Cybersecurity Update: Incorrect Company Naming, Major Breaches, and New Malware Campaigns
In this episode, the host addresses a previous mistake in naming a company involved in a breach, correcting SitusAMC for Ascensus, and extends apologies. Key topics include US banks assessing a breach fallout from financial tech vendor SitusAMC, ransomware group CioP targeting Broadcom through Oracle's vulnerabilities, a new malware campaign hiding in Blender 3D models named SteelC, supply chain attacks in the JavaScript ecosystem through NPM packages with Shai-Hulud malware, and a phishing scam using lookalike domains to deceive Microsoft account holders. Listeners are reminded to manually type URLs to avoid phishing scams, and are informed about the Thanksgiving weekend schedule change. 00:00 Introduction and Apology 01:26 Cybersecurity Headlines 02:13 US Banks Data Theft Incident 03:44 Broadcom and Oracle ERP Breach 05:29 Blender Malware Campaign 07:45 Shai-Hulud NPM Package Attack 09:41 Phishing Campaign Targeting Microsoft Accounts 11:39 Final Thoughts and Thanksgiving Wishes
--------
12:58
--------
12:58
Major US Bank Data Linked Through Breach At SitusAMC
In today's episode of Cybersecurity Today, hosted by Jim Love, several major cybersecurity incidents are discussed. US banks are assessing the impact of a security breach at SitusAMC, where the ALFV ransomware group claimed to have stolen three terabytes of data. CIOP has targeted Broadcom through Oracle's E-Business Suite vulnerabilities. A new malware campaign hides inside Blender 3D models, exploiting the auto-run feature to deploy Steel C malware. The JavaScript ecosystem faces a supply chain attack from the Shai-Hulud malware compromising 500 NPM packages. Additionally, a phishing campaign leveraging visual deception with look-alike domains is targeting Microsoft account holders. The show is brought to you by Meter, which provides integrated networking solutions. 00:00 Introduction and Sponsor Message 00:21 US Banks Data Theft Incident 02:24 Broadcom and Oracle ERP Breach 04:09 Blender Files Supply Chain Attack 06:24 NPM Packages Compromised 08:21 Phishing Campaign Targeting Microsoft Accounts 10:19 Conclusion and Sponsor Message
--------
11:32
--------
11:32
Checkout.com Takes a Bold Stance, SolarWinds Case Dismissed, and FCC Reverses Mandate
In this episode, host David Shipley discusses some of the most pressing issues in cybersecurity today. Checkout.com refuses to pay a ransom to cyber extortion group Shiny Hunters and instead donates to cybersecurity research. The U.S. SEC ends its long-standing case against SolarWinds and their CISO Tim Brown, highlighting ongoing debates about cybersecurity accountability. Additionally, the FCC reverses cybersecurity mandates originally set after the Salt Typhoon hacks, drawing criticism and raising questions about national security preparedness. The episode emphasizes the critical role of policy and regulation in affecting cybersecurity outcomes and encourages the tech community to participate actively in shaping better laws and frameworks. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:51 Checkout.com Refuses Ransom and Supports Cyber Research 04:10 SEC Ends Case Against SolarWinds and CISO 08:36 FCC Reverses Cybersecurity Mandates 12:22 The Importance of Policy in Cybersecurity 14:42 Conclusion and Call to Action
--------
15:53
--------
15:53
Understanding Cybersecurity Threats: Insights from Intelligence Experts
In this episode of Cybersecurity Today, host Jim Love welcomes retired intelligence officer Neil Bisson and regular guest David Shipley for an in-depth discussion on current cybersecurity threats facing both Canada and the US. They explore the roles of major state actors like China, Russia, Iran, and North Korea in cyber espionage and sabotage, alongside the motivations driving such activities. The conversation delves into the challenges faced by corporations and critical infrastructure, the importance of understanding motivations behind cyber attacks, and the need for greater cooperation between the private sector and intelligence agencies. The episode also highlights the crucial steps individuals and organizations should take to protect themselves in this rapidly evolving cyber landscape. 00:00 Introduction and Sponsor Message 00:40 Meet Neil Bisson: A Retired Intelligence Officer 02:43 The Evolution of Intelligence Collection 04:29 The Role of Big Data in Modern Espionage 06:30 Corporate Espionage and Technological Advancements 11:45 National Security Threats and Private Sector Vulnerabilities 16:42 Global Players in Cybersecurity Threats 21:44 The Overlooked Cyber Capabilities of India 23:58 State-Sponsored Cybercrime: A Symbiotic Relationship 24:50 Critical Infrastructure Vulnerabilities 25:32 Cyber Attacks and International Relations 27:54 The Role of Intelligence Agencies 33:58 The Huawei Controversy 37:18 Balancing National Security and Economic Interests 41:55 The Future of Cybersecurity 45:39 Conclusion and Final Thoughts
--------
47:07
--------
47:07
Major CloudFlare Outages, Black Friday Phishing Surge, AI Privacy Breach at Ontario Hospital, and Salesforce Data Theft Investigation
In this episode of Cybersecurity Today, host Jim Love discusses several major cybersecurity events. CloudFlare faced significant outages affecting major platforms like Amazon and YouTube, along with continued issues for Microsoft 365 users. NordVPN warned of a surge in fake shopping websites as Black Friday approaches, with phishing attempts climbing 36% between August and October. An AI transcription tool caused a privacy breach at an Ontario hospital, leading to a privacy probe. Finally, Salesforce is investigating a data theft wave linked to Gainsight, illustrating the risks of OAuth token misuse. The episode is supported by Meter, a network infrastructure provider. 00:00 Introduction and Sponsor Message 00:44 CloudFlare Outages and Their Impact 02:34 Surge in Fake Shopping Websites 04:56 AI Privacy Breach at Ontario Hospital 08:41 Salesforce Data Theft Investigation 11:26 Conclusion and Sponsor Message
España