logo
episode-header-image
Sep 8
12m 7s

Hackers Say Thanks For Lousy Security In...

Jim Love
About this episode

Cybersecurity Today: Ghost Action Campaign, SalesLoft Breach, AI Vulnerabilities, and Restaurant Security Flaws

Host David Shipley discusses the latest in cybersecurity, including the Ghost Action Campaign which compromised over 3000 secrets from GitHub repositories, the SalesLoft breach affecting major cybersecurity and SaaS firms, and new research showing how large language model chatbots like GPT-4 can be manipulated easily. Additionally, ethical hackers uncover significant vulnerabilities in the digital platforms of Restaurant Brands International. The episode emphasizes the importance of securing the software development ecosystem and maintaining robust social engineering defenses.

00:00 Introduction and Headlines
00:32 GitHub Supply Chain Attack: Ghost Action Campaign
02:51 SalesLoft Breach: A Deep Dive
05:01 The Summer of Salesforce Attacks
07:19 Manipulating AI: New Research Insights
09:14 Restaurant Brands International: Security Flaws Exposed
11:21 Conclusion and Sign-Off

Up next
Jun 2024
Cyber Security Today, June 14, 2024 - Employee downloaded file that led to hospital chain's ransomware attack
This episode reports on the latest ransomware news, another North Korean threat actor putting  malicious packages on the NPM registry, vulnerabilities in some open source AI apps, and more 
7m 52s
Jun 2024
Cyber Security Today, June 3, 2024 - Four cloud-related data breaches
This episode reports on confirmation of cyber attacks on Ticketmaster, Santander bank, a Canadian broadcaster, and more 
7m 37s
May 2024
Cyber Security Today, May 27, 2024 - Security controversy over a new Microsoft tool, a new open source threat intelligence service
This episode reports on fake antivirus web sites to stay away from, and more 
6m 14s
Recommended Episodes
Aug 15
Media server mayday.
Plex urges users to immediately update their Media Server due to an undisclosed security flaw. Cisco warns of a critical remote code execution flaw in their Secure Firewall Management Center software.Rockwell Automation discloses multiple critical and high-severity flaws. Hackers ... Show More
29m 33s
Sep 2024
UK’s newest cybersecurity MVPs.
The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from ... Show More
28m 29s
Jan 2025
Hacking the bureau.
The FBI warns agents of hacked call and text logs. The US Treasury sanctions entities tied to North Korea’s fake IT worker operations. Russian hacking group Star Blizzard attempted to infiltrate WhatsApp accounts of nonprofits supporting Ukraine. Yubico discloses a critical vulne ... Show More
34m 16s
Jan 2025
Biden’s final cyber order tackles digital weaknesses.
The Biden administration is finalizing an executive order to bolster U.S. cybersecurity. Ivanti releases emergency updates to address a critical zero-day vulnerability. A critical vulnerability is discovered in Kerio Control firewall software. Palo Alto Networks patches multiple ... Show More
24m 37s
May 2025
BEAR-ly washed and dangerous.
“Laundry Bear” airs dirty cyber linen in the Netherlands. AI coding agents are tricked by malicious prompts in a Github MCP vulnerability.Tenable patches critical flaws in Network Monitor on Windows. MathWorks confirms ransomware behind MATLAB outage. Feds audit NVD over vulnerab ... Show More
29m 43s
Aug 2024
Almost letting hackers rule the web.
A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart car ... Show More
26m 7s
Jul 2023
New phishing campaigns hit Microsoft 365 and Adobe users. Big Head ransomware. Multichain bridge compromised. CISA adds a KEV. Progress patches MOVEit. Telegram's role in Russia's war.
New phishing campaigns afflict users of Microsoft 365 and Adobe. An analysis of Big Head ransomware. Multichain reports a crypto heist with over $100 million stolen. CISA makes an addition to the Known Exploited Vulnerability Catalog. Progress Software issues additional MOVEit pa ... Show More
31m 15s
Feb 2025
Hacked in plain sight.
A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE’s negligent cybersecurity practices. Critical vuln ... Show More
24m 56s
Feb 2025
PAN-ic mode: The race to secure PAN-OS.
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commission ... Show More
29m 23s
Aug 18
Workday’s bad day.
HR software giant Workday discloses a data breach. Researchers uncover a zero-day in Elastic’s EDR software. Ghost-tapping is an emerging fraud technique where cybercriminals use NFC relay attacks to exploit stolen payment card data. Germany may be on a path to ban ad blockers. A ... Show More
26m 56s
Listen to millions of songs and podcasts on Anghami