Exposing a Government Data Breach: Whistleblower Tells All - Cybersecurity Today Special Report
In this gripping episode of Cybersecurity Today, host Jim Love interviews Daniel Berulis, a self-described whistleblower who recently made a significant disclosure to the U.S. Congress. Berulis reveals the shocking details of tenant admin abuse within a governmental cloud environment, which allowed unauthorized data copying and wiping of audit trails. They discuss Daniel's background, the alarming red flags he observed, his attempt to escalate the issue internally, and finally, his decision to report it to higher authorities. The conversation dives deep into the complexities and moral dilemmas faced by a whistleblower, offering viewers an insider look at the challenges in maintaining transparency and security in high-stakes IT environments. 00:00 Introduction to Cybersecurity Today 00:39 Meet Daniel Berulis: Whistleblower Extraordinaire 01:05 Understanding Tenant Admin Abuse 02:12 Daniel's Career and Community Involvement 05:28 The Mysterious Meeting and Initial Red Flags 08:48 Uncovering the Data Breach 11:56 Internal Reactions and Escalation 19:08 Reporting the Incident and Facing Consequences 23:45 The Whistleblower's Journey 32:31 Conclusion and Final Thoughts
In this episode of Cybersecurity Today, host Jim Love discusses recent cybersecurity breaches and vulnerabilities. Key topics include a security flaw in the new default setting of Microsoft OneDrive, a ransom incident involving PowerSchool that compromised student data, and the breach of a DOGE staffer's computer by info-stealing malware. The episode emphasizes the importance of proper security oversight, the risks of paying ransoms to cyber criminals, and the critical need for government agencies to reevaluate their cybersecurity protocols. 00:00 Introduction to Cybersecurity Today 00:30 Microsoft OneDrive Security Vulnerability 02:52 PowerSchool Ransomware Attack 07:20 DOGE Staffer Malware Breach 10:50 Conclusion and Final Thoughts
--------
11:50
6 Year Old Sleeper Attack Uncovered, Fake Bank Draft Scam, and Signal Tool Breach
In this episode of Cybersecurity Today, host Jim Love delves into a range of alarming cyber incidents. A six-year sleeper supply chain attack has compromised thousands of e-commerce websites, exploiting vulnerabilities in Magento extensions from vendors Tigren, Meetanshi, and Magesolution. Russian-controlled open-source tool Easy JSON raises scrutiny over potential threats in critical sectors like defense and finance. In Ontario, a sophisticated bank draft scam costs a business $108,000, emphasizing the need for verification processes. Additionally, a messaging tool used by the Trump administration to archive Signal messages has been hacked twice, highlighting serious concerns over the security of high-level US communications. Stay tuned for the latest insights and expert advice on maintaining cybersecurity. 00:00 Sleeper Supply Chain Attack Activates After Six Years 02:19 Russian Controlled Open Source Tool Raises Alarms 04:32 Fake Bank Draft Fools the Bank 05:56 Signal Archiving Tool Breached 08:33 Conclusion and Contact Information
--------
8:56
Signal Version Used In National Security Scandal Has Flaws
Cybersecurity Today: Disney Data Theft, Signal Gate, and Major Apple Vulnerability In this episode of Cybersecurity Today, host David Shipley discusses several key security incidents. Hacker 'Null Bulge,' real name Ryan Kramer, pleads guilty to stealing over 1.1 TB of data from Disney's Slack via malware disguised as an AI image generation tool. Additionally, former National Security Advisor Mike Waltz's use of a compromised Signal app 'TM Signal' is explored, highlighting significant security flaws. The episode also covers critical vulnerabilities in Apple AirPlay-enabled devices that allow malicious code execution via Wi-Fi and reveals that an employee benefits administration provider breach has impacted 4 million Americans, significantly more than originally reported. 00:00 Introduction and Headlines 00:34 Disney's Slack Data Breach 02:00 Security Flaws in TM Signal App 03:18 Apple AirPlay Vulnerabilities 04:54 Massive Data Breach at Vari Source Services 06:59 Conclusion and Contact Information
--------
7:21
Cybersecurity Today: Insights from BSides and RSAC
In this episode of Cybersecurity Today, host Jim Love is joined by roving correspondent David Shipley to discuss his experiences at the BSides and RSAC conferences. They dive into the significant takeaways from BSides, including highlights from notable presentations such as Truffle Hog's AI Apocalypse and Eva Galperin's talk on the 'World's Dumbest Cyber Mercenaries'. They also explore emerging trends in AI, deepfake technology, and the human side of cybersecurity. The discussion shifts to RSAC, examining vendor presence, CrowdStrike's gamified approach to engagement, and the broader implications of cybersecurity costs and industry consolidation. The episode underscores the importance of ongoing education, responsible cybersecurity practices, and the need for clear communication in the industry. 00:00 Introduction and Guest Introduction 01:24 BSides Conference Overview 03:55 Key Highlights from BSides 04:31 AI Apocalypse and Security Concerns 11:21 World's Dumbest Cyber Mercenaries 15:57 Deepfake Technology and Countermeasures 22:45 RSAC Conference Overview 28:48 Experiencing Autonomous Cars in San Francisco 30:00 The Future of High-Tech Mobility Solutions 32:22 AI in Cybersecurity: Implications and Discussions 37:26 The Role of AI in Coding and Its Challenges 40:34 Chris Krebs and the Importance of Speaking Truth to Power 44:36 Human Side of Cybersecurity: Security Champions 46:49 Operation Shamrock: Tackling Pig Butchering Scams 51:47 CrowdStrike and Vendor Strategies at Conferences 53:16 The Cost of Cybersecurity and Industry Consolidation 54:46 Conclusion and Future Interviews
Österreich