In this episode of Cybersecurity Today, Jim hosts Craig Taylor, a seasoned virtual Chief Information Security Officer (vCISO) with over 25 years of experience.

They discuss the evolution and significance of the vCISO role, Taylor's career path, and the founding of his company, Cyber Hoot, which provides cybersecurity education and vCISO services. Taylor shares insights into why companies, especially SMBs, opt for vCISO services due to budget constraints and the scarcity of cybersecurity professionals. He also talks about the common challenges faced by vCISOs, such as managing burnout and ensuring client adherence to security recommendations.

The conversation delves into the importance of cybersecurity culture, the need for effective education, and the integration of cybersecurity in business practices. Taylor offers practical advice on hiring the right vCISO and highlights the benefits his company provides. The episode concludes with a discussion on the psychology behind successful cybersecurity practices and Taylor's thoughts on the future of the industry.

00:00 Introduction to Cybersecurity Today
00:04 Meet Craig Taylor: The Virtual CISO
00:47 The Early Days of Virtual CISOs
02:15 Building a Cybersecurity Company
03:40 The Rise of Virtual CISO Services
05:01 Challenges and Realities of Cybersecurity
06:42 The Importance of Cyber Literacy
20:38 Managing Cybersecurity Risks
28:05 Understanding Administrative Risks in Onboarding and Offboarding
28:39 Challenges with MSPs and Cybersecurity
29:27 The Importance of Basic Security Measures
31:52 Dealing with Technology Debt
32:52 Balancing Budget and Security Needs
35:13 Real-Life Cybersecurity Incidents
40:17 The Role of Education in Cybersecurity
46:12 Hiring the Right VCISO
51:33 Conclusion and Final Thoughts

Cybersecurity Today: Teenage Ransomware Arrests, GoAnywhere Critical Flaw, and Google AI Vulnerability

In this episode of Cybersecurity Today, hosted by Jim Love, two teenagers were arrested in London for a ransomware attack on Kiddo International preschools, involving child data extortion. The show discusses a critical vulnerability in GoAnywhere MFT servers actively exploited by ransomware operators, emphasizing the need for immediate patching. It also highlights an urgent warning from CSA about a 2021 Windows flaw now under active attack. Additionally, researchers have found a new method to exploit Google's Gemini AI through invisible unicode characters, with Google declining to patch the issue. The episode concludes with security recommendations and a note on the show's upcoming special weekend edition for Canadian Thanksgiving.

00:00 Introduction and Headlines
00:28 Teenagers Arrested for Preschool Ransomware Attack
01:57 Critical Vulnerability in Go Anywhere MFT Servers
03:21 Urgent Alert for 2021 Windows Flaw
04:32 Google Gemini AI's Invisible Prompt Flaw
06:16 Conclusion and Sign-Off

North Korean Hackers Target Crypto Wealth, LinkedIn Fights Data Scraping, and AI Tools Leak Corporate Data

In this episode of Cybersecurity Today, host Jim Love covers the latest cybersecurity headlines including North Korean hackers targeting wealthy crypto investors, LinkedIn suing a firm for creating fake accounts to scrape user data, a massive ransomware campaign by the CIOp gang targeting Oracle’s E-Business Suite, and new research highlighting AI tools as the top channel for corporate data leaks. Listen in for insights and key takeaways to protect your digital assets and corporate data.

00:00 North Korean Hackers Target Wealthy Crypto Holders
02:09 LinkedIn Sues Over 1 Million Fake Accounts
03:46 Ransomware Attack on Oracle's E-Business Suite
05:42 AI Tools: The New Channel for Corporate Data Leaks
07:53 Conclusion and Contact Information

AI Browsers Turn Rogue, Discord Data Breach, and Surge in Palo Alto Scans

In this episode of Cybersecurity Today, host David Shipley discusses several significant cybersecurity concerns. Firstly, researchers at Layer X have uncovered a flaw in the Perplexity Comet AI browser that allows malicious prompts to turn the browser into a data thief with just a single click. Additionally, Discord has disclosed a data breach affecting users' personal information due to a third-party customer service provider compromise. Cybersecurity researchers have also reported a massive surge in scans targeting Palo Alto Network's login portals, suggesting potential reconnaissance for future attacks. Finally, the US Department of Defense has opted to reduce its mandatory cybersecurity training to allow military personnel to focus on their core missions, a move that has raised concerns given the intertwined nature of cyber and kinetic warfare.

00:00 Introduction and Headlines
00:32 AI Browser Security Flaw: Comet Jacking
03:11 Discord Data Breach: What Happened?
05:59 Surge in Scans Targeting Palo Alto Devices
08:07 US Department of Defense Cuts Cybersecurity Training
10:23 Conclusion and Viewer Engagement

In this episode of 'Cybersecurity Today: Our Month in Review,' host Jim welcomes a panel including Tammy Harper from Flair, Laura Payne from White Tuque, and David Shipley, CEO of Beauceron Securities. The discussion kicks off with an overview of their plans for Cybersecurity Month, including reviving the MapleSEC show and the CIO of the Year awards. David shares his experiences at SECTOR, Canada's largest cybersecurity conference, discussing the importance of security awareness training and the risks of irresponsible tech journalism on public perception. The panel also delves into the resurgence of the Clop ransomware group, their shift to data extortion, and their exploitation of vulnerabilities in Oracle EBS applications. Laura highlights a concerning case of insider threats at RBC, emphasizing the importance of process-driven controls. The episode also touches on the human side of cybersecurity, particularly the impact of romance scams and the growing violence in cybercrime. The panelists underscore the need for improved security awareness and the role of AI in identifying scams. Tammy, Laura, and David conclude by discussing the role of insider threats and the ethical boundaries in cybercrime, sharing insights from recent real-world cases.

00:00 Introduction and Panelist Introductions
00:43 Cybersecurity Month Initiatives
02:46 Security Awareness and Phishing Training
04:03 Impact of Irresponsible Tech Journalism
08:27 AI and Cybersecurity: Hype vs. Reality
10:43 Conference Experiences and Networking
18:33 Clop Ransomware and Data Extortion
23:45 Tammy's Insights on Clop's Tactics
24:58 Scattered Lasus and Cyber Warfare
26:32 Media Savvy Cybercriminals
31:36 Human Impact of Cyber Scams
37:17 Insider Threats and Security Awareness
43:21 Physical Security and Cyber Threats
48:33 Cybercrime Targeting Children
50:58 Conclusion and Upcoming Topics

Cybersecurity Today: Red Hat Breach, CLOP Targets Oracle, and CISA Cuts Critical Support

In this episode of Cybersecurity Today, host Jim Love covers a recent breach of Red Hat's consulting GitLab server, highlighting concerns over exposed network maps and tokens. The CLOP extortion gang targets Oracle E-Business Suite clients, demanding ransom for sensitive data. Surveys show Canadian businesses are overconfident in their cyber defenses despite frequent attacks. Finally, CISA has ended a crucial cybersecurity support agreement, impacting state and local governments amidst a federal shutdown. Tune in for detailed analysis and urgent action items.

00:00 Red Hat GitLab Server Breach
02:21 CLOP Gang Targets Oracle E-Business Suite
04:29 Canadian Firms' Overconfidence in Cybersecurity
06:31 CISA Ends Critical Support Amid Shutdown
08:38 Conclusion and Upcoming Month in Review

Critical Vulnerabilities and AI Voice Cloning Risks in Cybersecurity

In this episode of Cybersecurity Today, host Jim Love discusses key cybersecurity threats, including critical vulnerabilities in Sudo and Cisco firewalls, and a remote command flaw in Western Digital MyCloud devices. The show highlights efforts by national security agencies in the US, Canada, France, Netherlands, and the UK to address these risks, urging immediate patching and system updates. Additionally, the episode covers the emerging threat of real-time AI voice cloning, stressing the need for stricter security measures to prevent social engineering attacks. Listeners are encouraged to implement robust verification processes to secure their organizations and personal communications.

00:00 Critical Sudo Flaw Warning
00:21 Cisco Firewalls Vulnerabilities
02:34 Western Digital MyCloud Devices at Risk
03:48 AI Voice Cloning Threat
05:16 Conclusion and Contact Information

Emerging Cybersecurity Threats: Lockbit 5.0, Salesforce AI Vulnerabilities, and China's Cyber Intelligence Advancements

In this episode of 'Cybersecurity Today,' host Jim Love discusses the latest cybersecurity threats, including the emergence of Lockbit 5.0 ransomware which can attack multiple platforms simultaneously, and a critical vulnerability in Salesforce's AI agents known as forced leak prompt injection. Additionally, the episode delves into the growing capabilities of China's Ministry of State Security, which has become a significant cyber intelligence force under Xi Jinping, raising serious concerns for Western security agencies.

00:00 Introduction to Cybersecurity Threats
00:18 Lockbit 5.0: A New Ransomware Threat
03:01 Salesforce AI Agents Vulnerability
05:50 China's Cyber Intelligence Operations
08:55 Conclusion and Call to Action