Cybersecurity Today

Jim Love
  • 4.5(193개의 평가)
  • IT 뉴스
  • 매일 업데이트

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

  1. 22시간 전

    Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware

    Microsoft Defender Deletes Trusted Certificates | 44,000 cPanel Servers Hit by Ransomware Microsoft Defender mistakenly flagged legitimate DigiCert root certificates as malware and removed them from Windows systems, breaking trust chains and causing widespread application failures. The issue was traced to a faulty detection signature (Trojan:Win32/CertyAgent), now fixed in update version 1.449.430.0.  At the same time, DigiCert confirmed a separate security incident where attackers compromised support systems and used internal tools to issue valid code-signing certificates. At least 60 certificates were revoked, including 27 linked to the Zong Stealer malware campaign.  Meanwhile, a critical cPanel vulnerability (CVE-2026-41940) is being actively exploited. Attackers used the flaw as a zero-day since February, compromising at least 44,000 servers and deploying new SORI ransomware using ChaCha20 and RSA-2048 encryption.  Also in this episode: The Linux "Copyfail" privilege escalation bug is now confirmed exploited and added to CISA's Known Exploited Vulnerabilities list A 10/10 critical vulnerability (CVE-2026-37541) in Open Vehicle Monitoring System could allow remote code execution in connected car environments This episode breaks down how these attacks work, why patch timing matters, and where organizations are most exposed right now. Cybersecurity Today would like to thank Material Security for supporting this podcast.  Material security provides. faster, more complete detection and response for email, identity, and data threats inside Google Workspace and Microsoft 365.  Contact them at  material[dot]security  Suggested Chapters (for retention and SEO) 00:00 Microsoft Defender deletes trusted certificates 02:20 DigiCert breach and stolen code-signing certificates 05:20 cPanel zero-day exploited, 44,000 servers compromised 08:40 Linux Copyfail vulnerability now actively exploited 10:40 Critical flaw in open-source car software

    14분

  2. 2일 전

    Connected Cars Are Rolling Spy Networks — And They Can Be Hacked

    Connected cars are no longer just vehicles — they are rolling networks of sensors, cameras, microphones, and constant data transmission. In this Cybersecurity Today Weekend Edition, David Shipley is joined by former CSIS intelligence officer Neil Bisson and cybersecurity expert Federico Simonetti to break down what that really means. They explain how modern vehicles: Continuously report location, behaviour, and system data to the cloud Contain dozens of interconnected computers controlling everything from steering to braking Can be vulnerable to man-in-the-middle attacks, remote access, and system compromise May expose drivers to surveillance — not just by companies, but potentially by nation states The conversation goes beyond theory. Real-world examples are discussed, including: Remote vehicle manipulation demonstrated by security researchers How infotainment systems can become entry points to critical controls Why some countries are already restricting certain vehicles from sensitive locations The panel also tackles the bigger issue: This is not just about one country or one manufacturer. Every connected vehicle expands the attack surface. And while solutions exist — from better authentication to architectural changes — the challenge is no longer technical. It's political, economic, and global. If you think your car is just transportation, this discussion may change your perspective. 00:00 Connected Cars: More Than Just Vehicles 01:20 Meet the Panel: Intelligence and Cybersecurity Perspectives 03:10 Every Car Is Now a Networked Computer 06:00 Surveillance Risks: Are Cars "Rolling Spy Vans"? 09:10 What Intelligence Agencies Can Do With Car Data 12:30 Sensors, GPS, Cameras — What Your Car Collects 16:20 Real Example: Tesla Camera Privacy Incident 19:00 Can Hackers Take Control of a Car? 22:30 Real-World Hacks: Jeep and Nissan Cases 26:40 The Regulatory Gap: No Enforced Cybersecurity Standards 30:10 Why Governments Are Struggling to Act 34:00 Cheap EVs vs National Security Risks 37:40 Can Software Fix the Problem? 41:20 Global Response: China, US, and Europe 45:10 Policy Ideas: Kill Switches, Car Bill of Rights 49:00 Prevention vs Detection in Cybersecurity 52:30 Are We Already Too Exposed? 55:10 Final Thoughts: Can Connected Cars Be Made Safe?

    45분

  3. 3일 전

    WhatsApp Encryption Under Fire After Probe Shut Down

    A U.S. federal investigation into WhatsApp encryption was shut down before reaching a conclusion — after an internal claim suggested Meta systems may access message content in ways that conflict with public descriptions. In this episode of Cybersecurity Today, Jim Love breaks down what's known, what isn't, and why the story isn't going away. Also in this episode: A newly disclosed Linux vulnerability (CVE-2026-31431) allows an unprivileged local attacker to gain root permissions — using a flaw that may have existed since 2017 BlueKit, a new phishing toolkit, shows how AI is now being built directly into cybercrime platforms More than three million Alberta voter records exposed after being posted online — not by hacking, but by alleged misuse of legally distributed data These stories highlight a growing pattern: the biggest risks aren't always new attacks — they're often hidden in how systems are designed, used, and trusted. Chapters: 00:00 WhatsApp encryption investigation shut down 02:15 Linux "copy fail" root vulnerability explained 04:30 BlueKit AI phishing platform 06:30 Alberta voter data leak Cybersecurity Today delivers clear, factual reporting on the stories that matter to IT professionals, business leaders, and anyone responsible for protecting data and systems.

    10분

  4. 5일 전

    Massive Python Supply Chain Hack, $2.1B Scam Losses, North Korea Targets Crypto Execs

    A major open source Python tool was hijacked in a supply chain attack, exposing developer credentials, cloud secrets, and crypto wallets. Meanwhile, the FTC says Americans lost more than $2.1 billion to scams that began on social media, with Facebook leading reported losses. Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst. Also in today's Cyber Security Today: Brazilian hackers return with fake Minecraft cheat downloads carrying credential-stealing malware A new ransomware strain destroys victim files so badly even paying the ransom may not help North Korean threat actors target crypto executives using fake Zoom and Teams meetings powered by AI deception tactics If you work in IT, cybersecurity, finance, or simply want to stay safe online, this episode breaks down what matters and what to watch next. Stories covered in this episode are based on reporting summarized in the show transcript.   #cybersecurity #ransomware #scams #python #hacking #northkorea #cryptocurrency #malware #technews

    12분

  5. 4월 27일

    Cyber Weapon in Toronto, Grid Attack, Stuxnet Lie Exposed

    A rogue cyber weapon drove through Toronto blasting scam texts to thousands of phones. A major U.S. critical infrastructure provider confirms a cyberattack. And researchers reveal that Stuxnet may not have been the first cyber weapon after all. In today's Cybersecurity Today with David Shipley: • First known SMS blaster case in Canada uncovered in Toronto • Itron, a major utility technology supplier, discloses cyber intrusion • Researchers say a 2005 malware campaign predates Stuxnet • Venezuela energy sector attack reveals destructive "Lotus Wiper" malware • Why AI-powered attacks may change critical infrastructure risk forever If you care about cybersecurity, nation-state threats, infrastructure risk, and real-world attacks, this episode is essential listening. Hosted by David Shipley. Cybersecurity Today thanks Meter for supporting this podcast. Meter delivers a complete networking stack — wired, wireless, and cellular — in one integrated solution built for performance and scale. Learn more at Meter.com/cst. Chapters 00:00 Intro 00:36 Toronto SMS Cyber Weapon 05:12 Critical Infrastructure Supplier Hit 09:28 Stuxnet History Rewritten 14:32 Venezuela Energy Sector Attack 19:05 Final Thoughts #Cybersecurity #Stuxnet #CyberAttack #Toronto #CriticalInfrastructure #Hacking #Itron #CyberNews #DavidShipley

    16분

  6. 4월 25일

    Cybersecurity Today Weekend: Deepfakes, the Death of Truth, and Verifying AI in the Enterprise

    📍 again, we'd like to thank Meter for their support in bringing you this podcast Meter delivers full stack networking infrastructure, wired, wireless, and cellular to leading enterprises. Working with their partners, meter designs, deploys and manages everything required to get performant, reliable and secure connectivity in a space. They design the hardware, the firmware, they build the software, they manage deployments, and they run support. It's a single integrated solution that scales from branch offices to warehouses and large campuses to data centers. Book a demo at meter.com/htt. That's METE r.com/htt. If you're around on the weekend, join us for Project Synapse as we will go through the weak in ai. We'll be going through the climate crisis, the Mythos escape, and. The, we'll be going through the new image generation, the climate crisis, the Mythos escape, and probably a lot more. And if you're not around on the weekend, we'll catch you Monday morning, and if you're not around on the weekend, I'll be back with the tech news on Monday morning.

    1시간 10분

  7. 4월 24일

    Inside The Vercel Supply Chain Exploit

    Inside the Vercel Breach: Highlighting OAuth Token Risk  In a special edition of Cybersecurity Today, host Jim Love and guest Jamie Blasco (CTO, Nudge Security) discuss Vercel, a major developer hosting platform, and a breach tied to OAuth grants and shadow AI. Reporting shared by Contrast Security's David Lindner describes how a Context AI employee downloaded Roblox AutoFarm scripts, got infected with an info stealer, and attackers harvested credentials, compromised Context AI, then used an over-permissioned OAuth token from a Vercel employee who had signed up to Context AI with an enterprise account and clicked "allow all," with Vercel working with Mandiant on a breach allegedly being sold for $2 million. The episode emphasizes that MFA may not mitigate OAuth abuse, urges admin-managed consent, continuous inventory and auditing of OAuth grants, and better visibility into risky third-party app access across Google Workspace and Microsoft 365. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Special Edition Intro 00:14 Sponsor Message Meter 00:33 Supply Chain Hack Setup 01:16 Breach Seen In Wild 02:36 Meet Jamie Blasko 02:56 Who Is Vercel 04:34 How The Breach Happened 05:58 Context AI And Shadow IT 07:58 OAuth Controls And Audits 09:11 Impact And Open Questions 11:24 Why MFA Falls Short 12:22 Where To Get Help 14:07 Host Takeaways OAuth Risk 14:53 What To Do Next 16:06 Wrap Up And Feedback 16:42 Sponsor Close Meter 17:24 Final Sign Off

    18분

  8. 4월 22일

    Vercel Breach Started With AI Tool

    Vercel Supply-Chain Breach via AI Tool, Meta Sued Over Scam Ads, and Ransomware Surges with "The Gentleman" David Shipley covers new details on the Vercel breach, which began when an employee used the third-party AI tool Context AI; after Context AI was breached, attackers leveraged Google OAuth access to pivot into Vercel systems and enumerate unencrypted "non-sensitive" environment variables that contained usable secrets, with a hacker claiming Vercel data and source code and demanding $2M, while Vercel says Next.js and other open-source projects are safe and shares Google OAuth indicators of compromise. The episode also discusses a proposed class-action lawsuit alleging Meta misled users about scam ads and profited from them, noting Meta's claim it removed 159M scam ads and shut down nearly 11M criminal accounts. Finally, it cites ZeroFox data showing ransomware incidents holding steady at 2,059 in Q1 2026 and highlights Check Point research indicating "The Gentleman" has a much larger victim footprint and uses tactics like disabling Defender, re-enabling SMB1, abusing GPO, and targeting VMware environments. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.  You can find them at Meter.com/cst 00:00 Headlines and Sponsor 00:46 Vercel AI Supply Chain Breach 02:50 Meta Sued Over Scam Ads 04:55 Ransomware Numbers Q1 2026 06:46 Gentlemen Crew Exposed 08:56 Wrap Up and Thanks 09:42 Sponsor Message Meter

    11분
모두 보기(105개)

호스트 및 게스트

4.5
최고 5점
193개의 평가

소개

Updates on the latest cybersecurity threats to businesses, data breach disclosures, and how you can secure your firm in an increasingly risky time.

정보

  • 제작진
    Jim Love
  • 방송 연도
    2018년 - 2026년
  • 에피소드
    105
  • 등급
    전체 연령 사용가
  • 웹사이트 보기
    Cybersecurity Today

좋아할 만한 다른 항목