Urgent Cyber Threats: Citrix Exploit, Fortinet RCE, and AI Vulnerabilities
In this episode of 'Cybersecurity Today,' hosted by David Shipley from the Exchange Security 2025 conference, urgent updates are provided on critical cybersecurity vulnerabilities and threats. CISA mandates a 24-hour patch for Citrix NetScaler due to a severe vulnerability actively being exploited, dubbed 'Citrix Bleed.' Fortinet’s FortiWeb also faces a critical pre-auth remote code execution flaw that demands immediate patching. Additionally, significant vulnerabilities in AI-driven developments are highlighted, including shortcomings in Jack Dorsey's BitChat app and a method to extract Windows keys from ChatGPT-4. The episode emphasizes the importance of timely updates, robust security measures, and the potential risks involved with AI-generated code. 00:00 Introduction and Overview 00:35 Urgent Citrix Vulnerability Alert 03:26 Fortinet FortiWeb Exploit Details 06:23 Ingram Micro Ransomware Recovery 09:26 AI Coding and Security Risks 14:03 ChatGPT Security Flaw Exposed 17:20 Conclusion and Contact Information
--------
17:48
--------
17:48
Cybersecurity Month in Review: Key Insights and Emerging Threats July 11, 2025
In this episode of 'Cybersecurity: Today's Month in Review,' the panel of experts, including Laura Payne, David Shipley, and new guest Tammy Harper, delve into major cybersecurity stories from the past month. Discussions range from the recent arrest of a Montreal scam operator, Scattered Spider's targeted attacks on various sectors, and the impacts of AI on the cybersecurity landscape. The panel also highlights industry shifts, new threat tactics, and the importance of strategic communication during incidents. The episode concludes with reflections on AI's integration into enterprise systems, emphasizing preparation and ethical considerations. 00:00 Introduction to the Cybersecurity Month in Review 00:12 Meet the Panelists 00:26 Laura Payne's Introduction 01:04 David Shipley's Introduction 01:38 Tammy Harper's Introduction 04:09 First Story: Montreal Scam Arrest 10:52 David Shipley's Big Story: Scattered Spider 16:40 The Rise of Young Cybercriminals 32:36 Ingram Micro Ransomware Attack 33:27 Government Breaches and Fast Recovery 34:56 Ingram Micro Incident and Communication Failures 35:55 Importance of Communication in Incident Response 37:39 Ransomware Trends and Threat Actor Tactics 39:55 Shift from Encryption to Exfiltration 46:41 Government Actions and Market Impact 51:27 AI in Cybersecurity: Risks and Opportunities 58:53 Ethical AI and Future Considerations 01:08:12 Final Thoughts and Wrap-Up
--------
1:10:10
--------
1:10:10
Cybersecurity Today: Marks and Spencer Hack, Brazilian Bank Breach, and McDonald's Data Vulnerability
In this episode of Cybersecurity Today, host Jim Love discusses major updates on the recent cyber attack on Marks and Spencer, revealing new details and arrests. The breach involved sophisticated social engineering that infiltrated the company's network through an IT service provider, leading to 150GB of stolen data. Love then covers a massive insider breach at a Brazilian bank where an IT worker facilitated the theft of $140 million by selling login credentials. Lastly, the episode highlights a McDonald's HR data breach caused by weak security practices in an AI screening app, exposing millions of job applicant records. Key insights on these incidents emphasize the importance of robust cybersecurity measures and internal controls. 00:00 Introduction and Headlines 00:20 Marks and Spencer Hack: New Developments 04:07 Brazilian Bank Breach: An Inside Job 06:40 McDonald's HR Data Breach: A Comedy of Errors 10:21 Conclusion and Upcoming Features
--------
10:46
--------
10:46
AI Threats, Enterprise Security, and Google's Confusing Gemini Release: Cybersecurity Today
In this episode of 'Cybersecurity Today,' host Jim Love discusses the recent deep fake attack on high-ranking US government officials using AI voice cloning technology. The conversation highlights the growing ease and risks of AI-generated impersonations. The episode also covers the advancements in AI systems connecting with enterprise data and the security implications, alongside recent updates on events like Ingram Micro's ransomware attack and Google's confusing Gemini AI rollout for Android. Additionally, the show explores a new method called Info Flood that can trick chatbots into providing dangerous information by using academic-sounding language. 00:00 Deep Fakes Hit US Government 02:40 AI Integration in Enterprise Systems 05:49 Ingram Micro Ransomware Attack Update 07:22 Google's Confusing Gemini Release 10:33 Exploiting AI with Academic Jargon 12:34 Conclusion and Contact Information
--------
12:57
--------
12:57
Ingram Micro Ransomware Attack and the Rise of Linux SSH Server Compromises
In this episode of Cybersecurity Today, host David Shipley discusses the recent Safe Play ransomware attack on technology distributor Ingram Micro, exploring its impact and ongoing recovery efforts. The script also examines a new campaign targeting misconfigured Linux servers to build proxy networks for cybercriminal activities. Additionally, the episode highlights the significant rise in Click Fix social engineering attacks and the criminal investigation into a former ransomware negotiator accused of profiting from extortion payments. 00:00 Introduction and Headlines 00:30 Ingram Micro Ransomware Attack 03:57 Linux Servers Under Attack 07:05 Rise of Click Fix Social Engineering Attacks 08:45 Ransomware Negotiator Under Investigation 10:13 Conclusion and Contact Information
España