Episoder
-
Canadian SMBs Face Rising Fraud Threats & New AI-Powered Gmail Security
In this episode of Cyber Security Today, host Jim Love discusses the increasing fraud threats faced by Canadian small and medium-sized businesses, revealing that half have experienced attempted or successful fraud in the past year. The transportation sector is hit hardest, with 61% reporting fraud attempts. Google’s new Gemini AI technology offers enhanced security for Gmail, notably for smaller businesses. InfoStealer malware developments are circumventing Google Chrome’s app-bound encryption, posing significant threats. Additionally, severe vulnerabilities have been uncovered in fuel storage tank monitoring systems, emphasizing the urgency for robust security measures in critical infrastructure.
00:00 Introduction and Overview
00:25 Fraud Threats Facing Canadian SMBs
02:15 Google's AI-Powered Security Enhancements
03:54 InfoStealer Malware Targeting Google Chrome
06:11 Critical Vulnerabilities in Fuel Storage Technology
08:28 Conclusion and Final Thoughts -
Evilginx: MFA Bypass Tool, Kaspersky's Exit & FTC's Data Surveillance Report - Cyber Security Today
In this episode of Cyber Security Today, host Jim Love discusses a new cyber security tool called Evilginx that bypasses multi factor authentication (MFA), Kaspersky's unexpected software replacement for North American users, ESET's patches for critical vulnerabilities, and a scathing FTC report on data collection by major tech companies. Learn about the latest cyber security threats and updates to stay informed and protected.
00:00 Introduction to Today's Cyber Security News
00:26 Evilginx: The New Threat to Multi-Factor Authentication
02:45 Kaspersky's Controversial Exit from the U.S. Market
04:36 ESET Patches Critical Vulnerabilities
06:33 FTC's Scathing Report on Big Tech's Data Practices
08:11 Conclusion and Show Notes -
Mangler du episoder?
-
Security Risks with Apple's OS Update, Disney Ditches Slack, and GitHub Hack Alert
In this episode of Cyber Security Today, host Jim Love discusses pressing issues in the cybersecurity landscape: Apple's latest macOS update, Sequoia version 15, causing compatibility issues with major security tools; Disney's move to scrap Slack after a significant data breach; a sophisticated GitHub phishing attack leveraging GitHub's notification system; and German police's breakthrough in unmasking anonymous Tor users. Key takeaways include advice for IT professionals on managing OS updates, the implications of corporate messaging app breaches, precautions for GitHub users, and recommendations for maintaining anonymity on the Tor network.
00:00 Introduction and Headlines
00:21 Apple's Mac OS Sequoia Update Issues
02:00 Disney Dumps Slack After Data Breach
03:13 GitHub Phishing Campaign Exploits Developers
04:44 German Police Unmask Tor Users
07:19 Conclusion and Show Notes -
A Hacker's Perspective on Vulnerable Civic Infrastructure
In this episode, host Jim Love explores the vulnerabilities of civic infrastructure with cybersecurity expert Nick Aleks. They discuss how hackers view and exploit city systems, the dangers of default passwords and outdated firmware, and the risks associated with smart buildings and operational technology. Nick provides insights on how bad actors can leverage these weaknesses for massive attacks and offers recommendations for improving security through collaboration, proactive measures, and the incorporation of AI technologies. This enlightening discussion highlights the urgent need for better security practices in our increasingly connected urban environments.
00:00 Introduction and Context
00:18 Meet the Expert: Nick Aleks
00:51 A Hacker's Perspective on City Infrastructure
03:20 Penetration Testing and Vulnerabilities
04:26 Targeting Civic Infrastructure
20:30 Smart Buildings and IoT Security
25:12 Defensive Strategies and Collaboration
32:29 The Role of AI in Security
35:06 Conclusion and Final Thoughts -
Cybersecurity Today: Supply Chain Attacks, Data Breaches, and Botnet Threat Disruptions
In this episode of 'Cybersecurity Today,' host Jim Love covers pressing issues in the cybersecurity world, including a supply chain attack in Lebanon, a major data breach at AT&T resulting in a $13 million fine, and the disruption of the Chinese botnet known as Raptor Train. The AT&T breach underscores the risks of weak vendor data protection, while the weaponization of communication devices in Lebanon signals new threats in cyber-physical warfare. The episode also highlights the resilience of the Raptor Train botnet, attributed to the Chinese state-sponsored group Flax Typhoon, and the steps taken by the FBI to mitigate this threat. Listeners are advised to enhance their cybersecurity practices to protect against these multifaceted attacks.
00:00 Introduction to Cybersecurity Today
00:23 AT&T's $13 Million Fine for Data Breach
02:03 Weaponized Communication Devices in Lebanon
03:50 Disruption of the Chinese Botnet Raptor Train
05:28 Conclusion and Sign-Off -
Emerging Cyber Threats: Repellent Scorpius, TfL Cyber Attack, and Online Safety for Children
In this episode, we discuss the emergence of the new ransomware group Repellent Scorpius and their use of the Ciccada 3301 ransomware. We cover the London Transport Authority's (TfL) in-person password resets following a significant cyber attack, and examine the case of Chinese national Song Wu's multi-year spear-phishing campaign. Additionally, we delve into the C community's proposal for a safe C extension to enhance memory safety and address vulnerabilities. Finally, we highlight the urgent online dangers targeting children and teens, and the measures required to combat these threats.
00:00 Emergence of Repellent Scorpius Ransomware Group
01:53 TfL's Response to Cyber Attack
02:53 Chinese National Charged in Spear Phishing Campaign
04:13 C Community's Safe C Extension Proposal
05:33 Online Dangers Targeting Children and Teens
07:19 Conclusion and Final Thoughts -
Cyber Security Today: Fortinet Data Breach, Seattle Ransomware Attack, and Lazarus Targeting Developers
In this episode of Cyber Security Today, host Jim Love covers Fortinet's confirmation of a data breach after a hacker claims to have stolen 440GB of data. The episode also discusses the cyber attack on Seattle Tacoma International Airport by the Rysida ransomware group and the port's refusal to pay the ransom. Additionally, North Korean hacker group Lazarus is targeting Python developers via malicious coding tests as part of the VM connect campaign. Stay tuned to learn more about these pressing cybersecurity issues.
00:00 Introduction to Cyber Security Today
00:27 Fortinet Data Breach Details
02:15 Seattle Tacoma Airport Ransomware Attack
03:41 Lazarus Group Targets Python Developers
05:30 Conclusion and Final Thoughts -
Cybersecurity Insights: Vulnerabilities, Insider Threats, and the Future of Online Safety
In this weekend edition of Cybersecurity Today, host Jim Love is joined by regulars Terry Cutler of Cyology Labs and David Shipley of Beauceron Security, alongside special guest Laura Payne from White Tuque. They discuss significant cybersecurity news including the new additions to CISA's known exploited vulnerabilities catalog, a hilarious yet eye-opening domain purchase incident, and the ongoing issue of insider threats. The panel also dives into the complexities surrounding recent breaches like the one at Avis and the broader implications of data vulnerabilities. Stay tuned for the latest insights and expert opinions on what's happening in the cybersecurity world.
00:00 Introduction and Panelist Introductions
01:31 Format Overview and First Cybersecurity Story
01:47 Discussion on CISA's Vulnerability Catalog
02:51 Challenges in Patch Management
06:45 Microsoft's Patch Tuesday Controversy
10:49 The $20 Domain Vulnerability
15:42 Insider Threats and Real-World Incidents
18:11 Handling Disgruntled Employees
18:51 Insider Threats: Real-Life Examples
19:41 Preventing Insider Threats
21:30 Password Management and Security
22:53 Case Study: Sales Employee Walks Out with Client List
23:42 Jurassic Park and Risk Management
24:32 Avis Data Breach: What Happened?
25:51 The Importance of Identity Theft Protection
29:44 Challenges in Cybersecurity Awareness
34:27 Microsoft's New Security Measures
35:07 Conclusion and Farewell -
Cyber Security Today: TfL Data Breach, Critical Vulnerabilities, and Insider Threats
Join host Jim Love in 'Cyber Security Today' as we delve into the latest cyber security incidents and updates. Learn about Transport for London's data breach affecting thousands of customers, critical vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, and the recent Microsoft Patch Tuesday addressing over 70 security flaws. We also discuss significant breaches at Avis, shocking domain purchase by a researcher highlighting internet trust issues, and insider threats exemplified by Daniel Rhyne's rogue actions against an industrial company. Stay informed with expert insights and essential recommendations!
00:00 Introduction and Breaking News
00:05 Transport for London Cyber Attack
01:04 New Vulnerabilities Added to CISA's KEV Catalog
02:38 Microsoft and Other Major Tech Companies Release Patches
04:02 Avis Data Breach
05:15 Security Researcher Buys Critical Domain
07:58 Insider Threat: The Daniel Rhyne Case
09:53 Conclusion and Final Thoughts -
Cybersecurity Today: Microsoft Office 2024, Data Breach, CrowdStrike Fallout, & Ford's Privacy Concerns
In this episode of Cybersecurity Today with your host Jim Love, we discuss Microsoft's decision to disable ActiveX controls by default in Office 2024 to enhance security, the data breach at SlimCD affecting 1.7 million credit card owners, CrowdStrike's ongoing response to the July IT disruption, and privacy concerns over Ford's new patent application for in-car conversation monitoring. Learn about the implications and what these developments mean for IT professionals and end-users.
00:00 Introduction and Headlines
00:24 Microsoft Office 2024 Security Changes
01:50 Major Data Breach at SlimCD
03:51 CrowdStrike's Crisis Management
05:35 Ford's Controversial Patent Application
06:54 Conclusion and Show Notes -
Massive Healthcare Data Breach, Google's Move to Rust, and New Sextortion Scams - Cybersecurity Today
In this episode of Cybersecurity Today, hosted by Jim Love, we discuss a major healthcare data breach at Confident Health where 5.3 terabytes of sensitive mental health data were exposed due to a misconfigured server. Google advocates for replacing legacy C and C++ code with Rust for better security and productivity. We also explore the disturbing new trend in sextortion scams that now include photos of victims' homes to enhance threats, and the importance of addressing such scams in corporate security programs.
00:00 Introduction and Headlines
00:18 Major Data Breach at Confident Health
02:08 Google's Move to Rust for Enhanced Security
03:59 The Rising Threat of Sextortion Scams
05:50 Conclusion and Resources -
Toronto School Board Hack & Cybersecurity Best Practices: Expert Panel Discussion
Welcome to the weekend edition of Cybersecurity Today, hosted by Jim Love! Join our expert panel featuring Terry Cutler from Cyology Labs, David Shipley of Beauceron Security, and special guest Daina Proctor from IBM Security Services Canada. This episode dives into recent cybersecurity stories including a major data breach at the Toronto District School Board and continued fallout from the MoveIT software hack. Our experts discuss the importance of robust security measures, the cultural shift needed in organizations to handle cyber threats, and the increasing role of cybersecurity insurance. We’ll also explore fascinating stories like active listening on Android phones and Disney's legal backtrack. Don't miss out on this insightful and engaging conversation!
00:00 Introduction and Panelist Welcome
01:26 Toronto School Board Cyber Attack
02:16 Challenges in School Cybersecurity
10:52 MoveIT Hack and Its Implications
15:43 Insurance and Cybersecurity
25:19 City of Columbus Data Breach
26:21 Spotting the Problem: Data Overload
26:31 Columbus Breach: Encryption and Legal Battles
27:25 The Streisand Effect and Legal Protections
28:20 Personal Story: Public Information and Security
29:19 Human Element in Cyber Attacks
34:20 Incident Response Planning and Simulations
39:13 Proactive Cybersecurity Measures
46:40 Consumer Data Privacy Concerns
54:01 Conclusion and Final ThoughtsTerry referred to CyologyLab.com/start for the video and the free tools.
-
AI Summer Recap: OpenAI's GPT 5, GPT Next, and Beyond
Join host Jim Love as he navigates through the major AI and cybersecurity stories that dominated summer 2023. From CrowdStrike's impact on Windows security to OpenAI's tantalizing announcements of GPT 4.0 Omni and the anticipated GPT Next, this episode reflects on the giant strides in AI technology. Understand the strategic buzz created by OpenAI, the unrecognized achievements by Google, and the intricate gossip surrounding futuristic AI models like QSTAR and Strawberry. This comprehensive recap highlights why the advancements in AI could significantly shape business processes and technological systems in the near future. Don't miss the rerun of the highly informative Practical AI episode featuring industry experts, plus a hint at what's to come in tech news.
00:00 Introduction and Host Welcome
00:37 Summer's Blockbuster Stories: AI and Cybersecurity
01:06 OpenAI's Strategy and GPT 4.0 Omni
03:11 The Mystery of Sora and Other Rumors
04:53 Google's AI Achievements and OpenAI's Mastery
07:27 The GPT Next Announcement
10:27 Conclusion and Future AI Developments
11:57 Practical AI Episode Rerun and Closing Remarks -
Is Your Phone Spying on You? D Link Vulnerabilities & Government Data Requests
In this episode of Cyber Security Today, host Jim Love discusses critical remote code execution vulnerabilities in D Link routers, impacting their discontinued DIR 846 series. These flaws, including CVE 2024 44341 and CVE 2024 44342, pose significant risks, prompting D Link to recommend users replace outdated devices. The episode also examines the considerable amount of data governments gather from big tech companies, with a study by Surfshark highlighting the increasing user data requests. Lastly, Jim covers a report from 404 Media that reveals Facebook's partner, Cox Media Group, using smartphone microphones for targeted ads, raising severe privacy concerns. Stay informed about the latest in cybersecurity by tuning in!
00:00 Introduction: Is Your Smartphone Listening?
00:15 D-Link Router Vulnerabilities Exposed
02:24 Government Data Requests from Big Tech
04:15 Tech Companies' Compliance with Data Requests
05:38 Facebook's Active Listening Scandal
08:20 Conclusion and Show Notes -
In this episode of Cyber Security Today, host Jim Love delves into recent data breaches affecting the Toronto District School Board, Texas Dow Employees Credit Union, and the city of Columbus. Discover details on the ransomware attacks, the compromised data, and the implications for the victims involved. Additionally, explore critical questions raised about cybersecurity practices and the handling of whistleblowers. Tune in for an in-depth analysis of these significant cybersecurity incidents.
00:00 Introduction and Headlines
00:22 Toronto District School Board Data Breach
01:32 MoveIT Breach: A Continuing Saga
03:19 City of Columbus Ransomware Attack
05:04 Whistleblower Controversy in Columbus
05:42 Host's Editorial and Personal Experience
07:39 Conclusion and Contact Information -
Welcome to a special weekend edition of Cyber Security Today! In this long weekend episode, we delve into the world of artificial intelligence (AI) and its impact on various sectors, particularly as organizations ramp up their plans for the upcoming year. Join our host Jim Love and a distinguished panel of experts: Evgeny Koloda, Marcel Gagne, John Pinard, and Nicole Bendrich, as they explore the current state of AI, its promises, practical implementations, and the cybersecurity challenges associated with it. Discover valuable takeaways on developing an effective AI strategy and understanding the multi-modal advancements poised to revolutionize industries.
00:00 Introduction to the Special Weekend Edition
00:45 Meet the Expert Panel
02:25 The Promise and Challenges of AI
03:31 The Evolution of AI in Various Industries
06:41 Generative AI and Its Impact
07:53 AI in Cybersecurity
19:00 Human vs. AI: Decision Making and Errors
23:50 The Future of AI and Human Interaction
33:04 Expanding Human Capabilities with AI
35:04 Choosing the Right AI Model
40:09 Navigating AI in Regulated Industries
46:23 The Rise of Deepfakes and Cybersecurity Concerns
59:35 Building an Effective AI Strategy
01:04:15 Conclusion and Final ThoughtsResources:
- AI Enterprise level HIPAA complaint GPT platform
https://www.aivia.ai/- EMR with AI capabilities eCW (eClinicalWorks)
https://www.eclinicalworks.com/- Digital Video Twin platform - HeyGen
https://www.heygen.com/- Canadian Digital Twin creation platform - Synthesia
https://www.synthesia.io/- Voice Cloning platform - Eleven Labs
https://elevenlabs.io/- Automation with AI -
https://www.make.com Open Router https://openrouter.ai Jan.aihttps://jan.ai/
-
In this episode of Cybersecurity Today, host Jim Love dives into the alarming rise of deepfake scams, highlighting how threat actors are using AI-generated videos to lure victims into fraudulent schemes. A notable campaign involves deepfake videos of Elon Musk promoting 'Quantum AI.' Additionally, the episode covers a sophisticated cyber attack where fake Palo Alto's Global Protect VPN is used to deploy malware. Lastly, it discusses Russia's potential threats against undersea communication cables and GPS systems, emphasizing the growing vulnerabilities in global infrastructure. Stay informed and secure with this essential update.
00:00 Introduction and Headlines
00:23 Deepfake Scams: The New Frontier
01:26 Quantum AI Scam Breakdown
02:47 Fake Palo Alto VPN: A Sophisticated Cyber Attack
04:21 Russia's Threat to Global Communications
06:35 Conclusion and Upcoming Show -
Critical Cyber Security Alerts: Major Vulnerabilities and Exploits Unveiled
In today's episode of Cyber Security Today, host Jim Love discusses a series of alarming cyber security incidents. Topics include a sophisticated attack exploiting a zero-day vulnerability in a popular network management platform, critical patches from SonicWall and Google addressing severe vulnerabilities, and an update on the National Public Data hack revealing deeper security issues. Learn about the latest threats and essential security measures you need to take now.
00:00 Introduction and Headlines
00:22 Sophisticated Cyber Attack on ISPs
02:43 SonicWall Firewall Vulnerability
04:29 Google Chrome Zero-Day Exploit
06:23 National Public Data Breach Update
07:58 Conclusion and Additional Resources -
Cybersecurity Failures: Lawsuits, Outages, and International Threats
In this episode of Cybersecurity Today, host Jim Love covers a range of critical cybersecurity issues. The U.S. sues Georgia Tech for not meeting cybersecurity standards as a Pentagon contractor. A potential cyber attack disrupts operations at Seattle’s port and airport. Microsoft plans a security summit following a major global IT outage caused by CrowdStrike. The effectiveness of publicly naming and shaming countries sponsoring cyberattacks is questioned. Join us as we delve into these pressing topics and their implications for cybersecurity policy and infrastructure resilience.
00:00 Cybersecurity Headlines: U.S. Sues Georgia Tech and Seattle Port Outage
00:24 Seattle Port and SeaTac Airport Cyber Attack Details
01:56 U.S. Government Sues Georgia Tech Over Cybersecurity Failures
03:27 Microsoft Security Summit and CrowdStrike Outage
04:11 Debate Over Microsoft's Proposed Security Changes
05:13 Effectiveness of Naming and Shaming in Cybersecurity
06:41 Challenges in Combating State-Sponsored Cyber Attacks
07:05 Conclusion and Show Notes -
Join host Jim Love in this weekend edition of Cyber Security Today, featuring a distinguished panel including Terry Cutler (Cyology Labs), David Shipley (Beauceron Security), and special guest Tara Gold (Cado Security).
The episode delves into key cybersecurity topics including the value of IT certifications, the rising trend in ransomware payouts, and the novel attack vectors targeting macOS systems. The show also explores the impact of poisoned search terms and the rising threats to small and medium-sized businesses. Don't miss this engaging and insightful discussion on the latest cybersecurity trends and best practices.
00:00 Welcome to Cyber Security Today
00:05 Meet the Panel and Special Guest
02:31 Introduction to Key Stories
03:04 Debate on IT Certifications
12:07 Ransomware Trends and Insights
18:46 Search Terms as Attack Vectors
23:26 Mac OS Vulnerabilities and Malware
30:17 Conclusion and Farewell - Se mer