim and more
This episode reports on data breaches, a Ukrainian utility compromised after an employee downloads pirated Microsoft Office, alleged dodgy activity by Tesla and Samsung employees and more
4/10/2023 • 9 minutes, 38 seconds
Cyber Security Today, Week in Review for Friday April 7, 2023
This episode features a discussion on the 3CX supply chain hack, new ransomware, the takedown of the criminal Genesis marketplace and more.
4/7/2023 • 21 minutes, 40 seconds
Cyber Security Today, April 7, 2023 - Microsoft and Fortra go after Cobalt Strike abusers, a new online criminal marketplace, and more
This episode reports on an attempt to take down the IT infrastructure behind stolen versions of the Cobalt Strike tool, the emerging Styx criminal marketplace and more
4/7/2023 • 5 minutes, 3 seconds
Cyber Security Today, April 5, 2023 - Two new ransomware strains found, TikTok fined millions in the U.K. and more
This episode of the podcast reports on ransomware, a compromised US income tax web site, the exploit of a backup program and more
4/5/2023 • 6 minutes, 45 seconds
Cyber Security Today, April 3, 2023 - Canadian-based ticketing agency admits data breach, and more on the proposed halt to AI systems
This episode reports on millions of Americans who took out loans being notified of a data breach, a criminal group trying to defraud companies hit by ransomware by bluffing and more
4/3/2023 • 6 minutes, 46 seconds
Cyber Security Today, Week in Review for the week ending Friday, March 31, 2023
This episode features a discussion on the call for a temporary halt in developing AI applications, the future of TikTok, World Backup Day and more
3/31/2023 • 22 minutes, 44 seconds
Cyber Security Today, March 31, 2023 -World Backup Day advice, new malware targeting Linux and more
This episode reports on how crooks take over Instagram accounts, a WiFI problem in Linux-based devices like access points and smartphones more
3/31/2023 • 5 minutes, 8 seconds
Cyber Security Today, March 29, 2023 - European Commission site for educators compromised, Lumen hit by ransomware, and more
This episode reports on a warning to Okta administrators, a data breach at an Australian financial corporation grows and more
3/29/2023 • 6 minutes, 46 seconds
Cyber Security Today, March 27, 2023 - Crooks are using email scams to steal computer hardware, a WooComerce warning, and more
This episode reports on crooks using business email compromise tactics to steal products, the latest phishing email scam and more
3/27/2023 • 8 minutes, 13 seconds
Cyber Security Today, Week in Review for Friday, March 24, 2023
This episode features a discussion on penetration testing, the cybersecurity maturing rankings of companies, rotating infosec jobs across government departments and the number of people on boards with cybersecurity experience
3/24/2023 • 21 minutes, 24 seconds
Cyber Security Today, March 24, 2023 - Malware found in the NuGet repository, a warning to lock down web applications and more
This episode reports on code in an online payment gateway modified to skim credit cards, a security problem with Windows' Snipping tool and more
3/24/2023 • 4 minutes, 52 seconds
Cyber Security Today, March 22, 2023 - ChatGPT4 is out, poorly-protected Linux servers are exploited, and more
This episode reports on a review of the latest version of ChatGPT, poor passwords are compromising Linux SSH servers and more
3/22/2023 • 4 minutes, 29 seconds
Cyber Security Today, March 20, 2023 - All eyes on TikTok, Hitachi Energy is the latest GoAnywhere MFT victim, and more
This episode reports on the latest news on TikTok, ransomware and a hack at an NBA provider
3/20/2023 • 6 minutes, 37 seconds
Cyber Security Today, Week in Review for the week ending Friday, March 17, 2023
This episode features a discussion on a Canadian parliamentary committee report on cybersecurity, the Newfoundland healthcare system ransomware attack and the cyber implications of the Silicon Valley Bank failure
3/17/2023 • 23 minutes, 14 seconds
Cyber Security Today, March 17, 2023 - More than 4 million Americans notified of a data breach, and the latest ransomware news
This episode reports on a huge data breach, information on the Trigona ransomware and more
3/17/2023 • 4 minutes, 56 seconds
Cyber Security Today, March 15, 2023 - Rubrik is the latest victim of the GoAnywhere MFT hack, and 3 million Americans notified of a data leak
This episode reports on the latest FBI cybercrime statistics, Silicon Valley Bank phishing scams and more
3/15/2023 • 7 minutes, 33 seconds
Cyber Security Today, March 13, 2023 - GitHub starts enforcing multifactor authentication, news on botnets and more
This episode reports on a company fined for an inaccurate ransomware report, the seizure of the NetWire remote access trojan infrastructure and more
3/13/2023 • 5 minutes, 32 seconds
Cyber Security Today, Week in Review for the week ending March 10, 2023
This episode includes a discussion on a damaging Windows bootkit, law firms under attack, cybersecurity help for Canadian non-profits and the hack of a LassPass developer's home computer
3/10/2023 • 23 minutes, 44 seconds
Cyber Security Today, March 10, 2023 - A SonicWall device hacked, a ransomware attack on a Canadian engineering firm and a fast business email attack
This episode reports on a how a recent business email compromise unfolded in just over two hours
3/10/2023 • 5 minutes, 25 seconds
Cyber Security Today, March 8, 2023 - A new ransomware tactic, old DrayTek routers are exploited and more
This episode reports on a plea by Canada's privacy commissioner to get rid of fax machines, a Russian gang's video call scam and more
3/8/2023 • 6 minutes, 48 seconds
Cyber Security Today, March 6, 2023 - Fraud Prevention Month advice, the latest data breach reports and more
This episode reports on an Oauth misconfiguration at Booking.com, data breaches at US universities, security updates for Cisco IP phones and more
3/6/2023 • 5 minutes, 53 seconds
Cyber Security Today, Week in Review for Friday, March 3rd, 2023
This episode features a discussion about artificial intelligence and ChatGPT with a University of Calgary cybersecurity expert
3/3/2023 • 24 minutes, 2 seconds
Cyber Security Today, March 3, 2023 - Bootkit can compromise Windows 11, a hacked container found and more
This episode reports on the BlackLotus bootkit, a new backdoor found, a hack of a container and more
3/3/2023 • 6 minutes, 52 seconds
Cyber Security Today, March 1, 2023 - Dish TV, U.S. Marshal's Service hit with ransomware, and a US official shoots security complaints against the IT industry
Breaches of security controls should be blamed on unsafe applications, not attackers, says the head of the U.S. Cybersecurity and Infrastructure Security Agency. Read why
3/1/2023 • 4 minutes, 55 seconds
Cyber Security Today, Feb. 27, 2023 - More lessons from the Russia-Ukraine cyber war, a US medical lab fined after theft of old data, and more
This podcast reports on a data breach at News Corp., a report on the privacy descriptions of apps in the Google Play store, and more
2/27/2023 • 8 minutes
Cyber Security Today, Week in Review for Friday, February 24, 2023
This episode features a discussion on employees falling for SMS text scams, Twitter's move to make users pay for SMS 2FA and burnt-out CISOs
2/24/2023 • 26 minutes, 47 seconds
Cyber Security Today, Feb. 24, 2023 - Holes in open source software, ransomware gang tries to evade cyber insurers and more
This episode reports on vulnerabilities in Apple devices plugged, a Russian citizen extradited to the U.S. for computer fraud and more
2/24/2023 • 4 minutes, 8 seconds
Cyber Security Today, Feb. 22, 2023 - Hackers selling data centre logins, phone number recycling that leads to accidental account hijacking and a ransomware gang that claims your cyber insurance firm is blocking your data return
Hackers selling data centre logins for some of the world's largest companies, phone number recycling leads to accidental account hijacking and a ransomware gang that claims that it’s really your cyber insurance firm that blocks you from getting your data back. Spoiler alert. They lie.
2/22/2023 • 8 minutes, 36 seconds
Cyber Security Today, Feb. 20, 2023 - A business email scam group is broken in Europe, GoDaddy's IT system hit again and more
This episode reports on ransomware, a coming SolarWinds Platform update, a warning from VMware of a conflict with a WinServer update and more
2/20/2023 • 6 minutes, 32 seconds
Cyber Security Today, Week in Review for Friday, February 17, 2023
This edition features a discussion on who's to blame for cybersecurity problems in Canadian hospitals, and why management and infosec pros aren't communicating better
2/17/2023 • 28 minutes, 4 seconds
Cyber Security Today, Feb. 17, 2023 - A fake Emsisoft code-signing certificate found, increasing VMware ransomware detected and more
This episode reports on an attempt to fool Emsisoft protection, the continued spread of the ESXiArg ransomware and more
2/17/2023 • 6 minutes, 23 seconds
Cyber Security Today, Feb. 15, 2023 - Patches released for Microsoft Exchange, SAP, Apple and Adobe products
This episode reports on 1 million patients victimized in GoAnywhere MFT hack, phony packages found in PyPI and NPM registries, WordPress website compromises and more
2/15/2023 • 6 minutes, 24 seconds
Cyber Security Today, Feb. 13, 2023 - Hole in GoAnywhere file transfer utility exploited, ransomware attacks in the U.S. and Israel, and more
This episode reports on the apparent return of the Clop extortion gang, ransomware attacks against hospital groups and the city of Oakland, Calif.,, and more
2/13/2023 • 6 minutes, 35 seconds
Cyber Security Today, Week in Review for Friday, February 10, 2023
This episode features discussion on ransomware attacks on VMware servers, holes found in Toyota's supplier portal and more
2/10/2023 • 23 minutes, 13 seconds
Cyber Security Today, Feb. 10, 2023 - Cyber threats against executives are increasing, the latest on email scams and more
This episode reports on doxing and swatting against execs, screenshots being used in attacks and more
2/10/2023 • 4 minutes, 15 seconds
Cyber Security Today, Feb. 8, 2023 - Toyota supplier website hacked, ransomware gang partner pleads guilty, and more
This episode reports on ransomware, supply chain attacks and the latest consumer scams
2/8/2023 • 7 minutes, 49 seconds
Cyber Security Today, Feb. 6, 2023 - Ransomware is targeting VMware's hypervisor, hospitals are attacked and more
This episode reports on third-party cybersecurity risks, a warning to managed Chromebook admins, hacks at two U.S. background checking services and more
2/6/2023 • 8 minutes, 10 seconds
Cyber Security Today, Week in Review for Friday, February 3, 2023
This episode features a discussion about a ransomware attack on a US school board, new data-wiping malware, a controversy the over KeePass password manager and the take-down of the Hive ransomware gang's IT infrastructure
This episode outlines news of four recent ransomware attacks, the release by Cisco Systems of security fixes for industrial products and the guilty plea of a man who tried to extort the software company he worked for
2/3/2023 • 5 minutes, 16 seconds
Cyber Security Today, Feb. 1, 2023 - Microsoft tracks 100 gangs using ransomware, Google Fi customer data is copied and more
This episode reports on the latest DocuSign scam, YouTube channels hacked for cryptocoin fraud, another warning to open source code repositories and more
2/1/2023 • 6 minutes, 25 seconds
Cyber Security Today, Jan, 30, 2023 - A new data wiper discovered, patches for Lexmark printers and BIND are issued and more
This episode reports on the need to protect Active Directory, a patching strategy for ICS devices, a warning to VMware admins and more
1/30/2023 • 6 minutes, 33 seconds
Cyber Security Today, Week in Review for Friday, January 27, 2023
This episode features a discussion on Data Privacy Week, hacks involving GoTo and Zendesk and a report that some IT departments aren't even aware of certain vulnerabilities and patches
1/27/2023 • 18 minutes, 14 seconds
Cyber Security Today, Jan. 27, 2023 - Over 800,000 victims in a hack, Dutch hacker allegedly pedalled data of everyone in Austria and more
This episode reports on DDoS attacks in Germany, 61,000 open source Python projects patched on GitHub, Porsche problem with NFTs, facial recognition being allegedly used against lawyers and more
1/27/2023 • 5 minutes, 57 seconds
Cyber Security Today, Jan. 25, 2023 -- Data Privacy Week advice, terrible patching statistics and more
This episode reports on the aftermath for GoTo customers after a supply chain cyberattack, vulnerabilities in Samsung's Galaxy App Store, problems with password managers and more
1/25/2023 • 6 minutes, 41 seconds
Cyber Security Today, Jan 23, 2023 - Old US no-fly list found on unprotected airline server, ad fraud scheme is disabled and more
This episode reports on hackers using Microsoft OneNote in phishing attacks, the number of at-risk and unsupported Cisco routers and more
1/23/2023 • 6 minutes, 26 seconds
Cyber Security Today, Week in Review for Friday, January 20, 2023
This episode features a discussion on the Mailchimp hack, the theft of a customer database from a Nissan software developer, the compromise at CircleCI and whether firms have to tolerate buggy applications
1/20/2023 • 26 minutes, 39 seconds
Cyber Security Today, Jan. 20, 2023 - Ransomware payments plunged in 2022, malware hidden in blank images and more
This episode reports on ransomware payments, another privacy fine for a Meta company and attackers disrupting a virtual Le Mans race
1/20/2023 • 6 minutes, 9 seconds
Cyber Security Today, Jan 18, 2023 - Data hacked of Nissan owners, a GitHub vulnerability alert, holes in GitLab found and more
This episode reports on customer test data stolen from Nissan software developer, warnings to GitHub and GitLab users and holes found in GE's historian server
1/18/2023 • 5 minutes, 47 seconds
Cyber Security Today, Jan. 16, 2023 - Hackers use stolen credentials to beat Norton Password Manager, and more
This episode reports on hackers trying to exploit unpatched versions of Control Web Panel, indicators of compromise for a ManageEngine bug, FortiOS VPNs being targeted and more
1/16/2023 • 6 minutes, 27 seconds
Cyber Security Today, Week in Review for Friday, January 13, 2023
This episode features a discussion on fake ChatGPT apps, whether successful ransomware attacks are decreasing, vulnerabilities found in the apps created by major car manufacturers and how fast firms should notify customers about data breaches
1/13/2023 • 24 minutes, 4 seconds
Cyber Security Today, Jan 13, 2023 - Beware of fake salary increase emails, scams try to leverage the Microsoft Voice service, and more
This episode reports on the latest efforts of a pro-Russian hacktivist group, unpatched Exchange servers being leveraged by ransomware groups and more
1/13/2023 • 5 minutes, 45 seconds
Cyber Security Today, Jan 11, 2023 - Debate on ransomware attacks dropping continues, beware of long-hidden backdoors and lots of patches released
This episode reports on a new ransomware survey, a warning on old backdoors, DDoS attacks with ransoms going up and more
1/11/2023 • 6 minutes, 48 seconds
Cyber Security Today, Jan 9, 2023 - Russian gang tried to hack US nuclear research labs, and more malware in PyPI
This episode reports on new thinking about the speed of reporting data breaches to victims, the end of support for Windows 8.1, and more
1/9/2023 • 7 minutes, 4 seconds
Cyber Security Today, Week in Review for Friday, January 6, 2023
This episode includes a discussion on the alleged "rules" of ransomware attackers
1/6/2023 • 28 minutes, 39 seconds
Cyber Security Today, Jan. 6, 2023 - A quantum security break-though claim generates a quantum-sized controversy
This episode reports on the debate in quantum computing circles, a free decryptor for firms hit by the MegaCortex ransomware strain and why cloud services platforms have to tighten their security
1/6/2023 • 6 minutes, 21 seconds
Cyber Security Today, Jan. 4, 2023 -- Cyber Security Today, Jan. 4, 2023 -- Two new U.S. state privacy laws , manufacturer starts notifying data breach victims and more
This episode reports on new privacy laws in California and Virginia, breach notifications sent to employees of Wabtec, security updates from Synology and more
1/4/2023 • 5 minutes, 32 seconds
Cyber Security Today, Jan. 2, 2023 -- New Year's Resolutions
I begin the New Year with a podcast aimed at IT and security pros in small and medium businesses on how to start a cybersecurity plan
My last show of 2022 recalls advice for infosec pros from an expert I interviewed
12/30/2022 • 2 minutes, 45 seconds
Cyber Security Today, Year in Review for 2022
This episode features a feisty discussion on the important cybersecurity events of 2022, and predictions for 2023
12/28/2022 • 36 minutes, 50 seconds
Cyber Security Today, Dec, 26, 2022 - Ransomware attacks are up and a huge number of phishing packages found in open-source repositories
This episode reports on ransomware number for November and trouble in open-source repositories
12/26/2022 • 4 minutes, 27 seconds
Cyber Security Today, Week in Review for Friday, December 23, 2022
This episode features a discussion on the US seizure of 48 DDoS-for-hire sites, security patches for Samaba, Ukrainians fooled by free Windows 10 and more
12/23/2022 • 23 minutes, 4 seconds
Cyber Security Today, Dec. 23, 2022 - A new A new attack vector against Exchange and more unprotected data found on AWS S3 buckets
This episode reports on protecting Exchange Servers and Exchange Online, a report on the FIN7 ransomware gang and more bad Android apps
12/23/2022 • 5 minutes, 55 seconds
Cyber Security Today, Dec. 21, 2022 - Malware in the PyPi registry, GitHub expands security scanning and more
This episode reports on malware hidden in the PyPI registry for open-source projects, a huge privacy violation penalty for Epic Games and more
12/21/2022 • 5 minutes, 19 seconds
Cyber Security Today, Dec. 19, 2022 - Client-side encryption coming for versions of enterprise Gmail, BEC scams are stealing food, and more
This episode reports on improved privacy for Gmail, a new business email scams, security updates for Samba and more
12/19/2022 • 5 minutes, 19 seconds
Cyber Security Today, Week in Review for Dec. 16, 2022
This episode features a discussion on the hack of an FBi contact database, session cookies, cyber war and how to punish government employees who don't patch applications
12/16/2022 • 26 minutes, 42 seconds
Cyber Security Today, Dec. 16, 2022 - Denial of service attack sites shut, a Twitter spy is sentenced, and more
This episode reports on the closing of 48 DDoS for hire sites, data breaches at Social Blade and an Australian email provider, and a new Facebook scam
12/16/2022 • 6 minutes, 18 seconds
Cyber Security Today, Dec. 14, 2022 - A botnet tries to brute-force WordPress sites, a warning to Atlassian admins and new ransomware tactics
This episode reports on patches for Windows, a suppler hack stings Uber, malware in the PyPI registry and more
12/14/2022 • 6 minutes, 48 seconds
Cyber Security Today, Dec. 12, 2022 - Toronto hacking contest ends with 63 zero day bugs, and more
This episode reports on the results from the Toronto Pwn2Own contest, a possible way to hack air-gapped computers, a report on improving the software security supply chain and more
12/12/2022 • 7 minutes, 25 seconds
Cyber Security Today, Week in Review for Friday, Dec. 9, 2022
This episode features a discussion on the ransomware attack on Rackspace, the hack of Amnesty International Canada and a report on how threat actors are trying to get around multifactor authentication
12/9/2022 • 23 minutes, 50 seconds
Cyber Security Today, Dec. 9, 2022 - Toronto Pwn2Own contest awards close to $1 million in prizes, and more
This episode reports on another vulnerability found in Internet Explorer, a hack gets past Microsoft 365 and a vulnerability in web application firewalls
12/9/2022 • 4 minutes, 55 seconds
Cyber Security Today, Dec, 7, 2022 - Rackspace hit by ransomware, employees are still falling for the fake IT colleague scam, and more
This episode reports on ransomware, the need for continued security awareness training for employees and the high cost of low software quality
12/7/2022 • 5 minutes, 9 seconds
Cyber Security Today, Dec. 5, 2022 - Another data-wiper has been found, the open source Fosshost service is closing, and more
This episode reports on the CryWiper malware hitting Russia, spyware and SIM swapping
12/5/2022 • 7 minutes, 48 seconds
Cyber Security Today, Week in Review for Friday Dec. 2, 2022
This episode features a discussion on ethical hacking, fines for privacy offences and more
12/2/2022 • 26 minutes, 8 seconds
Cyber Security Today, Dec. 2, 2022 - The latest ransomware news, an accidental take-down of a botnet and more
This episode reports on the Cuba and LockBit ransomware, a fortunate error by Akamai and advice for safer online gaming from Canada's privacy commissioner
12/2/2022 • 5 minutes, 6 seconds
Cyber Security Today, Nov. 30, 2022 - Inflation benefits scam aimed at Canadians, a warning for Fortinet administrators and more
This episode reports on an inflation benefits scam aimed at Canadians, 13 vulnerabilities found in a Lanner baseboard management controller, a con aimed at TikTok users and more
11/30/2022 • 7 minutes, 31 seconds
Cyber Security Today, Nov. 28, 2022 - Twitter breach may be worse than first reported, a US college victimized by ransomware and more
This episode reports on the latest Twitter breach numbers, a US college victimized by ransomware, survey numbers from Dell and OpenText, and more
11/28/2022 • 7 minutes, 18 seconds
Cyber Security Today, Week in Review for Friday, November 25, 2022
In this episode Terry Cutler and I discuss the theft of funds from subscribers to the DraftKings betting site, ransomware and tips for safe holiday online shopping
11/25/2022 • 27 minutes, 8 seconds
Cyber Security Today, Nov. 25, 2022 - The Android patch-gap continues, beware of corrupted VPNs and more
This episode reports on vulnerabilities still not sent to some Android smartphones, a targeted scam distributing corrupted VPNs, malware may be hiding in Docker Hub images and more
11/25/2022 • 6 minutes, 20 seconds
Cyber Security Today, Nov. 23, 2022 - Lessons from the hack of officials in Moldova, a different phone scam and a warning about an abandoned web server
This episode reports on why Telegram may not be the text service for you, the latest version of a phone scam, a warning about a the abandoned Boa web server and more
11/23/2022 • 7 minutes, 1 second
Cyber Security Today, Nov. 21, 2022 - New ransomware strains found
This episode reports on four new ransomware strains, how researchers have been quietly helping victims of the Zeppelin ransomware, and patches issued for Atlassian applications
11/21/2022 • 6 minutes, 58 seconds
Cyber Security Today, Week in Review for Friday, November 18, 2022
This episode features a discussion on what Sobeys' parent company should be saying about a cyber incident, the reaction to ransomware in Australia and Ontario's recent report on helping the broader public sector from cyber attacks
11/18/2022 • 30 minutes, 3 seconds
Cyber Security Today, Nov. 18, 2022 - A warning about Amazon RDS snapshots, a new ransomware strain found, and more
This episode reports on the risks of misconfigured, a warning on the Log4Shell vulnerability, ransomware reports and more
11/18/2022 • 5 minutes, 53 seconds
Cyber Security Today, Nov. 16, 2022 - Bad news for application developers and early security advice for Black Friday shoppers
This episode reports on vulnerabilities found in applications, password variations hackers have figured out, advice for suspected deepfake audio messages, and more
11/16/2022 • 7 minutes, 38 seconds
Cyber Security Today, Nov. 14, 2022 - Lessons from cyber attacks against Ukraine, and beware of attempted extortion emails
This episode reports on mistakes that led to hacks in Ukraine, a wave of threatening emails, work-from-home websites shut and more
11/14/2022 • 7 minutes
Cyber Security Today, Week in Review for Friday, Nov. 11, 2022
This episode features a discussion about the arrest of a ransomware suspect in Canada, a settlement in a cyber insurance case and whether scanning the internet for vulnerable devices by a government agency is a good idea
11/11/2022 • 24 minutes, 10 seconds
Cyber Security Today, Nov. 11, 2022 - A new report on phishing, a warning of Venus ransomware, malware hidden in images and more
This episode reports on email attacks, ransomware, and a vulnerability in Windows credential roaming capability
11/11/2022 • 6 minutes, 29 seconds
Cyber Security Today, Nov. 9, 2022 - A new data wiper malware found, and security updates released for Windows and Citrix products
This episode reports on dangerous malware, crooks imprisoned in the US, and warnings about malicious USB keys and insider thefts
11/9/2022 • 8 minutes, 44 seconds
Cyber Security Today, Nov. 7, 2022 - Beware of business email gift card scams, and a new gang of crooks is impersonating lawyers
Get an email from the boss asking you to buy gift cards for all the employees? It may be a scam
11/7/2022 • 6 minutes, 42 seconds
Cyber Security Today, Week in Review for Friday, Nov. 4, 2022
This episode looks at words of wisdom from IT and security workers spotted on Twitter
11/4/2022 • 28 minutes, 56 seconds
Cyber Security Today, Nov. 4, 2022 - Beware of this telephone scam
Learn in this episode about sophisticated phone scams and how to avoid being a victim
11/4/2022 • 6 minutes, 56 seconds
Cyber Security Today, Nov. 2, 2022 - Unhappy infosec leaders, a list not to be on and more
This episode reports on infosec leaders considering leaving their jobs, hacked company access being sold and a warning about clicking on search engine ads
11/2/2022 • 5 minutes, 29 seconds
Oct. 31, 2022 - Windows servers help serve denial of service attacks, and more
This episode reports on hackers taking advantage of badly configured Windows servers, IIS logs and a VMware security update
10/31/2022 • 4 minutes, 45 seconds
Cyber Security Today, Week in Review for Friday, Oct. 28, 2022
This episode looks at highlights from the recent MapleSec cybersecurity conference
10/28/2022 • 26 minutes, 20 seconds
Cyber Security Today, Oct. 28, 2022 - A troubling employee security awareness survey, beware of so-called scanned email attachments and more
This episode reports on threats to Docker and Kubernetes containers, abuse by cryptominers of GitHub, and questions about the security awareness of employees
10/28/2022 • 6 minutes, 10 seconds
Cyber Security Today, Oct. 26, 2022 - American schools increasingly hit by ransomware, an event ticket agency is hacked and more
This episode includes advice on creating safe passwords, and more
10/26/2022 • 6 minutes, 50 seconds
Cyber Security Today, Oct. 24, 2022 - A new ransomware data removal tool is found, a warning that exploit proofs-of-concepts in Github may not be safe, and more
This episode reports on a new ransomware data exfiltration, a Microsoft Azure vulnerability, a start by Google to bring order to software bills of material efforts and more
10/24/2022 • 6 minutes, 54 seconds
Cyber Security Today, Week in Review for Friday, Oct, 21, 2022
This episode features a discussion on a common mistake in using email, the risks of using real customer data when testing applications and the latest cyber incident statistics for Canada
10/21/2022 • 26 minutes, 39 seconds
Cyber Security Today, Oct. 21, 2022 - Microsoft storage misconfiguation, data tracker leads to another data breach, and more
This episode reports on an arrest in Brazil allegedly related to the Lapsus$ gang. two convictions in the US for SIM card swapping and more
10/21/2022 • 5 minutes, 7 seconds
Cyber Security Today, Oct. 19, 2022 - A warning from the NSA about nation-state attacks, and more
This episode reports on presentations at a Mandiant conference, data breaches in Australia and more
10/19/2022 • 6 minutes, 6 seconds
Cyber Security Today, Oct. 17, 2022 - Warnings to VMware hypervisor and Office 365 administrators
This episode reports on the end-of-life support for two versions of ESXi hypervisors, an encryption issue with Office 365 email, a new threat to NPM libraries and more