Cybersecurity Today: Microsoft Patches, Canadian Data Breach, NVIDIA's New Tool, and a Senator's Call for Investigation In this episode of Cybersecurity Today, host Jim Love discusses Microsoft's September patch update addressing 81 security flaws, including two zero-day vulnerabilities. Highlights include a data breach in Canada affecting email and phone numbers, NVIDIA's release of an open-source LLM vulnerability scanner, and US Senator Ron Wyden's call for the FTC to investigate Microsoft's security practices. The episode also clears up the mystery behind the bricked SSDs after a Windows 11 update. 00:00 Microsoft Patches 81 Flaws 02:29 Canadian Government Data Breach 03:38 NVIDIA's Garrick: AI Vulnerability Scanner 05:01 Senator Urges FTC to Probe Microsoft 06:52 Mystery of Bricked SSDs Solved 08:24 Conclusion and Upcoming Interview
--------
8:54
--------
8:54
iCloud Calendar Invites Disguise New Phishing Campaigns
Phishing Scams, Leaked Stream Keys, Zero-Day Android Vulnerabilities, and Bounties on Russian Hackers In this episode of Cybersecurity Today, host Jim Love discusses several critical cybersecurity issues. Attackers are using iCloud calendar invites for phishing scams, leveraging Apple's system to bypass security checks. The US Department of Defense has exposed livestream credentials, risking hijack and fake content insertion. Billions of Android phones are vulnerable due to unpatched critical zero days, and Google has only fixed issues for Pixel devices so far. Additionally, the US State Department has placed a $10 million bounty on three Russian FSB hackers responsible for attacks on energy companies. Jim emphasizes the importance of securing digital assets and maintaining strong cybersecurity practices. 00:00 Introduction and Headlines 00:24 Phishing Scam via iCloud Calendar Invites 03:18 US Department of Defense Livestream Vulnerabilities 05:53 Critical Android Zero-Day Vulnerabilities 07:38 US Bounty on Russian FSB Hackers 09:42 Conclusion and Contact Information
--------
10:05
--------
10:05
Hackers Say Thanks For Lousy Security In Large Fast Food Chain
Cybersecurity Today: Ghost Action Campaign, SalesLoft Breach, AI Vulnerabilities, and Restaurant Security Flaws Host David Shipley discusses the latest in cybersecurity, including the Ghost Action Campaign which compromised over 3000 secrets from GitHub repositories, the SalesLoft breach affecting major cybersecurity and SaaS firms, and new research showing how large language model chatbots like GPT-4 can be manipulated easily. Additionally, ethical hackers uncover significant vulnerabilities in the digital platforms of Restaurant Brands International. The episode emphasizes the importance of securing the software development ecosystem and maintaining robust social engineering defenses. 00:00 Introduction and Headlines 00:32 GitHub Supply Chain Attack: Ghost Action Campaign 02:51 SalesLoft Breach: A Deep Dive 05:01 The Summer of Salesforce Attacks 07:19 Manipulating AI: New Research Insights 09:14 Restaurant Brands International: Security Flaws Exposed 11:21 Conclusion and Sign-Off
--------
12:07
--------
12:07
From CVE To Cyber Attack In Minutes With AI: Cybersecurity Today
The Future of Cybersecurity: AI, Exploits, and the CVE Database In this special crossover episode of Cybersecurity Today and Hashtag Trending, the hosts explore the use of artificial intelligence (AI) in cybersecurity. The conversation begins with an overview of the ongoing 'arms race' to find and exploit software vulnerabilities, focusing on how AI can change the game. The episode delves into the Common Vulnerability and Exposures (CVE) Database, its importance, and its management by the Mitre Corporation. The discussion then spotlights groundbreaking research by Israeli researchers Effie Wies and Nahman Khayet, who developed a method to automate the creation of exploits using AI, reducing the average exploit development time from 192 days to just 15 minutes. This revelation raises significant concerns about the future of cybersecurity and the need for organizations to accelerate their response times. The podcast also touches on the potential for AI to assist in writing more secure code and defending against vulnerabilities, calling for a more resilient approach to software development and deployment. 00:00 Introduction to the Crossover Show 00:22 The Arms Race in Cybersecurity 00:59 Understanding Zero-Day Exploits 02:13 The Common Vulnerability and Exposures Database (CVE) 05:17 The Impact of AI on Exploit Development 05:54 Interview with Nahman Khayet 08:48 The Future of AI in Cybersecurity 18:16 Challenges and Recommendations for Organizations 30:54 Conclusion and Final Thoughts
--------
31:51
--------
31:51
Reminder of this week's schedule and preview of Weekend Edition.
For this short week we had episodes on Tuesday and Thursday. We'll return to our Monday, Wednesday and Friday schedule starting next Monday. But we have an interview this weekend with the researchers who have issued a proof of concept showing that you can go from CVE to working exploit in 15 minutes and at the cost of less than a dollar using AI.
Portugal