Cisco Hits A Perfect 10 With A Critical Flaw in Industrial Wireless Systems: Cyber Security Today for Wednesday, November 13, 2024

In this episode, we discuss urgent cybersecurity concerns: Cisco's critical vulnerability affecting industrial wireless systems with a CVSS 10 rating, D-Link's refusal to patch severe flaws in over 60,000 outdated NAS devices, and Amazon's data breach tied to the MoveIT vulnerability. We'll also cover the importance of strong off-boarding processes, drawing lessons from a Disney insider threat incident involving a former employee. Join us as we dive deep into the latest security alerts and best practices to safeguard your systems and data. 00:00 Critical Flaw in Cisco's Industrial Wireless Systems 02:07 D-Link's Unpatched Vulnerabilities in NAS Devices 03:22 Amazon Employee Data Exposed in MoveIT Breach 04:41 Lessons from Disney's Insider Threat Incident 06:37 Conclusion and Final Thoughts

CyberSecurity Today: Zip File Attacks, iPhone Reboots, and LLM Vulnerabilities In today's episode, host Jim Love discusses hackers leveraging zip file concatenation to evade detection, mysterious iPhone reboots hindering police investigations, and Mozilla's Odin's in-depth analysis of security issues in a large language model. Discover how cybercriminals hide Trojans in zip files, how the iOS 18 feature Before First Unlock (BFU) could be affecting forensic examinations, and explore the intricacies of prompt injections and security implications in ChatGPT. Plus, tune in for an exclusive interview with Marco Figueroa from Mozilla's Odin Bug Bounty project to delve deeper into these findings. 00:00 Introduction and Headlines 00:21 Hackers Exploit Zip File Concatenation 01:48 Phishing Campaign with Remcos RAT 03:12 Mysterious iPhone Reboots 04:18 Mozilla's Odin Project and LLM Security 06:40 Conclusion and Afterwords

Jailbreaking AI: Behind the Guardrails with Mozilla's Marco Figueroa In this episode of 'Cyber Security Today,' host Jim Love talks with Marco Figueroa, the Gen AI Bug Bounty Program Manager for Mozilla's ODIN project. They explore the challenges and methods of bypassing guardrails in large language models like ChatGPT. Discussion points include jailbreaking, hexadecimal encoding, and the use of techniques like Deceptive Delight. Marco shares insights from his career, including his experiences at DEF CON, the NSA, McAfee, Intel, and Sentinel One. The conversation dives into Mozilla's efforts to build a secure AI landscape through the ODIN bug bounty program and the future implications of AI vulnerabilities. 00:00 Introduction and Guest Introduction 00:22 Understanding Large Language Models and Jailbreaking 01:53 Recent Jailbreaking Techniques and Examples 04:42 Interview with Marco Figueroa: Career Journey 10:12 Marco's Work at Mozilla and the ODIN Project 16:50 Exploring Prompt Injection and Hacking 23:21 Future of AI Security and Final Thoughts

FBI Warnings, TikTok's Canadian Shutdown, Major Data Breach Arrests & More | Cybersecurity Today In this episode of Cybersecurity Today, host Jim Love highlights the FBI's warning about growing phishing attacks exploiting government email credentials, leading to potential data theft and ransomware attacks. The Canadian government orders TikTok to shut down its domestic operations over national security fears, while the app plans to fight the decision. Authorities arrest Alexander Connor Moucka in conjunction with massive data breaches at companies like Ticketmaster and AT&T. Additionally, a Brampton landlord becomes a victim of an e-transfer scam, emphasizing the importance of securing email accounts. Stay informed with the latest cybersecurity news and recommendations. 00:00 Introduction and Headlines 00:22 FBI Warning on Phishing Attacks 01:53 International Law Enforcement Actions 02:26 Canada Orders TikTok Shutdown 03:45 Major Data Breach Arrests 04:22 Brampton Landlord E-Transfer Scam 05:16 Securing Personal Transfers 06:02 Conclusion and Show Notes

AI Finds Zero Day Vulnerability, MFA Mandatory on Google Cloud, French Energy Firm Hacked In today's episode of Cyber Security Today, host Jim Love discusses Google's AI-driven system Big Sleep discovering the first ever AI-identified zero day vulnerability in the SQLite database engine. He also covers Google's new requirement for Google Cloud users to implement multi-factor authentication (MFA) starting January, and a recent cyber-attack on French firm Schneider Electric, where hackers demanded a ransom in baguettes. Learn about these critical updates and their implications for the future of cybersecurity. 00:00 Introduction to Cyber Security Today 00:21 AI Discovers Zero Day Vulnerability 03:06 Google Cloud Enforces Multi-Factor Authentication 05:55 Hackers Demand Ransom in Baguettes 07:42 Conclusion and Show Notes

Chinese Cybersecurity Threats: Espionage in Silicon Valley, Canadian Government Infiltration, and Persistent Botnets In this special edition of Cyber Security Today, host Jim Love discusses three alarming stories illustrating the increasing cybersecurity threats posed by China. The episode details China's espionage activities in Silicon Valley, including a Google employee caught stealing AI trade secrets, the infiltration of Canadian government systems by Chinese state-sponsored hackers, and a persistent botnet using compromised TP-Link routers to target Microsoft Azure accounts. The stories highlight the urgent need for enhanced cybersecurity measures to counter these sophisticated threats. 00:00 Introduction: Rising Cybersecurity Threats from China 00:33 Silicon Valley Under Siege: Espionage in the Tech Hub 03:56 Canadian Government Infiltration: A Deep Dive 05:47 Persistent Botnet Threat: Covert Network 1658 07:31 Conclusion and Final Thoughts

Welcome to the weekend edition of Cybersecurity Today! Join host Jim Love as he delves into the top cybersecurity stories of the month with industry experts David Shipley of Beauceron Security, Terry Cutler of Cyology Labs, and special guest Kim Schreader from TELUS. This episode covers a range of vital topics, including AI's impact on cybersecurity, the alarming rise in API vulnerabilities, and a shocking report on the Canadian Revenue Agency's fraud losses. The panel also discusses cybersecurity awareness, the overlooked importance of protecting our libraries, and innovative ways to educate the next generation on cybersecurity. Don't miss their insights, expert opinions, and the debut of the cyber stinky award! 00:00 Introduction and Panelist Welcome 00:39 Kim Schreader's Background and Cybersecurity Insights 01:44 Cybersecurity Awareness Month Highlights 02:11 Phishing Milestones and Challenges 03:34 Home Cybersecurity and Public Engagement 04:59 SecTor Event and Cyber Insurance Study 06:10 Sextortion Emails and Ransomware Threats 07:30 Revenue Canada Fraud Scandal 14:31 Legacy Systems and Cybersecurity Accountability 17:55 AI in Cybersecurity: Threats and Opportunities 26:43 Medical Imaging Vulnerabilities 27:35 IoT Device Security Concerns 29:25 API Vulnerabilities and Exploits 31:45 Importance of Pen Testing 39:41 AI and Prompt Injection Risks 46:58 Education and Cybersecurity Awareness 52:23 Library Cyber Attacks and Conclusion

Cyber Security Today: Deceptive Delight Jailbreak, API Vulnerabilities Surge, Hex Attack on GPT-4 In this episode of Cyber Security Today, host Jim Love discusses the new jailbreak technique 'Deceptive Delight' that highlights vulnerabilities in large language models, the 21% increase in API vulnerabilities reported by Wallarm, and the hex-encoded attack on OpenAI's GPT-4. Learn about the significant rise in API security threats, including misconfigurations and cloud-native software vulnerabilities, and how cybercriminals are exploiting them. Discover how researchers are bypassing AI safety mechanisms and what this means for the future of AI security. Stay safe and informed about the latest cybersecurity trends and risks. 00:00 Introduction to Cyber Security Today 00:20 Deceptive Delight: A New Jailbreak Technique 02:22 Surge in API Vulnerabilities 04:16 Hexadecimal Exploits in AI Models 06:01 Smishing Attacks and Personal Anecdotes 06:56 Conclusion and Upcoming Shows

Massive CRA Breach Exposed & Cyber Challenges in Healthcare and Retail In this episode of Cyber Security Today, host Jim Love delves into the significant cyber security incidents impacting Canada, healthcare, and retail sectors. A report from CBC and Radio Canada reveals that the Canada Revenue Agency (CRA) has been compromised multiple times, leading to tens of thousands of hacked tax accounts and millions in fraudulent refunds. The episode also highlights a new report from Forescout Technologies that identifies critical vulnerabilities in connected medical devices, posing serious risks to patient safety and data security. Additionally, the 2024 Trustwave Retail Risk Radar Report outlines the evolving cyber threats facing retailers during the e-commerce boom, including phishing, credential stuffing, and ransomware attacks. Links to the detailed reports are provided in the show notes. Tune in for an in-depth discussion on these pressing cyber security challenges. 00:00 Introduction and Headlines 00:27 Canada Revenue Agency Hacked: Millions in Bogus Refunds 03:33 Medical Devices at Risk: Forescout's Alarming Report 06:42 Retail Cybersecurity Challenges: TrustWave's Insights 09:21 Conclusion and Show Notes

In today's episode of Cybersecurity Today, host Jim Love covers stories including, Cisco releases an emergency patch for a vulnerability exploited in brute force attacks, Delta Airlines sues CrowdStrike over a problematic software update leading to flight disruptions, UnitedHealth confirms the massive data breach at Change Healthcare affecting 100 million people, and Apple announces a $1 million bug bounty for hacking Apple Intelligence servers. Stay informed on these pivotal issues impacting the tech and cybersecurity landscape. 00:00 Emergency Patch for Cisco Vulnerability 02:02 Delta Sues CrowdStrike Over Flight Disruptions 03:48 Apple's $1 Million Bug Bounty Program 05:14 UnitedHealth Data Breach Impact 07:17 Show Wrap-Up and Contact Information