Cybersecurity Worms, Steganography Attacks, Municipal Cyber Incidents and More...

In this episode of Cybersecurity Today, host Jim Love delves into multiple cybersecurity threats affecting the tech landscape. He discusses the 'Shai Hulud' worm, which has infiltrated over 187 JavaScript libraries on NPM, exploiting developer tokens for spread, including those maintained by CrowdStrike. Love explains practical but challenging measures to mitigate such threats. He also explores steganography's role in hiding malicious scripts within seemingly benign image files, urging vigilance against embedding hidden commands. Additionally, the episode covers a cyber incident in Yellowknife, causing severe disruptions to municipal services and emphasizing the importance of cyber hygiene and support from higher government levels. Lastly, Jim examines how a Windows 11 patch has created a new vulnerability, stressing the need for enhanced monitoring and quick updates.

00:00 Introduction and Overview
00:21 The Shy Ude Worm: A New Threat
02:19 Steganography: Hiding in Plain Sight
05:30 Cybersecurity Incident in Yellowknife
07:24 Microsoft's Patch Problems
08:27 Conclusion and Contact Information

Cybersecurity Today: NPM Attack, Void Proxy Phishing, and Major Business Disruptions

In this episode of Cybersecurity Today, host David Shipley discusses a recent massive NPM attack that, despite causing significant disruption, left hackers with minimal gains. We also cover a new, highly sophisticated phishing service called Void Proxy, which targets Microsoft and Google accounts. Additionally, we delve into the severe repercussions of cyber attacks on major companies like Jaguar Land Rover and Marks and Spencer, highlighting the wide-ranging impacts on supply chains and leadership. Join us for the latest updates and insights from the world of cybersecurity.

00:00 Introduction and Headlines
00:35 Massive NPM Attack: What Happened?
02:53 Void Proxy: A New Phishing Threat
05:31 Jaguar Land Rover Cyber Attack Impact
06:59 Marks and Spencer Leadership Change
08:04 Conclusion and Final Thoughts

Inside Zero Trust: John Kindervag and the Evolution of Cybersecurity

In this episode of Cybersecurity Today: Weekend Edition, host Jim Love speaks with John Kindervag, the pioneer behind the Zero Trust model of cybersecurity. With over 25 years of industry experience, John delves into how the concept originated from his early work with firewalls, advocating for a system where no packet is trusted by default. He discusses the fundamental principles of Zero Trust, including defining protect surfaces, mapping transaction flows, and implementing microsegmentation. The conversation also touches on overcoming cultural and organizational challenges in cybersecurity, the inadequacies of traditional risk models, and adapting Zero Trust methodologies in the evolving landscape, including AI. Through thoughtful discourse and practical insights, John underscores the importance of strategic and tactical implementations in building resilient and secure systems.

00:00 Introduction to Cybersecurity Today
00:25 Meet John Kindervag: The Godfather of Zero Trust
01:50 The Birth of Zero Trust
04:08 Challenges and Evolution of Zero Trust
06:03 From Forrester to Practical Implementations
11:40 The Concept of Protect Surfaces
17:30 Risk vs. Danger in Cybersecurity
30:54 Farmers and Technology
31:48 The Importance of IT in Business
32:26 Introduction to Zero Trust
32:41 Five Steps to Zero Trust
33:14 Mapping Transaction Flows
34:25 Custom Architecture for Zero Trust
34:55 Defining Policies with the Kipling Method
36:04 Monitoring and Maintaining Zero Trust
36:28 The Concept of Anti-Fragile Systems
38:47 Challenges and Success Stories in Zero Trust
42:02 Microsegmentation and Protect Surfaces
45:39 AI and Zero Trust
49:22 Advice for Implementing Zero Trust
50:37 Military Insights and Decision Making
57:19 The Future of Zero Trust
59:07 Conclusion and Final Thoughts