Cybersecurity Headlines

DJ Schleen, Head of Security at Boats Group, returns to discuss a shocking incident where a cybersecurity CEO was arrested for malware activities in hospitals, raising serious trust issues. They dive into the alarming surge in DDoS attacks and the FBI’s call for public assistance against the China-linked threat actor Salt Typhoon. Schleen emphasizes the security vulnerabilities of routers and smart devices in homes, advocating for better regulations and consumer awareness. The conversation highlights the importance of community engagement in tackling cybersecurity challenges.

The UK retailer Co-op is reeling from a significant cyberattack that has disrupted its operations. The FBI has issued a warning about 42,000 phishing domains associated with LabHost, raising concerns for online security. Meanwhile, the NSO Group faces potential hefty damages in their ongoing legal battles regarding WhatsApp hacks. Additionally, explore innovative cybersecurity strategies like ThreatLocker's zero-trust approach and emerging threats from groups using advanced techniques like IPv6 spoofing.

Alleged 'Scattered Spider' member extradited to U.S. Experts see little progress after major Chinese telecom hack Polish police take down impersonation scammers Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. For the stories behind the headlines, visit CISOseries.com.

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi Google tracked 75 zero days exploited in the wild in 2024 France ties Russian APT28 hackers to 12 cyberattacks on French orgs Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.

A malware scheme has hijacked Uyghur language software, putting users at risk. Meanwhile, Cloudflare reports a significant rise in DDoS attacks, raising alarms in the cybersecurity community. The controversial forum 4chan is back online after a hacking incident caused a major disruption. Additionally, a phishing campaign targeting WooCommerce is exploiting vulnerabilities under the guise of critical security updates. Experts emphasize the need for better security measures to combat these emerging threats.

SAP zero-day vulnerability under widespread active exploitation Hackers abuse OAuth 2.0 workflows to hijack Microsoft 365 accounts Cybersecurity firm CEO charged with installing malware on hospital systems Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

Bethany De Lude, CISO Emeritus of The Carlyle Group, brings her deep expertise to discuss key shifts in cybersecurity. She highlights the implications of leadership exits from CISA's Secure by Design initiative, raising concerns about corporate commitment to security standards. The rise of large language models is explored, especially regarding vulnerability exploitation. Additionally, Bethany addresses alarming cybercrime statistics and the need for enhanced community awareness, particularly in combatting romance scams and improving collaboration in security practices.

The podcast dives into the alarming use of Android malware targeting the Russian military, cleverly hidden in a mapping app. It examines the vulnerabilities plaguing edge devices and discusses the implications of recent security flaws, particularly a critical warning about Commvault Command Center. Additionally, the conversation touches on the productivity drain caused by alert investigations and introduces a game-changing AI solution that streamlines security processes, allowing teams to focus on thwarting genuine threats.

Blue Shield of California shared private health data of millions with Google The FBI issues its 2024 IC3 report Ex-Army sergeant jailed for selling military secrets Huge thanks to our sponsor, Dropzone AI Security analysts need practical experience to build investigation skills, but getting expert guidance for every alert is impossible. That's why Dropzone AI created COACH—a free Chrome extension that serves as an AI security mentor for SOC analysts at any level. COACH reads alerts across all major security platforms, explains their context, provides alternative hypotheses, and guides analysts through industry-standard investigation methodologies. Unlike our AI SOC Analyst product, COACH doesn't do the work for you—it teaches you how to think through investigations yourself. It supplements human mentoring with always-available guidance that respects your data with zero retention. Develop your security team's skills at Dropzone.ai/coach. For the stories behind the headlines, head to CISOseries.com.

Microsoft is recalling the Copilot Plus feature due to major security flaws. Meanwhile, Russian organizations are facing targeted attacks through deceptive updates masquerading as security tools. SSL.com is racing to address a vulnerability in its certificate issuance process, highlighting ongoing threats in the digital landscape. The podcast also discusses a surge in ransomware attacks impacting over 100 victims and the need for stronger cybersecurity measures to combat increasingly sophisticated global cyber scams.