Cybersecurity Today

Neil Bisson, a retired intelligence officer, shares insights on human intelligence recruitment and building rapport. David Shipley, CEO of Beauceron Security and phishing expert, discusses the rise of AI in social engineering tactics. They explore the psychological vulnerabilities that cyber attackers exploit, comparing phishing to intelligence operations. Listeners gain practical advice on fostering awareness, applying empathy, and recognizing deception in cybersecurity. Ethical considerations in intelligence work are also highlighted, emphasizing the importance of continuous education.

This update dives into a significant data theft affecting U.S. banks linked to a financial tech vendor. The host covers the CLOP group's exploitation of Oracle's vulnerabilities targeting Broadcom. Listeners will learn about the SteelC malware cleverly disguised in Blender 3D models, as well as the Shai-Hulud attack infiltrating NPM packages. The discussion also highlights a sophisticated phishing scam using similar domains to trick Microsoft users. Practical tips are provided to help safeguard against these threats.

A major security breach at Ascensus has US banks on alert, with the ALFV ransomware gang claiming a staggering three terabytes of stolen data. Broadcom is under attack from CLOP via vulnerabilities in Oracle’s system. In a twist, malicious Blender 3D files are now delivering stealthy SteelC malware. The JavaScript ecosystem isn't safe either, as Shai-Hulud compromises 500 NPM packages. Additionally, a deceptive phishing campaign is targeting Microsoft users with look-alike domains.

Checkout.com takes a bold stand by refusing to pay ransom to Shiny Hunters, instead channeling funds into cybersecurity research. The SEC's dismissal of the SolarWinds case sparks a debate on CISO accountability. Meanwhile, the FCC's reversal of cybersecurity mandates raises eyebrows and questions about our national security. The discussion highlights the crucial role of policy in shaping cybersecurity and urges the tech community to get involved in crafting better regulations.

In this discussion, retired intelligence officer Neil Bisson and cybersecurity analyst David Shipley dive deep into the current landscape of cyber threats from state actors like China and Russia. They reveal the shift in espionage driven by big data and its influence on corporate targets. Bisson shares insights on the vulnerabilities of critical infrastructure, while Shipley emphasizes the importance of private sector cooperation with intelligence agencies. They also highlight India's rising cyber capabilities and offer practical advice for enhancing organizational security.

CloudFlare experienced major outages, disrupting services for big names like Amazon and YouTube. As Black Friday approaches, phishing attempts have surged by 36%, with fake retail sites popping up to trick shoppers. A significant privacy breach occurred at an Ontario hospital due to an AI tool mismanaging sensitive information. Meanwhile, Salesforce faces challenges investigating data theft linked to OAuth token misuse with Gainsight. Each topic highlights the pressing need for vigilance in cybersecurity.

This episode dives into the recent Cloudflare outage that disrupted major services like OpenAI and Discord. Microsoft’s new AI feature raises eyebrows with potential malware risks. A cutting-edge red team tool is introduced, which exploits cloud-based EDR systems. Interestingly, attackers are now using calendar invites as a stealth phishing tactic. A critical SAP vulnerability, scoring a perfect 10 on the CVSS scale, demands immediate attention. Plus, an AI mishap leads to a bizarre escalation attempt to the FBI!

A massive zero-day vulnerability in Fortinet has left systems vulnerable and in need of urgent security patches. Meanwhile, North Korean IT infiltrators have compromised 136 companies, redirecting funds back to the regime. The Jaguar Land Rover cyber attack revealed a staggering $220 million loss, underscoring its impact on the UK's economy. Additionally, recent findings expose troubling copy-pasted flaws in AI frameworks, raising concerns about security practices in tech. Stay informed to protect your digital assets!

Tammy Harper, a Senior Threat Intelligence Researcher at Flare, dives deep into the dark web and cybercrime ecosystems. She discusses how state-backed sanctuaries are becoming cybercrime havens. The conversation explores 'extortion as a service' and the role of affiliates in ransomware attacks. Artificial intelligence's impact on social engineering and attacks takes the spotlight, alongside the looming threat of quantum computing on encryption. Harper also highlights how digital sovereignty could reshape the future of cybercrime, making it a must-listen for cybersecurity enthusiasts.

A significant security breach has exposed data for nearly 10,000 users due to vulnerabilities in Oracle E-Business Suite. CrowdStrike's Global Threat Report reveals a troubling rise in malware-free attacks, alongside the alarming trend of AI-enabled phishing. Meanwhile, a new scam targeting iPhone users cleverly mimics Apple's recovery alerts to harvest Apple IDs. Listener concerns regarding security flaws in SonicWall management systems add to the discourse, highlighting the ever-evolving landscape of cybersecurity threats.