Cybersecurity Today

Critical Security Flaws Patched by Cisco and Fortinet Amidst Recent Cyber Threats
In this episode of Cybersecurity Today, host David Chipley covers several pressing cybersecurity issues. Cisco has patched a maximum severity zero-day vulnerability in its Async OS software, which has been exploited by a Chinese state-linked group. Fortinet has also addressed a critical vulnerability in its 40 Seam product, which is being actively exploited in the wild. The Dutch National Police are still recovering from a Citrix breach, emphasizing the need for modern infrastructure. Meanwhile, a spear-phishing campaign targeting US organizations uses Venezuela-themed lures. The episode wraps up with a discussion on a recent study revealing that training AI to produce insecure code can lead to broader problematic behaviour.
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.
You can find them at Meter.com/cst
00:00 Introduction and Sponsor Message
00:46 Cisco Patches Critical Async OS Bug
02:26 Fortinet Vulnerability Exploited in the Wild
04:04 Dutch National Police and Aging IT Infrastructure
05:55 Spear Phishing Campaign with Venezuelan Lure
07:54 AI Writing Buggy Code: Unexpected Consequences
10:21 Conclusion and Final Thoughts

Building Secure Software with Tanya Janca: From Coding to Cybersecurity Advocacy
In this episode of Cybersecurity Today, host Jim Love interviews Tanya Janca, also known as She Hacks Purple, a renowned Canadian application security expert and author. Tanya shares her journey from a software developer and musician to becoming a penetration tester and cybersecurity advocate. She discusses her work in training developers on secure coding practices and application security, emphasizing the need for integrated security training in academic programs and the software development lifecycle. Tanya also talks about the challenges women face in the cybersecurity field and her efforts to empower underrepresented groups through initiatives like WOsec and We Hack Purple. Sponsored by Meter, this episode dives deep into the importance of building security into software development and the potential role of AI in improving code security.
00:00 Introduction and Sponsor Message
00:18 Meet Tanya Janca: The Journey Begins
01:05 From Developer to Pen Tester
03:14 Empowering Women in Cybersecurity
13:11 Challenges in Academia and Training
19:18 The Need for Secure Coding
21:22 Challenges in Medical Device Security
22:18 The Economics of Open Source
24:43 Building Security into Development
26:14 Training and Cultural Shifts
32:33 AI and Secure Coding
39:03 Incident Response and Preparedness
39:54 Final Thoughts and Future Directions

Cybersecurity Challenges: Data Privacy Failures, AI Risks, and New Malware Threats
In this episode of Cybersecurity Today, host David Shipley covers a range of pressing issues. The discussion kicks off with Staples Canada reselling laptops without wiping customer data, highlighting loopholes in Canada's privacy laws. Next, David delves into a new class of attacks known as 'Reprompt' that target Microsoft Co-pilot, exposing vulnerabilities in large language models. The episode also explores a critical flaw in ServiceNow's virtual agent that allowed attackers to impersonate legitimate users, emphasizing the importance of robust identity verification. Lastly, a newly discovered advanced Linux malware framework designed for cloud environments is dissected, pointing to evolving threats that leverage customer mistakes. The episode concludes with a call to address these problems through better people, processes, and cultural practices.
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.
You can find them at Meter.com/cst

00:00 Introduction and Sponsor Message
00:48 Staples' Privacy Lapse: A Recurring Issue
03:03 Microsoft Co-pilot Vulnerability: Reprompt Attack
05:22 ServiceNow's AI Vulnerability: Authentication Gaps
07:02 Advanced Linux Malware: A Cloud-First Threat
08:46 Conclusion and Key Takeaways
09:37 Closing Remarks and Sponsor Acknowledgment

Cybersecurity Today: Credit Card Skimming, Valley Rat Malware, WhatsApp Exploit & AI Defenses
In this episode of Cybersecurity Today, hosted by Jim Love, we explore several critical cybersecurity threats and advancements. We cover a massive credit card skimming campaign active since early 2022, a severe bug in HPE OneView, the stealthy Valley Rat malware, and a potential zero-click exploit in WhatsApp. Additionally, we delve into AI-driven advancements in cybersecurity defense being developed at US National Laboratories. Stay informed and vigilant with the latest insights in cybersecurity.
00:00 Introduction and Sponsor Message
00:48 Credit Card Skimming Campaign Uncovered
02:49 Critical Vulnerability in HPE OneView
04:16 Valley Rat Malware Threat
06:22 Suspected Zero-Day Vulnerability in WhatsApp
08:29 AI-Powered Cyber Defenses in US National Labs
10:08 Conclusion and Sponsor Message

In this episode of Cybersecurity Today, host David Shipley covers the FBI's warning about North Korean state-sponsored QR code phishing campaigns targeting U.S. organizations. Additionally, he discusses Europol's arrest of 34 individuals in Spain tied to the infamous Black Acts crime syndicate and the uncertainty surrounding CISA's pre-ransomware notification initiative after the departure of its lead developer. Stay informed with the latest in cybersecurity news and learn how to protect yourself and your organization from emerging threats.
Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale.
You can find them at Meter.com/cst
00:00 Introduction and Sponsor Message
00:20 FBI Warns of QR Code Phishing
04:44 Europol's Major Crackdown on Black Acts
07:11 Uncertainty Over Ransomware Alerts Program
09:41 US Withdraws from Cybersecurity Organizations
10:25 Conclusion and Final Thoughts