Identity Theft and Tax Records, Purchasing Fake IDs for Hacker Forums and more: Cyber Security Today for April 16, 2025 - Cybersecurity Today

Summary8 min read

Cybersecurity Today: April 16, 2025 – Detailed Summary

Hosted by Jim Love

1. Award Recognition: Katie Masuris of Lutte Security

00:00 – 02:15

The episode opens with Jim Love celebrating Katie Masuris, the CEO of Lutte Security, who is honored with the podcast’s inaugural Speaking Truth to Power Award. This accolade recognizes her bravery in speaking out against injustices, even when it posed risks to her financial standing and career advancement.

Jim Love [00:30]: "Katie Masuris wins our first Speaking Truth to Power award for having the courage to speak up when others wouldn't."

2. Identity Theft Crisis in Canada's Tax System

02:16 – 12:45

Jim delves into a distressing story uncovered by Radio Canada regarding rampant identity theft within Canada’s tax framework. The case centers on Leslie Warner, a Canadian nurse who was wrongfully apprehended by the RCMP after her identity was stolen, leading to fraudulent tax filings purportedly handled by H&R Block. This incident is not isolated; an anonymous tip suggested that approximately 28,000 individuals had their identities compromised via a provincial health agency, likely the Interior Health Agency.

Key Points:

Leslie Warner’s Ordeal: Warner was fingerprinted and mugshoted due to bogus tax returns, which also falsely included her having children.
H&R Block’s Involvement: Internal memos leaked by CBC’s Fifth Estate hint at a deeper connection between H&R Block and the identity theft incidents, contradicting the company’s public stance of ignorance.
Wider Implications: The breach highlights significant vulnerabilities in the collaboration between the Canada Revenue Agency (CRA) and third-party tax preparers, with tens of thousands affected since 2020.

Jim Love [04:50]: "You may never know who did it or why or what else they're doing with your identity."

The issue remains under RCMP investigation, with Deloitte Canada brought in for external security assessments. Critics argue that the Canadian government’s inadequate privacy legislation has exacerbated this crisis, leaving victims like Warner without satisfactory explanations or recourse.

3. Prodaft’s Innovative Approach to Monitoring Cybercriminals

12:46 – 20:30

Shifting focus to proactive cybersecurity measures, Jim discusses Prodaft, a Swiss cybersecurity firm, which has launched Sell Youl Source, a program aimed at infiltrating hacker forums by purchasing established accounts. This strategy allows Prodaft to monitor and gather intelligence on cybercriminal activities from within these illicit communities.

Key Elements:

Account Acquisition: Prodaft buys verified, aged accounts, especially those with moderator or administrator privileges, to ensure authentic integration.
Target Platforms: Current focus includes forums like XSS Cybercrime and others, with a preference for accounts created before December 2022 that have no history of unethical activities.
Confidentiality and Compliance: While Prodaft collaborates with law enforcement, the purchase details remain confidential to protect their intelligence operations.

Jim Love [15:20]: "By integrating into these forums, Prodaft aims to collect real-time intelligence on cybercriminal operations."

This initiative underscores a trend in cybersecurity towards more aggressive, intelligence-driven approaches to countering cyber threats. However, Jim raises a critical question about the potential willingness of cybercriminals, particularly less experienced ones, to cooperate in exchange for monetary incentives.

4. Google’s Enhanced Android Security Measures

20:31 – 30:10

Jim covers Google’s latest update to Android’s security features, introducing an automatic reboot for devices left locked for three consecutive days. This feature aims to bolster data protection by transitioning devices into a Before First Unlock (BFU) state, which enforces encryption and disables biometric logins until a passcode is re-entered.

Highlights:

Google Play Services Update 25.14: Implements the auto-reboot mechanism to secure unused devices.
Comparable to Apple’s iOS 18.1: Reflects a similar move by Apple, which introduced a reboot after four days of inactivity.
User Impact: Devices restarted after three days require passcode entry, significantly reducing the risk of unauthorized data access if lost or stolen.

Jim Love [24:45]: "The process ensures that the device's data remains secure even if the device is lost or stolen and remains unused."

While this advancement enhances security, it has sparked frustration among law enforcement agencies who previously benefited from the ability to access stored data on dormant devices. The rollout timeline and specific device compatibility remain undisclosed, adding an element of suspense to the feature’s implementation.

5. Hertz’s Supply Chain Hack via Clio Communications

30:11 – 40:50

A major highlight of the episode is the discussion on Hertz’s recent data breach, attributed to a supply chain attack on its vendor, Clio Communications. The Clop Ransomware gang claimed responsibility, exploiting vulnerabilities in Clio’s systems to access and leak sensitive customer data from over 60 companies.

Key Details:

Data Compromised: Includes driver’s licenses, credit card information, rental details, and in some cases, Social Security numbers and passport data.
Hertz’s Response: Initially denied the breach but subsequently confirmed unauthorized data access, affecting customers across multiple regions including the US, Canada, EU, UK, and Australia.
Customer Impact: Approximately 96,000 customers in Texas alone were affected, with Hertz offering two years of free identity monitoring through Crawl as a remedial measure.

Jim Love [34:20]: "Hertz advises customers to monitor their accounts for any unauthorized activity."

Despite the breach, Hertz reported that their internal systems remained unaffected, suggesting the attack was confined to Clio Communications. This incident underscores the critical importance of securing supply chain partners to prevent cascading security failures.

6. Legal Battles and Cyber Espionage: Feldman vs. Vantage Intelligence

40:51 – 52:30

Jim shifts to a troubling legal case involving Daniel Feldman, a New York attorney, who has filed a motion accusing Vantage Intelligence, a London-based firm, of orchestrating a hack against him during a legal dispute from 2016 to 2018. Feldman alleges that Vantage Intelligence employed Israeli investigator Avaram Azari to hire Indian hackers who intercepted confidential communications between Feldman and his legal counsel, thereby influencing the trial's outcome related to the Russian oil company Yukos.

Key Points:

Allegations: Unauthorized access to privileged communications intended to skew legal proceedings.
Legal Ramifications: Feldman seeks to overturn a previous judgment that found him liable for fiduciary breaches, asserting that the cyber espionage tainted the legal process.
Broader Implications: This case is part of a growing trend where individuals use evidence of hacking to challenge legal decisions, highlighting the intersection of cybersecurity and the judicial system.

Jim Love [46:10]: "Warning to law firms big and small, be nice to your CISO and if you don't have one, get one."

The U.S. Department of Justice has verified the breach of Feldman’s emails, although Vantage Intelligence maintains a low profile. The involvement of prominent figures, such as Erik Prince on Vantage’s board of advisors, adds complexity to the case, although Prince is not implicated in Feldman’s claims.

7. Political Turmoil: Trump Revokes Chris Krebs’ Security Clearance

52:31 – 62:15

In a politically charged segment, Jim addresses President Donald Trump’s revocation of former CISA Director Chris Krebs’ security clearance. Krebs, known for publicly debunking Trump’s unfounded 2020 election fraud claims, is now facing a Department of Justice investigation into his tenure, with allegations that his position was weaponized against Trump.

Key Highlights:

Executive Action: On April 9, 2025, Trump signed a memorandum to revoke Krebs’ clearance and suspend those of his associates at Sentinel 1, the cybersecurity firm where Krebs serves as Chief Intelligence and Public Policy Officer.
Implications for Cybersecurity: Jim emphasizes the potential chilling effect on cybersecurity professionals, questioning whether fear of government retribution will stifle honest discourse and effective cybersecurity practices.
Community Reaction: Katie Masuris of Lutte Security voiced concerns about the probe’s impact, warning of reduced transparency and honesty within the cybersecurity community.

Jim Love [56:40]: "If the head of CISA can't speak openly and honestly, we're all in trouble."

Jim reflects on the broader consequences of such actions, stressing the importance of allowing cybersecurity professionals to operate without fear of political retaliation. He cites David Becker’s criticism of the executive order, arguing that it tarnishes Krebs’ reputation and undermines federal cybersecurity efforts.

8. Closing Remarks and Community Engagement

62:16 – End

Jim concludes the episode with a heartfelt commendation for Katie Masuris and Lutte Security, reaffirming his trust in their integrity and commitment to cybersecurity.

Jim Love [60:50]: "To Katie Masouris, CEO of Luta Security, I hope I'm saying it right and a former member of CISA's Cyber Safety Review Board who stated that the probe will have several chilling effects and issued a full LinkedIn post where she criticizes it. Katie, if I ever need services, you are at the top of my list."

He encourages listeners to engage via email or LinkedIn and mentions an upcoming special for the weekend, signaling his dedication to providing timely and relevant cybersecurity insights.

Conclusion

This episode of Cybersecurity Today navigates through a spectrum of critical issues, from personal identity theft crises and innovative cyber monitoring strategies to significant breaches affecting major corporations like Hertz. Additionally, it highlights the intricate interplay between cybersecurity and the legal-political landscape, underscoring the vulnerabilities and challenges faced by professionals in the field. Jim Love’s comprehensive coverage, enriched with notable quotes and detailed analysis, offers valuable insights for both cybersecurity enthusiasts and industry veterans alike.

Notable Quotes:

Jim Love [00:30]: "Katie Masuris wins our first Speaking Truth to Power award for having the courage to speak up when others wouldn't."
Jim Love [04:50]: "You may never know who did it or why or what else they're doing with your identity."
Jim Love [15:20]: "By integrating into these forums, Prodaft aims to collect real-time intelligence on cybercriminal operations."
Jim Love [24:45]: "The process ensures that the device's data remains secure even if the device is lost or stolen and remains unused."
Jim Love [34:20]: "Hertz advises customers to monitor their accounts for any unauthorized activity."
Jim Love [46:10]: "Warning to law firms big and small, be nice to your CISO and if you don't have one, get one."
Jim Love [56:40]: "If the head of CISA can't speak openly and honestly, we're all in trouble."
Jim Love [60:50]: "Katie, if I ever need services, you are at the top of my list."

Stay Connected:

Email: me@EditorialEchnewsDay.ca
LinkedIn: Jim Love on LinkedIn
YouTube: Leave comments under the provided links.

Note: No broadcasts on Good Friday or Easter Monday. A special episode will air over the weekend.

This comprehensive summary encapsulates the multifaceted discussions from the April 16, 2025 episode of Cybersecurity Today, providing an in-depth overview for those who seek to stay informed on the latest in cybersecurity threats, responses, and industry dynamics.

Loading summary

Transcript1 lines

[00:00]
Jim Love
This episode of Cybersecurity Today salutes Katie Masuris, CEO of Lutte Security, who wins our first Speaking Truth to Power award for having the courage to speak up when others wouldn't, even when it wasn't to her financial or career advantage. The nightmare of identity theft explodes in Canada's tax system. Cybersecurity firm Prodapt buys hacker forum accounts to monitor cybercriminal activity. Google Reboot introduces new security features for Android. Hertz was hit by a supply chain hack from the Klopp gag. And a US Attorney alleges that a UK Intelligence firm paid to have them hacked while engaged in a trial. This is Cybersecurity Today. I'm your host Jim Love. Radio Canada, a part of the CBC Canada's national broadcaster, broke a story on Tuesday that started with a chilling tale of how a Canadian nurse named Leslie Warner was taken into federal custody by the rcmp, fingerprinted, a mug shot taken, and all because someone had stolen her identity and filed bogus tax returns with the Canada Revenue Agency cra. The return listed the tax preparation firm H and R Block as her agent. In this phony return, she maintains she never engaged them. And that's the real terror of having your finances and your life hijacked. Your identity can be stolen, your address changed. In this case, the woman suddenly had children on the official tax records. You may never know who did it or why or what else they're doing with your identity. But this story got closer to an answer that affects not just Warner, but apparently 28,000 other people who an anonymous tipster said had their names stolen from a provincial health agency in British Columbia. The article says that the likely agency was the Interior Health Agency. The tipster claims the list was sold on the Dark web for about $1,000 and later circulated on the encrypted Telegram app. But the story gets murkier because of the link to the tax preparer. Reporters found at least six people who had their CRA accounts hacked by imposters using various locations of H and R Block. And while H and R Block claims they knew nothing about the incidents when asked by the CBC's investigative journalism program the Fifth Estate leaked internal memos suggest otherwise. The same program had previously broken a story that revealed that tens of thousands of Canadians have had their CRA accounts hacked since 2020, when scammers took advantage of security gaps between the CRA and the third party tax preparation companies like H and R Block. Despite what's been revealed, there's still a lot of confusion and a lot of unanswered questions. The matter remains an open RCMP investigation and Interior Health. The reported source has engaged external security experts from Deloitte Canada, but nobody's talking. Even the CRA won't provide the answers that Warner wants to know, which is, why didn't anybody tell her? Proponents who have criticized the Canadian government for failing to enact solid privacy legislation. We'll have one more story to tell about the damage this failure has caused. There's a link to the full CBC story in the show. Notes you have to admire the cleverness of turning greed into good Swiss cybersecurity company Prodaft has initiated a program to purchase verified and aged accounts on hacking forums, aiming to infiltrate and monitor cybercriminal activities from within these communities. The initiative, named Sell youl Source, involves acquiring established accounts on cybercrime forums to gain insider access and gather intelligence on illicit operations, and Prodaft has advertised this program directly on the hacking forums, utilizing an older account on the Russian speaking XSS Cybercrime forum to promote the account purchasing scheme. Prodaft evaluates each account individually, with pricing dependent on various factors, and is currently interested in accounts from specific forums. Though this focus may change over time, it's particularly interested in buying accounts from XSS exploit.in ramp 4 you verified and breach forums cybercrime forums and offers to pay extra for accounts with moderator or administrator privileges. However, they will only accept accounts created before December 2022, and the accounts must not have engaged in cybercrime or unethical activities in the past. Also, they will not purchase accounts on the FBI's or other law enforcement's most wanted lists, and while they will communicate with law enforcement, they will keep the purchase details confidential. By integrating into these forums, Prodaft aims to collect real time intelligence on cybercriminal operations, enhancing their ability to detect and respond to emerging threats. This approach reflects a growing trend among cybersecurity firms to adopt proactive measures in monitoring and countering cybercrime. But will cybercriminals, especially amateurs on the fringes, sell out their friends for a buck? My bet is on Prodaft. Google is introducing a new security feature in its latest Android update that will automatically reboot phones and tablets if they remain locked for three consecutive days. This measure aims to enhance data protection by placing the device into before first unlock or BFU state, which encrypts user data and disables biometric logins until a passcode is manually entered. The feature is part of the Google Play Services 25.14 update and is designed to reinforce data security for devices that are left unused for extended periods. It's applicable to Android phones and tablets, but excludes other devices like Android Auto TV and Wear OS. The move mirrors Apple's similar inactivity reboot introduced in iOS 18.1, which activates after four days of inactivity. This feature frustrated many law enforcement agents who had found that after a few days in storage, hacking the iPhone was next to impossible. Google has not yet specified the precise rollout time for the update or which devices will support this auto reboot feature. For users, this means that a device left untouched and locked for three days will automatically restart, requiring the user to enter their passcode to regain access. The process ensures that the device's data remains secure even if the device is lost or stolen and remains unused. And the before first unlock encryption makes it next to impossible to crack the device and find usable data. So if your phone is stolen or someone tries to access it without your consent, it's a lot harder to crack. I remember it being one of the highlighted stories from Don Tapscott, if anybody remembers him. It was one of those stories about the digital revolution. Instead of a ton of paper forms, you could pull your car into a car rental, rent or turn it over in minutes. Why they remembered you well, the problem with that is they remember you because your data is on their systems. A lot of it. Hugely sensitive data. Driver's license, insurance, credit card. Actually, what didn't they know about you and Hertz has disclosed a data breach resulting from a cyber attack on its vendor Clio Communications, which compromised this sensitive customer information, including the driver's license, credit card details and who you rented with. The Clop Ransomware gang has reportedly claimed credit for the attack on its Dark Web leak site, alleging that it stole the data on more than 60 companies by exploiting a bug in their Clio systems. In a later post, Cleo claimed dozens more alleged corporate victims. Hertz initially denied the attack, but later confirmed unauthorized access to customer data, such as names, contact information, dates of birth, driver's license and payment card information. A small subset of customers may even had their Social Security numbers, passport details or workers compensation data exposed. The splitting of hairs comes from the fact that Hertz's internal systems remained unaffected. But the company became aware of the breach from Clio on February 10, 2025, and it just completed its analysis by April 2. The breach affects customers in multiple regions, including the US, Canada, the EU, UK and Australia. In Texas alone, approximately 96,000 customers were impacted. Hertz has notified law enforcement and regulatory bodies and is offering two years of free identity monitoring services through Crawl to affected individuals. The company advises customers to monitor their accounts for any unauthorized activity. Daniel Feldman, a New York attorney, has filed a motion in Manhattan federal court accusing a London based intelligence firm, Vantage Intelligence, of orchestrating a hack for hire operation against him during a legal dispute from 2016 to 2018. Feldman claims that the cyber espionage compromised privileged communications, unfairly influencing the outcome of a case involving entities linked to the defunct Russian oil company Yukos. Feldman alleges that Vantage Intelligence paid Israeli private Investigator Avaram Azari 357,000 British pounds to hire Indian hackers who intercepted his emails with legal counsel. These communications were reportedly accessed during the litigation over allegations of self dealing related to Yukos affiliated companies. In 2019, Feldman was found liable for breaching fiduciary duties, resulting in a nominal $5 fine and a one year suspension of his law license. He now seeks to overturn this judgment, asserting that the hacking tainted the legal process. The U.S. justice Department has confirmed that Feldman's emails were breached and from what we can see, Vantage Intelligence is keeping a low profile, but it's an influential firm. Erik Prince, founder of private military company Blackwater and reportedly an ally of President Donald Trump, joined Vantage's board of advisors last year. Just to be clear, however, he's not implicated in Feldman's allegations. Feldman's case is part of a broader pattern where litigants have used evidence of hacking to challenge legal decisions. For instance, aviation executive firehead Azima successfully overturned a UK judgment after proving that his opponents had hacked his emails. So warning to law firms big and small, be nice to your CISO and if you don't have one, get one. There are good fractional CISOs out there, even for small companies. Now for those who prefer the non editorial version of the podcasts, consider this to be my sign off for the day. I'm Jim Love. Thanks for listening. I'd originally rejected the story I'm going to cover next because we will speak truth to power, any power. But I don't want this podcast to become political. But sometimes being silent is cowardice, not editorial discretion. President Donald Trump has revoked the security clearance of Chris Krebs, the ex director of the cybersecurity and infrastructure security agency cisa, and he ordered a Department of justice investigation into Krebs tenure. Krebs, who publicly refuted Trump's unfounded claims of election fraud in 2020, now faces accusations of weaponizing his position charges critics argue are politically motivated and threaten the integrity of federal cybersecurity efforts. On April 9, 2025, Trump signed a presidential memorandum directing federal agencies to revoke any active security clearances held by Krebs and to initiate a review of his activities during his time at cisa. The order also suspends clearances for individuals associated with Krebs, including employees at Sentinel 1, the cybersecurity firm where he currently serves as chief intelligence and public policy officer. There are two issues here. First, if any cybersecurity professional can't speak freely and honestly, their company is in trouble. If the head of CISA can't speak openly and honestly, we're all in trouble. And there's already enough about personal liability of cybersecurity professionals, especially CISOs. CISOs may now have to face court trials. But are we really served well when the whole might of government might come down on someone because they spoke what they thought was the truth about something the government did? And not only that person is affected in this case, everyone who works with him also has their livelihood affected. We have a large US audience, and I respect your right to support any political candidate. But if I'm traveling into the US For a cybersecurity event now, will I be on a list for speaking out? You may think I flatter myself, and maybe I do. We have a lot of listeners, though. But one reason I felt I had to speak up was that the cybersecurity community, at least the vendor community, has largely remained silent, with only one vendor organization commenting publicly on this matter. I get it. It's tough to tackle issues like this. Yet if we say nothing, doesn't that say something? If your commercial interests take precedence over defending the ability to give an honest opinion, what does that say about us? And maybe I'm being too tough. Companies have a responsibility to their shareholders. People want to keep their jobs. Who am I to judge? But in that case, those who have power always win. The investigation into Krebs could have a chilling effect on professionals, particularly those tasked with safeguarding federal elections or guarding something. Where the government has an action, it will be easier for them to look the other way rather than maybe offend the winner and lose their career. David Becker, executive director of the center for Election Innovation and Research and a former DOJ attorney, criticized the executive order, saying it attempts to tarnish Krebs outstanding reputation and harm his business. Though I suspect both efforts will fail. For me, I sincerely hope he's right. But to Katie Massouris, CEO of LUTA Security, I hope I'm saying it right and a former member of CISA's Cyber Safety Review Board who stated that the probe will have several chilling effects and issued a full LinkedIn post where she criticizes it. Katie, if I ever need services, you are at the top of my list. And if Sentinel 1 stands by Krebs, they're on my list as well. Here's a shout out to a company, Luda securities and Katie Massouris who you know will always do the right thing even if it costs them. That's our show for today. Love to hear what you think. Email me@EditorialEchnewsDay CA or catch me on LinkedIn. A number of you have found me there. Or if you're watching YouTube just put a comment under the links. Reminder, there will be no Good Friday show or even an Easter Monday show. We'll be running a special this weekend. I hope you like it and I'll be back on Wednesday. I'm your host Jim Love. Thanks for listening.

Cybersecurity Today: April 16, 2025 – Detailed Summary

Hosted by Jim Love

1. Award Recognition: Katie Masuris of Lutte Security

00:00 – 02:15

Jim Love [00:30]: "Katie Masuris wins our first Speaking Truth to Power award for having the courage to speak up when others wouldn't."

2. Identity Theft Crisis in Canada's Tax System

02:16 – 12:45

Key Points:

Leslie Warner’s Ordeal: Warner was fingerprinted and mugshoted due to bogus tax returns, which also falsely included her having children.
H&R Block’s Involvement: Internal memos leaked by CBC’s Fifth Estate hint at a deeper connection between H&R Block and the identity theft incidents, contradicting the company’s public stance of ignorance.
Wider Implications: The breach highlights significant vulnerabilities in the collaboration between the Canada Revenue Agency (CRA) and third-party tax preparers, with tens of thousands affected since 2020.

Jim Love [04:50]: "You may never know who did it or why or what else they're doing with your identity."

3. Prodaft’s Innovative Approach to Monitoring Cybercriminals

12:46 – 20:30

Key Elements:

Account Acquisition: Prodaft buys verified, aged accounts, especially those with moderator or administrator privileges, to ensure authentic integration.
Target Platforms: Current focus includes forums like XSS Cybercrime and others, with a preference for accounts created before December 2022 that have no history of unethical activities.
Confidentiality and Compliance: While Prodaft collaborates with law enforcement, the purchase details remain confidential to protect their intelligence operations.

Jim Love [15:20]: "By integrating into these forums, Prodaft aims to collect real-time intelligence on cybercriminal operations."

4. Google’s Enhanced Android Security Measures

20:31 – 30:10

Highlights:

Google Play Services Update 25.14: Implements the auto-reboot mechanism to secure unused devices.
Comparable to Apple’s iOS 18.1: Reflects a similar move by Apple, which introduced a reboot after four days of inactivity.
User Impact: Devices restarted after three days require passcode entry, significantly reducing the risk of unauthorized data access if lost or stolen.

Jim Love [24:45]: "The process ensures that the device's data remains secure even if the device is lost or stolen and remains unused."

5. Hertz’s Supply Chain Hack via Clio Communications

30:11 – 40:50

Key Details:

Data Compromised: Includes driver’s licenses, credit card information, rental details, and in some cases, Social Security numbers and passport data.
Hertz’s Response: Initially denied the breach but subsequently confirmed unauthorized data access, affecting customers across multiple regions including the US, Canada, EU, UK, and Australia.
Customer Impact: Approximately 96,000 customers in Texas alone were affected, with Hertz offering two years of free identity monitoring through Crawl as a remedial measure.

Jim Love [34:20]: "Hertz advises customers to monitor their accounts for any unauthorized activity."

6. Legal Battles and Cyber Espionage: Feldman vs. Vantage Intelligence

40:51 – 52:30

Key Points:

Allegations: Unauthorized access to privileged communications intended to skew legal proceedings.
Legal Ramifications: Feldman seeks to overturn a previous judgment that found him liable for fiduciary breaches, asserting that the cyber espionage tainted the legal process.
Broader Implications: This case is part of a growing trend where individuals use evidence of hacking to challenge legal decisions, highlighting the intersection of cybersecurity and the judicial system.

Jim Love [46:10]: "Warning to law firms big and small, be nice to your CISO and if you don't have one, get one."

7. Political Turmoil: Trump Revokes Chris Krebs’ Security Clearance

52:31 – 62:15

Key Highlights:

Executive Action: On April 9, 2025, Trump signed a memorandum to revoke Krebs’ clearance and suspend those of his associates at Sentinel 1, the cybersecurity firm where Krebs serves as Chief Intelligence and Public Policy Officer.
Implications for Cybersecurity: Jim emphasizes the potential chilling effect on cybersecurity professionals, questioning whether fear of government retribution will stifle honest discourse and effective cybersecurity practices.
Community Reaction: Katie Masuris of Lutte Security voiced concerns about the probe’s impact, warning of reduced transparency and honesty within the cybersecurity community.

Jim Love [56:40]: "If the head of CISA can't speak openly and honestly, we're all in trouble."

8. Closing Remarks and Community Engagement

62:16 – End

Jim concludes the episode with a heartfelt commendation for Katie Masuris and Lutte Security, reaffirming his trust in their integrity and commitment to cybersecurity.

Jim Love [60:50]: "To Katie Masouris, CEO of Luta Security, I hope I'm saying it right and a former member of CISA's Cyber Safety Review Board who stated that the probe will have several chilling effects and issued a full LinkedIn post where she criticizes it. Katie, if I ever need services, you are at the top of my list."

He encourages listeners to engage via email or LinkedIn and mentions an upcoming special for the weekend, signaling his dedication to providing timely and relevant cybersecurity insights.

Conclusion

Notable Quotes:

Jim Love [00:30]: "Katie Masuris wins our first Speaking Truth to Power award for having the courage to speak up when others wouldn't."
Jim Love [04:50]: "You may never know who did it or why or what else they're doing with your identity."
Jim Love [15:20]: "By integrating into these forums, Prodaft aims to collect real-time intelligence on cybercriminal operations."
Jim Love [24:45]: "The process ensures that the device's data remains secure even if the device is lost or stolen and remains unused."
Jim Love [34:20]: "Hertz advises customers to monitor their accounts for any unauthorized activity."
Jim Love [46:10]: "Warning to law firms big and small, be nice to your CISO and if you don't have one, get one."
Jim Love [56:40]: "If the head of CISA can't speak openly and honestly, we're all in trouble."
Jim Love [60:50]: "Katie, if I ever need services, you are at the top of my list."

Stay Connected:

Email: me@EditorialEchnewsDay.ca
LinkedIn: Jim Love on LinkedIn
YouTube: Leave comments under the provided links.

Note: No broadcasts on Good Friday or Easter Monday. A special episode will air over the weekend.