Cybersecurity Today

Brian Black, Head of Security Engineering at Deep Instinct and a former black hat hacker, shares his compelling journey from hacking to cybersecurity. He reflects on the early curiosity that led him to break into systems and discusses the evolution of hacker culture. Brian reveals the alarming effectiveness of AI in crafting zero-day exploits, stressing the importance of preemptive AI defenses. He also advocates for continuous learning in C-suite environments and explains how companies can effectively test their security through red teams, while reminding us to assume breaches will occur.

Tammy Harper, a Senior threat intelligence researcher at Flare.io and dark web investigator, delves into the intricate world of ransomware. She explains how ransomware-as-a-service works, detailing revenue sharing models and the role of initial access brokers. Tammy also covers modern extortion methods, including double and triple extortion tactics. Listeners will learn about the evolution of ransomware, the impact of WannaCry, and insights into notorious groups like Conti and LockBit, as well as the socio-economic factors driving cybercrime.

Erin West, a former California prosecutor and founder of Operation Shamrock, sheds light on the alarming rise of large-scale 'pig butchering' scams. She uncovers the shocking origins of these scams, often run from industrial facilities in Southeast Asia, and shares her efforts to train investigators on blockchain techniques. Erin discusses the emotional toll on victims, urging a stigma-free approach to reporting. With practical insights on community outreach and victim support, she underscores the importance of empathy in combating these manipulative schemes.

Global Cybercrime Crackdowns and Rising Threats This episode of 'Cybersecurity Today' hosted by David Shipley covers significant cybersecurity news. Nigerian police arrested three suspects linked to a Microsoft 365 phishing platform known as Raccoon O365. U.S. prosecutors charged 54 individuals in an ATM malware scheme tied to a Venezuelan criminal organization. Two incident responders pleaded guilty to conducting ransomware attacks while employed to help victims of such attacks. Denmark officially blamed Russia for a cyber attack on a water utility, exacerbating geopolitical tensions. Each segment highlights the intricate and international nature of modern cybercrime and the ongoing challenges in cybersecurity. 00:00 Introduction and Sponsor Message 00:20 Nigerian Police Arrest Phishing Suspects 03:28 US ATM Malware Scheme Uncovered 05:46 Insider Ransomware Attackers Plead Guilty 08:21 Denmark Blames Russia for Cyber Attack 11:08 Conclusion and Holiday Wishes 12:20 Sponsor Message and Closing

Tammy Harper, a security researcher known for her expertise in ransomware, joins Laura Payne, a cybersecurity professional focused on incident trends, along with David Shipley, a cybersecurity practitioner, and John Pinard, head of IT operations at a credit union. They discuss alarming trends in ransomware payments and the clever rise of phishing attacks, particularly MFA vulnerabilities. The panel also examines AI's growing dual role in both enhancing security measures and facilitating cybercrime, highlighting the crucial need for community support and empathy in cybersecurity.

Cybersecurity Today: Cisco Zero Day Exploited & Maritime Cyber Attack Unfolds In this episode of Cybersecurity Today, host David Shipley discusses a series of critical cybersecurity incidents, including the exploitation of a zero-day flaw in Cisco email security infrastructure by a China-linked group, a Hollywood-style attack on an Italian ferry involving remote access malware, and a new data theft spree by the ClOP ransomware gang targeting file-sharing servers. Shipley also highlights the broader implications of cybersecurity on physical safety and national security. This episode is brought to you by Meter, a complete networking stack provider for enterprises. 00:00 Introduction and Sponsor Message 00:20 Massive Patch List and Zero-Day Flaw in Cisco 03:41 Latvian Arrested in Italian Ferry Cyberattack 06:31 ClOP Ransomware Gang's New Target 08:54 Conclusion and Upcoming Episodes

In this episode of Cybersecurity Today, host Jim Love discusses a range of pressing cybersecurity threats. The show covers the escalating React2Shell vulnerability, which has led to widespread automated exploitation campaigns involving crypto miners and back doors. Additionally, Jim reports on the Black Force phishing kit, which bypasses multifactor authentication and is gaining traction among cybercriminals. Microsoft OAuth consent attacks are also highlighted, with users being tricked into granting access to their accounts. Finally, the episode touches on PornHub's data breach involving the Shiny Hunters cybercrime group and the importance of patching vulnerabilities and being cautious during the holiday season. 00:00 Introduction and Sponsor Message 00:22 React2Shell Vulnerability Deep Dive 03:46 Black Force Phishing Toolkit 05:44 Microsoft OAuth Consent Phishing 07:29 PornHub Data Breach by Shiny Hunters 10:21 Holiday Cybersecurity Tips and Final Thoughts

Apple's security updates tackle two serious WebKit vulnerabilities, urging immediate user action. Meanwhile, scammers are using AI to generate misleading support numbers, posing a new threat in the digital landscape. Bitdefender exposes malware hidden in torrent subtitles, ready to unleash havoc. On a surprising note, Stanford's AI, Artemis, proves more effective than human penetration testers, spotlighting the evolving nature of cybersecurity. The implications of these developments suggest a challenging future where AI plays a dual role in both offense and defense.

Jake Knott, Principal Security Researcher at Watchtower, dives into the alarming discovery of over 80,000 leaked credentials in online code-formatting tools. He reveals how these public tools inadvertently expose sensitive information like tokens and customer data. The conversation highlights the challenges of responsible disclosure and how attackers can exploit these vulnerabilities. Knott shares best practices for organizations to safeguard their secrets and discusses ongoing research efforts to combat these risks. A must-listen for anyone concerned about cybersecurity!

Explore the intriguing Spider-Man phishing kit, which crafts convincing attacks on European banks and crypto users while harvesting credentials. Delve into the Gogs zero-day vulnerability allowing remote code execution on self-hosted Git servers. Discover the importance of timely patching, highlighted by recent fixes for PowerShell and a zero-click flaw in Google's Gemini. Gain insights on managing AI risks, encouraging user education, and ensuring secure environments for AI tools. Stay vigilant in the ever-evolving world of cybersecurity!