Cybersecurity Year in Review: Future Challenges and Industry Insights

Join host Jim Love and a panel of cybersecurity experts—Terry Cutler from Cyology Labs, David Shipley from Beauceron Security, and Laura Payne of White Tuque—as they review the key cybersecurity events of the past year. Topics discussed include the increasing cyber threats to universities, healthcare systems, and critical infrastructure; the importance of proper cybersecurity measures and employee training; the complexities of adopting quantum-safe encryption protocols; and the impact of AI and shadow IT on cybersecurity. The panel concludes with actionable advice for improving organizational cybersecurity posture in the coming year.

00:00 🎄 The 12 Days of Cyber Christmas 🎄
00:29 🔍 Year in Review: Cybersecurity Highlights
00:40 👥 Meet the Expert Panel
01:19 🏫 University Cyber Attacks: A Growing Concern
02:25 🔒 Penetration Testing vs. Vulnerability Scanning
03:09 🛡️ Persistent Threats and Active Directory Issues
06:28 💡 Strategies for Cybersecurity in Universities
07:34 💰 Funding and Legislation for Cybersecurity
13:52 🛠️ Practical Steps for Cybersecurity on a Budget
18:36 🔐 Quantum Readiness and Future Challenges
25:11 Quantum Computing: The Reality and Risks
25:53 Human Ingenuity and Risk Management
26:29 The Future of Cybersecurity: Q Day and Certificate Rotations
28:02 Major Cybersecurity Incidents of the Year
29:41 The Rise of Ransomware and Supply Chain Attacks
35:35 AI in Cybersecurity: Opportunities and Challenges
38:49 Critical Infrastructure Vulnerabilities
47:09 Year-End Reflections and Looking Forward

Cybersecurity Today: LastPass Hack Fallout, TP-Link Router Ban, and Microsoft's Passwordless Future

In our final daily news show of the season, host Jim Love covers key cybersecurity stories, including millions stolen from crypto wallets linked to the 2022 LastPass breach, potential US ban on TP-Link routers over national security concerns, and Microsoft's push for a passwordless future with passkeys. Don't miss our weekend wrap-up with the cybersecurity panel and special holiday content. Stay tuned for new episodes starting January 6th. Happy holidays!

00:00 Season Finale Announcement
00:29 Crypto Wallets Hacked: Fallout from LastPass Breach
02:38 TP Link Routers Under Scrutiny
04:38 Microsoft's Push for a Passwordless Future
06:38 Holiday Wishes and Future Plans

BlackBerry's Cylance Sale, Major AWS Breach, Klopp Ransomware Strikes Again, and Russian Cyber Attacks

In this episode of Cybersecurity Today, host Jim Love discusses BlackBerry's sale of Cylance to Arctic Wolf for significantly less than its purchase price, the massive AWS breach linked to the Shiny Hunters, Klopp ransomware attacks on Cleo's platforms, and the escalation of Russian cyber attacks on Western critical infrastructure. Tune in to get the details on these major cybersecurity developments and their implications.

00:00 Introduction and Sponsor Message
00:32 BlackBerry's Cylance Sale: A Strategic Move?
02:36 AWS Data Breach: Shiny Hunters Strike Again
04:54 Cleo Data Theft: Klopp Ransomware's Latest Exploit
06:39 Russian Cyber Attacks on Critical Infrastructure
08:32 Conclusion and Contact Information

PumaKit Linux Rootkit, Windows Defender Flaw, and Android Malware Outbreak!

In today's episode of Cybersecurity Today, host Jim Love delves into the discovery of the advanced Linux rootkit PumaKit, critical vulnerabilities in Microsoft's Windows Defender, a new multi-platform malware campaign downgrading browser security, and Germany's recent outbreak of pre-installed malware on 30,000 Android devices. We discuss the implications of these cybersecurity threats and the measures being taken to mitigate them. Stay informed and vigilant with our detailed analysis of these emerging cyber risks.

00:00 Introduction to Cybersecurity News
00:27 Advanced Linux Rootkit: PumaKit
01:59 Critical Windows Defender Vulnerability
03:42 Malware Downgrades Browser Security
05:08 Pre-installed Malware on Android Devices in Germany
07:02 Conclusion and Final Thoughts

Top 5 Phishing Exploits of 2024: Abnormal Security Report and More | Cybersecurity Today

In this episode of Cybersecurity Today, host Jim Love delves into Abnormal Security's end-of-year report outlining the top five phishing exploits of 2024 and their predictions for 2025. The episode covers cryptocurrency fraud, weaponized file sharing services, multi-channel phishing, business email compromise, and email account takeovers. Additionally, it highlights the alarming rise of text-based job scams, the takedown of a major vishing ring in Spain and Peru, and a $5 million U.S. reward to disrupt North Korean IT schemes. Stay informed on the latest cybersecurity threats and protections.

00:00 Introduction to Cybersecurity Today
00:27 Top Phishing Exploits of 2024
00:37 Cryptocurrency Fraud and File Sharing Scams
01:54 Multi-Channel Phishing and Business Email Compromise
03:10 Email Account Takeover and Future Predictions
04:39 Rise of Task Scams
06:53 Massive Vishing Operation Busted
08:42 North Korean IT Worker Fraud
11:15 Conclusion and Final Thoughts

SEC Cyber Disclosure Rules, Deloitte Hack Denial, and Critical Microsoft & SAP Patches | Cybersecurity Today

In this episode of Cybersecurity Today, host Jim Love delves into the ongoing confusion and compliance struggles faced by companies one year after the SEC's cyber disclosure rules were introduced. We analyze a BreachRx report revealing that less than 17% of public companies provide specific details in their cyber incident filings. Deloitte's recent denial of a data theft claim by the BrainCypher ransomware group is also discussed, along with the firm's history of cybersecurity challenges. Additionally, Microsoft and SAP have rolled out critical patches addressing severe vulnerabilities, emphasizing the urgency for users and organizations to apply these updates. Stay informed on these pressing cybersecurity issues.

00:00 Introduction and Headlines
00:20 SEC Cyber Disclosure Rules: One Year Later
02:30 Deloitte Denies BrainCypher Ransomware Allegations
04:23 Microsoft and SAP Issue Critical Patches
07:19 Conclusion and Show Notes

Cybersecurity Today: Email Frauds, Google Warnings, and U.S. Telecom Hacks

In this episode of Cybersecurity Today, host Jim Love discusses a personal encounter with email fraud attempts, including invoice scams and fake payroll changes. Google issues a stark warning to Gmail users about session cookie thefts leading to email takeovers. Additionally, the U.S. telecom industry grapples with the fallout from a major breach by Chinese hackers exploiting legacy systems. Love shares insights on improving email security and safeguarding against such sophisticated cyber threats. Tune in to learn more about the latest cyber challenges and solutions.

00:00 Introduction and Personal Encounter with Email Fraud
03:20 Google's Warning on Email Takeovers
05:12 Session Cookie Theft: A Rising Threat
06:48 U.S. Telecom Industry Infiltration by Chinese Hackers
08:44 Conclusion and Final Thoughts

Cyber Security Today: Navigating Novel Phishing Campaigns and Ransomware Tactics

Join host Jim Love and the Cyber Security Today panel featuring Terry Cutler of Cyology Labs, David Shipley of Beauceron Security, and cybersecurity executive John Pinard. In this episode, they delve into pressing cybersecurity challenges such as novel phishing tactics using corrupted Word documents, the importance of robust offboarding processes in light of breaches at major companies like Disney, and the ramifications of a major ransomware attack on the City of Hamilton. Topics also include the recurring issue of session cookie theft, the implications of third-party cybersecurity risk as seen in the Blue Yonder ransomware attack impacting Starbucks, and the rise of hacktivism. Tune in for valuable insights and discussions aimed at improving cybersecurity measures in an ever-evolving threat landscape.

00:00 Introduction and Panelist Introductions
00:40 David Shipley's Cyber Risk Talk
02:39 Novel Phishing Campaign Discussion
06:08 Fileless Malware and Human Error
10:44 Offboarding and Internal Audits
19:48 Vendor Responsibility and Ransomware
27:06 City of Hamilton Cyber Attack
28:19 Keynote Talks and Cybersecurity Challenges
29:30 The Reality of Cyber Attacks
29:46 Ransomware and Business Email Compromise
31:21 Cyber Insurance and Its Pitfalls
32:44 Andrew Tate Hack and Hacktivism
36:04 Chinese State-Sponsored Hacks
41:26 Canadian Cybersecurity Issues
44:53 Session Cookies and Two-Factor Authentication
49:45 AI in Software Development
56:42 Concluding Thoughts and Final Remarks