This is repeat of a broadcast from last October, still relevant, especially in the light of so many current breaches which have begun not with technical weaknesses but with phishing and social engineering.

In this deeper dive episode of 'Cybersecurity Today,' hosts Jim Love and David Shipley, a top cybersecurity expert from Beauceron Security, explore the evolution, intricacies, and impact of phishing attacks. They highlight recent sophisticated phishing strategies that combine AI, complex setups, and psychological manipulation to deceive even the most knowledgeable individuals. The discussion covers various types of phishing including spearphishing, whaling, sharking, QR phishing, and the emotional and psychological tactics employed by attackers. They also delve into practical defense mechanisms such as Multi-Factor Authentication (MFA), passkeys, and the importance of fostering a security-conscious workplace culture. The episode emphasizes the need for a diversified security approach involving technology, training, and emotional intelligence, while encouraging assertiveness in questioning potentially fraudulent communication.

00:00 Introduction to Cybersecurity Today
00:40 The Evolution of Phishing Attacks
01:44 Deep Dive into Phishing Techniques
03:31 History of Phishing
06:04 Types of Phishing: From Email to Whaling
10:06 Advanced Phishing Tactics
19:25 The Psychology Behind Phishing
26:03 Phishing Tactics: Free Gift Card Scams
26:33 The Power of Scarcity in Phishing
28:27 Authority and Phishing: Impersonation Tactics
29:11 Consistency: Small Requests Leading to Big Scams
30:14 Liking and Social Proof in Social Engineering
32:15 The Evolution of Phishing Techniques
35:31 The Role of MFA in Enhancing Security
38:35 Passkeys and the Future of Authentication
44:57 Building a Security-Conscious Workplace Culture
48:47 Conclusion and Final Thoughts

The recent Sharepoint hack is spreading like wildfire through unpatched systems. All this and more on today's episode with guest host David Shipley.

We're having some issues with podcast distribution. We're going to take a couple of days to figure out what is going on and what, if anything, we can do about it.

In this episode of Cybersecurity Today, host David Shipley discusses several pressing cybersecurity issues. First, popular NPM Linter packages were hijacked via phishing to spread malware, affecting millions of downloads.

Concurrently, Ukrainian CERT uncovers new phishing campaigns tied to APT28 using large language models for command and control.

Microsoft discontinues the use of China-based engineers for US Department of Defense systems following a controversial report. Lastly, social engineering, facilitated by AI, becomes a greater threat than zero-day exploits.

The episode emphasizes the need for stronger maintainer security, multifactor authentication, and a comprehensive understanding of social engineering risks.

00:00 Introduction - 10 Million Downloads
01:30 NPM Linter Packages Hijacked
05:05 Social Engineering and AI in Cybersecurity
08:57 Microsoft's China-Based Engineers Controversy
12:15 The Real Threat: Social Engineering
16:39 Conclusion and Call to Action

The Cybersecurity Today episode revisits a discussion on the risks and implications of AI hosted by Jim Love, with guests Marcel Gagné and John Pinard. They discuss the 'dark side of AI,' covering topics like AI misbehavior, the misuse of AI as a tool, and the importance of data protection in production environments. The conversation delves into whether AI can be conscious and the ethical considerations surrounding its deployment, particularly in highly regulated industries like finance. They emphasize the need for responsible use, critical thinking, and ongoing oversight to mitigate potential risks while capitalizing on AI's benefits. The episode concludes with a call for continued discussion and engagement through various platforms.

00:00 Introduction to Cybersecurity Today
00:33 Exploring the Dark Side of AI
02:31 AI Misbehavior and Security Concerns
07:35 Speculative Risks and Consciousness
26:09 AI in Corporate Settings
31:49 Human Weakness in Security
32:37 Social Engineering Tactics
33:08 Security in Engineering Systems
33:42 AI Data Storage and Security
35:16 AI Data Retrieval Concerns
39:36 Testing Security in Development
41:37 AI in Regulated Industries
43:57 Bias and Decision Making in AI
47:18 Critical Thinking and Debate Skills
55:06 The Role of AI as a Consultant
01:02:21 The Future of AI and Responsibility
01:04:55 Conclusion and Contact Information

In today's episode, host Jim Love covers recent cybersecurity threats, including malware hidden in DNS records, a custom backdoor targeting SonicWall SMA devices, the US military assuming a network compromise after Chinese hackers targeted VPNs and email servers, and a $27 million theft from the BigONE crypto exchange. The show highlights how attackers are using innovative techniques to evade detection and emphasizes the need for increased vigilance in monitoring and securing systems.

00:00 Introduction to Cybersecurity News
00:26 Malware Hidden in DNS Records
02:26 SonicWall Devices Under Attack
04:30 US Military Breach by Chinese Hackers
07:07 $27 Million Crypto Theft
08:58 Conclusion and Listener Engagement

In this episode hosted by Jim Love, 'Cybersecurity Today' celebrates its recognition as number 10 on the Feed Spot list of Canadian News Podcasts and approaches a milestone of 10 million downloads. Key topics include new research identifying Nvidia GPUs as vulnerable to Rowhammer style attacks, Microsoft's significant security improvements in Microsoft 365, a critical Bluetooth vulnerability affecting 350 million cars, and a data exposure incident involving the Fredericton Police. Additionally, the official 'Elmo' account on X was hacked to post offensive content, emphasizing security gaps in high-profile social media accounts. For detailed information, visit technewsday.com or .ca.

00:00 Introduction and Milestones
00:52 Nvidia's Rowhammer Vulnerability
03:39 Microsoft's Security Overhaul
05:45 PerfektBlue Bluetooth Flaw
08:09 Police Data Leak Incident
10:12 Elmo's Twitter Account Hacked
12:43 Conclusion and Thanks

In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet’s FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code.

00:00 Introduction and Overview
00:35 Urgent Citrix Vulnerability Alert
03:26 Fortinet FortiWeb Exploit Details
06:23 Ingram Micro Ransomware Recovery
09:26 AI Coding and Security Risks
14:03 ChatGPT Security Flaw Exposed
17:20 Conclusion and Contact Information