Cyber Security Today: Fortinet Data Breach, Seattle Ransomware Attack, and Lazarus Targeting Developers

In this episode of Cyber Security Today, host Jim Love covers Fortinet's confirmation of a data breach after a hacker claims to have stolen 440GB of data. The episode also discusses the cyber attack on Seattle Tacoma International Airport by the Rysida ransomware group and the port's refusal to pay the ransom. Additionally, North Korean hacker group Lazarus is targeting Python developers via malicious coding tests as part of the VM connect campaign. Stay tuned to learn more about these pressing cybersecurity issues.

00:00 Introduction to Cyber Security Today
00:27 Fortinet Data Breach Details
02:15 Seattle Tacoma Airport Ransomware Attack
03:41 Lazarus Group Targets Python Developers
05:30 Conclusion and Final Thoughts

Cybersecurity Insights: Vulnerabilities, Insider Threats, and the Future of Online Safety

In this weekend edition of Cybersecurity Today, host Jim Love is joined by regulars Terry Cutler of Cyology Labs and David Shipley of Beauceron Security, alongside special guest Laura Payne from White Tuque. They discuss significant cybersecurity news including the new additions to CISA's known exploited vulnerabilities catalog, a hilarious yet eye-opening domain purchase incident, and the ongoing issue of insider threats. The panel also dives into the complexities surrounding recent breaches like the one at Avis and the broader implications of data vulnerabilities. Stay tuned for the latest insights and expert opinions on what's happening in the cybersecurity world.

00:00 Introduction and Panelist Introductions
01:31 Format Overview and First Cybersecurity Story
01:47 Discussion on CISA's Vulnerability Catalog
02:51 Challenges in Patch Management
06:45 Microsoft's Patch Tuesday Controversy
10:49 The $20 Domain Vulnerability
15:42 Insider Threats and Real-World Incidents
18:11 Handling Disgruntled Employees
18:51 Insider Threats: Real-Life Examples
19:41 Preventing Insider Threats
21:30 Password Management and Security
22:53 Case Study: Sales Employee Walks Out with Client List
23:42 Jurassic Park and Risk Management
24:32 Avis Data Breach: What Happened?
25:51 The Importance of Identity Theft Protection
29:44 Challenges in Cybersecurity Awareness
34:27 Microsoft's New Security Measures
35:07 Conclusion and Farewell

Cyber Security Today: TfL Data Breach, Critical Vulnerabilities, and Insider Threats

Join host Jim Love in 'Cyber Security Today' as we delve into the latest cyber security incidents and updates. Learn about Transport for London's data breach affecting thousands of customers, critical vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, and the recent Microsoft Patch Tuesday addressing over 70 security flaws. We also discuss significant breaches at Avis, shocking domain purchase by a researcher highlighting internet trust issues, and insider threats exemplified by Daniel Rhyne's rogue actions against an industrial company. Stay informed with expert insights and essential recommendations!

00:00 Introduction and Breaking News
00:05 Transport for London Cyber Attack
01:04 New Vulnerabilities Added to CISA's KEV Catalog
02:38 Microsoft and Other Major Tech Companies Release Patches
04:02 Avis Data Breach
05:15 Security Researcher Buys Critical Domain
07:58 Insider Threat: The Daniel Rhyne Case
09:53 Conclusion and Final Thoughts

Cybersecurity Today: Microsoft Office 2024, Data Breach, CrowdStrike Fallout, & Ford's Privacy Concerns

In this episode of Cybersecurity Today with your host Jim Love, we discuss Microsoft's decision to disable ActiveX controls by default in Office 2024 to enhance security, the data breach at SlimCD affecting 1.7 million credit card owners, CrowdStrike's ongoing response to the July IT disruption, and privacy concerns over Ford's new patent application for in-car conversation monitoring. Learn about the implications and what these developments mean for IT professionals and end-users.

00:00 Introduction and Headlines
00:24 Microsoft Office 2024 Security Changes
01:50 Major Data Breach at SlimCD
03:51 CrowdStrike's Crisis Management
05:35 Ford's Controversial Patent Application
06:54 Conclusion and Show Notes

Massive Healthcare Data Breach, Google's Move to Rust, and New Sextortion Scams - Cybersecurity Today

In this episode of Cybersecurity Today, hosted by Jim Love, we discuss a major healthcare data breach at Confident Health where 5.3 terabytes of sensitive mental health data were exposed due to a misconfigured server. Google advocates for replacing legacy C and C++ code with Rust for better security and productivity. We also explore the disturbing new trend in sextortion scams that now include photos of victims' homes to enhance threats, and the importance of addressing such scams in corporate security programs.

00:00 Introduction and Headlines
00:18 Major Data Breach at Confident Health
02:08 Google's Move to Rust for Enhanced Security
03:59 The Rising Threat of Sextortion Scams
05:50 Conclusion and Resources

Toronto School Board Hack & Cybersecurity Best Practices: Expert Panel Discussion

Welcome to the weekend edition of Cybersecurity Today, hosted by Jim Love! Join our expert panel featuring Terry Cutler from Cyology Labs, David Shipley of Beauceron Security, and special guest Daina Proctor from IBM Security Services Canada. This episode dives into recent cybersecurity stories including a major data breach at the Toronto District School Board and continued fallout from the MoveIT software hack. Our experts discuss the importance of robust security measures, the cultural shift needed in organizations to handle cyber threats, and the increasing role of cybersecurity insurance. We’ll also explore fascinating stories like active listening on Android phones and Disney's legal backtrack. Don't miss out on this insightful and engaging conversation!

00:00 Introduction and Panelist Welcome
01:26 Toronto School Board Cyber Attack
02:16 Challenges in School Cybersecurity
10:52 MoveIT Hack and Its Implications
15:43 Insurance and Cybersecurity
25:19 City of Columbus Data Breach
26:21 Spotting the Problem: Data Overload
26:31 Columbus Breach: Encryption and Legal Battles
27:25 The Streisand Effect and Legal Protections
28:20 Personal Story: Public Information and Security
29:19 Human Element in Cyber Attacks
34:20 Incident Response Planning and Simulations
39:13 Proactive Cybersecurity Measures
46:40 Consumer Data Privacy Concerns
54:01 Conclusion and Final Thoughts

Terry referred to CyologyLab.com/start for the video and the free tools.

AI Summer Recap: OpenAI's GPT 5, GPT Next, and Beyond

Join host Jim Love as he navigates through the major AI and cybersecurity stories that dominated summer 2023. From CrowdStrike's impact on Windows security to OpenAI's tantalizing announcements of GPT 4.0 Omni and the anticipated GPT Next, this episode reflects on the giant strides in AI technology. Understand the strategic buzz created by OpenAI, the unrecognized achievements by Google, and the intricate gossip surrounding futuristic AI models like QSTAR and Strawberry. This comprehensive recap highlights why the advancements in AI could significantly shape business processes and technological systems in the near future. Don't miss the rerun of the highly informative Practical AI episode featuring industry experts, plus a hint at what's to come in tech news.

00:00 Introduction and Host Welcome
00:37 Summer's Blockbuster Stories: AI and Cybersecurity
01:06 OpenAI's Strategy and GPT 4.0 Omni
03:11 The Mystery of Sora and Other Rumors
04:53 Google's AI Achievements and OpenAI's Mastery
07:27 The GPT Next Announcement
10:27 Conclusion and Future AI Developments
11:57 Practical AI Episode Rerun and Closing Remarks

Is Your Phone Spying on You? D Link Vulnerabilities & Government Data Requests

In this episode of Cyber Security Today, host Jim Love discusses critical remote code execution vulnerabilities in D Link routers, impacting their discontinued DIR 846 series. These flaws, including CVE 2024 44341 and CVE 2024 44342, pose significant risks, prompting D Link to recommend users replace outdated devices. The episode also examines the considerable amount of data governments gather from big tech companies, with a study by Surfshark highlighting the increasing user data requests. Lastly, Jim covers a report from 404 Media that reveals Facebook's partner, Cox Media Group, using smartphone microphones for targeted ads, raising severe privacy concerns. Stay informed about the latest in cybersecurity by tuning in!

00:00 Introduction: Is Your Smartphone Listening?
00:15 D-Link Router Vulnerabilities Exposed
02:24 Government Data Requests from Big Tech
04:15 Tech Companies' Compliance with Data Requests
05:38 Facebook's Active Listening Scandal
08:20 Conclusion and Show Notes