Cybersecurity Today podcast | Listen online for free

Available Episodes

5 of 339

Cybersecurity Today: Apple Security Updates, AI Search Engine Scams, Torrent Malware, and Stanford's AI Penetration Testing
In this episode of Cybersecurity Today, host David Shipley discusses significant developments in the cybersecurity landscape. Apple releases security updates to address two actively exploited WebKit vulnerabilities. Scammers manipulate AI-powered search tools to recommend fake support numbers, reflecting a growing security risk. Bitdefender uncovers malware hidden in torrent subtitles for the movie 'One Battle After Another.' Lastly, an AI named Artemis outperforms human penetration testers in a Stanford hacking experiment, highlighting the evolving role of AI in cybersecurity. Also included are insights on the implications of these events for future cybersecurity challenges. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:52 Apple's Urgent Security Updates 03:24 AI-Powered Scams: A Growing Threat 06:59 Malware Hidden in Torrents 10:03 AI Outperforms Human Pen Testers 13:25 Conclusion and Contact Information
--------
14:48
--------
14:48
The Hidden Danger of Storing Secrets Online | Interview with Jake Knott from Watchtower
In this episode of Cybersecurity Today, host Jim Love discusses the shocking discovery of over 80,000 leaked credentials and secrets in online code formatting tools with Jake Knott, a principal security researcher from Watchtower. They delve into the vulnerabilities exposed by these tools, the inadvertent leaking of sensitive information, and how attackers can easily exploit these weaknesses. The conversation covers the types of secrets found, the responses from various organizations, and best practices to prevent such exposures. Tune in to understand the critical importance of protecting your credentials and the steps you can take to avoid falling victim to these types of security breaches. 00:00 Introduction and Sponsor Message 00:22 Accidental Data Leaks: A Growing Concern 00:55 Supply Chain Vulnerabilities 01:47 Shocking Discovery: 80,000+ Secrets Exposed 06:29 Interview with Jake Knott from Watchtower 08:19 The Risks of Using Online Tools 28:23 Best Practices and Mitigation Strategies 35:05 Conclusion and Final Thoughts
--------
38:16
--------
38:16
Spiderman and Cybersecurity.
Cybersecurity Today: Spider-Man Phishing Kit, Gogs Zero-Day Exploits, and Recent Patches In this episode, host Jim Love discusses recent cybersecurity issues including the Spider-Man phishing kit targeting European banks and cryptocurrency users, a zero-day vulnerability in the self-hosted Git service Gogs, and various security updates. The Spider-Man kit creates highly convincing phishing pages, while the Gogs vulnerability allows remote code execution by exploiting symbolic links. Additionally, updates are covered for a Windows PowerShell zero-day and a zero-click flaw in Google's Gemini Enterprise. The show emphasizes the importance of vigilance and timely patching to mitigate these threats. 00:00 Introduction and Technical Issues 00:20 Sponsor Message: Meter Networking Solutions 00:43 Spider-Man Phishing Kit Targets European Banks 03:13 Gogs Zero-Day Vulnerability Exploited 05:57 Windows PowerShell Zero-Day Patched 08:05 Google Patches Gemini Zero-Click Flaw 10:42 Conclusion and Weekend Show Teaser
--------
11:53
--------
11:53
Google Chrome's AI Safety Plan? More AI
Cybersecurity Today: Google Chrome's AI Safety Plan, React2Shell Fixes, & New Ransomware Tactics In this episode of Cybersecurity Today, host Jim Love discusses Google's new security blueprint for AI-powered Chrome agents, highlighting measures against indirect prompt injections and model errors. Learn about Next JS's new tool for addressing the critical React2Shell vulnerability and the emerging threat from Storm 0249 using EDR tools for ransomware. The episode also covers new data showing manufacturers remain top ransomware targets. Sponsored by Meter. 00:00 Introduction and Sponsor Message 00:22 Google's New Security Plan for Chrome Agents 03:41 Next JS Scanner for React2Shell Vulnerability 05:41 Storm 0249: Malware Hidden in EDR Tools 07:45 Ransomware Targets Manufacturing Sector 09:34 Conclusion and Final Notes
--------
11:42
--------
11:42
DevelopmentTools May Allow Remote Compromise
Explosive React Vulnerability and AI Tool Flaws Uncovered: Major Implications for Cybersecurity In this episode of Cybersecurity Today, host David Shipley discusses a new significant React vulnerability, React2Shell, that has caused widespread confusion and debate in the security community. This major flaw, affecting a widely used web framework, poses significant risks like remote code execution and malware deployment across numerous organizations. The episode also highlights flaws in AI coding tools discovered by researcher Ari Marzouk, which could compromise integrated development environments (IDEs) and software supply chains. Additionally, a ransomware breach at Marquis Software Solutions, impacting over 70 US banks and credit unions, is examined. Emphasis is placed on the critical need for robust security culture and proactive measures in the face of evolving threats. Cybersecurity Today would like to thank Meter for their support in bringing you this podcast. Meter delivers a complete networking stack, wired, wireless and cellular in one integrated solution that's built for performance and scale. You can find them at Meter.com/cst 00:00 Introduction and Sponsor Message 00:43 React Flaw Drama: A Deep Dive 04:58 AI Coding Tools: New Vulnerabilities 08:04 Ransomware Breach in Financial Sector 10:27 Conclusion and Call to Action
--------
13:08
--------
13:08