Episodes

  • The Escalating Cyber Threats Against K-12 Schools: Insights and Solutions

    In this episode of 'Cybersecurity Today,' host Jim Love discusses the rising trends and severe impacts of cyber attacks on K-12 schools with Randy Rose, VP of Security Operations and Intelligence at the Center for Internet Security (CIS). They scrutinize recent studies showing a surge in cyber threats targeting educational institutions, emphasizing the vulnerability of schools and the motives behind these attacks. The discussion covers how cyber criminals exploit budgetary information and schedules to maximize impact, the profound repercussions of ransomware attacks on school communities, and the critical need for better cybersecurity practices and support. Randy Rose shares insights from the 2025 CIS MS-ISAC K-12 Cyber​security Report and offers practical advice on elevating security standards and fostering community resilience to protect sensitive school data from cyber threats.

    00:00 Introduction to Cybersecurity in Schools
    00:02 Iconic Hacking Movies and Real-Life Cyber Threats
    00:41 The Seriousness of School Cybersecurity
    01:10 Interview with Randy Rose: Introduction and CIS Overview
    01:40 CIS's Role and Randy's Journey
    03:27 Supporting Various Organizations
    04:26 Challenges Faced by Schools and Local Governments
    06:21 Cybersecurity Threats and Attack Patterns
    09:11 Impact of Cyber Attacks on Schools
    13:22 Detailed Findings from the CIS Report
    19:16 Human Factor in Cybersecurity
    19:29 Supply Chain and Data Security
    27:13 The Role of AI in Cybersecurity
    30:49 Ransomware and Its Devastating Effects
    32:27 Recommendations for Improving School Cybersecurity
    34:01 Conclusion and Final Thoughts

  • Cybersecurity Today: Critical IBM AIX Vulnerability and Major Browser Exploits Revealed

    In this episode, host Jim Love discusses pressing cybersecurity issues, including IBM's AIX operating system scoring a perfect 10 in security vulnerability, leaving critical sectors exposed to remote attacks. The episode also covers the mishandling of sensitive data by U.S. government agencies amid rapid layoffs, the viral exposure of dangerous browser exploits by YouTuber Matt Johansson, and the removal of over 300 malicious Android apps from the Google Play Store. Key recommendations for protecting against these threats are provided.

    00:00 Introduction to Cybersecurity News
    00:26 IBM AIX Vulnerabilities Exposed
    02:12 Government Layoffs and Security Risks
    04:02 Browser Exploits and Malicious Extensions
    06:39 Malicious Android Apps on Google Play
    08:45 Conclusion and Upcoming Topics

  • Missing episodes?

    Click here to refresh the feed.

  • Cybersecurity Today: Exploited Vulnerabilities and Innovative Threat Mitigations

    In this episode of Cybersecurity Today, host Jim Love discusses several pressing cybersecurity issues including the exploitation of a server-side request forgery (SSRF) vulnerability in OpenAI's ChatGPT infrastructure (CVE-2024-27564), leading attackers to redirect users to malicious URLs. He also talks about how researchers at Tiny Hack have made breakthroughs in cracking Akira ransomware using high-powered GPUs, and Malwarebytes' warning about malware embedded in free online file converters. The episode highlights the importance of robust cybersecurity measures, innovative methods to combat ransomware, and cautious internet usage.

    00:00 Introduction to Cybersecurity Threats
    00:19 Exploiting ChatGPT Vulnerabilities
    02:15 Cracking Akira Ransomware
    05:01 Malware in Free Online Converters
    07:12 Conclusion and Listener Support

  • Critical Cybersecurity Updates: Ransomware, VPN Breaches, and Microsoft Vulnerabilities

    In this episode of 'Cybersecurity Today,' host Jim Love delves into emerging threats and vulnerabilities in the digital world. The Black Basta Ransomware Group has created a brute force tool to target VPNs and firewalls. The FBI and CISA alert users about Medusa ransomware, which has impacted over 300 organizations. A critical flaw in the popular Updraft Plus WordPress plugin is highlighted, exposing sensitive data. The FBI reports a surge in toll payment scams, and Microsoft's latest security update addresses severe vulnerabilities in Remote Desktop Services. Additionally, a breach within the Department of Government Efficiency underscores the risks of improper data handling. Stay informed about how to protect your systems and data in this comprehensive cybersecurity update.

    00:00 Introduction to Cybersecurity News
    00:27 Black Basta Ransomware Group's New Tool
    02:18 Medusa Ransomware Advisory
    03:43 WordPress Updraft Plus Vulnerability
    05:12 Toll Payment Scams on the Rise
    06:40 Microsoft's Critical RDS Vulnerabilities
    09:35 DOGE's Treasury Data Breach
    11:37 Conclusion and Contact Information

  • Unveiling Cyber Security Insights with David Shipley: The Truth Behind Phishing and Technology Bias

    Join Jim Love and cybersecurity expert David Shipley in this insightful episode of 'Cyber Security Today.' They delve into the realities of phishing in the workplace, revealing surprising data about email filter leakage rates and the critical role of human behavior in cybersecurity. Discover the importance of balanced security training, the dangers of over-reliance on technology, and the psychological biases that can compromise your organization. Gain actionable insights and learn how to benchmark your cybersecurity efforts effectively.

    00:00 Introduction to Cybersecurity Today
    00:10 The Fascination with Science and Truth
    00:31 Heroes and Influences
    00:47 The Reality of Tech Research
    01:43 Phishing Email Statistics
    03:52 Technology Bias in Cybersecurity
    07:30 The Importance of Security Awareness
    15:02 Effective Training Strategies
    20:53 Optimism Bias and Security
    21:57 Exploring Popular Courses and Their Impact
    23:33 Understanding Phishing Metrics: Click Rate and Report Rate
    26:28 The Importance of Post-Click Report Rate
    31:39 Analyzing Industry Trends in Phishing
    35:00 Key Takeaways and Future Directions
    39:29 Accessing the Annual Report and Final Thoughts

  • Cybersecurity Madness: Halting Operations, Google Gemini, and Fake Captchas

    In this episode, host Jim Love delves into controversial cybersecurity decisions and the latest trends. The US government's directive to halt offensive cyber operations against Russia sparks debate about national security. Google Gemini's new personalized services interface with users' search histories, raising privacy concerns. Additionally, there's a discussion on rising fake Captcha scams designed to install malware on users' systems. Jim also shares a real-world hacking incident involving a small utility company compromised by a Chinese state-sponsored hacking group. Tune in to explore these pressing issues and more in the world of cybersecurity.

    00:00 Introduction: Has the US Government Lost Its Mind?
    00:44 Controversial Cybersecurity Decisions
    01:12 Expert Opinions on Cybersecurity
    03:02 Google Gemini: Personalized AI Assistant
    04:59 Cyber Threats to Utilities
    06:53 The Rise of Fake Captchas
    08:57 Conclusion and Upcoming Content

  • Cybersecurity Today: From DDoS Attacks to Developer Sabotage

    In today's episode, host Jim Love discusses several major cybersecurity incidents: the pro-Palestinian group Dark Storm's claimed DDoS attack on X Twitter and its implications; the impact of budget cuts from the Department of Government Efficiency on the US Cybersecurity and Infrastructure Security Agency; the recovery of $23 million from the Ripple wallet hack allegedly linked to the LastPass breach; New York State's lawsuit against Allstate Insurance for inadequate data security and resultant breaches compromising 200,000 individuals' data; and finally, the conviction of a developer who sabotaged his employer's systems post-termination. The episode underscores the importance of robust cybersecurity measures and responsible handling of personnel changes.

    00:00 Pro-Palestinian Group Claims Credit for Twitter Outage
    02:51 US Cybersecurity Agency Faces Devastating Cuts
    04:23 US Authorities Recover $23 Million from Cryptocurrency Hack
    06:31 New York Sues Allstate Over Data Breaches
    09:12 Developer Sentenced for Malicious Code Sabotage
    11:34 Support the Podcast

  • This episode also covers recent ransomware as a service (RaaS) trends, including the rise of SpearWing and Akira groups, advanced ransomware techniques exploiting IoT vulnerabilities, and issues with the ESP32 microcontroller's hidden commands. Additionally, Signal President Meredith Whitaker warns about privacy risks in agentic AI systems. Tune in for in-depth cybersecurity updates and more.

    00:00 The Talk: Supporting Our Podcast
    01:37 Cybersecurity Today: Ransomware as a Service
    04:57 Akira Ransomware: Exploiting IoT Devices
    06:50 ESP32 Microcontroller Vulnerabilities
    08:21 AI Agents: Privacy and Security Risks
    09:56 Conclusion and Contact Information

  • Understanding Insider Threats in Cybersecurity with Eran Barak

    Join host Jim Love as he discusses the critical issue of insider threats in cybersecurity with Eran Barak, CEO of MIND, a data security firm. In this episode, they explore the various types of insider threats, from innocent mistakes to malicious actors, and how companies can effectively protect their sensitive data. Learn about data loss prevention strategies, the impact of remote work, and the role of AI in enhancing data security. Get insights on practical steps that CISOs can take to mitigate risks and safeguard their organization's crown jewels.

    00:00 Introduction and Guest Welcome
    00:10 Understanding Insider Threats
    01:20 Types of Insider Threats
    02:18 Monitoring and Preventing Data Leaks
    03:37 Remote Work and Security Risks
    06:03 Access Control and Permissions
    08:41 Real-World Scenarios and Solutions
    21:20 The Role of AI in Data Security
    34:53 Final Thoughts and Conclusion

  • Cybersecurity Today: Rising Fraud in Canada and Major Cyber Crime Crackdowns

    Welcome to another episode of Cybersecurity Today with your host, Jim Love. As fraud prevention month begins, we delve into the rising fraud rates in Canada, with new data from Equifax revealing Canadians' growing concerns about data protection, particularly among seniors and Quebec residents. We also cover the significant international law enforcement actions that dismantled the 8Base ransomware group and Garantex, a Russian cryptocurrency exchange linked to cybercriminal activities. Additionally, we discuss the emergence of a new botnet orchestrating record-breaking DDoS attacks, highlighting the persistent vulnerabilities in IoT devices. Don't miss our deeper analysis and the latest updates in cybersecurity.

    00:00 Introduction to Fraud Prevention Month
    00:23 Rising Fraud Concerns in Canada
    02:24 Law Enforcement Actions Against Cyber Crime
    04:34 Emergence of a New Botnet
    06:46 Conclusion and Upcoming Shows

  • US Cybersecurity Confusion, Massive ISP Cyber Attack, and Talent Shortages

    In this episode of 'Cybersecurity Today,' host Jim Love discusses the mounting confusion over the US cybersecurity stance on Russia, following conflicting reports about potential policy changes and operational directives. The show also covers a massive cyber attack that compromised over 4,000 ISPs, deploying malware and cryptocurrency miners. Additionally, the episode highlights the ongoing talent crisis in the cybersecurity industry, with a growing disconnect between hiring practices and industry needs. Tune in for the latest updates and in-depth analysis.

    00:00 Introduction and Host Welcome
    00:21 US Cybersecurity Stance on Russia
    02:16 Massive Cyber Attack on ISPs
    03:57 Cybersecurity Talent Shortage
    06:15 Conclusion and Final Thoughts

  • Cybersecurity Insights: February Review & Current Trends

    Join us in this comprehensive discussion on February's cybersecurity highlights, featuring experts Laura Payne from White Tuque and David Shipley from Beauceron Security. We delve into Canada's cybercrime progress, discuss significant global cyber incidents, and explore the ongoing challenges in cybersecurity regulation, AI integration, and digital identity. Additionally, we address the impacts of U.S. policy changes on cybersecurity standards and the vital need for effective cybersecurity education in the face of rapid technological advancements. Stay tuned for crucial insights and pragmatic advice to navigate today's cybersecurity landscape.

    00:00 Introduction and Panel Welcome
    01:30 Cybercrime Trends in Canada
    05:59 International Cybercrime and Ransomware
    08:08 Nation-State Cyber Heists
    14:14 Legacy Systems and Cybersecurity Challenges
    17:08 Open Banking and FinTech Security
    24:35 US Federal Cybersecurity Cuts
    30:57 The Reality of Cyber Threats
    31:13 Cultural Perceptions of Cybersecurity
    31:57 Political Will and Cybersecurity Policies
    32:44 North Korean Cyber Threats
    33:17 Generational Knowledge and Cybersecurity
    34:20 Cryptocurrency Regulation Challenges
    35:11 Digital Identity Concerns
    41:00 Encryption and Privacy Debates
    47:08 AI and Cybersecurity Risks
    57:06 Concluding Thoughts and Future Directions

  • In this episode, host Jim Love covers a $1.5 billion Ethereum heist attributed to the North Korean Lazarus Group, Google's shift from SMS to QR codes for multifactor authentication, a massive botnet targeting Microsoft 365 accounts, and new phishing scams exploiting PayPal's address feature. Tune in for essential insights into the latest cybersecurity threats and measures.

    00:00 Introduction and Announcements
    00:18 Record-Breaking $1.5 Billion Cryptocurrency Heist
    03:06 Google Enhances Security with QR Codes
    04:55 Massive Botnet Targets Microsoft 365 Accounts
    07:10 Scammers Exploit PayPal's New Address Feature
    08:58 Cybersecurity Best Practices and Conclusion

  • Unveiling Cybercrime: Black Basta Leaks, VPN Attacks, RCMP Crackdown & AI Vulnerabilities

    In this episode of Cybersecurity Today, Jim Love discusses the leaked chat logs of the Black Basta Ransomware Group, a colossal cyber attack targeting VPN devices with 2.8 million IP addresses, and the RCMP's successful dismantling of a major cyber fraud operation in Ontario. Additionally, researchers reveal a technique called Indiana Jones that exposes significant vulnerabilities in large language models like ChatGPT, showcasing the ease of bypassing their safety filters. Stay informed on the latest in cybersecurity.

    00:00 Introduction and Headlines
    00:24 Inside Black Basta Ransomware Group
    03:11 Massive VPN Cyber Attack
    05:30 Ontario's RCMP Cyber Fraud Bust
    08:26 Indiana Jones Jailbreak Exposes AI Vulnerabilities
    11:08 Conclusion and Contact Information

  • Unveiling the Complexities: The Dark Side of AI and Its Real-World Implications

    In this episode, explore the intricate discussions surrounding AI with experts Marcel Gagné, John Pinard, and Jim Love. Dive into contemporary understandings of AI, its potential threats, and its application in both personal and professional realms. The panel discusses the 'dark side' of AI not to instill fear, but to devise strategies for managing its risks. Topics include AI misconceptions, the potential for AI to misbehave, operational security in AI implementation, and philosophical debates on AI consciousness. The episode emphasizes the importance of critical thinking, debate, and responsible use as AI technologies become increasingly integrated into society. Join the conversation and share your thoughts on AI's evolving landscape.

    00:00 Introduction to Project Synapse
    00:46 Exploring the Dark Side of AI
    01:05 Invitation to Join the Discussion
    02:01 Three Key Areas of AI Concerns
    02:38 Speculative Risks and Science Fiction Scenarios
    03:29 Implementing AI in Corporate Settings
    04:37 AI Misbehavior and Security Concerns
    07:09 Consciousness and AI
    20:04 AI as Hyper-Intelligent Children
    29:18 Security and Data Privacy in AI
    31:36 Human Weakness in Security
    31:50 Social Engineering Tactics
    32:37 Security Misconceptions in Engineering
    33:11 AI Data Storage and Security
    34:45 AI Data Retrieval Concerns
    39:05 Testing Security in Development
    40:35 Regulatory Challenges with AI
    43:26 Bias and Decision Making in AI
    46:47 The Importance of Critical Thinking
    50:09 The Role of Social Interaction in Business
    54:35 AI as a Consultant
    01:01:50 The Future of AI and Responsibility
    01:04:24 Conclusion and Contact Information

  • Cyber Security Today: OpenSSH Vulnerabilities and Black Stash's Stolen Cards

    In this episode, host Jim Love discusses two significant OpenSSH vulnerabilities that risk man-in-the-middle and denial-of-service attacks. The hacker group Black Stash has released 4 million stolen credit cards for free, potentially enticing further illegal activities. Palo Alto Networks' firewalls face active attacks, with multiple CVEs allowing privilege escalation and bypassing authentication. Critical updates and secure management practices are emphasized to protect systems.

    00:00 Introduction and Headlines
    00:21 OpenSSH Vulnerabilities Explained
    02:39 BlackStash's Stolen Credit Card Dump
    04:40 Palo Alto Networks Under Attack
    06:21 Conclusion and Contact Information

  • Critical PostgreSQL Bug Exploited in Treasury Hack & New Threats Unveiled - Cybersecurity Today

    In today's episode of Cybersecurity Today, hosted by Jim Love, we delve into major cybersecurity events, including a crucial PostgreSQL vulnerability exploited in the U.S. Treasury hack, Russian hackers bypassing traditional password security with device code authentication, and the discovery of the 'Final Draft' malware hijacking Microsoft Outlook drafts. Additionally, we explore the BBC's new tool to combat digital misinformation with Content Credentials. Tune in for in-depth insights and latest cybersecurity updates.

    00:00 Introduction and Headlines
    00:24 PostgreSQL Vulnerability and U.S. Treasury Hack
    02:21 Russian Hackers Exploit Device Code Authentication
    04:09 New Malware Hijacks Outlook Drafts
    05:55 BBC Tests Truth Marks to Combat Fake News
    07:49 Conclusion and Contact Information

  • Unpacking AI: Executive Insights & Essential Questions

    Join us in this special edition of Hashtag Trending and Cybersecurity Today as we dive deep into AI with technology consultant Marcel Gagné and cybersecurity expert John Pinard. We discuss the necessity for executives to understand and implement AI despite limited knowledge, the need for question-based learning, and the significance of a comprehensive AI bootcamp. From real-world applications to the evolving AI landscape, this episode provides a nuanced view on leveraging AI in business while addressing the critical question of safety.

    00:00 Introduction and Welcome
    00:19 Meet the Panelists
    00:38 AI in the Executive World
    00:54 Bootcamp for Executives
    01:17 Starting the Discussion
    01:44 Understanding AI Challenges
    03:00 The Importance of Asking Questions
    07:45 Historical Context of AI
    11:30 Practical Applications of AI
    15:06 Generative AI and Its Impact
    23:09 Future of AI Models
    30:39 Introduction to Google Recorder App
    31:11 AI for Meeting Transcriptions
    33:18 AI in Marketing and Business Applications
    34:07 The Future of AI in Business
    36:03 Debating AI's Potential and Limitations
    38:09 Advanced AI Models and Their Uses
    40:12 AI in Consulting and Decision Making
    49:47 Risk Management in AI Implementation
    59:34 Final Thoughts and Wrap-Up

  • Cybersecurity Today: North Korean Hacks, AI Memory Breach, and School Data Comprimise

    In this episode of Cybersecurity Today, host Jim Love covers a range of crucial topics in the cybersecurity landscape. North Korean hackers are using new social engineering tactics to infiltrate systems by posing as South Korean officials, while prompt injection attacks are compromising the long-term memory of Google's Gemini AI. Canada's Privacy Commissioner is investigating a significant data breach affecting students' personal information in PowerSchool, and the FBI's Operation Level Up is tackling cryptocurrency investment frauds, potentially saving victims millions. Get the latest insights and stay informed on how to protect yourself against these evolving threats.

    00:00 Introduction and Headlines
    00:23 North Korean Hackers' New Tactics
    02:35 Prompt Injection Attacks on AI
    04:37 Canada's PowerSchool Data Breach
    06:38 FBI's Operation Level Up
    09:20 Conclusion and Upcoming AI Show

  • Scammers Exploit DeepSeek Hype & Jailbreak OpenAI's O3 Mini – TechNewsDay Update

    In this episode, we uncover how scammers are exploiting the recent hype around DeepSeek, a new AI model, by creating fake websites, counterfeit cryptocurrency tokens, and malware-laced downloads. We also discuss the jailbreaking of OpenAI's newly released O3 mini model, highlighting its security vulnerabilities. Additionally, a woman is sought by police for purchasing an iPhone using a stolen identity in a London Apple store. Stay tuned for important updates on cybersecurity, AI advancements, and fraud prevention.

    00:00 Scammers Exploit DeepSeek Hype
    01:43 DeepSeek's Security Challenges
    04:10 OpenAI's O3 Mini Model Jailbreak
    06:49 iPhone Fraud in London Apple Store
    07:44 Conclusion and Call for Tips