Episodes
-
SEC Fines, WordPress Hacks, & Okta's New Security Standards | Cybersecurity Today
Join host Jim Love in this episode of Cybersecurity Today, sponsored by CDW Canada Tech Talks. We delve into the SEC's $7 million fine on four companies for misleading cybersecurity disclosures, the hacking of over 6,000 WordPress sites by malicious plugins, and Okta's introduction of a new identity security standard in response to rising SaaS breaches. Get detailed insights on these key topics and more. Tune in to stay updated on the most pressing cybersecurity issues!
00:00 Introduction to Cybersecurity Today
00:28 SEC Fines for Misleading Cybersecurity Disclosures
02:39 Massive WordPress Site Hacks
04:58 Okta's New Security Standards
07:49 Conclusion and Sponsor Message -
In today's episode of Cyber Security Today, sponsored by CDW Canada Tech Talks, host Jim Love dives into the latest tech news and cybersecurity updates. Key stories include the FBI arrest of Eric Council Jr. for hacking the SEC's social media, the release of VulnHuntr, an AI tool designed to detect zero-day vulnerabilities in Python, and the arrest of two Sudanese brothers running a cybercrime business. Additional updates cover a security flaw in the WordPress Jetpack plugin, ongoing attacks on the Internet Archive, and the Golden Chickens spear-phishing campaign targeting HR personnel. Tune in for these stories and more.
00:00 Introduction to Cyber Security Today
00:27 FBI Arrests in SEC Social Media Hacks
02:49 Open Source Tools for Python Vulnerabilities
05:20 Cyber Crime Arrests and Scams
07:25 Golden Chickens Spear Phishing Campaign
09:15 Show Wrap-Up and Announcements -
Episodes manquant?
-
Phishing and Cybersecurity: Evolution, Tactics, and Human Factors
In this deep dive into the world of cybersecurity, join experts Jim Love and David Shipley as they unravel the ever-evolving landscape of phishing attacks and modern cyber threats. Through discussing the history and sophisticated evolution of phishing, including innovative methods like quishing, vishing, and smishing, this episode reveals the severe impacts on businesses and individuals. Discover how cybercriminals use psychological manipulation, including principles from Robert Cialdini's influence framework, to dupe unsuspecting victims. Uncover real-world examples, such as the dangers posed by AI-driven datasets, and the critical importance of Multi-Factor Authentication (MFA) in enhancing account security. The episode also delves into the human elements of cybersecurity, emphasizing the role of workplace culture, emotional intelligence Training, and assertiveness in creating a resilient defense against social engineering attacks. Join us for practical tips and insights to bolster your cybersecurity posture.
00:00 Introduction to Cybersecurity Today
00:31 Emerging Phishing Threats
01:36 Deep Dive into Phishing
03:22 History of Phishing
05:55 Types of Phishing Attacks
19:16 Social Engineering and Phishing
20:06 Research Hypothesis on Phishing
25:55 Phishing Tactics: Free Gift Card Scams
26:24 The Power of Scarcity in Phishing
28:18 Authority Figures and Phishing
29:02 Consistency: Small Requests to Big Scams
30:06 Liking and Social Proof in Phishing
32:19 The Evolution of Phishing Techniques
35:15 Fighting Back: Technical Solutions
42:57 Emotional Intelligence and Workplace Culture
46:58 Conclusion and Final Thoughts -
In this episode, host Jim Love delves into sophisticated phishing attacks, cybersecurity initiatives, and significant changes in data security protocols. Listeners will learn about a national survey revealing that 53% of Canadians would switch banks after a data breach and hear insights on Apple's proposal to shorten SSL/TLS certificate lifespans. The episode also covers 23andMe's data breach and settlement, and introduces the FIDO Alliance's new protocol designed to enhance passkey portability across platforms. Emphasizing the importance of robust cybersecurity measures and user education, the discussion highlights advancements in passwordless authentication, as demonstrated by major implementations from companies like Amazon. This episode offers an in-depth look at current cybersecurity challenges and forward-thinking solutions in the realm of user authentication.
00:00 Introduction and Show Format Update
00:48 Canadian Banking Cybersecurity Concerns
01:14 Survey Insights and Financial Sector Responses
03:25 Customer Concerns and Communication Gaps
04:17 Financial Impact of Data Breaches
05:13 Apple's SSL/TLS Certificate Lifespan Proposal
06:20 Google's Push for Shorter Certificate Lifespans
07:24 23andMe Data Breach Settlement
09:55 FIDO Alliance and Passwordless Authentication
12:38 Conclusion and Show Notes -
Cybersecurity Today: Wayback Machine Read-Only, AI-Driven Phishing, and Quantum Computing Breakthroughs
In this episode of Cybersecurity Today, host Jim Love discusses the recent cyber incident with the Internet Archive's Wayback Machine, which is now back online in read-only mode. He outlines sophisticated AI-driven Gmail phishing schemes that are fooling even tech experts and reports on Chinese researchers' breakthrough using a Canadian quantum computer to potentially crack military-grade encryption. Jim also shares practical advice on staying vigilant against such cyber threats.
00:00 Introduction and Schedule Update
00:22 Cybersecurity News Highlights
00:44 Internet Archive's Wayback Machine Breach
02:06 Sophisticated AI-Driven Gmail Phishing Scams
05:45 Quantum Computing Breakthrough in Encryption
07:10 Conclusion and Sign-Off -
Exploring IT Trends and AI Opportunities with Brian Jackson
In this crossover episode of Hashtag Trending, host Jim Love interviews Brian Jackson, Principal Research Director at InfoTech Research Group, to discuss emerging IT trends and their intersection with cybersecurity. The conversation covers AI advancements, quantum computing, and digital humans, focusing on how to leverage technology for business opportunities while mitigating associated risks. Brian also emphasizes the importance of AI specialization and sovereignty, and the necessity for organizations to adapt encryption in preparation for quantum computing breakthroughs. Tune in for insights on current technology trends and strategies to harness emerging tools effectively.
00:00 Introduction and Overview
00:42 Meet Brian Jackson
01:51 Brian's Role at InfoTech
02:47 Tech Trends 2025
04:07 AI Opportunities and Risks
05:41 Quantum Computing and Cryptography
06:29 Digital Humans and Deepfakes
09:22 AI in Business Applications
22:32 AI Sovereignty and Cost Management
33:48 Quantum Computing in Practice
38:30 Conclusion and Final Thoughts -
Cybersecurity Today: Data Breaches and Malware Threats
In this episode of Cybersecurity Today, host Jim Love discusses the hacking incidents involving the Internet Archive and Fidelity, exposing millions of users' data. Highlights include the Internet Archive breach attributed to the Black Meta Hacktivist group, affecting 31 million users, and Fidelity's data breach impacting 77,000 customers. Additionally, the bankruptcy of National Public Data after a massive leak and North Korean cyberattacks on tech job seekers are detailed. These incidents emphasize the importance of robust cybersecurity measures and industry regulations.
00:00 Major Data Breaches: Internet Archive and Fidelity
00:26 Internet Archive Breach: Details and Impact
01:49 Fidelity Data Breach: What Happened?
03:17 National Public Data Files for Bankruptcy
05:23 North Korean Hackers Target Tech Job Seekers
07:38 Conclusion and Resources -
Cybersecurity Alert: White House Urges Insurance Reform & Major Hacks Revealed
In this episode of Cybersecurity Today, host Jim Love covers significant developments in cybersecurity policy and breaches. The White House, represented by U.S. Deputy National Security Advisor Ann Neuberger, calls for an end to insurance policies that incentivize ransomware payments. The episode also discusses a major ransomware attack affecting Comcast and highlights a significant breach by China-backed hackers targeting U.S. telecom providers. Additionally, American Water faces a security breach impacting its customer systems. The episode emphasizes the growing threats and debates around cybersecurity practices.
00:00 Introduction and Headlines
00:41 White House Calls to End Ransomware Payments
02:11 Comcast Data Breach Exposes 230,000 Customers
03:57 Chinese Hackers Compromise U.S. Telecom Systems
06:24 American Water Cybersecurity Incident
08:02 Conclusion and Show Notes -
Cybersecurity Today: Cloudflare's DDoS Victory, Russian Hacker Arrests, and Truth Social Scams
In this episode of Cybersecurity Today, host Jim Love discusses Cloudflare's successful mitigation of the largest recorded DDoS attack, showcasing the company's advanced defense capabilities. The episode also covers the arrest of nearly 100 individuals in Russia linked to illegal cryptocurrency transactions and ransomware laundering through the Crypteks crypto exchange. Additionally, it highlights Truth Social's vulnerability to pig butchering scams, where users face significant financial losses. These stories reflect ongoing cybersecurity challenges and responses from different stakeholders.
00:00 Introduction and Headlines
00:28 Cloudflare's DDoS Defense Triumph
02:57 Russia's Crackdown on Cryptex Crypto Exchange
04:57 Truth Social's Pig Butchering Scams
07:02 Conclusion and Show Notes -
Unveiling the Truth: Insights into Cyber Security Awareness and Phishing
In a special crossover episode of Cyber Security Today and Hashtag Trending, host Jim Love discusses the biases and challenges in technology marketing research with guest David Shipley, head of Beauceron Security. The conversation examines the significance of security awareness, focusing on phishing simulations. Shipley shares insights from his research, emphasizing the optimal frequency of monthly phishing tests and the importance of reporting rates. The episode also covers the psychological aspects of cyber security, sustainability of gamification in training, and highlights the need for balancing training demands to avoid negative impacts of overtraining. Listeners are encouraged to reflect on the insights shared and respond with their thoughts on the program's format.
00:00 Introduction and Overview
00:15 The Problem with Technology Marketing Research
00:46 Bias in Research and Media
01:33 Importance of Objective Research
02:24 Introducing David Shipley and His Research
03:08 Understanding Human Behavior in Cybersecurity
05:38 Phishing Research and Findings
07:19 Effective Phishing Simulations
15:02 Insights from Phishing Data
22:14 The Importance of Reporting and Feedback
22:32 Multi-Channel Communication Strategies
23:53 Gamification and Personal Cyber Risk Scores
25:16 Behavioral Economics in Cybersecurity
27:07 The Impact of Intrinsic Motivation
29:22 The Role of Psychology in Cybersecurity
30:15 The Framing Effect and Security Perception
32:19 Optimism Bias and Security Awareness
35:00 The Dunning-Kruger Effect in Training
37:29 Anchoring Bias and Phishing Indicators
39:03 Key Takeaways and Final Thoughts -
Cybersecurity Today: NVD Backlogs & Emerging Threats
Host Jim Love discusses the backlog in the National Vulnerability Database and its implications for cybersecurity, highlighting two new Linux vulnerabilities. The episode also covers a sophisticated malware, Perfctl, attacking Linux servers, vulnerabilities in CUPS, and security risks of Meta's smart glasses. Additionally, insights are provided from a CIRA study on ransomware payment trends and the challenges posed by AI in cybersecurity. The podcast ends with announcements for new vulnerability threats and a preview of upcoming research with co-host David Shipley.
00:00 Introduction and Podcast Promotion
00:45 National Vulnerability Database Backlog
02:54 Linux Vulnerabilities: Perfctl Malware
04:42 CUPS Vulnerability Alert
05:56 Privacy Concerns with Meta's Smart Glasses
07:23 Critical Vulnerabilities in Zimbra and Ivanti
08:55 CIRA's Ransomware Study Insights
12:12 AI in Cybersecurity: Survey Findings
14:02 Conclusion and Upcoming Features -
Cybersecurity News: Microsoft Patch Issues, Chrome Vulnerabilities, and T-Mobile Settlement
In this episode of Cybersecurity Today, Jim Love discusses several pressing issues in the tech world. Early feedback on Microsoft's Windows 11 October Patch Tuesday update reveals significant stability issues. Google Chrome receives a second major security update in ten days due to four new high severity vulnerabilities. The Canadian Internet Registration Authority (CIRA) publishes its annual cybersecurity study highlighting the costs and damages from cyberattacks on Canadian businesses. A coalition of major security agencies releases a report on detecting and mitigating Active Directory compromises. Lastly, T-Mobile agrees to a $31.5 million settlement with the FCC over multiple data breaches affecting millions of U.S. customers. Stay tuned for more insights and updates!
00:00 Introduction and Podcast Promotion
00:38 Microsoft's October Patch Tuesday Issues
02:29 Urgent Chrome Security Update
03:27 CIRA's Annual Cybersecurity Study
05:18 Active Directory Compromise Report
06:57 T-Mobile's FCC Settlement
08:38 Conclusion and Sponsor Message -
New NIST Password Guidelines, Octo2 Trojan & ChatGPT Vulnerabilities | Cybersecurity Today
Join Jim Love in today's episode of Cybersecurity Today as he discusses the latest password security guidelines from NIST focusing on length and usability, the emergence of the Octo2 Trojan targeting bank accounts on Android by posing as VPN and Chrome apps, and a significant vulnerability in ChatGPT allowing attackers to plant false memories. Additionally, learn about Google's new password rules for Gmail access and the recent glitch causing ChatGPT to initiate conversations on its own. Don't miss this insightful episode to stay updated on the latest cybersecurity trends and measures.
00:00 Introduction and Podcast Promotion
00:50 NIST's New Password Guidelines
02:26 Octo2 Trojan: New Android Threat
03:27 ChatGPT Vulnerability: False Memories
04:40 Google's New Password Rules for Gmail
05:35 ChatGPT's Unprompted Messaging Bug
06:54 Conclusion and Sponsor Message -
Cyber Security Week in Review: Data Breaches, MFA Bypassing, and Surveillance Insights
Join host Jim Love along with an expert panel featuring Terry Cutler, David Shipley, and Laura Payne to discuss this week in cybersecurity. Topics include the latest methods of bypassing MFA, data breaches and how to deal with compromised information, the implications of the FTC's report on tech company data collection, new findings on fraud affecting small businesses, and an intriguing German police technique to unmask TOR users. The episode also introduces the 'Stinkies' award for unnecessary fearmongering by cybersecurity vendors. Don't miss this in-depth analysis and practical advice for staying secure in an increasingly digital world.
00:00 Introduction and Panelist Introductions
02:55 Jessica's Question on Data Breaches
09:18 Small Business Fraud and Cybersecurity
17:44 Evilginx and MFA Vulnerabilities
22:44 MFA Security: Myths and Realities
25:26 The FTC's Staggering Surveillance Report
28:44 Surveillance Capitalism and Marketing Tactics
28:54 Tim Hortons' Data Collection Scandal
37:00 The German Police and TOR Anonymity
42:49 The Inaugural Stinky Awards
44:58 Final Thoughts and Farewell -
Canadian SMBs Face Rising Fraud Threats & New AI-Powered Gmail Security
In this episode of Cyber Security Today, host Jim Love discusses the increasing fraud threats faced by Canadian small and medium-sized businesses, revealing that half have experienced attempted or successful fraud in the past year. The transportation sector is hit hardest, with 61% reporting fraud attempts. Google’s new Gemini AI technology offers enhanced security for Gmail, notably for smaller businesses. InfoStealer malware developments are circumventing Google Chrome’s app-bound encryption, posing significant threats. Additionally, severe vulnerabilities have been uncovered in fuel storage tank monitoring systems, emphasizing the urgency for robust security measures in critical infrastructure.
00:00 Introduction and Overview
00:25 Fraud Threats Facing Canadian SMBs
02:15 Google's AI-Powered Security Enhancements
03:54 InfoStealer Malware Targeting Google Chrome
06:11 Critical Vulnerabilities in Fuel Storage Technology
08:28 Conclusion and Final Thoughts -
Evilginx: MFA Bypass Tool, Kaspersky's Exit & FTC's Data Surveillance Report - Cyber Security Today
In this episode of Cyber Security Today, host Jim Love discusses a new cyber security tool called Evilginx that bypasses multi factor authentication (MFA), Kaspersky's unexpected software replacement for North American users, ESET's patches for critical vulnerabilities, and a scathing FTC report on data collection by major tech companies. Learn about the latest cyber security threats and updates to stay informed and protected.
00:00 Introduction to Today's Cyber Security News
00:26 Evilginx: The New Threat to Multi-Factor Authentication
02:45 Kaspersky's Controversial Exit from the U.S. Market
04:36 ESET Patches Critical Vulnerabilities
06:33 FTC's Scathing Report on Big Tech's Data Practices
08:11 Conclusion and Show Notes -
Security Risks with Apple's OS Update, Disney Ditches Slack, and GitHub Hack Alert
In this episode of Cyber Security Today, host Jim Love discusses pressing issues in the cybersecurity landscape: Apple's latest macOS update, Sequoia version 15, causing compatibility issues with major security tools; Disney's move to scrap Slack after a significant data breach; a sophisticated GitHub phishing attack leveraging GitHub's notification system; and German police's breakthrough in unmasking anonymous Tor users. Key takeaways include advice for IT professionals on managing OS updates, the implications of corporate messaging app breaches, precautions for GitHub users, and recommendations for maintaining anonymity on the Tor network.
00:00 Introduction and Headlines
00:21 Apple's Mac OS Sequoia Update Issues
02:00 Disney Dumps Slack After Data Breach
03:13 GitHub Phishing Campaign Exploits Developers
04:44 German Police Unmask Tor Users
07:19 Conclusion and Show Notes -
A Hacker's Perspective on Vulnerable Civic Infrastructure
In this episode, host Jim Love explores the vulnerabilities of civic infrastructure with cybersecurity expert Nick Aleks. They discuss how hackers view and exploit city systems, the dangers of default passwords and outdated firmware, and the risks associated with smart buildings and operational technology. Nick provides insights on how bad actors can leverage these weaknesses for massive attacks and offers recommendations for improving security through collaboration, proactive measures, and the incorporation of AI technologies. This enlightening discussion highlights the urgent need for better security practices in our increasingly connected urban environments.
00:00 Introduction and Context
00:18 Meet the Expert: Nick Aleks
00:51 A Hacker's Perspective on City Infrastructure
03:20 Penetration Testing and Vulnerabilities
04:26 Targeting Civic Infrastructure
20:30 Smart Buildings and IoT Security
25:12 Defensive Strategies and Collaboration
32:29 The Role of AI in Security
35:06 Conclusion and Final Thoughts -
Cybersecurity Today: Supply Chain Attacks, Data Breaches, and Botnet Threat Disruptions
In this episode of 'Cybersecurity Today,' host Jim Love covers pressing issues in the cybersecurity world, including a supply chain attack in Lebanon, a major data breach at AT&T resulting in a $13 million fine, and the disruption of the Chinese botnet known as Raptor Train. The AT&T breach underscores the risks of weak vendor data protection, while the weaponization of communication devices in Lebanon signals new threats in cyber-physical warfare. The episode also highlights the resilience of the Raptor Train botnet, attributed to the Chinese state-sponsored group Flax Typhoon, and the steps taken by the FBI to mitigate this threat. Listeners are advised to enhance their cybersecurity practices to protect against these multifaceted attacks.
00:00 Introduction to Cybersecurity Today
00:23 AT&T's $13 Million Fine for Data Breach
02:03 Weaponized Communication Devices in Lebanon
03:50 Disruption of the Chinese Botnet Raptor Train
05:28 Conclusion and Sign-Off -
Emerging Cyber Threats: Repellent Scorpius, TfL Cyber Attack, and Online Safety for Children
In this episode, we discuss the emergence of the new ransomware group Repellent Scorpius and their use of the Ciccada 3301 ransomware. We cover the London Transport Authority's (TfL) in-person password resets following a significant cyber attack, and examine the case of Chinese national Song Wu's multi-year spear-phishing campaign. Additionally, we delve into the C community's proposal for a safe C extension to enhance memory safety and address vulnerabilities. Finally, we highlight the urgent online dangers targeting children and teens, and the measures required to combat these threats.
00:00 Emergence of Repellent Scorpius Ransomware Group
01:53 TfL's Response to Cyber Attack
02:53 Chinese National Charged in Spear Phishing Campaign
04:13 C Community's Safe C Extension Proposal
05:33 Online Dangers Targeting Children and Teens
07:19 Conclusion and Final Thoughts - Montre plus