Cybersecurity Today: Oracle Breach, CrowdStrike Report, and New iPhone Scam
In this episode, host Jim Love discusses several significant cybersecurity events and updates. The Washington Post confirmed a security breach affecting nearly 10,000 individuals due to an exploited Oracle E-Business Suite vulnerability. CrowdStrike's 2025 Global Threat Report highlights the rise of 'enterprising adversaries' and a surge in malware-free intrusions. In addition, a new phishing scam targets iPhone users by mimicking Apple's device recovery alerts. Finally, a listener raised concerns about security issues with SonicWall's management devices and systems. The show concludes with information on upcoming content and thanks to Meter for sponsoring the podcast. 00:00 Introduction and Sponsor Message 00:40 Oracle Breach Affects Thousands 02:53 CrowdStrike's Global Threat Report 07:04 New iPhone Phishing Scam 08:35 Listener Concerns About SonicWall 12:10 Conclusion and Upcoming Episodes
In this episode of Cybersecurity Today, host David Shipley covers the latest threats in the cybersecurity landscape. Highlights include the emergence of the quantum root redirect (QRR) phishing kit, a sophisticated automated phishing platform targeting Microsoft 365 credentials across 90 countries. The hospitality industry is also being hit with a new 'click fix' phishing campaign, compromising booking systems and targeting hotel guests. Researchers discover new vulnerabilities in ChatGPT, exposing private data via indirect prompt injection attacks. Additionally, the University of Pennsylvania confirms a massive data breach, highlighting the risks of not implementing comprehensive MFA protocols. Stay informed with the latest cybersecurity news and insights to protect your organization. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:46 Quantum Root Redirect: A New Phishing Threat 03:47 Click Fix Phishing Attacks on Hotels 07:58 ChatGPT Vulnerabilities and AI Security Risks 11:37 University of Pennsylvania Data Breach 15:12 Conclusion and Call to Action
-------- Â
16:30
--------
16:30
US Congressional Budget Office Breach, AI in Cyber Attacks & Veterans Defend Canada
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst In today's episode, we cover the breach at the US Congressional Budget Office and its implications on national security, Microsoft Teams' chat feature being exploited for phishing attacks, and the increasing use of AI in cyber attacks. We also highlight how Canadian veterans are being retrained for careers in cybersecurity through the Coding for Veterans program. Hosted by Jim Love, we thank Meter for supporting this podcast with their complete networking stack solutions. 00:00 Introduction and Sponsor Message 00:51 US Congressional Budget Office Breach 02:27 Microsoft Teams Phishing Exploit 03:42 AI in Cybersecurity Attacks 06:09 Veterans in Cybersecurity 07:44 Conclusion and Sponsor Message
-------- Â
9:01
--------
9:01
A Former Black Hat Hacker Advises Us On Security Weaknesses
Unveiling the Double-Edged Sword of AI in Cybersecurity with Brian Black In this episode of Cybersecurity Today, host Jim Love interviews Brian Black, the head of security engineering at Deep Instinct and a former black hat hacker. Brian shares his journey into hacking from a young age, his transition to ethical hacking, and his experiences working with major companies. The discussion delves into the effectiveness of cybersecurity defenses against modern AI-driven attacks, the importance of understanding organizational data, and the challenges of maintaining robust security in the age of AI. Brian emphasizes the need for preemptive security measures and shares insights on the evolving threats posed by AI as well as the need for continuous education and adaptation in the cybersecurity field. 00:00 Introduction and Sponsor Message 00:21 Meet Brian Black: From Black Hat to Good Guy 00:55 Brian's Early Hacking Days 02:46 Transition to Ethical Hacking 04:11 Life in the Hacking Community 08:54 Advice for Aspiring Hackers and Parents 11:05 Corporate Career and Red Teaming 13:12 The Importance of Basics in Cybersecurity 21:41 Multifactor Authentication: The Good and the Bad 24:19 Challenges in Vendor Security Testing 27:41 Weaknesses in Cyber Defense 28:22 AI Speed vs Human Speed 28:37 AI in Cybersecurity Attacks 30:08 Dark AI Tools and Their Capabilities 32:54 AI Agents and Offensive Strategies 35:43 Challenges in Cybersecurity Defense 41:48 The Role of Red Teaming 42:46 Hiring the Right Red Team 46:59 Burnout in Cybersecurity 48:17 AI as a Double-Edged Sword 52:43 Deep Instinct's Approach to Security 53:58 Conclusion and Final Thoughts
-------- Â
55:44
--------
55:44
Innovative Tools and Tactics in Cybersecurity
In this episode of 'Cybersecurity Today,' hosted by Jim Love, the focus is on recent developments and tactics in cybersecurity. The episode discusses Meter's networking solutions, the innovative tactics of the ransomware group Killen using common Windows tools, and three new open-source offerings aimed at improving security: Heisenberg for software bills of materials, OpenAI's Aardvark for automated vulnerability detection, and Open PCC for securing AI data flows. The show emphasizes the importance of detecting unusual behaviors in legitimate tools and highlights the need for proactive security measures in development pipelines. Listeners are encouraged to explore these initiatives further through show notes and upcoming discussions. 00:00 Introduction and Sponsor Message 00:43 Ransomware Tactics: Using Everyday Tools 02:05 Heisenberg: Active Supply Chain Defense 03:38 Aardvark: Autonomous Security Researcher 04:56 Open PCC: Securing Enterprise AI Data 06:38 Final Thoughts and Resources 07:02 Closing and Upcoming Episodes
South Africa