Cybersecurity Today

In this episode of 'Cybersecurity Today: Our Month in Review,' host Jim welcomes a panel including Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley, CEO of Beauceron Securities. The discussion kicks off with an overview of their plans for Cybersecurity Month, including reviving the MapleSEC show and the CIO of the Year awards. David shares his experiences at SECTOR, Canada's largest cybersecurity conference, discussing the importance of security awareness training and the risks of irresponsible tech journalism on public perception. The panel also delves into the resurgence of the Clop ransomware group, their shift to data extortion, and their exploitation of vulnerabilities in Oracle EBS applications. Laura highlights a concerning case of insider threats at RBC, emphasizing the importance of process-driven controls. The episode also touches on the human side of cybersecurity, particularly the impact of romance scams and the growing violence in cybercrime. The panelists underscore the need for improved security awareness and the role of AI in identifying scams. Tammy, Laura, and David conclude by discussing the role of insider threats and the ethical boundaries in cybercrime, sharing insights from recent real-world cases. 00:00 Introduction and Panelist Introductions 00:43 Cybersecurity Month Initiatives 02:46 Security Awareness and Phishing Training 04:03 Impact of Irresponsible Tech Journalism 08:27 AI and Cybersecurity: Hype vs. Reality 10:43 Conference Experiences and Networking 18:33 Clop Ransomware and Data Extortion 23:45 Tammy's Insights on Clop's Tactics 24:58 Scattered Lasus and Cyber Warfare 26:32 Media Savvy Cybercriminals 31:36 Human Impact of Cyber Scams 37:17 Insider Threats and Security Awareness 43:21 Physical Security and Cyber Threats 48:33 Cybercrime Targeting Children 50:58 Conclusion and Upcoming Topics

Cybersecurity Today: Red Hat Breach, CLOP Targets Oracle, and CISA Cuts Critical Support In this episode of Cybersecurity Today, host Jim Love covers a recent breach of Red Hat's consulting GitLab server, highlighting concerns over exposed network maps and tokens. The CLOP extortion gang targets Oracle E-Business Suite clients, demanding ransom for sensitive data. Surveys show Canadian businesses are overconfident in their cyber defenses despite frequent attacks. Finally, CISA has ended a crucial cybersecurity support agreement, impacting state and local governments amidst a federal shutdown. Tune in for detailed analysis and urgent action items. 00:00 Red Hat GitLab Server Breach 02:21 CLOP Gang Targets Oracle E-Business Suite 04:29 Canadian Firms' Overconfidence in Cybersecurity 06:31 CISA Ends Critical Support Amid Shutdown 08:38 Conclusion and Upcoming Month in Review

Critical Vulnerabilities and AI Voice Cloning Risks in Cybersecurity In this episode of Cybersecurity Today, host Jim Love discusses key cybersecurity threats, including critical vulnerabilities in Sudo and Cisco firewalls, and a remote command flaw in Western Digital MyCloud devices. The show highlights efforts by national security agencies in the US, Canada, France, Netherlands, and the UK to address these risks, urging immediate patching and system updates. Additionally, the episode covers the emerging threat of real-time AI voice cloning, stressing the need for stricter security measures to prevent social engineering attacks. Listeners are encouraged to implement robust verification processes to secure their organizations and personal communications. 00:00 Critical Sudo Flaw Warning 00:21 Cisco Firewalls Vulnerabilities 02:34 Western Digital MyCloud Devices at Risk 03:48 AI Voice Cloning Threat 05:16 Conclusion and Contact Information

Emerging Cybersecurity Threats: Lockbit 5.0, Salesforce AI Vulnerabilities, and China's Cyber Intelligence Advancements In this episode of 'Cybersecurity Today,' host Jim Love discusses the latest cybersecurity threats, including the emergence of Lockbit 5.0 ransomware which can attack multiple platforms simultaneously, and a critical vulnerability in Salesforce's AI agents known as forced leak prompt injection. Additionally, the episode delves into the growing capabilities of China's Ministry of State Security, which has become a significant cyber intelligence force under Xi Jinping, raising serious concerns for Western security agencies. 00:00 Introduction to Cybersecurity Threats 00:18 Lockbit 5.0: A New Ransomware Threat 03:01 Salesforce AI Agents Vulnerability 05:50 China's Cyber Intelligence Operations 08:55 Conclusion and Call to Action

Navigating the Complex Landscape of AI and Cybersecurity: A Conversation with Rob T. Lee In this weekend edition of Cybersecurity Today, host Jim Love interviews Rob T. Lee, the Chief AI Officer and Chief of Research at the SANS Institute. They discuss the intersection of AI, education, and security, highlighting the dual nature of AI as both a transformative technology with immense benefits and as a significant security risk. Rob shares his insights on how organizations can mitigate these risks by adopting a 'yes' framework towards AI, fostering a culture of learning and experimentation, and acknowledging the vulnerabilities and knowledge gaps in the field. He emphasizes the importance of community engagement, practical learning, and the role of AI champions in driving innovation while maintaining security. Throughout the conversation, they address the challenges of implementing AI governance and explore the need for continual adaptation in the fast-evolving tech landscape. 00:00 Introduction and Guest Introduction 00:25 AI: Potential and Risks 01:26 Business vs. Security 03:36 Rob's Background and Experience 05:18 The Role of Practitioners in SANS 08:46 Governance and Security Challenges 17:13 The Crisis of Competency in AI 25:03 Encouraging Hands-On Learning 30:41 The Importance of Executive Involvement 33:49 The Problem with Security and Shadow AI 34:05 The Consequences of Shadow AI 34:52 Evaluating and Banning AI Tools 36:48 The Role of Executives in AI Adoption 40:04 Learning and Adapting to AI 42:47 The Importance of Community and Vulnerability 51:19 Practical Steps for AI Governance 58:47 Final Thoughts and Resources

Cybersecurity Today: Shadow Leak, SIM Farm Shutdown, Cisco Zero-Day, FBI Warning & Android Advanced Protection In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity issues. Key topics include the discovery of the 'Shadow Leak' vulnerability in ChatGPT servers by Radware, the dismantling of a massive SIM farm near the United Nations by the US Secret Service, a zero-day vulnerability affecting up to 2 million Cisco devices, an FBI warning about spoofed Internet Crime Complaint Center (IC3) websites, and a reminder about enabling Advanced Protection on Android phones. The episode also includes a shoutout to Jim Love's new audiobook 'Elisa, A Tale of Quantum Kisses,' available on multiple platforms. 00:00 Introduction and Sponsor Message 00:29 Shadow Leak Hits ChatGPT Servers 02:52 Massive SIM Farm Operation Uncovered 04:44 Cisco's Zero-Day Vulnerability 06:04 FBI Warns of Spoofed Crime Reporting Sites 07:07 Android's Advanced Protection Mode 08:00 Conclusion and Call to Action

Cybersecurity Today: GitHub's NPM Lockdown, Deep Fake Threats, and Yellowknife's Cyber Incident In this episode of 'Cybersecurity Today', host Jim Love discusses GitHub's response to widespread supply chain attacks in the NPM ecosystem, the alarming rise of deep fake attacks as highlighted by Gartner, and the remarkable handling of a cyber incident by the city of Yellowknife. Tune in for the latest updates on cybersecurity threats, expert analysis, and the steps organizations are taking to combat these sophisticated attacks. Plus, discover Jim's sci-fi romance adventure audiobook 'Elisa: A Tale of Quantum Kisses' now available on major platforms. 00:00 Introduction and Sponsor Message 00:55 GitHub's Response to NPM Supply Chain Attacks 03:19 Gartner's Warning on Deep Fake and AI Attacks 06:03 Yellowknife's Cyber Incident and Response 08:20 Conclusion and Final Thoughts

Cybersecurity Today: Major Vulnerabilities and Attacks Uncovered Join host David Shipley for today's cybersecurity updates on the last day of summer 2025. In this episode, we delve deep into Microsoft's critical Entra ID vulnerability, a cyber attack crippling major European airports, the rise of SpamGPT targeting phishing operations, and the alarming zero-click flaw in OpenAI's deep research agent. Hear about Canadian Police's big win against the shadowy Trade Ogre crypto platform and their $40 million asset seizure. Buckle up for a reality check on the evolving cyber threats and their impact on global security. 00:00 Introduction and Overview 00:55 Microsoft's Extinction Level Vulnerability 05:19 European Airports Cyber Attack 08:20 SpamGPT: AI for Cyber Criminals 09:53 Shadow Leak: Zero Click AI Vulnerability 12:09 Trade Ogre Takedown 14:50 Conclusion and Upcoming Events

Unveiling the Ransomware Ecosystem with Tammy Harper In this compelling episode, Jim is joined by Tammy Harper from Flair.io to re-air one of their most popular and insightful episodes. Dive into the intricate world of ransomware as Tammy, a seasoned threat intelligence researcher, provides an in-depth introduction to the ransomware ecosystem. Explore the basics and nuances of ransomware, from its origins to its modern-day complexities. Tammy discusses not only the operational structures and notable ransomware groups like Conti, LockBit, and Scattered Spider, but also the impact and evolution of ransomware as a service. She also elaborates on ransomware negotiation tactics and how initial access brokers operate. This episode is packed with invaluable information for anyone looking to understand the cybercrime underground economy. Don’t forget to leave your questions in the comments, and they might be addressed in future episodes! 00:00 Introduction and Episode Re-Run Announcement 00:29 Guest Introduction: Tammy Harper from Flair io 00:41 Exploring the Dark Web and Ransomware 02:21 Tammy Harper's Background and Expertise 03:40 Understanding the Ransomware Ecosystem 04:02 Ransomware Business Models and Initial Access Brokers 07:08 Double and Triple Extortion Tactics 11:23 History of Ransomware: From AIDS Trojan to WannaCry 13:02 The Rise of Ransomware as a Service (RaaS) 19:41 Conti: The Ransomware Giant 26:17 Conti's Tools of the Trade: EMOTET, ICEDID, and TrickBot 32:05 The Conti Leaks and Their Impact 34:04 LockBit and the Ransomware Cartel 37:07 National Hazard Agency: A Subgroup of LockBit 38:17 Release of Volume Two and Its Impact 39:08 Details of the Training Manual 40:52 Ransomware Negotiations 41:28 Ransom Chat Project 42:27 Conti vs. LockBit Negotiation Tactics 43:30 Professionalism in Ransomware Operations 47:07 Ransomware Chat Simulation 48:03 Ransom Look Project 49:11 Current Ransomware Landscape 50:32 Infiltration and Research Methods 51:47 Profiles of Emerging Ransomware Groups 01:05:21 Initial Access Market 01:10:26 Future of Ransomware and Law Enforcement Efforts 01:13:14 Conclusion and Final Thoughts

Cybersecurity Today: The Good News Edition In this episode, host Jim Love addresses a previous mistake regarding the location of Yellowknife and announces a special 'good news' edition. Key stories include Microsoft's dismantling of a global phishing-as-a-service operation Raccoon 0365, the recovery of nearly $2 million lost to a business email compromise scam by a Texas county, and the Commonwealth Bank of Australia's significant reduction in scam losses through AI-powered defenses. The episode emphasizes lessons learned in cybersecurity and the positive outcomes from recent countermeasures. Love also mentions that the usual host, David Shipley, will return on Monday. 00:00 Introduction and Apology 01:38 Good News Stories Overview 02:18 Microsoft Dismantles Raccoon 0365 03:59 Texas County Recovers $2 Million 05:51 CommBank's AI-Powered Scam Prevention 08:01 Conclusion and Contact Information

Cybersecurity Worms, Steganography Attacks, Municipal Cyber Incidents and More... In this episode of Cybersecurity Today, host Jim Love delves into multiple cybersecurity threats affecting the tech landscape. He discusses the 'Shai Hulud' worm, which has infiltrated over 187 JavaScript libraries on NPM, exploiting developer tokens for spread, including those maintained by CrowdStrike. Love explains practical but challenging measures to mitigate such threats. He also explores steganography's role in hiding malicious scripts within seemingly benign image files, urging vigilance against embedding hidden commands. Additionally, the episode covers a cyber incident in Yellowknife, causing severe disruptions to municipal services and emphasizing the importance of cyber hygiene and support from higher government levels. Lastly, Jim examines how a Windows 11 patch has created a new vulnerability, stressing the need for enhanced monitoring and quick updates. 00:00 Introduction and Overview 00:21 The Shy Ude Worm: A New Threat 02:19 Steganography: Hiding in Plain Sight 05:30 Cybersecurity Incident in Yellowknife 07:24 Microsoft's Patch Problems 08:27 Conclusion and Contact Information

Cybersecurity Today: NPM Attack, Void Proxy Phishing, and Major Business Disruptions In this episode of Cybersecurity Today, host David Shipley discusses a recent massive NPM attack that, despite causing significant disruption, left hackers with minimal gains. We also cover a new, highly sophisticated phishing service called Void Proxy, which targets Microsoft and Google accounts. Additionally, we delve into the severe repercussions of cyber attacks on major companies like Jaguar Land Rover and Marks and Spencer, highlighting the wide-ranging impacts on supply chains and leadership. Join us for the latest updates and insights from the world of cybersecurity. 00:00 Introduction and Headlines 00:35 Massive NPM Attack: What Happened? 02:53 Void Proxy: A New Phishing Threat 05:31 Jaguar Land Rover Cyber Attack Impact 06:59 Marks and Spencer Leadership Change 08:04 Conclusion and Final Thoughts

Inside Zero Trust: John Kindervag and the Evolution of Cybersecurity In this episode of Cybersecurity Today: Weekend Edition, host Jim Love speaks with John Kindervag, the pioneer behind the Zero Trust model of cybersecurity. With over 25 years of industry experience, John delves into how the concept originated from his early work with firewalls, advocating for a system where no packet is trusted by default. He discusses the fundamental principles of Zero Trust, including defining protect surfaces, mapping transaction flows, and implementing microsegmentation. The conversation also touches on overcoming cultural and organizational challenges in cybersecurity, the inadequacies of traditional risk models, and adapting Zero Trust methodologies in the evolving landscape, including AI. Through thoughtful discourse and practical insights, John underscores the importance of strategic and tactical implementations in building resilient and secure systems. 00:00 Introduction to Cybersecurity Today 00:25 Meet John Kindervag: The Godfather of Zero Trust 01:50 The Birth of Zero Trust 04:08 Challenges and Evolution of Zero Trust 06:03 From Forrester to Practical Implementations 11:40 The Concept of Protect Surfaces 17:30 Risk vs. Danger in Cybersecurity 30:54 Farmers and Technology 31:48 The Importance of IT in Business 32:26 Introduction to Zero Trust 32:41 Five Steps to Zero Trust 33:14 Mapping Transaction Flows 34:25 Custom Architecture for Zero Trust 34:55 Defining Policies with the Kipling Method 36:04 Monitoring and Maintaining Zero Trust 36:28 The Concept of Anti-Fragile Systems 38:47 Challenges and Success Stories in Zero Trust 42:02 Microsegmentation and Protect Surfaces 45:39 AI and Zero Trust 49:22 Advice for Implementing Zero Trust 50:37 Military Insights and Decision Making 57:19 The Future of Zero Trust 59:07 Conclusion and Final Thoughts

Cybersecurity Today: Microsoft Patches, Canadian Data Breach, NVIDIA's New Tool, and a Senator's Call for Investigation In this episode of Cybersecurity Today, host Jim Love discusses Microsoft's September patch update addressing 81 security flaws, including two zero-day vulnerabilities. Highlights include a data breach in Canada affecting email and phone numbers, NVIDIA's release of an open-source LLM vulnerability scanner, and US Senator Ron Wyden's call for the FTC to investigate Microsoft's security practices. The episode also clears up the mystery behind the bricked SSDs after a Windows 11 update. 00:00 Microsoft Patches 81 Flaws 02:29 Canadian Government Data Breach 03:38 NVIDIA's Garrick: AI Vulnerability Scanner 05:01 Senator Urges FTC to Probe Microsoft 06:52 Mystery of Bricked SSDs Solved 08:24 Conclusion and Upcoming Interview

Phishing Scams, Leaked Stream Keys, Zero-Day Android Vulnerabilities, and Bounties on Russian Hackers In this episode of Cybersecurity Today, host Jim Love discusses several critical cybersecurity issues. Attackers are using iCloud calendar invites for phishing scams, leveraging Apple's system to bypass security checks. The US Department of Defense has exposed livestream credentials, risking hijack and fake content insertion. Billions of Android phones are vulnerable due to unpatched critical zero days, and Google has only fixed issues for Pixel devices so far. Additionally, the US State Department has placed a $10 million bounty on three Russian FSB hackers responsible for attacks on energy companies. Jim emphasizes the importance of securing digital assets and maintaining strong cybersecurity practices. 00:00 Introduction and Headlines 00:24 Phishing Scam via iCloud Calendar Invites 03:18 US Department of Defense Livestream Vulnerabilities 05:53 Critical Android Zero-Day Vulnerabilities 07:38 US Bounty on Russian FSB Hackers 09:42 Conclusion and Contact Information

Cybersecurity Today: Ghost Action Campaign, SalesLoft Breach, AI Vulnerabilities, and Restaurant Security Flaws Host David Shipley discusses the latest in cybersecurity, including the Ghost Action Campaign which compromised over 3000 secrets from GitHub repositories, the SalesLoft breach affecting major cybersecurity and SaaS firms, and new research showing how large language model chatbots like GPT-4 can be manipulated easily. Additionally, ethical hackers uncover significant vulnerabilities in the digital platforms of Restaurant Brands International. The episode emphasizes the importance of securing the software development ecosystem and maintaining robust social engineering defenses. 00:00 Introduction and Headlines 00:32 GitHub Supply Chain Attack: Ghost Action Campaign 02:51 SalesLoft Breach: A Deep Dive 05:01 The Summer of Salesforce Attacks 07:19 Manipulating AI: New Research Insights 09:14 Restaurant Brands International: Security Flaws Exposed 11:21 Conclusion and Sign-Off

The Future of Cybersecurity: AI, Exploits, and the CVE Database In this special crossover episode of Cybersecurity Today and Hashtag Trending, the hosts explore the use of artificial intelligence (AI) in cybersecurity. The conversation begins with an overview of the ongoing 'arms race' to find and exploit software vulnerabilities, focusing on how AI can change the game. The episode delves into the Common Vulnerability and Exposures (CVE) Database, its importance, and its management by the Mitre Corporation. The discussion then spotlights groundbreaking research by Israeli researchers Effie Wies and Nahman Khayet, who developed a method to automate the creation of exploits using AI, reducing the average exploit development time from 192 days to just 15 minutes. This revelation raises significant concerns about the future of cybersecurity and the need for organizations to accelerate their response times. The podcast also touches on the potential for AI to assist in writing more secure code and defending against vulnerabilities, calling for a more resilient approach to software development and deployment. 00:00 Introduction to the Crossover Show 00:22 The Arms Race in Cybersecurity 00:59 Understanding Zero-Day Exploits 02:13 The Common Vulnerability and Exposures Database (CVE) 05:17 The Impact of AI on Exploit Development 05:54 Interview with Nahman Khayet 08:48 The Future of AI in Cybersecurity 18:16 Challenges and Recommendations for Organizations 30:54 Conclusion and Final Thoughts

For this short week we had episodes on Tuesday and Thursday. We'll return to our Monday, Wednesday and Friday schedule starting next Monday.  But we have an interview this weekend with the researchers who have issued a proof of concept showing that you can go from CVE to working exploit in 15 minutes and at the cost of less than a dollar using AI.   

In this episode of Cybersecurity Today, host Jim Love covers the latest and most critical stories in the world of cyber threats and digital defense: • Cloudflare fends off a record-breaking 11.5 Tbps DDoS attack, highlighting the relentless scale and sophistication of modern cyber assaults. • WhatsApp patches a dangerous zero-click exploit targeting Apple users, with advice for high-risk individuals to stay protected. • Frostbite 10: Ten critical vulnerabilities in supermarket refrigeration systems could threaten food safety nationwide. • Over 1,100 Ollama AI servers found exposed online, raising alarms about the risks of self-hosted AI and poor security practices. • Hacker group issues an ultimatum to Google, but so far, no evidence of a breach—reminding us to stay vigilant against social engineering. • Palo Alto Networks becomes the latest victim in a supply chain breach involving stolen OAuth tokens, with lessons for all organizations on token hygiene and monitoring. Stay informed, stay secure! For tips, feedback, or more info, visit technewsday.com or .ca. Cybersecurity #DDoS #ZeroClick #AI #DataBreach #Infosec

Cybersecurity Today: Major Attacks on NX Build System, Sitecore, and Salesforce In this episode, David Shipley covers a string of significant cybersecurity breaches and vulnerabilities. Highlights include a compromise of the NX build system affecting over 1000 developers, remote code execution flaws in Sitecore's experience platform, and escalating Salesforce data theft attacks. The episode underscores the amplified risk introduced by AI in development, emphasizes the need for stringent security practices, and highlights sophisticated attacks by nation-state actors and criminal groups. Practical advice given includes the importance of patching systems, securing integrations, and educating teams on evolving threats. 00:00 Introduction and Headlines 00:28 NX Build System Compromise 01:54 AI-Driven Development Risks 04:25 Sitecore Vulnerabilities 05:36 Nation-State Threats 07:00 Salesforce Data Theft Campaign 09:51 Conclusion and Sign-Off