Major US Bank Data Linked Through Breach At Ascensus

In today's episode of Cybersecurity Today, hosted by Jim Love, several major cybersecurity incidents are discussed. US banks are assessing the impact of a security breach at Ascensus, where the ALFV ransomware group claimed to have stolen three terabytes of data. CIOP has targeted Broadcom through Oracle's E-Business Suite vulnerabilities. A new malware campaign hides inside Blender 3D models, exploiting the auto-run feature to deploy Steel C malware. The JavaScript ecosystem faces a supply chain attack from the Shai-Hulud malware compromising 500 NPM packages. Additionally, a phishing campaign leveraging visual deception with look-alike domains is targeting Microsoft account holders. The show is brought to you by Meter, which provides integrated networking solutions. 00:00 Introduction and Sponsor Message 00:21 US Banks Data Theft Incident 02:24 Broadcom and Oracle ERP Breach 04:09 Blender Files Supply Chain Attack 06:24 NPM Packages Compromised 08:21 Phishing Campaign Targeting Microsoft Accounts 10:19 Conclusion and Sponsor Message

In this episode, host David Shipley discusses some of the most pressing issues in cybersecurity today. Checkout.com refuses to pay a ransom to cyber extortion group Shiny Hunters and instead donates to cybersecurity research. The U.S. SEC ends its long-standing case against SolarWinds and their CISO Tim Brown, highlighting ongoing debates about cybersecurity accountability. Additionally, the FCC reverses cybersecurity mandates originally set after the Salt Typhoon hacks, drawing criticism and raising questions about national security preparedness. The episode emphasizes the critical role of policy and regulation in affecting cybersecurity outcomes and encourages the tech community to participate actively in shaping better laws and frameworks. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst   00:00 Introduction and Sponsor Message 00:51 Checkout.com Refuses Ransom and Supports Cyber Research 04:10 SEC Ends Case Against SolarWinds and CISO 08:36 FCC Reverses Cybersecurity Mandates 12:22 The Importance of Policy in Cybersecurity 14:42 Conclusion and Call to Action

In this episode of Cybersecurity Today, host Jim Love welcomes retired intelligence officer Neil Bisson and regular guest David Shipley for an in-depth discussion on current cybersecurity threats facing both Canada and the US. They explore the roles of major state actors like China, Russia, Iran, and North Korea in cyber espionage and sabotage, alongside the motivations driving such activities. The conversation delves into the challenges faced by corporations and critical infrastructure, the importance of understanding motivations behind cyber attacks, and the need for greater cooperation between the private sector and intelligence agencies. The episode also highlights the crucial steps individuals and organizations should take to protect themselves in this rapidly evolving cyber landscape. 00:00 Introduction and Sponsor Message 00:40 Meet Neil Bisson: A Retired Intelligence Officer 02:43 The Evolution of Intelligence Collection 04:29 The Role of Big Data in Modern Espionage 06:30 Corporate Espionage and Technological Advancements 11:45 National Security Threats and Private Sector Vulnerabilities 16:42 Global Players in Cybersecurity Threats 21:44 The Overlooked Cyber Capabilities of India 23:58 State-Sponsored Cybercrime: A Symbiotic Relationship 24:50 Critical Infrastructure Vulnerabilities 25:32 Cyber Attacks and International Relations 27:54 The Role of Intelligence Agencies 33:58 The Huawei Controversy 37:18 Balancing National Security and Economic Interests 41:55 The Future of Cybersecurity 45:39 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. CloudFlare faced significant outages affecting major platforms like Amazon and YouTube, along with continued issues for Microsoft 365 users. NordVPN warned of a surge in fake shopping websites as Black Friday approaches, with phishing attempts climbing 36% between August and October. An AI transcription tool caused a privacy breach at an Ontario hospital, leading to a privacy probe. Finally, Salesforce is investigating a data theft wave linked to Gainsight, illustrating the risks of OAuth token misuse. The episode is supported by Meter, a network infrastructure provider. 00:00 Introduction and Sponsor Message 00:44 CloudFlare Outages and Their Impact 02:34 Surge in Fake Shopping Websites 04:56 AI Privacy Breach at Ontario Hospital 08:41 Salesforce Data Theft Investigation 11:26 Conclusion and Sponsor Message

In this episode of 'Cybersecurity Today,' host Jim Love covers multiple pressing topics: CloudFlare's major outage affecting services like OpenAI and Discord, Microsoft's new AI feature in Windows 11 and its potential malware risks, a new red team tool that exploits cloud-based EDR systems, and a new tactic using calendar invites as a stealth attack vector. Additionally, a critical SAP vulnerability scoring a perfect 10 on the CVSS scale is discussed alongside a peculiar event where Anthropic's AI mistakenly tried to report a cybercrime to the FBI. The episode wraps up with a mention of the book 'Alyssa, A Tale of Quantum Kisses' and a thank you to Meter for sponsoring the podcast. Tune in for essential cybersecurity insights. 00:00 Introduction and Sponsor Message 00:22 CloudFlare Outage Causes Major Disruptions 02:55 Microsoft's New AI Features and Malware Risks 05:22 Silent but Deadly: New Red Team Tool 07:39 Calendar Invites as a Stealth Attack Vector 10:04 Critical SAP Vulnerability 12:11 Anthropic's AI and the FBI Incident 14:06 Conclusion and Final Thoughts

Critical Cybersecurity Updates: Fortinet Zero Day, North Korean Infiltration & JLR Cyber Attack In this episode of Cybersecurity Today, host David Chipley discusses the latest critical updates in the cybersecurity world. Fortinet faces a massive zero-day vulnerability actively exploited, leading to major security patches. North Korean IT workers have infiltrated 136 companies, massively impacting corporate security and funneling millions to the DPRK. Jaguar Land Rover's cyber attack results in a startling $220 million loss, affecting the UK's economy. Lastly, we delve into widespread copy-pasted flaws across leading AI platforms like Meta and Nvidia. Stay updated, stay secure! 00:00 Introduction and Sponsor Message 00:55 Fortinet Zero-Day Vulnerability 04:32 North Korean IT Worker Infiltration 07:45 Jaguar Land Rover Cyber Attack Impact 10:19 AI Platforms Hit with Copy-Pasted Flaw 13:42 Conclusion and Upcoming Events

In this episode of Cybersecurity Today, host Jim Love is joined by Tammy Harper, a senior threat intelligence researcher at Flare, to explore the future landscape of cybercrime. The conversation delves into various aspects like the evolution of underground markets, state-backed cyber sanctuaries, and decentralized escrow systems. Harper presents insights on extortion as a service, the implications of artificial intelligence in cybercrime, and the potential impact of quantum computing on encryption. The episode also discusses the changing nature of digital sovereignty and its effects on cybersecurity. This thorough examination offers a glimpse into the challenges and transformations in the world of cyber threats. 00:00 Introduction and Guest Introduction 01:14 Overview of Tammy Harper's Work 01:56 Future of Cybercrime: Key Pillars 03:43 The Underground Economy 08:18 Decentralization of Underground Forums 17:28 State-Backed Sanctuaries and Cybercrime Tourism 24:01 Extortion as a Service (EAS) 31:37 Affiliate Programs in Cybercrime 34:41 Usernames and Credibility in Cybercrime 36:25 Recruitment and the Perfect Storm 37:22 Money Mules and Financial Crimes 38:45 Ransomware Negotiators and Trust Issues 41:22 Artificial Intelligence in Cybercrime 49:16 Quantum Computing and Encryption 58:55 Digital Sovereignty and the Future of Cybercrime 01:05:48 Conclusion and Final Thoughts

In this episode, host Jim Love discusses several significant cybersecurity events and updates. The Washington Post confirmed a security breach affecting nearly 10,000 individuals due to an exploited Oracle E-Business Suite vulnerability. CrowdStrike's 2025 Global Threat Report highlights the rise of 'enterprising adversaries' and a surge in malware-free intrusions. In addition, a new phishing scam targets iPhone users by mimicking Apple's device recovery alerts. Finally, a listener raised concerns about security issues with SonicWall's management devices and systems. The show concludes with information on upcoming content and thanks to Meter for sponsoring the podcast. 00:00 Introduction and Sponsor Message 00:40 Oracle Breach Affects Thousands 02:53 CrowdStrike's Global Threat Report 07:04 New iPhone Phishing Scam 08:35 Listener Concerns About SonicWall 12:10 Conclusion and Upcoming Episodes

In this episode of Cybersecurity Today, host David Shipley covers the latest threats in the cybersecurity landscape. Highlights include the emergence of the quantum root redirect (QRR) phishing kit, a sophisticated automated phishing platform targeting Microsoft 365 credentials across 90 countries. The hospitality industry is also being hit with a new 'click fix' phishing campaign, compromising booking systems and targeting hotel guests. Researchers discover new vulnerabilities in ChatGPT, exposing private data via indirect prompt injection attacks. Additionally, the University of Pennsylvania confirms a massive data breach, highlighting the risks of not implementing comprehensive MFA protocols. Stay informed with the latest cybersecurity news and insights to protect your organization. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:46 Quantum Root Redirect: A New Phishing Threat 03:47 Click Fix Phishing Attacks on Hotels 07:58 ChatGPT Vulnerabilities and AI Security Risks 11:37 University of Pennsylvania Data Breach 15:12 Conclusion and Call to Action

Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In today's episode, we cover the breach at the US Congressional Budget Office and its implications on national security, Microsoft Teams' chat feature being exploited for phishing attacks, and the increasing use of AI in cyber attacks. We also highlight how Canadian veterans are being retrained for careers in cybersecurity through the Coding for Veterans program. Hosted by Jim Love, we thank Meter for supporting this podcast with their complete networking stack solutions. 00:00 Introduction and Sponsor Message 00:51 US Congressional Budget Office Breach 02:27 Microsoft Teams Phishing Exploit 03:42 AI in Cybersecurity Attacks 06:09 Veterans in Cybersecurity 07:44 Conclusion and Sponsor Message