Host David Shipley explores the latest in cybersecurity, including the rapid development of AI-generated exploits for critical vulnerabilities, record-high searches of digital devices at US borders, and a fired developer jailed for sabotaging his former employer. Additionally, the episode highlights Interpol's Operation Serengeti 2.0, which led to significant arrests and recoveries in the fight against cybercrime in Africa. The episode underscores the speed at which cyber threats can materialize and the importance of global and collaborative defenses.

00:00 Introduction to Cybersecurity Today
00:35 AI-Driven Exploits: A New Era of Cyber Threats
02:48 Record Device Searches at US Borders
04:43 Insider Threats: The Hidden Dangers Within Organizations
06:25 Operation Serengeti 2.0: A Major Blow to Cyber Crime
07:27 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host Jim Love explores the complex dynamics of cybersecurity training with guests Michael Joyce and David Shipley. They discuss the importance of continuous awareness and the temporal decay of training effects. The conversation highlights the critical balance between training frequency and effectiveness, with data suggesting that monthly phishing simulations and quarterly training interventions offer optimal results. Despite recent headlines claiming phishing training is ineffective, the discussion underscores the nuanced understanding required to navigate cybersecurity education. The episode also delves into academic versus business perspectives, emphasizing the importance of empirical research and critical thinking in developing effective cybersecurity strategies.

00:00 Understanding Human Vigilance and Awareness Decay
00:33 Introduction to Cybersecurity Today
00:46 Meet the Experts: Michael Joyce and David Shipley
01:39 Exploring the Human-Centric Cybersecurity Partnership
03:38 The Role of Liberal Arts in Cybersecurity
04:23 Challenges in Cybersecurity: Technology vs. Human Behavior
06:34 The Importance of Independent Research in Cybersecurity
12:30 Analyzing Cybersecurity Awareness Month
18:32 Phishing Simulations and Security Fatigue
23:14 The Impact of Training on Phishing Awareness
39:38 Experimenting with Phishing Training Frequency
39:51 Critiques and Insights on Cybersecurity Training
41:51 Optimal Training Intervals and Their Impact
43:23 The Role of Awareness in Cybersecurity
44:13 Understanding Phishing Reporting and Skills Decay
45:22 Ethical Considerations in Phishing Simulations
46:38 New Data on Why People Click Phishing Links
55:52 The Importance of Psychological Safety
57:23 Debunking Misleading Headlines on Phishing Training
01:05:44 The Complexity of Cybersecurity Research
01:16:41 Final Thoughts and Recommendations

In this episode of Cybersecurity Today, host Jim Love covers a range of recent cybersecurity incidents. A major privacy failure has hit Elon Musk's Grok chatbot, exposing over 370,000 private conversations with sensitive information. Microsoft's recent security update has caused SSD and HDD failures, complicating data recovery. Hackers have exploited Microsoft's own login infrastructure to create phishing traps, making it difficult for users to spot fake login pages. The leader of the Wrapper Bot DDoS gang has been arrested following a detailed investigation. Finally, a hacker group claims to have 15.8 million PayPal credentials, although these claims are disputed by PayPal and security researchers. Jim also invites listeners to share their thoughts and comments through various contact methods.

00:00 Agro Leak Exposes 370,000 Chats
02:22 Microsoft Scrambles to Fix SSD Failures
03:52 Hackers Hijack Microsoft Infrastructure
05:40 Leader of Wrapper Bot DDoS Gang Arrested
07:14 Hackers Claim 15.8 Million PayPal Logins Stolen
08:34 Conclusion and Contact Information

In today's episode of 'Cybersecurity Today,' hosted by Jim Love, we cover several key issues in the cybersecurity landscape. Firstly, a breach involving Workday and social engineering attacks targeting Salesforce customers is discussed. Next, the risks posed by a recent Windows update potentially causing data corruption on SSDs and HDDs are highlighted. We also delve into a critical infrastructure breach where Russian hackers remotely accessed a Norwegian dam's control system. Additionally, the episode covers Google's vulnerabilities in its AI and Gmail services, and finally, Apple's significant privacy victory against the UK’s backdoor encryption mandate. The episode concludes with a call for listener support through donations to sustain the program.

00:00 Introduction and Headlines
00:23 Workday Data Breach Explained
02:15 Windows Update Issues
04:05 Norwegian Dam Cyber Attack
05:49 Google's Security Challenges
07:12 Apple's Privacy Victory
08:19 Conclusion and Listener Support

In this episode of Cybersecurity Today, host David Shipley reports from Fredericton, New Brunswick, amidst severe forest fires. The main story covers a data breach in Canada’s House of Commons involving parliamentary employee information, attributed to a recent Microsoft vulnerability. The episode also discusses Fortinet’s recent high-severity vulnerability patches and Microsoft's reminder of Windows 10 support ending in October 2025. Additionally, there’s rare good news as researchers gain insights into the iMac 3.0 malware after a source code leak. The episode encourages vigilance, patching, and awareness of upcoming support changes while offering contact information and solicitation for audience engagement.

00:00 Introduction and Headlines
00:35 Canada's House of Commons Data Breach
03:48 Fortinet Vulnerabilities and Patches
05:49 Windows 10 End of Life Announcement
07:17 Malware Source Code Leak Insights
09:08 Conclusion and Viewer Engagement

In this episode of 'Cybersecurity Today,' the host welcomes Tammy Harper from Flair.io for an in-depth exploration into the ransomware ecosystem. Tammy, a seasoned threat intelligence researcher and certified dark web investigator, shines a light on the complex world of ransomware, its history, business models, and the various threat actor groups involved. The discussion covers initial access brokers, notable ransomware groups like Conti and LockBit, and modern shifts in the ransomware landscape fueled by AI and affiliate models. This episode offers a comprehensive guide for understanding how ransomware operates and the tactics used by cybercriminals, making it a must-watch for anyone interested in cybersecurity.

00:00 Introduction
00:50 Meet Tammy Harper: Expert in Ransomware
01:59 Understanding the Ransomware Ecosystem
03:26 Ransomware Business Models and Initial Access Brokers
06:39 Double and Triple Extortion Explained
10:50 The Evolution of Ransomware
15:43 The Role of Cryptocurrency in Ransomware
19:22 The Rise and Fall of Conti
25:56 Tools of the Trade: EMOTET, ICEDID, and TrickBot
33:35 LockBit and the Ransomware Cartel
36:37 The National Hazard Agency and Ba Lord
38:13 LockBit Training Materials
40:23 Ransomware Negotiations
40:54 Ransom Chat Project
41:58 Conti vs. LockBit Negotiation Tactics
47:30 Modern Ransomware Groups
51:18 Medusa and Other Emerging Groups
01:04:52 Initial Access Market
01:09:41 Conclusion and Final Thoughts

Cyber Crime Crackdown: $300 Million in Crypto Frozen, FBI Accounts Hacked, and Critical Microsoft Patches Released

In this episode of Cybersecurity Today, host Jim Love covers major recent events in cybercrime and cybersecurity. Over $300 million in cryptocurrency tied to cybercrime has been frozen through coordinated efforts by the private sector and law enforcement in the US and Canada. Cyber criminals are selling active FBI and other law enforcement email accounts for as low as $40, posing significant risks of impersonation and fraud. Microsoft's latest Patch Tuesday addresses over 100 vulnerabilities, including critical flaws in various services and applications. Nova Scotia Power faces criticism for seeking to hide details about a major cybersecurity breach that affected 280,000 customers, with regulators emphasizing the need for public accountability. Jim signs off by encouraging listeners to support and provide feedback for the show.

00:00 Cybercrime Crypto Crackdown
02:34 FBI Email Accounts for Sale
04:05 Microsoft Patch Tuesday Updates
06:16 Nova Scotia Power Cybersecurity Breach
07:43 Show Wrap-Up and Listener Engagement

In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats.

00:00 Introduction and Overview
00:32 Microsoft Exchange Vulnerability
02:54 Citrix Bleed Two Exploits
05:21 Fortinet SSL VPN Brute Force Attacks
07:39 Insights from DEFCON 33
13:46 Conclusion and Final Thoughts