Cybersecurity Today

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

Cyber Security Today: Year End Panel Discussion. Saturday, December 21, 2024

Cybersecurity Year in Review: Future Challenges and Industry Insights Join host Jim Love and a panel of cybersecurity experts—Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Laura Payne of White Tuque—as they review the key cybersecurity events of the past year. Topics discussed include the increasing cyber threats to universities, healthcare systems, and critical infrastructure; the importance of proper cybersecurity measures and employee training; the complexities of adopting quantum-safe encryption protocols; and the impact of AI and shadow IT on cybersecurity. The panel concludes with actionable advice for improving organizational cybersecurity posture in the coming year. 00:00 🎄 The 12 Days of Cyber Christmas 🎄 00:29 🔍 Year in Review: Cybersecurity Highlights 00:40 👥 Meet the Expert Panel 01:19 🏫 University Cyber Attacks: A Growing Concern 02:25 🔒 Penetration Testing vs. Vulnerability Scanning 03:09 🛡️ Persistent Threats and Active Directory Issues 06:28 💡 Strategies for Cybersecurity in Universities 07:34 💰 Funding and Legislation for Cybersecurity 13:52 🛠️ Practical Steps for Cybersecurity on a Budget 18:36 🔐 Quantum Readiness and Future Challenges 25:11 Quantum Computing: The Reality and Risks 25:53 Human Ingenuity and Risk Management 26:29 The Future of Cybersecurity: Q Day and Certificate Rotations 28:02 Major Cybersecurity Incidents of the Year 29:41 The Rise of Ransomware and Supply Chain Attacks 35:35 AI in Cybersecurity: Opportunities and Challenges 38:49 Critical Infrastructure Vulnerabilities 47:09 Year-End Reflections and Looking Forward

12-21
52:28

Last Pass Hack Impact Continues: Cyber Security Today for Friday, December 20, 2024

Cybersecurity Today: LastPass Hack Fallout, TP-Link Router Ban, and Microsoft's Passwordless Future In our final daily news show of the season, host Jim Love covers key cybersecurity stories, including millions stolen from crypto wallets linked to the 2022 LastPass breach, potential US ban on TP-Link routers over national security concerns, and Microsoft's push for a passwordless future with passkeys. Don't miss our weekend wrap-up with the cybersecurity panel and special holiday content. Stay tuned for new episodes starting January 6th. Happy holidays! 00:00 Season Finale Announcement 00:29 Crypto Wallets Hacked: Fallout from LastPass Breach 02:38 TP Link Routers Under Scrutiny 04:38 Microsoft's Push for a Passwordless Future 06:38 Holiday Wishes and Future Plans

12-20
07:12

Blackberry Sells Cylance To Arctic Wolf At Huge Loss: Cyber Security Today for Wednesday, December 18, 2024

BlackBerry's Cylance Sale, Major AWS Breach, Klopp Ransomware Strikes Again, and Russian Cyber Attacks In this episode of Cybersecurity Today, host Jim Love discusses BlackBerry's sale of Cylance to Arctic Wolf for significantly less than its purchase price, the massive AWS breach linked to the Shiny Hunters, Klopp ransomware attacks on Cleo's platforms, and the escalation of Russian cyber attacks on Western critical infrastructure. Tune in to get the details on these major cybersecurity developments and their implications. 00:00 Introduction and Sponsor Message 00:32 BlackBerry's Cylance Sale: A Strategic Move? 02:36 AWS Data Breach: Shiny Hunters Strike Again 04:54 Cleo Data Theft: Klopp Ransomware's Latest Exploit 06:39 Russian Cyber Attacks on Critical Infrastructure 08:32 Conclusion and Contact Information

12-18
08:39

New Linux Rootkit Avoids Detection: Cyber Security Today for Monday, December 16th, 2024

PumaKit Linux Rootkit, Windows Defender Flaw, and Android Malware Outbreak! In today's episode of Cybersecurity Today, host Jim Love delves into the discovery of the advanced Linux rootkit PumaKit, critical vulnerabilities in Microsoft's Windows Defender, a new multi-platform malware campaign downgrading browser security, and Germany's recent outbreak of pre-installed malware on 30,000 Android devices. We discuss the implications of these cybersecurity threats and the measures being taken to mitigate them. Stay informed and vigilant with our detailed analysis of these emerging cyber risks. 00:00 Introduction to Cybersecurity News 00:27 Advanced Linux Rootkit: PumaKit 01:59 Critical Windows Defender Vulnerability 03:42 Malware Downgrades Browser Security 05:08 Pre-installed Malware on Android Devices in Germany 07:02 Conclusion and Final Thoughts

12-16
07:27

Top Phishing Exploits fo 2024: Cyber Security Today for Friday, December 13, 2024

Top 5 Phishing Exploits of 2024: Abnormal Security Report and More | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love delves into Abnormal Security's end-of-year report outlining the top five phishing exploits of 2024 and their predictions for 2025. The episode covers cryptocurrency fraud, weaponized file sharing services, multi-channel phishing, business email compromise, and email account takeovers. Additionally, it highlights the alarming rise of text-based job scams, the takedown of a major vishing ring in Spain and Peru, and a $5 million U.S. reward to disrupt North Korean IT schemes. Stay informed on the latest cybersecurity threats and protections. 00:00 Introduction to Cybersecurity Today 00:27 Top Phishing Exploits of 2024 00:37 Cryptocurrency Fraud and File Sharing Scams 01:54 Multi-Channel Phishing and Business Email Compromise 03:10 Email Account Takeover and Future Predictions 04:39 Rise of Task Scams 06:53 Massive Vishing Operation Busted 08:42 North Korean IT Worker Fraud 11:15 Conclusion and Final Thoughts

12-13
11:39

Disclosure Rules Lead To Less Disclosure: Cyber Security Today for Wednesday, December 11, 2024

SEC Cyber Disclosure Rules, Deloitte Hack Denial, and Critical Microsoft & SAP Patches | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love delves into the ongoing confusion and compliance struggles faced by companies one year after the SEC's cyber disclosure rules were introduced. We analyze a BreachRx report revealing that less than 17% of public companies provide specific details in their cyber incident filings. Deloitte's recent denial of a data theft claim by the BrainCypher ransomware group is also discussed, along with the firm's history of cybersecurity challenges. Additionally, Microsoft and SAP have rolled out critical patches addressing severe vulnerabilities, emphasizing the urgency for users and organizations to apply these updates. Stay informed on these pressing cybersecurity issues. 00:00 Introduction and Headlines 00:20 SEC Cyber Disclosure Rules: One Year Later 02:30 Deloitte Denies BrainCypher Ransomware Allegations 04:23 Microsoft and SAP Issue Critical Patches 07:19 Conclusion and Show Notes

12-11
07:43

Email and Other Fraud - It Gets Personal: Cyber Security Today for Monday, December 9, 2024

Cybersecurity Today: Email Frauds, Google Warnings, and U.S. Telecom Hacks In this episode of Cybersecurity Today, host Jim Love discusses a personal encounter with email fraud attempts, including invoice scams and fake payroll changes. Google issues a stark warning to Gmail users about session cookie thefts leading to email takeovers. Additionally, the U.S. telecom industry grapples with the fallout from a major breach by Chinese hackers exploiting legacy systems. Love shares insights on improving email security and safeguarding against such sophisticated cyber threats. Tune in to learn more about the latest cyber challenges and solutions. 00:00 Introduction and Personal Encounter with Email Fraud 03:20 Google's Warning on Email Takeovers 05:12 Session Cookie Theft: A Rising Threat 06:48 U.S. Telecom Industry Infiltration by Chinese Hackers 08:44 Conclusion and Final Thoughts

12-09
09:08

Cyber Security Today Weekend Panel: Month In Review, December 7th, 2024

Cyber Security Today: Navigating Novel Phishing Campaigns and Ransomware Tactics Join host Jim Love and the Cyber Security Today panel featuring Terry Cutler of Cyology Labs, David Shipley of Beauceron Security, and cybersecurity executive John Pinard. In this episode, they delve into pressing cybersecurity challenges such as novel phishing tactics using corrupted Word documents, the importance of robust offboarding processes in light of breaches at major companies like Disney, and the ramifications of a major ransomware attack on the City of Hamilton. Topics also include the recurring issue of session cookie theft, the implications of third-party cybersecurity risk as seen in the Blue Yonder ransomware attack impacting Starbucks, and the rise of hacktivism. Tune in for valuable insights and discussions aimed at improving cybersecurity measures in an ever-evolving threat landscape. 00:00 Introduction and Panelist Introductions 00:40 David Shipley's Cyber Risk Talk 02:39 Novel Phishing Campaign Discussion 06:08 Fileless Malware and Human Error 10:44 Offboarding and Internal Audits 19:48 Vendor Responsibility and Ransomware 27:06 City of Hamilton Cyber Attack 28:19 Keynote Talks and Cybersecurity Challenges 29:30 The Reality of Cyber Attacks 29:46 Ransomware and Business Email Compromise 31:21 Cyber Insurance and Its Pitfalls 32:44 Andrew Tate Hack and Hacktivism 36:04 Chinese State-Sponsored Hacks 41:26 Canadian Cybersecurity Issues 44:53 Session Cookies and Two-Factor Authentication 49:45 AI in Software Development 56:42 Concluding Thoughts and Final Remarks

12-07
57:47

Massive Telecom Hack Hits US Carriers: Cyber Security Today for Friday, December 6, 2024

Massive Telecom Hack and the Future of Cybersecurity In this episode of Cybersecurity Today, host Jim Love covers a series of crucial topics including a major cyber attack by Chinese hackers on U.S. telecom networks labeled as the biggest in history, the challenges tied to hardware upgrades for enhanced security, and the U.S. Department of Defense's efforts to combat deepfakes. The discussion underscores the importance of encryption, highlights moves by Microsoft and Google for hardware security, and explores the implications of AI-generated deepfakes for national security. 00:00 Introduction and Book Promotion 00:30 Major Cyber Attack on U.S. Telecom Networks 02:31 Encryption and Security Measures 03:59 Hardware Upgrades for Enhanced Security 06:19 Combating Deep Fakes 08:39 Conclusion and Upcoming Panel Discussion

12-06
09:03

Hackers Move From Data Theft To Complete Destruction: Cyber Security Today For Wednesday, December 4, 2024

Cybersecurity Today: From Data Theft to Total Destruction In today's episode, we cover the latest shifts in cybercrime as hackers move from data theft to complete system destruction, impacting businesses on a massive scale. We discuss Palo Alto Networks' insights on these damaging attacks, Veeam's critical vulnerability patches, and a major breach affecting thousands in Saskatchewan. Additionally, we report on Russia's life sentence for a notorious cyber criminal leader and a significant European takedown of a cybercrime network. Stay informed with the latest in cybersecurity and learn about the steps being taken to counter these escalating threats. 00:00 Introduction: Cybersecurity Headlines 00:26 Evolving Cyber Threats: From Ransomware to Destruction 02:42 Veeam's Critical Vulnerability Patch 04:17 Saskatchewan Data Breach and Privacy Concerns 05:14 Massive Data Breach at SL Data Services 06:29 Russia's Crackdown on Cybercrime 08:21 Operation Passionflower: Dismantling Matrix 10:11 Conclusion and Show Notes

12-04
10:33

AI ChatBot Exposes 300,000 Records: Cyber Security Today for Monday, December 1, 2024

Cybersecurity Incidents in Healthcare and AI Exposures In this episode, host Jim Love discusses recent cybersecurity incidents, including a major cyber attack on Wirral University Teaching Hospital in the UK, exposing healthcare vulnerabilities. An AI chatbot startup, WotNot, exposed 300,000 sensitive records online due to misconfigured storage. A novel phishing attack using corrupted Microsoft Word documents is also examined. The episode concludes with the takedown of the world's largest piracy network in Operation Takendown, underlining the international effort against cybercrime. Stay updated on the latest in cybersecurity and tech trends. 00:00 Introduction and Book Promotion 00:30 UK Hospital Cybersecurity Incident 03:11 AI Chatbot Data Exposure 05:05 Phishing Attack with Corrupted Word Documents 06:38 Operation Takendown: Largest Piracy Network Dismantled 08:39 Conclusion and Show Notes

12-02
09:03

AI: What's Holding You Back? Cyber Security Today Weekend Special

AI and Cybersecurity: Addressing AI Myths and Strategies | Project Synapse Episode 3 Join Jim Love, host of Cyber Security Today, alongside Marcel Gagné and John Pinard in this weekend edition from our sister podcast, Hashtag Trending. This episode, part of the Project Synapse series, dives into a discussion on AI, focusing on security, strategic implementation, and addressing common myths. They explore the gap between AI strategies and their deployment, the relationship between strategy and action, and practical approaches to protect your data while utilizing AI. The conversation also touches on critical thinking and the need for proper training to make effective use of AI technology. 00:00 Introduction and Thanksgiving Break 00:31 Welcome to Hashtag Trending 00:48 Introducing Marcel Gagné and John Pinard 01:42 AI Strategy and Implementation 02:53 AI Myths and Misconceptions 06:17 AI Vulnerabilities and Security 07:27 The Role of Headlines in AI Perception 11:56 Guardrails and AI Control 16:19 Data Security and AI Models 25:07 Running Small Models on Private Networks 26:35 Leveraging Existing Tools for Cost Efficiency 28:07 Critical Thinking and AI Validation 30:53 Common Mistakes and AI Limitations 37:38 AI in Medical Diagnostics 43:04 Balancing AI Use and Human Oversight 46:37 Concluding Thoughts and Future Directions

11-30
49:31

US Thanksgiving Holiday: Cyber Security Today

A quick not to say that in our tradition of observing Holidays in both the US and Canada, we'll be taking the weekend off. We'll be back on Monday morning, bright and early with the Cyber Security News, 

11-29
00:34

Starbucks Issues Manual Pay To Employees During Ransomware Attack: Cyber Security Today for Wednesday, November 27th, 2024

Retailers Face AI Bot Attacks, Avast Exploit, and Starbucks Ransomware Challenges In this episode of 'Cybersecurity Today,' host Jim Love covers the latest cyber threats impacting retailers, including AI-powered bot attacks and ransomware incidents. Discover how hackers are exploiting an old Avast driver to deploy advanced Windows malware and how Starbucks is managing employee payments manually following a ransomware attack on its scheduling software provider, Blue Yonder. The episode highlights the increasing cyber risks retailers face during the holiday season and the importance of robust cybersecurity measures. 00:00 Introduction and Headlines 00:22 AI-Powered Bot Attacks on Retailers 02:51 Windows Malware Exploiting Avast Driver 04:09 Starbucks Ransomware Attack and Manual Pay 05:18 Ransomware Trends and Impacts 06:01 Conclusion and Show Notes

11-27
06:24

Google’s New Free Cybersecurity Certificate: Cyber Security Today for Monday, November 25, 2024

Cybersecurity Today: Palo Alto Firewalls Breached, APT28's Wi-Fi Hack, Meta Fights Scams In today's episode, over 2,000 Palo Alto firewalls were hacked via patched zero-day vulnerabilities; a Russian group, APT28, exploited Wi-Fi networks in a novel 'Nearest Neighbor Attack' to breach a U.S. firm; Meta removed more than 2 million accounts linked to pig butchering scams; and Google launched a free cybersecurity certificate on Coursera to prepare students for entry-level jobs in six months. Host Jim Love provides in-depth analysis and the latest updates in the world of cybersecurity. 00:00 Introduction and Headlines 00:29 Palo Alto Firewalls Hacked 02:43 Nearest Neighbor Wi-Fi Attack 05:09 Meta's Crackdown on Pig Butchering Scams 07:10 Google's Free Cybersecurity Certificate 08:52 Conclusion and Resources

11-25
09:15

Phishmas Alert: Tackling Holiday Season Cyber Threats: Cyber Security Today Weekend November 23, 2024

Phishmas Alert: Tackling Holiday Season Cyber Threats In this episode of Cybersecurity Today, the weekend show, the host is joined by guest David Shipley to discuss the rise in phishing activities during the holiday season, humorously dubbed 'Phishmas.' They delve into the psychology behind phishing, the impact of seasonal stress on individuals, and the tactics cybercriminals use to exploit these conditions. The episode also highlights recent research on phishing trends, the broader scope of consumer fraud, and the challenges faced by law enforcement in combating these crimes. Practical advice for individuals and organizations to protect themselves is also provided, along with a call to action for greater governmental response and individual vigilance. 00:00 Introduction to Phishmas 00:41 The Importance of Good Research 01:01 Understanding Data vs. Facts 02:02 Phishing During the Holiday Season 03:13 The Mechanics of Phishing Scams 04:51 The Role of Typo-Squatting in Phishing 06:13 The Evolution of Phishing Techniques 09:16 The Human Factor in Phishing 13:10 The Impact of AI on Phishing 18:19 Psychological Tactics in Phishing 21:08 Retailer Perspective on Cyber Threats 22:21 Rise of Fraud in North America 22:57 Impact of Fraud on Individuals 24:01 Challenges in Combating Fraud 27:59 Strategies to Protect Yourself 32:25 Role of Retailers and Banks 35:45 Political and Legislative Actions 38:47 Final Thoughts and Call to Action

11-23
41:50

Google's AI Driven Fuzz Tool Finds Decades Old Vulnerability: Cyber Security Today, Friday November 22, 2024

Cybersecurity Today: Zero Day Flaws, FinTech Breach, Phishing Scams & More In today's episode, host Jim Love discusses critical updates in the cybersecurity world. Discover the latest zero day vulnerabilities patched by Apple, a significant data breach at Fintech giant Finastra, emerging phishing attack tactics using Microsoft Visio files and SVG attachments, and the launch of a new privacy-focused telecom service, CAPE. Additionally, learn about Google's AI-powered OSS Fuzz tool, which uncovered a critical flaw in the OpenSSL library. Stay informed to protect yourself and your organization from sophisticated cyber threats. 00:00 Introduction and Sponsor Message 00:59 Emerging Phishing Attack Strategies 03:12 Finastra Data Breach Investigation 04:49 Launch of CAPE: A Privacy-Focused Telecom Service 06:19 Apple's Emergency Updates for Zero-Day Vulnerabilities 07:29 Google's OSS Fuzz Uncovers Critical Vulnerabilities 09:07 Conclusion and Podcast Information

11-22
09:43

Microsoft Unveils New Cybersecurity Features at Ignite Conference: Cyber Security Today for November 20, 2024

Cybersecurity Today: Microsoft Updates, Gen AI Risks, and Liminal Panda Threat In this episode of Cybersecurity Today, host Jim Love discusses major cybersecurity updates from Microsoft's Ignite conference, including enhancements to Windows security and device recovery. A survey by LegitSecurity highlights the security risks associated with generative AI in software development. CrowdStrike reveals Liminal Panda, a Chinese cyber threat to telecoms. Additionally, a report from the EPA's Office of Inspector General exposes significant cybersecurity vulnerabilities in U.S. drinking water systems. This episode is brought to you by CDW Canada Tech Talks. 00:00 Introduction and Sponsor Message 00:42 Microsoft's New Cybersecurity Features 02:10 Generative AI and Software Development Risks 04:30 Liminal Panda: A New Cyber Threat 06:24 Cybersecurity Vulnerabilities in US Water Systems 08:35 Conclusion and Sponsor Acknowledgment

11-20
09:01

Unknown Attacker Tries To Frame Security Researcher: Cyber Security Today for Monday, November 18th, 2024

Cybersecurity Today: GitHub Attacks & Microsoft's November Patch Tuesday Updates In this episode of Cybersecurity Today, host Jim Love highlights critical cybersecurity updates. The episode covers malicious attacks on GitHub projects, including an orchestrated attempt to frame Texas-based security researcher Mike Bell, and the associated impact on open-source repositories. Additionally, Microsoft's November Patch Tuesday is discussed in detail, with over 90 security issues disclosed, including four critical zero-day vulnerabilities. The episode also addresses a new ransomware strain exploiting vulnerabilities in Veeam backup software, and the disruptions caused by Microsoft's flawed Exchange Server security update. Stay informed on the latest cybersecurity trends and threats. 00:00 Introduction and Sponsor Message 00:29 Cybersecurity Headlines 00:46 GitHub Malicious Code Attack 03:24 Microsoft November Patch Tuesday 05:17 Veeam Backup Software Vulnerability 07:02 Microsoft Exchange Server Update Issues 08:47 Conclusion and Sign-Off

11-18
09:10

AI in Action: Project Synapse With Marcel Gagne and John Pinard. Cyber Security Today Weekend Edition for November 16, 2024

Cybersecurity Today - Weekend Edition: Project Synapse, AI in Action (Episode 2) In this episode of Cybersecurity Today with host Jim Love, we dive into the intersection of Artificial Intelligence (AI) and cybersecurity, continuing our exploration in the series Project Synapse. Joined by Linux and open-source expert Marcel Gagné and cybersecurity professional John Pinard, we discuss practical applications of AI in business, strategies to implement AI securely, and the rapid technological advancements that pose challenges for companies. Tune in to learn how experimentation with AI can innovate business processes while figuring out what tools and strategies can add real value to your operations. This episode emphasizes the importance of maintaining security and developing a solid business strategy in the evolving landscape of artificial intelligence. 00:00 Introduction to Cybersecurity Today 01:14 Meet the Hosts and Guests 02:08 Project Synapse: AI in Action 02:20 Current State of AI and Security Concerns 04:20 Challenges and Opportunities in AI Adoption 06:36 Business Strategies in the Age of AI 11:35 The Importance of Experimentation and Play 20:26 Innovative Uses of AI in Everyday Life 23:53 Cultural Shift in Business 24:27 Rise of AI Agents 25:13 Challenges with AI Models 25:45 Specialized AI Agents 28:17 AI in Accounting and Business 32:12 AI in Customer Service 33:40 Workshops and Practical AI Applications 48:17 Security Concerns with AI 49:40 Conclusion and Future Plans

11-16
50:43

Daniel Lisa

Acronis Cyber Backup is a comprehensive data backup and recovery solution designed to protect data, systems, and applications. It's used by businesses and individuals to ensure that their critical information is safeguarded against data loss, hardware failures, cyberattacks, and other unexpected events. Acronis Cyber Backup offers features like full disk imaging, incremental backups, cloud storage, and quick recovery to keep operations running smoothly. It provides flexible deployment options, allowing backups to be stored locally or in the cloud, and integrates advanced cybersecurity features to defend against ransomware and other cyber threats. For a thorough cybersecurity assessment and data protection strategy, you might consider consulting with cybersecurity experts like those at https://www.wizlynxgroup.com/hk/en/

05-09 Reply

Daniel Lisa

Acronis Cyber Backup is a comprehensive data backup and recovery solution designed to protect data, systems, and applications. It's used by businesses and individuals to ensure that their critical information is safeguarded against data loss, hardware failures, cyberattacks, and other unexpected events. Acronis Cyber Backup offers features like full disk imaging, incremental backups, cloud storage, and quick recovery to keep operations running smoothly. It provides flexible deployment options, allowing backups to be stored locally or in the cloud, and integrates advanced cybersecurity features to defend against ransomware and other cyber threats. For a thorough cybersecurity assessment and data protection strategy, you might consider consulting with cybersecurity experts like those at Wizlynx Group. They specialize in security testing and cybersecurity consulting to help businesses identify vulnerabilities and implement effective defense measures. You can learn more about their servic

05-09 Reply

Denny Luyis

When you use a third party platform that offers an app for your on-premise platform - https://www.protectimus.com/platform/ , you are automatically taking advantage of the multi-factor security that they offer. It is easy to forget when you are using your computer, tablet, or smartphone that all of your data is being tracked in some way. With the use of a Protectimus application, your data is encrypted and protected even more. You are also provided with a second layer of security as a secondary level of protection. This helps to make your business' data secure even more.

07-26 Reply

Recommend Channels