In this episode of Cybersecurity Today, host Jim Love covers important security updates and warnings including critical flaws in WinRAR, a patch for a high severity zero-day vulnerability in Windows CLFS, and a security vulnerability in WhatsApp's Windows desktop application. He urges users to update their software to protect against exploits. Additionally, Jim discusses Identity Management Day and the concerning findings from an OKTA survey revealing Canadians' growing worries about identity theft. He announces his plan to create a special segment on new identity solutions to address these concerns. The episode also includes a shout-out to the BSides Calgary event for information security professionals.
00:00 Introduction and Event Announcement
00:51 Critical Flaws in Compression Utility
03:33 Microsoft Patches Zero-Day Exploits
05:01 WhatsApp Security Vulnerability
06:46 Identity Management Day Insights
10:13 Conclusion and Contact Information
Episode Transcript
Shopify's.
CEO says, no new hires tillyou prove AI can't do the job.
Affordable laptops are pulledfrom sale due to tariffs.
The Social Security website in theUS crashes and it's linked to Doge
software updates and did Meta fudge itsbenchmark numbers for a new AI version.
Welcome to Hashtag Trending.
(00:22):
I'm your host, Jim Love.
Let's get into it.
Shopify's, CEO Tobi Lutke has issued adirective requiring teams demonstrate
that artificial intelligence can'tperform a task before they are
allowed to seek additional headcount.
In an internal memo titled, AIUsage is now Baseline expectation.
Lutke emphasized that usingAI well is a skill that needs
(00:45):
to be carefully learned by.
Using it a lot and that AIusage is now a fundamental
expectation of everyone at Shopify.
Lutke highlighted the transformativeimpact of AI on workplace
productivity, describing it as themost rapid shift to how work is done
that I've ever seen in my career.
(01:06):
He said that before asking formore headcount and resources,
teams have to demonstrate why theycan't get what they want done.
Using AI to ensure accountability,AI usage will be incorporated
into performance and peer reviews.
Shopify has already reducedits head count significantly.
Total head count felt to 8,100 at theend of December, from 8,300 a year before
(01:28):
according to its latest annual filing.
The Canadian company eliminated14% of its workforce in 2022
and 20% the following year.
The company has also acquired AI focusedstartups such as Vantage Discovery to
enhance its technological capabilities.
They're offering an AI driven set ofproducts and services for their customers.
(01:51):
Shopify introduced this suite ofAI powered tools for its merchants,
including an AI chat bot namedSidekick, and a collection of
automation tools called Shopify Magic.
But they're clearly tryingto take their own medicine.
Now, will this spreadto other tech companies?
Has it already, and if so, will it addto what's already been a large number of
(02:15):
reductions in staff at tech companies?
In 2024 alone, there were about150,000 roles eliminated over 549 tech
companies according to layoffs.fyigiven a potential economic slowdown.
We might even be looking for morecompanies looking to use AI to drive
(02:35):
cost reductions, particularly inthe area of headcount reduction.
I.
Framework.
A San Francisco based laptop manufacturerknown for its customizable and
repairable devices has temporarilyhalted US sales of certain base models
in its laptop 13 series due to newtariffs imposed by the US government.
(02:58):
The affected models include configurationsfeaturing Intel's Ultra Five and AMD's
Ryzen five Processors framework is aninteresting company, not just because
of their commitment to repairable andupgradeable laptops, but they also have
good price points, especially given thefact that these laptops can continually
be updated for longer lifespans
(03:19):
Based on the long-term value and theenvironmentally friendly stance of the
company, it grew by over 30% last year.
But recent tariff increasesmay hinder that growth.
Its lowest priced laptops with the IntelCore Ultra five and the A MD rise in
versions where selling for $999 US and$899 US respectively before the tariffs.
(03:44):
Now with the lowest tariffs, 10% onTaiwanese shipments, these machines
would have to be sold at a loss.
So the company has pulled them for nowwithout these models, the next cheapest
versions of those laptops will start at$1,399 US and $1,499 US respectively.
(04:08):
Framework is certainly not the onlycompany suffering under these tariffs.
The company's commitment to transparencyputs them out ahead of others
who are certainly facing similarchallenges, but who might not yet
have publicly disclosed their actions.
Expect more price adjustmentsand less availability, especially
of affordable lower end models.
(04:31):
And Meta is facing criticism forusing an internal version of its
Maverick AI model in benchmarktests without clearly disclosing it.
The version optimized for chat helpedMaverick score 1,417 on LM Arena,
ranking it above open AI's GPT-4 oh,and just behind Gemini's 2.5 Pro.
(04:55):
I know the names are confusing,but Maverick is actually part
of the LAMA four release.
It is a relatively compact model and usesa mixture of experts and reinforcement
learning to help it excel at complextasks like coding and other things.
However, LM Arena says that in thebenchmarks meta used an experimental
chat version that differs from the publicrelease, which raises concerns about the
(05:18):
fairness and transparency of the results.
The benchmarking site faulted metafor not clearly distinguishing between
the internal and the public models.
I. But some researchers have alsoalleged that meta may have trained
its model on parts of the test data.
Meta's, VP of generativeAI denies those claims.
(05:38):
But the lack of transparency hassparked renewed debate over benchmark
integrity in the AI industry.
LM Marina is an open source platformfor crowdsourced AI benchmarking.
It was developed by researchers atthe UC, Berkeley Sky Lab, and it's
designed to evaluate and rank largelanguage models, LLMs and AI chatbots
(06:01):
based on human preferences throughanonymous randomized comparisons.
Now the anonymous nature of theratings and the fact that they're not
pure numbers, but reflect the actualexperience of users with the software
have made LM Arena a way to cut throughthe dozens of different benchmarks
and give what was hoped to be arealistic view of the user experience.
(06:26):
So while Meta didn't technically breakany LM Arena rules the incident affects
the trust, not of the benchmarks,but of the AI companies themselves.
And the Social Security Administration,the SSA in the US has experienced
multiple website outages in recent weeks,disrupting services for beneficiaries.
(06:49):
These issues have been traced toa recent software update mandated
by the Department of GovernmentEfficiency, or Doge, led by Elon Musk.
The update intended to enhance frauddetection was implemented without adequate
testing for the higher user volumes thatwould result leading to system crashes.
(07:10):
DOGE initiative expanded existingcontracts with credit reporting
agencies to perform earlier and moreextensive identity verifications
during the claims process.
However, the SSA's technology staffdid not conduct sufficient load testing
resulting in connectivity issuesand authentication portal failures.
(07:31):
Now compounding the problem, theSSA site already had issues and Doge
directed budget cuts had led to asignificant staff reduction in the SSA,
particularly within the IT department.
The result has been a perfect storm.
With reductions, forcing moreusers to rely on the malfunctioning
website with fewer employeesavailable for phone support.
(07:54):
And in turn there are far fewer ITresources to help solve system issues
on some of these ancient systems.
, the inevitable result is servicedisruption on what for many is a major
portion of their retirement income.
This also coincides with more peoplehaving to come into Social Security
offices to answer issues from thesenew questions on their claims.
(08:17):
Although there are not enough staffto serve the new demand and scheduling
systems are malfunctioning, but don'tworry, rumors are that Doge is going
to redo the Social security system and.
They say it will only take a matterof months now that they've gotten rid
of a lot of the internal IT talentand that pesky knowledge of the old
(08:38):
system, what could possibly go wrong?
It might just be me, but thereare people who need to be let go.
They're just not thesocial security IT staff.
And that's our show for today.
You can reach out to me ateditorial@technewsday.ca or on LinkedIn
(08:59):
or if you're watching on YouTube, justleave me a comment under the video.
I'm your host, Jim Love.
Have a wonderful Wednesday.
Popular Podcasts
On Purpose with Jay Shetty
I’m Jay Shetty host of On Purpose the worlds #1 Mental Health podcast and I’m so grateful you found us. I started this podcast 5 years ago to invite you into conversations and workshops that are designed to help make you happier, healthier and more healed. I believe that when you (yes you) feel seen, heard and understood you’re able to deal with relationship struggles, work challenges and life’s ups and downs with more ease and grace. I interview experts, celebrities, thought leaders and athletes so that we can grow our mindset, build better habits and uncover a side of them we’ve never seen before. New episodes every Monday and Friday. Your support means the world to me and I don’t take it for granted — click the follow button and leave a review to help us spread the love with On Purpose. I can’t wait for you to listen to your first or 500th episode!
Stuff You Should Know
If you've ever wanted to know about champagne, satanism, the Stonewall Uprising, chaos theory, LSD, El Nino, true crime and Rosa Parks, then look no further. Josh and Chuck have you covered.
Dateline NBC
Current and classic episodes, featuring compelling true-crime mysteries, powerful documentaries and in-depth investigations. Follow now to get the latest episodes of Dateline NBC completely free, or subscribe to Dateline Premium for ad-free listening and exclusive bonus content: DatelinePremium.com