Cybersecurity Today

In this episode of Cybersecurity Today, host Jim Love discusses recent developments in cybersecurity, including a method to bypass GPT5 model safeguards, malware issues in the Google Play Store, NIST's new AI-specific security controls, and a cyber attack that led to a government shutdown in Nevada. The episode also covers a CRM-related breach linked to the Shiny Hunters collective, who used OAuth tokens to gain unauthorized access. Key takeaways emphasize the need for stronger security frameworks and vigilance against evolving cyber threats. 00:00 Introduction and Overview 00:27 Exploiting GPT-5: A Simple Prompt Attack 02:20 Google Play Store's Malware Struggles 04:11 NIST's New AI Security Controls 06:06 Nevada Government Cyber Attack 08:23 Shiny Hunters' CRM Breach 10:41 Conclusion and Contact Information

Host David Shipley explores the latest in cybersecurity, including the rapid development of AI-generated exploits for critical vulnerabilities, record-high searches of digital devices at US borders, and a fired developer jailed for sabotaging his former employer. Additionally, the episode highlights Interpol's Operation Serengeti 2.0, which led to significant arrests and recoveries in the fight against cybercrime in Africa. The episode underscores the speed at which cyber threats can materialize and the importance of global and collaborative defenses. 00:00 Introduction to Cybersecurity Today 00:35 AI-Driven Exploits: A New Era of Cyber Threats 02:48 Record Device Searches at US Borders 04:43 Insider Threats: The Hidden Dangers Within Organizations 06:25 Operation Serengeti 2.0: A Major Blow to Cyber Crime 07:27 Conclusion and Final Thoughts

  In this episode of Cybersecurity Today, host Jim Love explores the complex dynamics of cybersecurity training with guests Michael Joyce and David Shipley. They discuss the importance of continuous awareness and the temporal decay of training effects. The conversation highlights the critical balance between training frequency and effectiveness, with data suggesting that monthly phishing simulations and quarterly training interventions offer optimal results. Despite recent headlines claiming phishing training is ineffective, the discussion underscores the nuanced understanding required to navigate cybersecurity education. The episode also delves into academic versus business perspectives, emphasizing the importance of empirical research and critical thinking in developing effective cybersecurity strategies. 00:00 Understanding Human Vigilance and Awareness Decay 00:33 Introduction to Cybersecurity Today 00:46 Meet the Experts: Michael Joyce and David Shipley 01:39 Exploring the Human-Centric Cybersecurity Partnership 03:38 The Role of Liberal Arts in Cybersecurity 04:23 Challenges in Cybersecurity: Technology vs. Human Behavior 06:34 The Importance of Independent Research in Cybersecurity 12:30 Analyzing Cybersecurity Awareness Month 18:32 Phishing Simulations and Security Fatigue 23:14 The Impact of Training on Phishing Awareness 39:38 Experimenting with Phishing Training Frequency 39:51 Critiques and Insights on Cybersecurity Training 41:51 Optimal Training Intervals and Their Impact 43:23 The Role of Awareness in Cybersecurity 44:13 Understanding Phishing Reporting and Skills Decay 45:22 Ethical Considerations in Phishing Simulations 46:38 New Data on Why People Click Phishing Links 55:52 The Importance of Psychological Safety 57:23 Debunking Misleading Headlines on Phishing Training 01:05:44 The Complexity of Cybersecurity Research 01:16:41 Final Thoughts and Recommendations

In this episode of Cybersecurity Today, host Jim Love covers a range of recent cybersecurity incidents. A major privacy failure has hit Elon Musk's Grok chatbot, exposing over 370,000 private conversations with sensitive information. Microsoft's recent security update has caused SSD and HDD failures, complicating data recovery. Hackers have exploited Microsoft's own login infrastructure to create phishing traps, making it difficult for users to spot fake login pages. The leader of the Wrapper Bot DDoS gang has been arrested following a detailed investigation. Finally, a hacker group claims to have 15.8 million PayPal credentials, although these claims are disputed by PayPal and security researchers. Jim also invites listeners to share their thoughts and comments through various contact methods. 00:00 Agro Leak Exposes 370,000 Chats 02:22 Microsoft Scrambles to Fix SSD Failures 03:52 Hackers Hijack Microsoft Infrastructure 05:40 Leader of Wrapper Bot DDoS Gang Arrested 07:14 Hackers Claim 15.8 Million PayPal Logins Stolen 08:34 Conclusion and Contact Information

In today's episode of 'Cybersecurity Today,' hosted by Jim Love, we cover several key issues in the cybersecurity landscape. Firstly, a breach involving Workday and social engineering attacks targeting Salesforce customers is discussed. Next, the risks posed by a recent Windows update potentially causing data corruption on SSDs and HDDs are highlighted. We also delve into a critical infrastructure breach where Russian hackers remotely accessed a Norwegian dam's control system. Additionally, the episode covers Google's vulnerabilities in its AI and Gmail services, and finally, Apple's significant privacy victory against the UK’s backdoor encryption mandate. The episode concludes with a call for listener support through donations to sustain the program. 00:00 Introduction and Headlines 00:23 Workday Data Breach Explained 02:15 Windows Update Issues 04:05 Norwegian Dam Cyber Attack 05:49 Google's Security Challenges 07:12 Apple's Privacy Victory 08:19 Conclusion and Listener Support

  In this episode of Cybersecurity Today, host David Shipley reports from Fredericton, New Brunswick, amidst severe forest fires. The main story covers a data breach in Canada’s House of Commons involving parliamentary employee information, attributed to a recent Microsoft vulnerability. The episode also discusses Fortinet’s recent high-severity vulnerability patches and Microsoft's reminder of Windows 10 support ending in October 2025. Additionally, there’s rare good news as researchers gain insights into the iMac 3.0 malware after a source code leak. The episode encourages vigilance, patching, and awareness of upcoming support changes while offering contact information and solicitation for audience engagement. 00:00 Introduction and Headlines 00:35 Canada's House of Commons Data Breach 03:48 Fortinet Vulnerabilities and Patches 05:49 Windows 10 End of Life Announcement 07:17 Malware Source Code Leak Insights 09:08 Conclusion and Viewer Engagement

In this episode of 'Cybersecurity Today,' the host welcomes Tammy Harper from Flair.io for an in-depth exploration into the ransomware ecosystem. Tammy, a seasoned threat intelligence researcher and certified dark web investigator, shines a light on the complex world of ransomware, its history, business models, and the various threat actor groups involved. The discussion covers initial access brokers, notable ransomware groups like Conti and LockBit, and modern shifts in the ransomware landscape fueled by AI and affiliate models. This episode offers a comprehensive guide for understanding how ransomware operates and the tactics used by cybercriminals, making it a must-watch for anyone interested in cybersecurity. 00:00 Introduction  00:50 Meet Tammy Harper: Expert in Ransomware 01:59 Understanding the Ransomware Ecosystem 03:26 Ransomware Business Models and Initial Access Brokers 06:39 Double and Triple Extortion Explained 10:50 The Evolution of Ransomware 15:43 The Role of Cryptocurrency in Ransomware 19:22 The Rise and Fall of Conti 25:56 Tools of the Trade: EMOTET, ICEDID, and TrickBot 33:35 LockBit and the Ransomware Cartel 36:37 The National Hazard Agency and Ba Lord 38:13 LockBit Training Materials 40:23 Ransomware Negotiations 40:54 Ransom Chat Project 41:58 Conti vs. LockBit Negotiation Tactics 47:30 Modern Ransomware Groups 51:18 Medusa and Other Emerging Groups 01:04:52 Initial Access Market 01:09:41 Conclusion and Final Thoughts  

Cyber Crime Crackdown: $300 Million in Crypto Frozen, FBI Accounts Hacked, and Critical Microsoft Patches Released In this episode of Cybersecurity Today, host Jim Love covers major recent events in cybercrime and cybersecurity. Over $300 million in cryptocurrency tied to cybercrime has been frozen through coordinated efforts by the private sector and law enforcement in the US and Canada. Cyber criminals are selling active FBI and other law enforcement email accounts for as low as $40, posing significant risks of impersonation and fraud. Microsoft's latest Patch Tuesday addresses over 100 vulnerabilities, including critical flaws in various services and applications. Nova Scotia Power faces criticism for seeking to hide details about a major cybersecurity breach that affected 280,000 customers, with regulators emphasizing the need for public accountability. Jim signs off by encouraging listeners to support and provide feedback for the show. 00:00 Cybercrime Crypto Crackdown 02:34 FBI Email Accounts for Sale 04:05 Microsoft Patch Tuesday Updates 06:16 Nova Scotia Power Cybersecurity Breach 07:43 Show Wrap-Up and Listener Engagement

In this episode of Cybersecurity Today, host David Shipley covers critical security updates and vulnerabilities affecting Microsoft Exchange, Citrix NetScaler, and Fortinet SSL VPNs. With over 29,000 unpatched Exchange servers posing a risk for admin escalation and potential full domain compromise, urgent action is needed. Citrix Bleed 2 is actively being exploited, with significant incidents reported in the Netherlands and thousands of devices still unpatched globally. Fortinet SSL VPNs are experiencing a spike in brute force attacks, hinting at a possible new vulnerability on the horizon. Lastly, Shipley highlights notable moments from DEFCON 33, including innovative security hacks and sobering realities of the hacker community. Tune in for detailed breakdowns and insights on how to stay vigilant against these threats. 00:00 Introduction and Overview 00:32 Microsoft Exchange Vulnerability 02:54 Citrix Bleed Two Exploits 05:21 Fortinet SSL VPN Brute Force Attacks 07:39 Insights from DEFCON 33 13:46 Conclusion and Final Thoughts

In today's episode of Cybersecurity Today, host David Shipley covers critical updates on recent cyber attacks and breaches impacting the US Federal judiciary's case management systems, and SonicWall firewall compromises. He also discusses researchers' new jailbreak method against GPT-5, which bypasses ethical guardrails to produce harmful instructions. Shipley shares insights and standout sessions from Hacker Summer Camp 2025, including BSides Las Vegas, the I Am the Cavalry track, and Defcon, highlighting ongoing efforts and challenges in the cybersecurity landscape. Stay informed, stay secure, and join the conversation in this detailed overview of current cybersecurity issues and innovations. 00:00 Introduction and Headlines 00:31 US Federal Judiciary Cyber Attack 02:29 SonicWall Ransomware Attacks 04:14 AI Jailbreak Techniques 07:44 Hacker Summer Camp 2025 Highlights 08:10 BSides Las Vegas and Community Insights 09:29 Healthcare Cybersecurity and Crash Cart Project 12:11 Defcon Reflections and Final Thoughts 13:45 Conclusion and Listener Engagement