Cybersecurity Today: Microsoft Patches, Canadian Data Breach, NVIDIA's New Tool, and a Senator's Call for Investigation

In this episode of Cybersecurity Today, host Jim Love discusses Microsoft's September patch update addressing 81 security flaws, including two zero-day vulnerabilities. Highlights include a data breach in Canada affecting email and phone numbers, NVIDIA's release of an open-source LLM vulnerability scanner, and US Senator Ron Wyden's call for the FTC to investigate Microsoft's security practices. The episode also clears up the mystery behind the bricked SSDs after a Windows 11 update.

00:00 Microsoft Patches 81 Flaws
02:29 Canadian Government Data Breach
03:38 NVIDIA's Garrick: AI Vulnerability Scanner
05:01 Senator Urges FTC to Probe Microsoft
06:52 Mystery of Bricked SSDs Solved
08:24 Conclusion and Upcoming Interview

Phishing Scams, Leaked Stream Keys, Zero-Day Android Vulnerabilities, and Bounties on Russian Hackers

In this episode of Cybersecurity Today, host Jim Love discusses several critical cybersecurity issues. Attackers are using iCloud calendar invites for phishing scams, leveraging Apple's system to bypass security checks. The US Department of Defense has exposed livestream credentials, risking hijack and fake content insertion. Billions of Android phones are vulnerable due to unpatched critical zero days, and Google has only fixed issues for Pixel devices so far. Additionally, the US State Department has placed a $10 million bounty on three Russian FSB hackers responsible for attacks on energy companies. Jim emphasizes the importance of securing digital assets and maintaining strong cybersecurity practices.

00:00 Introduction and Headlines
00:24 Phishing Scam via iCloud Calendar Invites
03:18 US Department of Defense Livestream Vulnerabilities
05:53 Critical Android Zero-Day Vulnerabilities
07:38 US Bounty on Russian FSB Hackers
09:42 Conclusion and Contact Information

Cybersecurity Today: Ghost Action Campaign, SalesLoft Breach, AI Vulnerabilities, and Restaurant Security Flaws

Host David Shipley discusses the latest in cybersecurity, including the Ghost Action Campaign which compromised over 3000 secrets from GitHub repositories, the SalesLoft breach affecting major cybersecurity and SaaS firms, and new research showing how large language model chatbots like GPT-4 can be manipulated easily. Additionally, ethical hackers uncover significant vulnerabilities in the digital platforms of Restaurant Brands International. The episode emphasizes the importance of securing the software development ecosystem and maintaining robust social engineering defenses.

00:00 Introduction and Headlines
00:32 GitHub Supply Chain Attack: Ghost Action Campaign
02:51 SalesLoft Breach: A Deep Dive
05:01 The Summer of Salesforce Attacks
07:19 Manipulating AI: New Research Insights
09:14 Restaurant Brands International: Security Flaws Exposed
11:21 Conclusion and Sign-Off