This episode explores the 'Grandparent Scam,' a prevalent and profitable fraud targeting seniors by exploiting their concern for their grandchildren. Experts Deirdre and John from Ireland's National Cybersecurity Center and the Ontario Provincial Police share insights into the scam's mechanics, the emotional impact on victims, and the challenges law enforcement faces in combating such crimes. They discuss the effectiveness of public-private partnerships, the importance of victim-centric approaches, and emerging fraud trends such as investment scams and bank imposter scams. The episode emphasizes the critical role of education, awareness, and reporting in preventing and mitigating the impact of these cyber frauds.

00:00 Introduction to the Grandparent Scam 00:37 The Emotional and Financial Impact on Victims 01:26 Fighting Back: The Role of Law Enforcement 02:38 Meet the Experts: Deirdre's Journey 04:44 Meet the Experts: John's Journey 06:35 The Global Scale of Cyber Fraud 08:11 Challenges in Handling Individual Fraud Cases 10:24 Community-Based Approaches to Support Victims 14:37 The Sophistication of Modern Scams 20:57 The Grandparent Scam: A Detailed Breakdown 28:01 Understanding Social Engineering 28:19 Cybersecurity Conversations with Vulnerable Populations 28:50 Fraud Prevention Initiatives 31:07 Challenges in Communicating Cybersecurity 32:35 Emerging Fraud Trends 35:35 The Importance of Reporting Fraud 37:53 Future Threats and Scams 40:58 The Role of Public-Private Partnerships 41:46 Final Thoughts and Next Steps

In this episode, the host Jim Love discusses the increasing sophistication of supply chain attacks, starting with an account of a blockchain developer who lost $500,000 due to a malicious extension in a popular AI-powered coding tool. The episode also covers a significant cyber emergency in St. Paul, Minnesota, which required National Guard support, and the City’s struggle to comprehend the full scope of the hack. Additionally, the US Cybersecurity and Infrastructure Security Agency (CISA) has released a new eviction strategies tool to help cybersecurity teams remove persistent threats. The episode concludes with an update on the Ingram Micro breach, where the Safe Pay ransomware gang has threatened to leak 35 terabytes of stolen data. Listeners are encouraged to focus on preventative measures even when ransomware attacks do not involve encryption.

00:00 Introduction and Headlines 00:25 The $500,000 Crypto Heist 01:26 Supply Chain Attack on Open VSX 04:50 Lessons from the Attack 06:16 Oyster Backdoor Threat 07:54 Cyber Attack on St. Paul 09:09 CISA's New Eviction Strategies Tool 10:43 Ingram Micro Data Breach Update 12:18 Conclusion and Contact Information

In this episode of 'Cybersecurity Today,' host Jim Love covers several significant cybersecurity incidents. Hackers disrupt all Aeroflot flights, causing massive delays in Russia. The women-only dating app 'Tea' faces a second serious data leak, exposing 1.1 million private messages. A game on Steam named 'Camia' is found to contain three types of malware, including Info Stealers and a Backdoor. Additionally, researchers discover that OpenAI's GPT-4 agent can bypass CAPTCHAs, raising concerns about the future of this security measure.

00:00 Introduction and Headlines 00:28 Tea App's Major Data Breaches 02:29 Aeroflot Cyber Attack Disrupts Flights 04:22 Malware Found in Steam Game 06:27 OpenAI's GPT-4 Bypasses Captchas 08:59 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host David Shipley covers several key incidents impacting the cybersecurity landscape. Amazon's generative AI coding assistant 'Q' was compromised by a hacker who injected data-wiping code into the tool's GitHub repository. Scattered Spider, a notorious cybercrime group, continues its malware attacks on VMware ESXI hypervisors using advanced social engineering techniques. In a significant enforcement action, global law enforcement dismantled the Black Suit ransomware infrastructure under Operation Checkmate. Lastly, Insurance Giant Allianz Life revealed a data breach affecting its US customer base. Stay tuned to understand the latest threats and protective measures in cybersecurity.

00:00 Introduction and Headlines 00:30 Amazon AI Coding Tool Breach 03:07 Scattered Spider's VMware ESXI Attacks 06:44 Operation Checkmate: Black Suit Ransomware Takedown 08:16 Alliance Life Insurance Data Breach 10:25 Conclusion and Call to Action

This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering.

In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication.

00:00 Introduction to Cybersecurity Today 00:40 The Evolution of Phishing Attacks 01:44 Deep Dive into Phishing Techniques 03:31 History of Phishing 06:04 Types of Phishing: From Email to Whaling 10:06 Advanced Phishing Tactics 19:25 The Psychology Behind Phishing 26:03 Phishing Tactics: Free Gift Card Scams 26:33 The Power of Scarcity in Phishing 28:27 Authority and Phishing: Impersonation Tactics 29:11 Consistency: Small Requests Leading to Big Scams 30:14 Liking and Social Proof in Social Engineering 32:15 The Evolution of Phishing Techniques 35:31 The Role of MFA in Enhancing Security 38:35 Passkeys and the Future of Authentication 44:57 Building a Security-Conscious Workplace Culture 48:47 Conclusion and Final Thoughts

The recent Sharepoint hack is spreading like wildfire through unpatched systems. All this and more on today's episode with guest host David Shipley. 

We're having some issues with podcast distribution. We're going to take a couple of days to figure out what is going on and what, if anything, we can do about it. 

In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads. 

Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28 using large language models for command and control.

Microsoft discontinues the use of China-based engineers for US Department of Defense systems following a controversial report. Lastly, social engineering, facilitated by AI, becomes a greater threat than zero-day exploits.

The episode emphasizes the need for stronger maintainer security, multifactor authentication, and a comprehensive understanding of social engineering risks. 

00:00 Introduction - 10 Million Downloads 01:30 NPM Linter Packages Hijacked 05:05 Social Engineering and AI in Cybersecurity 08:57 Microsoft's China-Based Engineers Controversy 12:15 The Real Threat: Social Engineering 16:39 Conclusion and Call to Action

The Cybersecurity Today episode revisits a discussion on the risks and implications of AI hosted by Jim Love, with guests Marcel Gagné and John Pinard. They discuss the 'dark side of AI,' covering topics like AI misbehavior, the misuse of AI as a tool, and the importance of data protection in production environments. The conversation delves into whether AI can be conscious and the ethical considerations surrounding its deployment, particularly in highly regulated industries like finance. They emphasize the need for responsible use, critical thinking, and ongoing oversight to mitigate potential risks while capitalizing on AI's benefits. The episode concludes with a call for continued discussion and engagement through various platforms.

00:00 Introduction to Cybersecurity Today 00:33 Exploring the Dark Side of AI 02:31 AI Misbehavior and Security Concerns 07:35 Speculative Risks and Consciousness 26:09 AI in Corporate Settings 31:49 Human Weakness in Security 32:37 Social Engineering Tactics 33:08 Security in Engineering Systems 33:42 AI Data Storage and Security 35:16 AI Data Retrieval Concerns 39:36 Testing Security in Development 41:37 AI in Regulated Industries 43:57 Bias and Decision Making in AI 47:18 Critical Thinking and Debate Skills 55:06 The Role of AI as a Consultant 01:02:21 The Future of AI and Responsibility 01:04:55 Conclusion and Contact Information

In today's episode, host Jim Love covers recent cybersecurity threats, including malware hidden in DNS records, a custom backdoor targeting SonicWall SMA devices, the US military assuming a network compromise after Chinese hackers targeted VPNs and email servers, and a $27 million theft from the BigONE crypto exchange. The show highlights how attackers are using innovative techniques to evade detection and emphasizes the need for increased vigilance in monitoring and securing systems.

00:00 Introduction to Cybersecurity News 00:26 Malware Hidden in DNS Records 02:26 SonicWall Devices Under Attack 04:30 US Military Breach by Chinese Hackers 07:07 $27 Million Crypto Theft 08:58 Conclusion and Listener Engagement