Video Episode: https://youtu.be/EO95sU1Ux28 In today’s episode, we discuss the recent cyber exploits by the Russian RomCom hackers, who utilized two zero-day vulnerabilities in Firefox and Windows, impacting users across North America and Europe. We also cover New York’s $11.3 million fines against Geico and Travelers for data breaches affecting 120,000 individuals, highlighting the importance of robust cybersecurity practices. Finally, we explore the Earth Estries group’s use of the...

Video Episode: https://youtu.be/sBkirh8aLIs In today’s episode, we explore recent cyber threats, including the innovative attack methods used by the Russian hacker group Forest Blizzard to breach US organizations by exploiting less secure Wi-Fi networks. We also discuss Meta’s removal of over 2 million accounts linked to pig butchering scams and Microsoft’s controversial Recall feature for Windows Insiders amidst ongoing service outages affecting Microsoft 365. Stay informed about the latest...

Video Episode: https://youtu.be/2Axl9hycFN4 In today’s episode, we explore the ongoing attack campaign that has compromised over 2,000 Palo Alto Networks devices due to new security vulnerabilities (CVE-2024-0012 and CVE-2024-9474) and implications for enterprises. We also discuss a critical design flaw in Fortinet’s VPN that allows successful brute-force attacks to go undetected and the emergence of crypto scams on the rapidly growing BlueSky platform. Finally, ESET researchers reveal two...

Video Episode: https://youtu.be/bcD3H13J3-I In today’s episode, we discuss the emerging threat of Cross-IdP impersonation, a method enabling attackers to hijack single sign-on (SSO) processes without compromising primary identity providers. We also cover the recent disruption of the Ngioweb botnet, a major player in supplying residential proxies, and the alarming findings from a federal probe into vulnerabilities in U.S. water systems. Finally, we look at Microsoft’s new recovery tool that...

Video Episode: https://youtu.be/VVdEzbN-v4c In today’s episode, we discuss alarming cyber threats including fake Bitwarden ads on Facebook that lead users to a malicious Chrome extension designed to steal sensitive data. We also cover a phishing campaign exploiting Black Friday, with threat actors using fraudulent e-commerce sites to harvest customer information, and the growing use of SVG attachments in phishing emails to evade detection. Additionally, we highlight a critical vulnerability...

Video Episode: https://youtu.be/zgabkAvM5QI In today’s episode, we explore the alarming rise of cybercriminal techniques, including the widespread Hijacked Domains attacks termed ‘Sitting Ducks,’ affecting reputable brands and organizations. We also discuss OpenAI’s ChatGPT sandbox vulnerabilities, which allow excessive access to its internal systems, and examine the RustyAttr trojan’s use of macOS extended file attributes to hide malicious code. Additionally, we cover the sentencing of...

Video Episode: https://youtu.be/iMuZnfLK6Yk In today's episode, we discuss a significant data breach involving Alltech Consulting Services, where 2 million records containing sensitive personal information of job seekers were exposed online, raising concerns about cybersecurity risks. We also cover Bitdefender's release of a free decryptor for victims of the ShrinkLocker ransomware, alongside Microsoft's recent Patch Tuesday addressing 90 vulnerabilities, specifically highlighting actively...

Video Episode: https://www.youtube.com/watch?v=BFFQvTA12sk In today’s episode, we discuss Apple’s new “inactivity reboot” feature in iOS 18.1 that enhances security by automatically restarting iPhones after periods of idleness, making it more difficult for law enforcement and cybercriminals to access encrypted data. We also cover the emergence of GoIssue, a sophisticated phishing tool targeting GitHub developers, and North Korean hackers using trojanized Flutter apps to bypass macOS security...

Video Episode: https://youtu.be/O_xw1Nkau8c In today’s episode, we discuss critical vulnerabilities affecting Mazda Connect infotainment systems that could allow hackers to install persistent malware and gain unauthorized control over vehicle networks. We also explore Anthropic’s controversial partnership with Palantir to process secret government data with its AI model, Claude, raising concerns about ethical implications and safety. Additionally, we cover Google’s AI-enhanced security...

Video Episode: https://youtu.be/kobyMdrVQeg In today's episode, we discuss Canada's order to dissolve TikTok Technology Canada amid national security concerns regarding ByteDance's operations, highlighting the country's ongoing scrutiny of potential user data collection risks. We also explore the alarming rise of the SteelFox and Rhadamanthys malware campaigns, which exploit copyright scams and vulnerable drivers to compromise victims' data, as well as the dangerous "fabrice" package on PyPI...

Video Episode: https://youtu.be/SryXt8EZLBU In today’s episode, we explore the recent Gootloader campaign targeting Bengal cat enthusiasts in Australia, detailing how SEO poisoning has been utilized to distribute malicious payloads disguised as legitimate content. Additionally, we cover new Australian laws imposing hefty fines on banks and social media companies for failing to protect consumers from scams, alongside Germany’s draft legislation aimed at safeguarding security researchers....

Video Episode: https://youtu.be/yDNIBS8OBoE In today’s episode, we delve into the alarming rise of cybercrime as a 26-year-old Canadian, Alexander Moucka, is arrested for allegedly extorting over 160 companies using the Snowflake cloud data service. We also discuss the emergence of the Android banking malware “ToxicPanda,” designed to bypass security measures for fraudulent transactions, and Google’s urgent patching of two vulnerabilities threatening millions of Android users. Furthermore, we...

Video Episode: https://youtu.be/-fHd8wOJGHg In today’s episode, we discuss the recent surge in cyber threats, starting with the improved LightSpy spyware targeting iPhones, which enables heightened surveillance through 28 new plugins and destructive capabilities like device freezing. We also cover a critical vulnerability (CVE-2024-50550) in the LiteSpeed Cache WordPress plugin, allowing hackers to gain unauthorized admin access to over six million sites. Additionally, we examine the Phish n’...

Video Episode: https://youtu.be/eXP0jiOQjFc In today’s episode, we explore the alarming rise of phishing campaigns exploiting Webflow to harvest sensitive login credentials from crypto wallets like Coinbase and MetaMask, alongside vulnerabilities in SonicWall VPNs linked to ransomware attacks. We also discuss a new technique allowing attackers to bypass Windows’ security features for kernel rootkits and a critical CVE affecting Cisco VPN services that can lead to denial-of-service attacks....

Video Episode: https://youtu.be/FPiwoFbhV7Y In today’s episode, we delve into recent cybersecurity developments recommended by the NSA for iPhone and Android users, emphasizing the significance of weekly device reboots to mitigate malware threats in 2024. We also explore the U.S. Cybersecurity and Infrastructure Security Agency’s new security proposals aimed at protecting sensitive data from hostile entities, along with the potential risks of hardcoded AWS and Azure credentials in popular...

Video Episode: https://youtu.be/2YiTiU75inA In today’s episode, we discuss Microsoft’s innovative approach to fighting phishing attacks using fake Azure tenants as honeypots to gather intelligence on cybercriminals, as highlighted by Ross Bevington at BSides Exeter. We also cover Cisco’s DevHub portal being taken offline following the leak of non-public data by a hacker, while examining recent exploitation of the Roundcube webmail XSS vulnerability for credential theft. Finally, we delve into...

Video Episode: https://youtu.be/jjp4xiYI0Xw In today’s episode, we delve into the escalating cyber tensions between China and the U.S. as China accuses the latter of fabricating the Volt Typhoon threat to divert attention from its own cyber-espionage activities. We also discuss the Internet Archive’s partial recovery from recent DDoS attacks and the critical vulnerability found in the Jetpack plugin affecting over 27 million WordPress sites. Additionally, we cover the ongoing risks posed by...

Video Episode: https://youtu.be/yyl2icu6o3I In today’s episode, we discuss groundbreaking research from Chinese scientists who demonstrated that D-Wave’s quantum computers can break RSA encryption and threaten widely used cryptographic methods, emphasizing the urgency for quantum-safe solutions. We also cover the aftermath of a significant cyberattack on Clorox, which has impacted its sustainability goals, and analyze a report from Checkmarx detailing “command jacking” vulnerabilities in open...

Video Episode: https://youtu.be/BQoTaqXLZlw In today’s episode, we discuss the FBI’s unprecedented creation of a fake cryptocurrency, NexFundAI, aimed at exposing widespread manipulation in the crypto market, leading to multiple arrests in Operation Token Mirrors. We also cover OpenAI’s confirmation that threat actors are leveraging ChatGPT to write malware, significantly enhancing their cyber-attack capabilities. Lastly, we examine the Iranian threat actor OilRig exploiting a Windows kernel...

Video Episode: https://youtu.be/igJqDBKj13o In today’s episode, we discuss a new cybercriminal campaign utilizing Unicode obfuscation to hide the Mongolian Skimmer on e-commerce platforms, aiming to steal sensitive data. OpenAI has reported disrupting over 20 malicious operations leveraging its technology for tasks including malware development and election-related misinformation. Additionally, we cover critical vulnerabilities in Firefox and Fortinet products, emphasizing the need for urgent...

Video Episode: https://youtu.be/O2h2nBA4BQ8 In today’s episode, we discuss significant security vulnerabilities found in Manufacturing Message Specification (MMS) protocol libraries, potentially allowing attackers to execute remote code or crash industrial devices. We also cover the sudden blockade of Discord in Russia and Turkey due to illegal activity, affecting user access, and the release of exploit code for a critical GitLab authentication bypass flaw, CVE-2024-45409, which could allow...

Video Episode: https://youtu.be/lEaBTx6FvCI In today’s episode, we dive into the alarming rise of Linux malware “perfctl,” which has stealthily targeted millions of servers for cryptomining over the past three years. We discuss the critical CVE-2024-29824 vulnerability in Ivanti Endpoint Manager, exploited for unauthorized SQL injection, and the ongoing threats posed by the North Korean APT group Stonefly, known for their intricate cybercrime tactics. Additionally, we explore the disturbing...

Video Episode: https://youtu.be/7et_7YkwAHs In today’s episode, we dive into the alarming rise of malware delivery through fake job applications targeting HR professionals, specifically focusing on the More_eggs backdoor. We also discuss critical gaming performance issues in Windows 11 24H2 and the vulnerabilities in DrayTek routers that expose over 700,000 devices to potential hacking. Lastly, we address the urgent exploitation of a remote code execution flaw in Zimbra email servers,...

Video Episode: https://youtu.be/665pQQC8k-4 In today’s episode, we delve into the shocking case of Adam Iza, a California man allegedly linked to extortion and bribery involving local police officers, and his ties to the notorious hacking group UGNazi. We also discuss developments in cybersecurity, including the SEC’s charges against Robert B. Westbrook for insider trading through computer hacks, the alarming rise of the Sniper Dz phishing-as-a-service platform, the unveiling of...