Cybersecurity Today

Explore the growing threat of 'living off the land' attacks, where hackers exploit legitimate Windows tools to conceal their activities. Discover the alarming trend of phishing campaigns using spoofed Calendly invites targeting Google and Meta credentials. Learn about a significant data breach at the University of Pennsylvania linked to unpatched Oracle vulnerabilities. Finally, delve into the intriguing world of AI jailbreaks, where research reveals that syntactic patterns can enable exploits in large language models.

In a gripping discussion, the rise of QR code parking scams across Europe is unveiled, raising eyebrows and caution. A recent Australian case sheds light on the dangerous evil twin WiFi attacks targeting unsuspecting travelers. The conversation takes a serious turn with the ransomware incident shutting down a critical emergency notification system. Meanwhile, vulnerabilities in Microsoft Teams' guest access pose significant risks. Additionally, the launch of hacklore.org sparks debate about the distinction between perceived myths and real-world cybersecurity threats.

Neil Bisson, a retired intelligence officer, shares insights on human intelligence recruitment and building rapport. David Shipley, CEO of Beauceron Security and phishing expert, discusses the rise of AI in social engineering tactics. They explore the psychological vulnerabilities that cyber attackers exploit, comparing phishing to intelligence operations. Listeners gain practical advice on fostering awareness, applying empathy, and recognizing deception in cybersecurity. Ethical considerations in intelligence work are also highlighted, emphasizing the importance of continuous education.

This update dives into a significant data theft affecting U.S. banks linked to a financial tech vendor. The host covers the CLOP group's exploitation of Oracle's vulnerabilities targeting Broadcom. Listeners will learn about the SteelC malware cleverly disguised in Blender 3D models, as well as the Shai-Hulud attack infiltrating NPM packages. The discussion also highlights a sophisticated phishing scam using similar domains to trick Microsoft users. Practical tips are provided to help safeguard against these threats.

A major security breach at Ascensus has US banks on alert, with the ALFV ransomware gang claiming a staggering three terabytes of stolen data. Broadcom is under attack from CLOP via vulnerabilities in Oracle’s system. In a twist, malicious Blender 3D files are now delivering stealthy SteelC malware. The JavaScript ecosystem isn't safe either, as Shai-Hulud compromises 500 NPM packages. Additionally, a deceptive phishing campaign is targeting Microsoft users with look-alike domains.

Checkout.com takes a bold stand by refusing to pay ransom to Shiny Hunters, instead channeling funds into cybersecurity research. The SEC's dismissal of the SolarWinds case sparks a debate on CISO accountability. Meanwhile, the FCC's reversal of cybersecurity mandates raises eyebrows and questions about our national security. The discussion highlights the crucial role of policy in shaping cybersecurity and urges the tech community to get involved in crafting better regulations.

In this discussion, retired intelligence officer Neil Bisson and cybersecurity analyst David Shipley dive deep into the current landscape of cyber threats from state actors like China and Russia. They reveal the shift in espionage driven by big data and its influence on corporate targets. Bisson shares insights on the vulnerabilities of critical infrastructure, while Shipley emphasizes the importance of private sector cooperation with intelligence agencies. They also highlight India's rising cyber capabilities and offer practical advice for enhancing organizational security.

CloudFlare experienced major outages, disrupting services for big names like Amazon and YouTube. As Black Friday approaches, phishing attempts have surged by 36%, with fake retail sites popping up to trick shoppers. A significant privacy breach occurred at an Ontario hospital due to an AI tool mismanaging sensitive information. Meanwhile, Salesforce faces challenges investigating data theft linked to OAuth token misuse with Gainsight. Each topic highlights the pressing need for vigilance in cybersecurity.

This episode dives into the recent Cloudflare outage that disrupted major services like OpenAI and Discord. Microsoft’s new AI feature raises eyebrows with potential malware risks. A cutting-edge red team tool is introduced, which exploits cloud-based EDR systems. Interestingly, attackers are now using calendar invites as a stealth phishing tactic. A critical SAP vulnerability, scoring a perfect 10 on the CVSS scale, demands immediate attention. Plus, an AI mishap leads to a bizarre escalation attempt to the FBI!

A massive zero-day vulnerability in Fortinet has left systems vulnerable and in need of urgent security patches. Meanwhile, North Korean IT infiltrators have compromised 136 companies, redirecting funds back to the regime. The Jaguar Land Rover cyber attack revealed a staggering $220 million loss, underscoring its impact on the UK's economy. Additionally, recent findings expose troubling copy-pasted flaws in AI frameworks, raising concerns about security practices in tech. Stay informed to protect your digital assets!