Cybersecurity Today

Tammy Harper, a security researcher known for her expertise in ransomware, joins Laura Payne, a cybersecurity professional focused on incident trends, along with David Shipley, a cybersecurity practitioner, and John Pinard, head of IT operations at a credit union. They discuss alarming trends in ransomware payments and the clever rise of phishing attacks, particularly MFA vulnerabilities. The panel also examines AI's growing dual role in both enhancing security measures and facilitating cybercrime, highlighting the crucial need for community support and empathy in cybersecurity.

Cybersecurity Today: Cisco Zero Day Exploited & Maritime Cyber Attack Unfolds In this episode of Cybersecurity Today, host David Shipley discusses a series of critical cybersecurity incidents, including the exploitation of a zero-day flaw in Cisco email security infrastructure by a China-linked group, a Hollywood-style attack on an Italian ferry involving remote access malware, and a new data theft spree by the ClOP ransomware gang targeting file-sharing servers. Shipley also highlights the broader implications of cybersecurity on physical safety and national security. This episode is brought to you by Meter, a complete networking stack provider for enterprises. 00:00 Introduction and Sponsor Message 00:20 Massive Patch List and Zero-Day Flaw in Cisco 03:41 Latvian Arrested in Italian Ferry Cyberattack 06:31 ClOP Ransomware Gang's New Target 08:54 Conclusion and Upcoming Episodes

In this episode of Cybersecurity Today, host Jim Love discusses a range of pressing cybersecurity threats. The show covers the escalating React2Shell vulnerability, which has led to widespread automated exploitation campaigns involving crypto miners and back doors. Additionally, Jim reports on the Black Force phishing kit, which bypasses multifactor authentication and is gaining traction among cybercriminals. Microsoft OAuth consent attacks are also highlighted, with users being tricked into granting access to their accounts. Finally, the episode touches on PornHub's data breach involving the Shiny Hunters cybercrime group and the importance of patching vulnerabilities and being cautious during the holiday season. 00:00 Introduction and Sponsor Message 00:22 React2Shell Vulnerability Deep Dive 03:46 Black Force Phishing Toolkit 05:44 Microsoft OAuth Consent Phishing 07:29 PornHub Data Breach by Shiny Hunters 10:21 Holiday Cybersecurity Tips and Final Thoughts

Apple's security updates tackle two serious WebKit vulnerabilities, urging immediate user action. Meanwhile, scammers are using AI to generate misleading support numbers, posing a new threat in the digital landscape. Bitdefender exposes malware hidden in torrent subtitles, ready to unleash havoc. On a surprising note, Stanford's AI, Artemis, proves more effective than human penetration testers, spotlighting the evolving nature of cybersecurity. The implications of these developments suggest a challenging future where AI plays a dual role in both offense and defense.

Jake Knott, Principal Security Researcher at Watchtower, dives into the alarming discovery of over 80,000 leaked credentials in online code-formatting tools. He reveals how these public tools inadvertently expose sensitive information like tokens and customer data. The conversation highlights the challenges of responsible disclosure and how attackers can exploit these vulnerabilities. Knott shares best practices for organizations to safeguard their secrets and discusses ongoing research efforts to combat these risks. A must-listen for anyone concerned about cybersecurity!

Explore the intriguing Spider-Man phishing kit, which crafts convincing attacks on European banks and crypto users while harvesting credentials. Delve into the Gogs zero-day vulnerability allowing remote code execution on self-hosted Git servers. Discover the importance of timely patching, highlighted by recent fixes for PowerShell and a zero-click flaw in Google's Gemini. Gain insights on managing AI risks, encouraging user education, and ensuring secure environments for AI tools. Stay vigilant in the ever-evolving world of cybersecurity!

Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:22 Google's New Security Plan for Chrome Agents 03:41 Next JS Scanner for React2Shell Vulnerability 05:41 Storm 0249: Malware Hidden in EDR Tools 07:45 Ransomware Targets Manufacturing Sector 09:34 Conclusion and Final Notes

A critical React vulnerability, React2Shell, is causing waves for security experts, allowing potential remote code execution. Discover how flaws in AI coding tools could expose integrated development environments to new attacks. The podcast also covers a major ransomware breach affecting over 70 banks, highlighting the urgent need for a stronger security culture. With evolving cyber threats, the discussion emphasizes the importance of proactive measures and resilience in software supply chains.

Join David Shipley, a savvy security commentator from Beauceron Security, and Laura Payne, a nuanced threat modeler from White Tuque, as they dive into the evolving landscape of cybersecurity. They explore 'living off the land' tactics that hackers are using, the hidden dangers of public Wi-Fi, and the recent Oracle E-Business Suite breach. They also address the risks of social engineering through legitimate tools like Calendly and DocuSign. Plus, learn about vital security practices and the importance of clear communication in combating cyber threats.

A severe vulnerability in React Server Components is urging immediate patching. A long-ignored Windows shortcut flaw has now been patched after exploitation was confirmed. Evilginx phishing attacks are cleverly bypassing MFA in educational institutions. The podcast reveals 'Shady Panda,' a group that used legitimate browser extensions for years to harvest user data. Plus, a Google AI mishap resulted in a developer's hard drive being wiped clean, highlighting the risks of unchecked AI tools.