In this episode of 'Cybersecurity Today', host David Shipley covers multiple key stories: Veritaco CEO Jeffrey Bowie is charged with attempting to infect a hospital with malware. Global Chief Information Security Officers (CISOs) call on world governments to harmonize cybersecurity regulations. Issues arise with Microsoft's recent 'Mystery Folder' security patch. Highlights from B-Side San Francisco's AI discussions include talks on weaponizing large language models and detecting deep fake technology. Additionally, the RSA Conference kicks off, promising numerous vendor announcements and updates.

00:00 Cybersecurity CEO Charged with Hospital Malware Attack
01:56 Global CISOs Call for Unified Cyber Regulations
03:59 Microsoft's Mystery Folder Fix Issues
05:37 AI Talks at B-Side San Francisco
08:08 RSA Conference Highlights and Conclusion

In this episode of Cybersecurity Today, host Jim Love delves into the topic of SaaS (Software as a Service) security. Sharing his early experiences promoting SaaS, Jim elaborates on its inevitable rise due to cost-effectiveness and shared development resources. The episode highlights security concerns with SaaS, such as shadow IT and weak access control, especially in the face of an influx of AI software. Jim introduces Yoni Shohet, CEO and Co-founder of Valence Security, who discusses the SaaS security landscape, focusing on the independent 'State of SaaS Security' report by the Cloud Security Alliance. Yoni outlines the importance of monitoring API tokens, ensuring proper configurations, and the challenges posed by non-human identities. The discussion underscores the evolving nature of SaaS security, encouraging stronger collaboration between security teams and business units to manage risks effectively.

00:00 Introduction to SaaS Security
00:01 The Evolution and Benefits of SaaS
01:33 Challenges and Security Concerns with SaaS
02:08 Introduction to the State of SaaS Security Report
02:34 Interview with Yoni Shohet: Background and Experience
03:06 Yoni Shohet's Journey in Cybersecurity
08:33 The Rise of SaaS Security Issues
14:03 Key Findings from the SaaS Security Report
17:32 The Importance of SaaS Security Measures
21:36 Managing SaaS Security in Organizations
33:43 Valence Security's Approach to SaaS Security
36:59 Conclusion and Final Thoughts

In this episode of Cybersecurity Today, host David Shipley discusses the FBI's report on cybercrime losses in 2024, which reached a record $16.6 billion, marking a 33% increase from the previous year. The report highlights major types of cyber crimes such as phishing, spoofing, extortion, and investment fraud, with older adults being significantly impacted. Additionally, Blue Shield of California experienced a data breach affecting 4.7 million members due to a Google Analytics misconfiguration. The episode also covers global ransomware trends, revealing that 86% of affected firms paid ransoms, and the Verizon Data Breach Investigation Report's findings that ransomware is a factor in nearly half of all cyber incidents. David also previews upcoming cybersecurity events and hints at further discussions on phishing training and data security.

00:00 Record Cybercrime Losses in 2024
04:07 Blue Shield of California Data Breach
07:03 Ransomware Crisis and Global Impact
08:23 Verizon Data Breach Report Insights
09:20 Upcoming Events and Closing Remarks

In this episode of 'Cybersecurity Today,' host Jim Love discusses various pressing topics in the realm of cybersecurity. Highlights include Anthropic's prediction on AI-powered virtual employees and their potential security risks, Microsoft’s introduction of AI security agents to mitigate workforce gaps and analyst burnout, and a pivotal court ruling allowing a data privacy class action against Shopify to proceed in California. Additionally, the show covers the last-minute extension of funding for the Common Vulnerabilities and Exposures (CVE) program by the US Cybersecurity and Infrastructure Security Agency, averting a potential crisis in cybersecurity coordination. These discussions underscore the evolving challenges and solutions within the cybersecurity landscape.

00:00 Introduction and Overview
00:26 AI Employees: Opportunities and Risks
01:48 Microsoft's AI Security Agents
03:58 Shopify's Legal Battle Over Data Privacy
05:12 CVE Program's Funding Crisis Averted
07:24 Conclusion and Contact Information

Cybersecurity Today: Allegations Against Elon Musk, Microsoft Lockout Issues, Cozy Bear's New Malware, and Canada's Anti-Fraud Proposals In this episode of Cybersecurity Today, hosted by David Shipley, we examine several major cybersecurity stories. A whistleblower accuses Elon Musk's team's involvement in a significant cyber breach at the National Labor Relations Board. Administrators face challenges with Microsoft's Mace feature, causing widespread account lockouts over the Easter weekend. The Russian hacking group Cozy Bear targets European diplomats using wine-themed phishing tactics. Canadian Conservative leader Pierre Poilievre proposes stringent measures against online fraud, including hefty fines and criminal charges for companies failing to act against digital scammers. 00:00 Breaking News: Doge and the US Labor Watchdog Cyber Breach 03:30 Microsoft Security Feature Causes Weekend Chaos 06:08 Russian Hackers Target European Diplomats with Wine-Themed Phishing 07:30 Canadian Conservative Leader Proposes Anti-Fraud Measures 09:25 Conclusion and Contact Information

In this episode of Cybersecurity Today titled 'The Secret CISO,' host Jim Love, along with guests Octavia Howell, Daniel Pinsky, and John Pinard, delves into the personal and professional experiences of Chief Information Security Officers (CISOs). They share their journeys into cybersecurity, discuss the challenges and pressures of their roles, and offer insights into effective leadership and talent development. The discussion also covers the evolving nature of security threats, resource constraints, and the importance of continuous learning and strategic alignment in cybersecurity. This candid conversation aims to provide valuable perspectives for both aspiring and seasoned security professionals.

00:00 Introduction to The Secret CISO
01:11 Meet the CISOs
03:08 Career Journeys and Reflections
08:45 Challenges and Pressures of the Job
23:21 Learning and Staying Ahead
28:15 Leadership and Team Development
40:34 Advice for Aspiring CISOs
43:14 Conclusion and Audience Engagement

In this episode of Cybersecurity Today, hosted by Jim Love, the show salutes Katie Moussouris of Luta Security for her courage in speaking truth to power. The episode covers various significant news in the cybersecurity world: the explosion of identity theft in Canada’s tax system, Prodaft’s strategic purchase of hacker forum accounts for intelligence, Google’s new security feature for Android devices, Hertz's data breach due to a vendor hack, and a US attorney's allegations against a UK intelligence firm for orchestrating a hack-for-hire scheme. Additionally, the episode discusses the troubling political ramifications following President Trump’s revocation of security clearance from Chris Krebs, former CISA director, and the subsequent investigation, highlighting the importance of protecting free speech and integrity within the cybersecurity profession.

00:00 Introduction and Salute to Katie Moussoursis
00:44 Identity Theft Nightmare in Canada
03:20 Prodaft's Innovative Cybercrime Monitoring
05:22 Google's New Android Security Feature
07:08 Hertz Data Breach and Legal Implications
09:22 Controversial Hack-for-Hire Allegations
11:26 Conclusion and Final Thoughts
11:36 Speaking Truth to Power: The Case of Chris Krebs

In this episode of Cybersecurity Today, host David Shipley discusses several pressing concerns in the cybersecurity landscape. Attackers have been exploiting Fortinet VPN devices to maintain access even after patches were applied; administrators are urged to upgrade and follow recovery guidance. Microsoft has created a new INET Pub folder through its latest Windows update, advising users not to delete it due to a linked security flaw. Lastly, AI-generated code dependencies are becoming a serious supply chain risk, with attackers creating malicious packages based on AI hallucinations. Users are advised to thoroughly review AI-generated code to avoid 'slop squatting'.

00:00 Introduction and Fortinet VPN Exploits
02:46 Microsoft's INET Pub Folder Issue
04:57 AI Hallucinations and Code Dependencies
06:22 Conclusion and Contact Information