Massive Data Exposures, Insider Threats, and State-Sponsored Cyber Attacks

In this episode of Cybersecurity Today, host Jim Love covers a series of alarming cybersecurity incidents. Key highlights include Ernst and Young exposing a massive 4TB database to the open internet, a former L3 Harris executive guilty of selling zero-day exploits to a Russian broker, a sophisticated zero-day spyware campaign hitting Chrome, and a nation-state cyberattack on US telecom provider Ribbon Communications. Tune in to understand the critical lessons from these breaches and the emerging risks in cybersecurity. 00:00 EY's Massive Data Exposure 02:05 US Defense Contractor's Insider Threat 03:33 Chrome's Zero Day Vulnerability 05:24 Nation-State Hackers Breach US Telecom 06:51 Conclusion and Contact Information

In this episode of Cybersecurity Today, host Jim Love explores the potential shift in Russia's stance on cyber criminals, including arrests of major network operators. Discover the latest phishing scams where hackers fabricate death notices to steal passwords, a critical vulnerability exposing thousands of AI servers, and a massive malware campaign on YouTube. Plus, discuss the dual nature of AI in cybersecurity—both as a transformative technology and a new threat. Join the conversation on the future of cybersecurity! 00:00 Introduction: Cybersecurity Headlines 00:26 Russia's Crackdown on Cybercriminals 02:47 Phishing Scam Targets LastPass Users 04:59 AI Server Vulnerability Exposes API Keys 07:28 YouTube Ghost Network Spreads Malware 09:17 The Dual Role of AI in Cybersecurity 12:18 Conclusion and Future Plans

In this episode of Cybersecurity Today, host David Shipley covers the latest updates from the Pwn2Own 2025 event in Ireland, where top hackers earned over $1 million for uncovering 73 zero-day vulnerabilities. Despite significant hype, AI's impact on cybersecurity remains limited. We also dive into a critical Microsoft WSUS flaw under active exploitation and its implications for U.S. government cyber defenses amid a federal shutdown. Lastly, ESET reports reveal North Korea's increased cyber espionage targeting European drone manufacturers. Stay informed on the ever-evolving landscape of cybersecurity threats and defenses. 00:00 Introduction and Headlines 00:29 Pwn to Own 2025 Highlights 02:35 AI's Role in Cybersecurity 03:43 Microsoft's Critical WSUS Vulnerability 07:24 US Government Shutdown and Cyber Attacks 10:04 North Korean Cyber Espionage 12:46 Conclusion and Call to Action

In this episode of Cybersecurity Today, host Jim Love sits down with Graham Barrie a CISO and white hat hacker, to discuss the critical importance of cybersecurity for small and medium-sized businesses. From the moment Berry fell in love with technology through a Tandy TRS 80 to his current role helping businesses secure their data, this conversation covers the evolution of cybersecurity. They delve into how Berry assists businesses in understanding cybersecurity risks, communicating effectively with clients, and preparing for and recovering from cyber incidents. This episode is packed with insightful stories, practical advice, and a deep dive into the realities of cybersecurity for businesses of all sizes. 00:00 The Urgency of Cybersecurity 00:33 Introduction to the Podcast 01:00 Meet Graham Berry: A White Hat Hacker 01:31 Graham's Journey into Technology 04:04 From Technology to Cybersecurity 05:49 The Reality of Cyber Threats for Small Businesses 10:44 The Importance of Cyber Insurance 14:23 Engaging with Clients on Cybersecurity 17:08 Turning Around a Reluctant Client 20:10 The Growing Demand for Cyber Coverage 22:12 Third Party Risk Management 22:50 Effective Tabletop Exercises 23:58 Engaging Executives in Cybersecurity 26:43 Importance of Cyber Insurance 28:33 Successful Recovery Stories 34:16 Challenges with AI in Security 38:57 Looking Forward in Security 40:21 Conclusion and Farewell

In today's episode, host Jim Love discusses the discovery of the 'Glass Worm,' a self-spreading malware hidden in Visual Studio Code extensions downloaded over 35,000 times. The worm, hiding its malicious JavaScript in invisible unicode characters, steals developer credentials and drains crypto wallets. He also covers the security flaws in AI-powered IDEs like Cursor and Windsurf, leaving 1.8 million developers vulnerable. Lastly, a new survey from ISACA reveals that AI-driven attacks are now the top cybersecurity concern for 2026, overtaking ransomware and insider threats. Love advises how developers and security teams can mitigate these threats. 00:00 Introduction and Shoutout 01:10 Cybersecurity Headlines 01:46 Glass Worm Malware in Visual Studio Code 04:06 AI-Powered IDEs with Security Flaws 06:00 AI-Driven Cybersecurity Threats 07:50 Conclusion and Contact Information

In this episode of Cybersecurity Today, your host Jim Love discusses Microsoft's latest findings on how ransomware and extortion account for over half of all cyber attacks globally, highlighting the shift toward financially driven crimes. Learn about the breach at the Kansas City National Security Campus due to a SharePoint vulnerability and how Anthropic's new open-source sandbox aims to make AI coding safer. Additionally, discover how AI tools can help spot scams as Jim shares his personal experience and practical tips. Stay informed on the latest cybersecurity trends and essential defense strategies. 00:00 Introduction and Headlines 00:26 Ransomware Dominates Cyber Attacks 02:12 Nuclear Facility Breach via SharePoint Flaw 04:27 Anthropic's AI Code Sandbox 06:01 Using AI to Spot Scams 07:27 Conclusion and Viewer Engagement

In this episode of Cybersecurity Today, host David Shipley covers the latest developments in cyber threats and law enforcement victories. Topics include: cybercriminals using TikTok videos to disseminate malware through click-fix attacks, Europol shutting down a massive SIM farm powering 49 million fake online accounts, and Microsoft's emergency patch release for a critical ASP.NET Core vulnerability rated 9.9 in severity. The episode also highlights community efforts in raising cybersecurity awareness. 00:00 Introduction and Headlines 00:23 TikTok Malware Campaign 03:43 Europol's Major SIM Farm Bust 07:45 Microsoft's Critical ASP.NET Core Vulnerability 11:55 Community Shoutouts and Conclusion

In this episode, Jim Love interviews David Décary-Hétu, a criminologist at the Universite´de Montréal, discussing the dark web and its impact on criminal activity and cybersecurity. They delve into what the dark web is, how it operates, its primary users, and its role in cybercrime. They also explore the dynamics of online criminal networks, challenges faced by law enforcement, and the surprising aspects of online illicit activities. The importance of monitoring online conversations and understanding cyber threats is emphasized, with insights into the use of cryptocurrencies and the evolution of cybercrime tactics. 00:00 Introduction to Cybercrime and the Dark Web 00:45 Meet David Décary-Hétu: Criminology Researcher and Dark Web Expert 01:06 Understanding the Basics of the Dark Web 05:34 The Technology Behind the Dark Web 20:40 Law Enforcement Challenges and Trust Building 26:03 Cultural Differences in Hacking Communities 26:28 Training Police Officers vs. Research Approaches 26:40 Impact of Technology on Crime 28:09 International Networks and Language Barriers 30:26 Law Enforcement Strategies and Challenges 38:46 The Role of Cryptocurrency in Cybercrime 40:31 Legal and Ethical Considerations in Cybersecurity 42:55 Advice for Policymakers and Corporations 47:48 Educational Resources and Conferences 50:06 Conclusion and Final Thoughts

This episode of Cybersecurity Today, hosted by Jim Love, covers several critical topics in the realm of cybersecurity. Researchers found that unencrypted data from satellites is accessible with cheap equipment, leading to potential eavesdropping on sensitive information worldwide. A new botnet campaign is aggressively scanning for unsecured RDP services, posing a significant threat of ransomware and data theft. Canadian Tire Corporation experienced a data breach affecting customer information. An Android vulnerability allows hackers to steal two-factor authentication codes, prompting discussions on the need for faster security patch rollouts. Lastly, two brothers on trial for a $25 million crypto heist argue that their actions are legal within the blockchain's rules, raising questions about the future of crypto regulation. 00:00 Introduction to Cybersecurity News 00:26 Eavesdropping on Satellite Data 02:02 Massive Botnet Targeting RDP Services 03:58 Canadian Tire Data Breach 05:40 Android Vulnerability: Pick Napping 08:09 Crypto Heist: The Perra Bueno Brothers 10:06 Conclusion and Sign Off

In this episode of Cybersecurity Today, host David Shipley discusses several major events, including the FBI's takedown of the Breach Forums portal. This site was associated with a significant Salesforce data breach and extortion campaign led by groups like Shiny Hunters and Scattered Lapses Hunters. Oracle users are also warned about a new critical vulnerability in the E-Business Suite, which could allow unauthorized data access without requiring login credentials. Additionally, the resurgence of the Asuru botnet, leveraging compromised IoT devices to execute large-scale DDoS attacks, raises concerns. The episode emphasizes the need for immediate patching and robust security measures by organizations and consumers alike. A positive note highlights a cybersecurity awareness initiative by the Indiana Toll Road. 00:00 FBI Takes Down Breach Forums 03:42 Oracle E-Business Suite Vulnerability 07:39 Massive Botnet Threatening US Networks 11:04 Community Cybersecurity Awareness 11:47 Conclusion and Sign-Off