Episodes
-
This episode also covers recent ransomware as a service (RaaS) trends, including the rise of SpearWing and Akira groups, advanced ransomware techniques exploiting IoT vulnerabilities, and issues with the ESP32 microcontroller's hidden commands. Additionally, Signal President Meredith Whitaker warns about privacy risks in agentic AI systems. Tune in for in-depth cybersecurity updates and more.
00:00 The Talk: Supporting Our Podcast
01:37 Cybersecurity Today: Ransomware as a Service
04:57 Akira Ransomware: Exploiting IoT Devices
06:50 ESP32 Microcontroller Vulnerabilities
08:21 AI Agents: Privacy and Security Risks
09:56 Conclusion and Contact Information -
Understanding Insider Threats in Cybersecurity with Eran Barak
Join host Jim Love as he discusses the critical issue of insider threats in cybersecurity with Eran Barak, CEO of MIND, a data security firm. In this episode, they explore the various types of insider threats, from innocent mistakes to malicious actors, and how companies can effectively protect their sensitive data. Learn about data loss prevention strategies, the impact of remote work, and the role of AI in enhancing data security. Get insights on practical steps that CISOs can take to mitigate risks and safeguard their organization's crown jewels.
00:00 Introduction and Guest Welcome
00:10 Understanding Insider Threats
01:20 Types of Insider Threats
02:18 Monitoring and Preventing Data Leaks
03:37 Remote Work and Security Risks
06:03 Access Control and Permissions
08:41 Real-World Scenarios and Solutions
21:20 The Role of AI in Data Security
34:53 Final Thoughts and Conclusion -
Missing episodes?
-
Cybersecurity Today: Rising Fraud in Canada and Major Cyber Crime Crackdowns
Welcome to another episode of Cybersecurity Today with your host, Jim Love. As fraud prevention month begins, we delve into the rising fraud rates in Canada, with new data from Equifax revealing Canadians' growing concerns about data protection, particularly among seniors and Quebec residents. We also cover the significant international law enforcement actions that dismantled the 8Base ransomware group and Garantex, a Russian cryptocurrency exchange linked to cybercriminal activities. Additionally, we discuss the emergence of a new botnet orchestrating record-breaking DDoS attacks, highlighting the persistent vulnerabilities in IoT devices. Don't miss our deeper analysis and the latest updates in cybersecurity.
00:00 Introduction to Fraud Prevention Month
00:23 Rising Fraud Concerns in Canada
02:24 Law Enforcement Actions Against Cyber Crime
04:34 Emergence of a New Botnet
06:46 Conclusion and Upcoming Shows -
US Cybersecurity Confusion, Massive ISP Cyber Attack, and Talent Shortages
In this episode of 'Cybersecurity Today,' host Jim Love discusses the mounting confusion over the US cybersecurity stance on Russia, following conflicting reports about potential policy changes and operational directives. The show also covers a massive cyber attack that compromised over 4,000 ISPs, deploying malware and cryptocurrency miners. Additionally, the episode highlights the ongoing talent crisis in the cybersecurity industry, with a growing disconnect between hiring practices and industry needs. Tune in for the latest updates and in-depth analysis.
00:00 Introduction and Host Welcome
00:21 US Cybersecurity Stance on Russia
02:16 Massive Cyber Attack on ISPs
03:57 Cybersecurity Talent Shortage
06:15 Conclusion and Final Thoughts -
Cybersecurity Insights: February Review & Current Trends
Join us in this comprehensive discussion on February's cybersecurity highlights, featuring experts Laura Payne from White Tuque and David Shipley from Beauceron Security. We delve into Canada's cybercrime progress, discuss significant global cyber incidents, and explore the ongoing challenges in cybersecurity regulation, AI integration, and digital identity. Additionally, we address the impacts of U.S. policy changes on cybersecurity standards and the vital need for effective cybersecurity education in the face of rapid technological advancements. Stay tuned for crucial insights and pragmatic advice to navigate today's cybersecurity landscape.
00:00 Introduction and Panel Welcome
01:30 Cybercrime Trends in Canada
05:59 International Cybercrime and Ransomware
08:08 Nation-State Cyber Heists
14:14 Legacy Systems and Cybersecurity Challenges
17:08 Open Banking and FinTech Security
24:35 US Federal Cybersecurity Cuts
30:57 The Reality of Cyber Threats
31:13 Cultural Perceptions of Cybersecurity
31:57 Political Will and Cybersecurity Policies
32:44 North Korean Cyber Threats
33:17 Generational Knowledge and Cybersecurity
34:20 Cryptocurrency Regulation Challenges
35:11 Digital Identity Concerns
41:00 Encryption and Privacy Debates
47:08 AI and Cybersecurity Risks
57:06 Concluding Thoughts and Future Directions -
In this episode, host Jim Love covers a $1.5 billion Ethereum heist attributed to the North Korean Lazarus Group, Google's shift from SMS to QR codes for multifactor authentication, a massive botnet targeting Microsoft 365 accounts, and new phishing scams exploiting PayPal's address feature. Tune in for essential insights into the latest cybersecurity threats and measures.
00:00 Introduction and Announcements
00:18 Record-Breaking $1.5 Billion Cryptocurrency Heist
03:06 Google Enhances Security with QR Codes
04:55 Massive Botnet Targets Microsoft 365 Accounts
07:10 Scammers Exploit PayPal's New Address Feature
08:58 Cybersecurity Best Practices and Conclusion -
Unveiling Cybercrime: Black Basta Leaks, VPN Attacks, RCMP Crackdown & AI Vulnerabilities
In this episode of Cybersecurity Today, Jim Love discusses the leaked chat logs of the Black Basta Ransomware Group, a colossal cyber attack targeting VPN devices with 2.8 million IP addresses, and the RCMP's successful dismantling of a major cyber fraud operation in Ontario. Additionally, researchers reveal a technique called Indiana Jones that exposes significant vulnerabilities in large language models like ChatGPT, showcasing the ease of bypassing their safety filters. Stay informed on the latest in cybersecurity.
00:00 Introduction and Headlines
00:24 Inside Black Basta Ransomware Group
03:11 Massive VPN Cyber Attack
05:30 Ontario's RCMP Cyber Fraud Bust
08:26 Indiana Jones Jailbreak Exposes AI Vulnerabilities
11:08 Conclusion and Contact Information -
Unveiling the Complexities: The Dark Side of AI and Its Real-World Implications
In this episode, explore the intricate discussions surrounding AI with experts Marcel Gagné, John Pinard, and Jim Love. Dive into contemporary understandings of AI, its potential threats, and its application in both personal and professional realms. The panel discusses the 'dark side' of AI not to instill fear, but to devise strategies for managing its risks. Topics include AI misconceptions, the potential for AI to misbehave, operational security in AI implementation, and philosophical debates on AI consciousness. The episode emphasizes the importance of critical thinking, debate, and responsible use as AI technologies become increasingly integrated into society. Join the conversation and share your thoughts on AI's evolving landscape.
00:00 Introduction to Project Synapse
00:46 Exploring the Dark Side of AI
01:05 Invitation to Join the Discussion
02:01 Three Key Areas of AI Concerns
02:38 Speculative Risks and Science Fiction Scenarios
03:29 Implementing AI in Corporate Settings
04:37 AI Misbehavior and Security Concerns
07:09 Consciousness and AI
20:04 AI as Hyper-Intelligent Children
29:18 Security and Data Privacy in AI
31:36 Human Weakness in Security
31:50 Social Engineering Tactics
32:37 Security Misconceptions in Engineering
33:11 AI Data Storage and Security
34:45 AI Data Retrieval Concerns
39:05 Testing Security in Development
40:35 Regulatory Challenges with AI
43:26 Bias and Decision Making in AI
46:47 The Importance of Critical Thinking
50:09 The Role of Social Interaction in Business
54:35 AI as a Consultant
01:01:50 The Future of AI and Responsibility
01:04:24 Conclusion and Contact Information -
Cyber Security Today: OpenSSH Vulnerabilities and Black Stash's Stolen Cards
In this episode, host Jim Love discusses two significant OpenSSH vulnerabilities that risk man-in-the-middle and denial-of-service attacks. The hacker group Black Stash has released 4 million stolen credit cards for free, potentially enticing further illegal activities. Palo Alto Networks' firewalls face active attacks, with multiple CVEs allowing privilege escalation and bypassing authentication. Critical updates and secure management practices are emphasized to protect systems.
00:00 Introduction and Headlines
00:21 OpenSSH Vulnerabilities Explained
02:39 BlackStash's Stolen Credit Card Dump
04:40 Palo Alto Networks Under Attack
06:21 Conclusion and Contact Information -
Critical PostgreSQL Bug Exploited in Treasury Hack & New Threats Unveiled - Cybersecurity Today
In today's episode of Cybersecurity Today, hosted by Jim Love, we delve into major cybersecurity events, including a crucial PostgreSQL vulnerability exploited in the U.S. Treasury hack, Russian hackers bypassing traditional password security with device code authentication, and the discovery of the 'Final Draft' malware hijacking Microsoft Outlook drafts. Additionally, we explore the BBC's new tool to combat digital misinformation with Content Credentials. Tune in for in-depth insights and latest cybersecurity updates.
00:00 Introduction and Headlines
00:24 PostgreSQL Vulnerability and U.S. Treasury Hack
02:21 Russian Hackers Exploit Device Code Authentication
04:09 New Malware Hijacks Outlook Drafts
05:55 BBC Tests Truth Marks to Combat Fake News
07:49 Conclusion and Contact Information -
Unpacking AI: Executive Insights & Essential Questions
Join us in this special edition of Hashtag Trending and Cybersecurity Today as we dive deep into AI with technology consultant Marcel Gagné and cybersecurity expert John Pinard. We discuss the necessity for executives to understand and implement AI despite limited knowledge, the need for question-based learning, and the significance of a comprehensive AI bootcamp. From real-world applications to the evolving AI landscape, this episode provides a nuanced view on leveraging AI in business while addressing the critical question of safety.
00:00 Introduction and Welcome
00:19 Meet the Panelists
00:38 AI in the Executive World
00:54 Bootcamp for Executives
01:17 Starting the Discussion
01:44 Understanding AI Challenges
03:00 The Importance of Asking Questions
07:45 Historical Context of AI
11:30 Practical Applications of AI
15:06 Generative AI and Its Impact
23:09 Future of AI Models
30:39 Introduction to Google Recorder App
31:11 AI for Meeting Transcriptions
33:18 AI in Marketing and Business Applications
34:07 The Future of AI in Business
36:03 Debating AI's Potential and Limitations
38:09 Advanced AI Models and Their Uses
40:12 AI in Consulting and Decision Making
49:47 Risk Management in AI Implementation
59:34 Final Thoughts and Wrap-Up -
Cybersecurity Today: North Korean Hacks, AI Memory Breach, and School Data Comprimise
In this episode of Cybersecurity Today, host Jim Love covers a range of crucial topics in the cybersecurity landscape. North Korean hackers are using new social engineering tactics to infiltrate systems by posing as South Korean officials, while prompt injection attacks are compromising the long-term memory of Google's Gemini AI. Canada's Privacy Commissioner is investigating a significant data breach affecting students' personal information in PowerSchool, and the FBI's Operation Level Up is tackling cryptocurrency investment frauds, potentially saving victims millions. Get the latest insights and stay informed on how to protect yourself against these evolving threats.
00:00 Introduction and Headlines
00:23 North Korean Hackers' New Tactics
02:35 Prompt Injection Attacks on AI
04:37 Canada's PowerSchool Data Breach
06:38 FBI's Operation Level Up
09:20 Conclusion and Upcoming AI Show -
Scammers Exploit DeepSeek Hype & Jailbreak OpenAI's O3 Mini – TechNewsDay Update
In this episode, we uncover how scammers are exploiting the recent hype around DeepSeek, a new AI model, by creating fake websites, counterfeit cryptocurrency tokens, and malware-laced downloads. We also discuss the jailbreaking of OpenAI's newly released O3 mini model, highlighting its security vulnerabilities. Additionally, a woman is sought by police for purchasing an iPhone using a stolen identity in a London Apple store. Stay tuned for important updates on cybersecurity, AI advancements, and fraud prevention.
00:00 Scammers Exploit DeepSeek Hype
01:43 DeepSeek's Security Challenges
04:10 OpenAI's O3 Mini Model Jailbreak
06:49 iPhone Fraud in London Apple Store
07:44 Conclusion and Call for Tips -
In this episode of Cyber Security Today with host Jim Love, we delve into the significant 35% drop in global ransomware payments in 2024, highlighting a growing resistance to hacker demands and improved law enforcement actions. We also discuss a national security crisis sparked by Treasury's DOGE access and its broader implications for intelligence operations. Additionally, we share an eye-opening backup horror story emphasizing the critical importance of not just taking backups but ensuring they are restorable. Tune in for these updates and more in today's episode.
00:00 Ransomware Payments Drop in 2024
02:48 Treasury's DOGE Access Crisis
05:02 The Dangers of Untested Backup Systems
07:28 Conclusion and Contact Information -
In this episode of Cybersecurity Today, host Jim Love dives deep into the latest advancements in AI technology with a focus on the new open-source model, DeepSeek, from China. Love discusses the significant cost differences in training and running this model compared to competitors like OpenAI and highlights DeepSeek's efficiency and ability to run on older GPUs. The conversation pivots to the cybersecurity implications of such open-source models, especially for professionals in the field. Special guest Robert Falzon, head of engineering at CheckPoint Software, joins the discussion to provide insights on how cybercriminals are leveraging AI tools and the newfound accessibility of powerful AI models. Love and Falzon also explore the current state of cybersecurity education, risk assessment, and the importance of realistic conversations about risks and safeguards in the face of these technological advancements. Tune in for an in-depth analysis of the intersection of AI and cybersecurity and what it means for professionals and companies moving forward.
00:00 Introduction to Cybersecurity Today
00:05 DeepSeek: A Game-Changer in AI
00:48 DeepSeek's Cost Efficiency and Accessibility
01:30 Open Source and Democratization of AI
02:59 Cybersecurity Concerns with AI Advancements
03:51 Interview with Robert Falzon from CheckPoint Software
04:13 AI's Impact on Everyday Life and Cybersecurity
05:17 The Knowledge Gap in AI and ML
07:50 The Risks of Data Security in AI
10:20 Cybersecurity Fundamentals and AI
10:59 The Growing Threat of AI in Cybercrime
18:29 The Need for Improved Security Measures
23:07 The Reality of AI-Driven Cyber Attacks
25:08 Advanced Malware Targeting Specific Industries
25:48 The Evolution of Phishing Attacks
27:13 AI and Home Automation Security
28:12 Banking System Vulnerabilities
29:23 Internal AI Threats and Risk Management
31:07 The Need for Updated Risk Assessments
31:43 Educating Organizations on AI and Cybersecurity
36:19 The Importance of Cyber Hygiene
45:11 Final Thoughts and Optimism for the Future -
Cybersecurity Today: EDR Evasion, SSH Backdoor, WhatsApp Zero-Click Hack, and DeepSeek AI
In today's episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues. The show covers Canada's Digital Governance Council's launch of a cyber ready validation program designed to help small and medium-sized businesses improve their cybersecurity. Jim then delves into a new cyber attack technique that bypasses Endpoint Detection and Response (EDR) systems, an SSH backdoor used by the Chinese cyber espionage group Evasive Panda, and a zero-click hacking technique targeting WhatsApp users. The episode concludes with insights on the Chinese open-source AI DeepSeek and the importance of nuanced discussion in security debates. Stay tuned for expert interviews on AI and cybersecurity in upcoming episodes.
00:00 Introduction to Cyber Ready Validation Program
00:52 Emerging Cyber Threats: EDR Evasion
04:42 New SSH Backdoor by Evasive Panda
06:31 WhatsApp Zero-Click Exploit
08:03 DeepSeek AI and Security Concerns
10:45 Conclusion and Call for Discussion -
In this episode of Cybersecurity Today with Jim Love, explore the growing concerns surrounding DeepSeek AI's censorship and lack of guardrails, the rise of 'Shadow AI' in workplaces, and how cybercriminals exploit major cloud providers like AWS and Azure. Learn about a phishing scam targeting Microsoft single sign-on that's been undetected for six years, and get insights into the critical measures needed to safeguard against these evolving threats.
00:00 Introduction to Cybersecurity Today
00:25 DeepSeek AI: Censorship and Security Concerns
02:56 Shadow AI: The Rise of Unauthorized Generative Tools
05:05 Cloud Providers Exploited by Cybercriminals
07:31 Phishing Scams Targeting Microsoft Single Sign-On
09:03 Conclusion and Listener Engagement -
Cybersecurity Threats: Fraud in Canada, DeepSeek AI Jailbreak & Toll Scams - Exclusive Interview with Ivan Novikov
In this episode of Cybersecurity Today, host Jim Love discusses the alarming $638 million lost by Canadians to fraud in 2024, with investment fraud being the most significant contributor. The episode also covers the successful jailbreak of China's DeepSeek AI model, raising major security concerns, and a new phishing scam targeting US toll road users. The episode concludes with a detailed interview with Ivan Novikov, CEO of Wallarm, discussing API security vulnerabilities and their research findings.
00:00 Introduction and Overview
00:21 Fraud in Canada: A Deep Dive
01:14 Investment and Identity Fraud Insights
01:49 Preventive Measures and Reporting
02:47 DeepSeek AI Model Jailbreak
04:38 SMS Phishing Scams Targeting US Toll Road Users
06:34 Exclusive Interview with Ivan Novikov
07:41 Wallarm's API Security Study
15:01 DeepSeek Jailbreak Techniques
25:13 Conclusion and Final Thoughts -
Cybersecurity Today: DeepSeek AI Disruptions, Nvidia Breach, and TalkTalk Hack Revisited
In this weekend edition of Cybersecurity Today, our panel reviews the most significant cybersecurity stories of the past month. This episode features Laura Payne from White Tuque, David Shipley from Beauceron Security, and Dana Proctor from IBM. Key topics include the sudden emergence of DeepSeek AI, Nvidia’s vulnerabilities and their effect on stock prices, and TalkTalk’s latest data breach. Additionally, the discussion covers the soaring API security vulnerabilities reported by Wallarm and the UK’s potential legislative action on ransomware payments. Stay tuned for expert insights and analysis on these pressing issues in the world of cybersecurity.
00:00 Introduction and Panel Welcome
00:41 DeepSeek AI Disruption
02:09 Security Concerns and Reactions
04:06 NVIDIA's Vulnerabilities and AI Security
07:15 Economic and Geopolitical Implications
12:13 AI in Business and Security Practices
20:57 Open Source AI and Cybersecurity Risks
25:37 Responsibility in Data Management
26:25 AI's Unstoppable Progress
26:53 API Security Concerns
28:41 Non-Human Identities and API Challenges
30:36 The State of Cybersecurity Awareness
35:05 Legislative Hopes and Cybersecurity
37:25 TalkTalk Breach Revisited
44:10 Ransomware Legislation Proposals
45:34 Shoutout to Cyber Police
47:04 Closing Remarks and Audience Engagement -
Cybersecurity Today: DeepSeek AI's Data Breach, New API Threats, & Operation Talent
In this episode of 'Cybersecurity Today,' host Jim Love delves into the recent security lapse by DeepSeek AI, highlighting the exposure of sensitive data through an open ClickHouse database. Learn about the growing threat posed by APIs as the primary attack vector in cybersecurity, with findings from Wallarm's 2025 API Threat Stat Report. Additionally, discover the impact of international law enforcement's Operation Talent on dismantling major cybercrime forums, and be informed about a new browser attack technique, 'browser sync jacking,' which poses risks to millions of users. Stay tuned for a comprehensive overview of the latest in cybersecurity.
00:00 Major Security Concerns with DeepSeek AI Databases
03:13 The Rise of API Cyber Attacks
05:23 Global Crackdown on Cybercrime Forums
07:04 New Browser Attack Technique Discovered
08:54 Conclusion and Upcoming Discussions - Show more
