Cybersecurity Today: Allegations Against Elon Musk, Microsoft Lockout Issues, Cozy Bear's New Malware, and Canada's Anti-Fraud Proposals In this episode of Cybersecurity Today, hosted by David Shipley, we examine several major cybersecurity stories. A whistleblower accuses Elon Musk's team's involvement in a significant cyber breach at the National Labor Relations Board. Administrators face challenges with Microsoft's Mace feature, causing widespread account lockouts over the Easter weekend. The Russian hacking group Cozy Bear targets European diplomats using wine-themed phishing tactics. Canadian Conservative leader Pierre Poilievre proposes stringent measures against online fraud, including hefty fines and criminal charges for companies failing to act against digital scammers. 00:00 Breaking News: Doge and the US Labor Watchdog Cyber Breach 03:30 Microsoft Security Feature Causes Weekend Chaos 06:08 Russian Hackers Target European Diplomats with Wine-Themed Phishing 07:30 Canadian Conservative Leader Proposes Anti-Fraud Measures 09:25 Conclusion and Contact Information

In this episode of Cybersecurity Today titled 'The Secret CISO,' host Jim Love, along with guests Octavia Howell, Daniel Pinsky, and John Pinard, delves into the personal and professional experiences of Chief Information Security Officers (CISOs). They share their journeys into cybersecurity, discuss the challenges and pressures of their roles, and offer insights into effective leadership and talent development. The discussion also covers the evolving nature of security threats, resource constraints, and the importance of continuous learning and strategic alignment in cybersecurity. This candid conversation aims to provide valuable perspectives for both aspiring and seasoned security professionals.

00:00 Introduction to The Secret CISO 01:11 Meet the CISOs 03:08 Career Journeys and Reflections 08:45 Challenges and Pressures of the Job 23:21 Learning and Staying Ahead 28:15 Leadership and Team Development 40:34 Advice for Aspiring CISOs 43:14 Conclusion and Audience Engagement

In this episode of Cybersecurity Today, hosted by Jim Love, the show salutes Katie Moussouris of Luta Security for her courage in speaking truth to power. The episode covers various significant news in the cybersecurity world: the explosion of identity theft in Canada’s tax system, Prodaft’s strategic purchase of hacker forum accounts for intelligence, Google’s new security feature for Android devices, Hertz's data breach due to a vendor hack, and a US attorney's allegations against a UK intelligence firm for orchestrating a hack-for-hire scheme. Additionally, the episode discusses the troubling political ramifications following President Trump’s revocation of security clearance from Chris Krebs, former CISA director, and the subsequent investigation, highlighting the importance of protecting free speech and integrity within the cybersecurity profession.

00:00 Introduction and Salute to Katie Moussoursis 00:44 Identity Theft Nightmare in Canada 03:20 Prodaft's Innovative Cybercrime Monitoring 05:22 Google's New Android Security Feature 07:08 Hertz Data Breach and Legal Implications 09:22 Controversial Hack-for-Hire Allegations 11:26 Conclusion and Final Thoughts 11:36 Speaking Truth to Power: The Case of Chris Krebs

In this episode of Cybersecurity Today, host David Shipley discusses several pressing concerns in the cybersecurity landscape. Attackers have been exploiting Fortinet VPN devices to maintain access even after patches were applied; administrators are urged to upgrade and follow recovery guidance. Microsoft has created a new INET Pub folder through its latest Windows update, advising users not to delete it due to a linked security flaw. Lastly, AI-generated code dependencies are becoming a serious supply chain risk, with attackers creating malicious packages based on AI hallucinations. Users are advised to thoroughly review AI-generated code to avoid 'slop squatting'.

00:00 Introduction and Fortinet VPN Exploits 02:46 Microsoft's INET Pub Folder Issue 04:57 AI Hallucinations and Code Dependencies 06:22 Conclusion and Contact Information

In this captivating interview, host Jim Love sits down with Licenia Rojas, Senior Vice President and Chief Architect at TD Bank. They discuss Licenia's journey in the technology sector, the importance of mentorship, and the role of continuous learning in career development. The conversation also delves into evolving topics such as cybersecurity, AI innovation, and the increasingly pivotal role of architecture in modernizing financial institutions. Whether you're early in your career or a seasoned professional, this episode offers authentic and practical advice on navigating the tech industry.

00:00 Introduction to the Interview Series 01:25 Meet Licenia Rojas: Career Journey and Early Influences 02:35 Discovering a Passion for Technology 04:43 The Importance of Continuous Learning and Mentorship 05:44 Navigating Career Transitions and Embracing New Roles 08:06 The Role of Curiosity and Asking Questions 13:24 The Value of Company Culture 15:09 Current Role and Responsibilities at TD Bank 17:08 The Evolution and Importance of Architecture in Technology 21:23 Understanding the Technology Life Cycle 22:48 Defining and Achieving Good Outcomes 24:34 Customer-Centric Innovation 26:40 Encouraging Employee Ideas and Feedback 28:34 Overcoming Cynicism in Tech Teams 31:35 Exciting Emerging Technologies 35:57 The Role of AI in Enhancing Productivity 38:50 Advice for Aspiring Technologists 41:59 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host Jim Love covers the shutdown of a spammer exploiting OpenAI's GPT model, a cybersecurity breach at the US Office of the Comptroller of the Currency, and a new malware operation called 'Operation End Game' targeting major cybercrime networks. He also discusses the emergence of a destructive RAT on GitHub that poses a significant risk to Windows systems, and a critical vulnerability in the WordPress plugin AutoKit that was exploited mere hours after its disclosure. Ensure you stay updated on these evolving threats and the necessary precautions to safeguard your systems.

00:00 Introduction and Headlines 00:25 Spammers Exploit OpenAI's GPT Model 02:14 US Bank Regulator Hacked 04:25 Operation End Game: Tackling Cybercrime 07:06 Neptune RAT: A New Threat to Windows 09:12 WordPress Plugin Vulnerability Exploited 11:25 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love covers important security updates and warnings including critical flaws in WinRAR, a patch for a high severity zero-day vulnerability in Windows CLFS, and a security vulnerability in WhatsApp's Windows desktop application. He urges users to update their software to protect against exploits. Additionally, Jim discusses Identity Management Day and the concerning findings from an OKTA survey revealing Canadians' growing worries about identity theft. He announces his plan to create a special segment on new identity solutions to address these concerns. The episode also includes a shout-out to the BSides Calgary event for information security professionals.

00:00 Introduction and Event Announcement 00:51 Critical Flaws in Compression Utility 03:33 Microsoft Patches Zero-Day Exploits 05:01 WhatsApp Security Vulnerability 06:46 Identity Management Day Insights 10:13 Conclusion and Contact Information

In this episode of Cybersecurity Today, host David Shipley covers a range of crucial issues. With tax day approaching, Microsoft reports a rise in sophisticated tax-themed phishing campaigns. The IRS has issued a warning against using its name in phishing simulations to avoid legal repercussions. Furthermore, cybersecurity journalist Brian Krebs reveals that Minnesota cybersecurity expert Mark Lanterman is under FBI investigation for potentially falsifying his credentials, impacting thousands of court cases. Lastly, several Australian superannuation funds have been targeted in a cyber scam, raising questions about the necessity of multifactor authentication for financial services. The episode emphasizes the need for stringent standards in cybersecurity expertise and shared responsibility in financial security.

00:00 Introduction and Headlines 00:24 Tax-Themed Phishing Scams on the Rise 00:36 Microsoft's Findings and IRS Warnings 01:32 Phishing Simulations and Legal Risks 02:53 Educating Employees on Phishing 03:15 Minnesota Cybersecurity Expert Under Scrutiny 04:25 Allegations and Legal Implications 05:52 Australian Retirement Funds Cyber Scam 06:16 Impact and Response to the Breach 07:07 The Need for Stronger Security Measures 08:26 Conclusion and Contact Information

In this episode of the cybersecurity month-end review, host Jim Love is joined by Daina Proctor from IBM in Ottawa, Randy Rose from The Center for Internet Security from Saratoga Springs, and David Shipley, CEO of Beauceron Security from Fredericton.

The panel discusses major cybersecurity stories from the past month, including the Oracle Cloud breach and its communication failures, the misuse of Signal by U.S. government officials, and global cybersecurity regulation efforts such as the UK's new critical infrastructure laws. They also cover notable incidents like the Kuala Lumpur International Airport ransomware attack and the NHS Scotland cyberattack, the continuous challenges of EDR bypasses, and the importance of fusing anti-fraud and cybersecurity efforts. The discussion emphasizes the need for effective communication and stringent security protocols amidst increasing cyber threats.

00:00 Introduction and Panelist Introductions 01:25 Oracle Cloud Breach: A Case Study in Incident Communication 10:13 Signal Group Chat Controversy 20:16 Leadership and Cybersecurity Legislation 23:30 Cybersecurity Certification Program Overview 24:27 Challenges in Cybersecurity Leadership 24:59 Importance of Data Centers and MSPs 26:53 UK Cybersecurity Bill and MSP Standards 28:09 Cyber Essentials and CMMC Standards 32:47 EDR Bypasses and Small Business Security 39:32 Ransomware Attacks on Critical Infrastructure 43:34 Law Enforcement and Cybercrime 47:24 Conclusion and Final Thoughts

In this episode, host Jim Love discusses a rise in unauthorized network scans targeting Juniper and Palo Alto devices, raising concerns about espionage and botnet activities. The podcast also delves into the controversial use of the Signal app by National Security Advisor Mike Waltz's team for sensitive communications, sparking debates on security and legality. Additionally, the episode highlights the potential misuse of OpenAI’s advanced image generation tool for creating fraudulent documents. Finally, it covers the mysterious disappearance of cybersecurity professor JF Wang and his wife, following an FBI and Homeland Security investigation.

00:00 Introduction and Overview 00:23 Unauthorized Scans on Network Devices 02:01 National Security Concerns with Signal App 05:21 Risks of AI-Generated Images 07:44 The Disappearance of a Cybersecurity Professor 09:57 Conclusion and Upcoming Events