![Encore: Dawn Cappelli: Becoming the cyber fairy godmother. [OT] [Career Notes]](https://is5-ssl.mzstatic.com/image/thumb/Podcasts116/v4/12/16/ca/1216caa3-af21-5352-8400-c6e0e84332b5/mza_6844882071149318753.jpg/250x250bb.jpg)
Episódios
-
International law enforcement put a leash on a LockBit leader. Updates from RSA Conference, including our Man on the Street Rob Boyce, Managing Director at Accenture. TikTok sues the U.S. government. The Commerce Department restricts chip sales to Huawei. A third-party breach exposes payroll records of Britain’s armed forces. BogusBazaar operates over 75,000 fake webshops. Android security updates address 26 vulnerabilities. A Philadelphia real estate investment trust gets hit with ransomware. BetterHelp will pay $7.8 million to settle FTC charges of health data misuse. On the Learning Layer, Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls. AI steals the Met Gala spotlight.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Rob Boyce, Managing Director at Accenture is our Man on the Street today. Rob stops by to share his thoughts on the 2024 RSA Conference.
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls, which includes:
4.1 Assess and implement secure design principles in network architectures
4.2 Secure network components
4.3 Implement secure communication channels according to design
Selected Reading
International law enforcement put a leash on a LockBit leader. Updates from RSA Conference, including our Man on the Street Rob Boyce, Managing Director at Accenture. TikTok sues the U.S. government. The Commerce Department restricts chip sales to Huawei. A third-party breach exposes payroll records of Britain’s armed forces. BogusBazaar operates over 75,000 fake webshops. Android security updates address 26 vulnerabilities. A Philadelphia real estate investment trust gets hit with ransomware. BetterHelp will pay $7.8 million to settle FTC charges of health data misuse. On the Learning Layer, Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls. AI steals the Met Gala spotlight.
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Secretary Blinken and Senator Warner weigh in on cybersecurity at RSA Conference. Ransomware profits are falling. Proton Mail is under scrutiny for information sharing. A senior British lawmaker blames China for a UK cyberattack. Medstar Health notifies patients of a potential data breach. A study finds cybersecurity education programs across the U.S vary wildly. Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference. An Australian pension fund gets lost in the clouds.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guests
Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference.
Selected Reading
Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’ (The Record)
Warner: Lawmakers 'in process' of finding Section 702 fix (The Record)
Ransomware operations are becoming less profitable (Help Net Security)
Proton Mail Discloses User Data Leading to Arrest in Spain (Restore Privacy)
UK says defence ministry targeted in cyberattack (Digital Journal)
Novel attack against virtually all VPN apps neuters their entire purpose (Ars Technica)
MedStar Health data breach affects 183,079 patients (WUSA9)
Researchers say cybersecurity education varies widely in US (Tech Xplore)
System outage affecting UniSuper services (UniSuper)
UniSuper private cloud, secondary systems taken out by "rare" Google Cloud "issues" (iTnews)
Superannuation: What It Is, How It Works, Types of Plans (Investopedia)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Estão a faltar episódios?
-
Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.”
References:
Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads.
Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project.
Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University.
Rick Howard Cybersecurity Canon Concierge
Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you.
RSA Conference Bookstore
JC Vega: May 6, 2024 | 02:00 PM PDT
Rick Howard: May 7, 2024 | 02:00 PM PDT
Helen Patton: May 8, 2024 | 02:00 PM PDT
Rick Howard RSA Birds of a Feather Session:
I'm hosting a small group discussion called “Cyber Fables: Debating the Realities Behind Popular Security Myths.” We will be using Eugene Spafford’s Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion.
If you want to engage in a lively discussion about the infosec profession, this is the event for you.
May. 7, 2024 | 9:40 AM - 10:30 AM PT
Rick Howard RSA Book Signing
I published my book at last year’s RSA Conference. If you’re looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you.
RSA Conference Bookstore
May 8, 2024 | 02:00 PM PDT
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
Rick Howard Cyware Panel:
The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103
May 8, 2024 | 8:30am-11am PST
Simone Petrella and Rick Howard RSA Presentation:
Location: Moscone South Esplanade level
May. 9, 2024 | 9:40 AM - 10:30 AM PT
Simone Petrella, Rick Howard, 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. -
Secretary of State Antony Blinken is set to unveil a new international cybersecurity strategy at the RSA Conference in San Francisco. Paris prepares for Olympic-sized cybersecurity threats. Wichita, Kansas is recovering from a ransomware attack. A massive data breach hits citizens of El Salvador. Researchers steal cookies to bypass authentication. Cuckoo malware targets macOS systems. Iranian threat actors pose as journalists to infiltrate network targets. A former Microsoft insider analyzes the company’s recommitment to cybersecurity. Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2K’s Rick Howard to discuss the benefits of security lakes in a post-AI world. Ukrainian officials introduce an AI generated spokesperson.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2K’s Rick Howard to discuss the benefits of security lakes and other security considerations for a post-AI world. Read Mark's blog on the subject.
Selected Reading
Biden administration rolls out international cybersecurity plan (POLITICO)
Paris 2024 gearing up to face unprecedented cybersecurity threat (Reuters)
Wichita government shuts down systems after ransomware incident (The Record)
El Salvador suffered a massive leak of biometric data (Security Affairs)
Stealing cookies: Researchers describe how to bypass modern authentication (CyberScoop)
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware (Kandji)
Iranian hackers pose as journalists to push backdoor malware (Bleeping Computer)
Breaking down Microsoft’s pivot to placing cybersecurity as a top priority (DoublePulsar)
Ukraine unveils AI-generated foreign ministry spokesperson | Artificial intelligence (AI) (The Guardian)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.”
References:
Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads.
Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube.
Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin.
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
RSA Presentation:
May. 9, 2024 | 9:40 AM - 10:30 AM PT
Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. -
Technology attorney and startup chief of staff Elizabeth Wharton shares her experiences and how she came to work with companies in technology. Elizabeth talks about how she always liked solving problems and Nancy Drew mysteries, but not litigation. These morphed finding into her home in the policy legal world and some time later, technology law. Elizabeth describes how she loves planning and strategy in her work and encourages others to ask questions and absorb all of the information. Our thanks to Elizabeth for sharing her story with us.
-
Adam Marré, CISO at Arctic Wolf, is diving deep into geopolitical tension with China including APT31, iSoon and TikTok with Dave this week. They also discuss some of the history behind China cyber operations.
Adam shares information on how different APT groups are able to create spear phishing campaigns, and provides info on how to combat these groups. -
A Texas operator of rehab facilities faces multiple lawsuits after a ransomware attack. Microsoft warns Android developers to steer clear of the Dirty Stream. The Feds warn of North Korean social engineering. A flaw in the R programming language has been patched. Zloader borrows stealthiness from ZeuS. The GAO highlights gaps in NASA’s cybersecurity measures. Indonesia is a spyware hot-spot. Germany summons a top Russian envoy to address cyber-attacks linked to Russian military intelligence. An Israeli PI is arrested in London following allegations of a cyberespionage campaign. In our Industry Voices segment, Allison Ritter, Senior Product Manager from Cyberbit shares her career journey, off the bench and onto the court. A cybersecurity consultant allegedly attempts to extort a one-point-five million dollar exit package.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Industry Voices segment, Allison Ritter, Senior Product Manager from Cyberbit, shares her cybersecurity journey: “Off the bench and onto the court.”
Selected Reading
Rehab Hospital Chain Hack Affects 101,000; Facing 6 Lawsuits (GovInfo Security)
Microsoft Warns of 'Dirty Stream' Vulnerability in Popular Android Apps (SecurityWeek)
U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers (GB Hackers)
R-bitrary Code Execution: Vulnerability in R's Deserialization (HiddenLayer)
ZLoader Malware adds Zeus's anti-analysis feature (Security Affairs)
GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity (Industrial Cyber)
Indonesia is a Spyware Haven, Amnesty International Finds (InfoSecurity Magazine)
Germany summons Russian envoy over 2023 cyber-attacks (The Guardian)
Israeli private eye arrested in London over alleged hacking for US firm (Reuters)
Cybersecurity consultant arrested after allegedly extorting IT firm (Bleeping Computer)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
Dropbox’s secure signature service suffers a breach. CISA is set to announce a voluntary pledge toward enhanced security. Five Eyes partners issue security recommendations for critical infrastructure. Microsoft acknowledges VPN issues after recent security updates. LockBit releases data from a hospital in France. One of REvil’s leaders gets 14 years in prison. An Phishing-as-a-Service provider gets taken down by international law enforcement. China limits Teslas over security concerns. In our Threat Vector segment, David Moulton from Unit 42 explores Adversarial AI and Deepfakes with two expert guests, Billy Hewlett, and Tony Huynh. NightDragon founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC. And celebrating the 60th anniversary of the BASIC programming language.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
In our Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, explores Adversarial AI and Deepfakes as part of the ongoing series “AI’s Impact in Cybersecurity'' with two expert guests, Billy Hewlett, Senior Director of AI Research at Palo Alto Networks, and Tony Huynh, a Security Engineer specializing in AI and deepfakes. They unpack the escalating risks posed by adversarial AI in cybersecurity. You can catch Threat Vector every other Thursday on the N2K CyberWire network and where you get all of your favorite podcasts. Listen to David’s full discussion with Billy and Tony here.
Plus, NightDragon Founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC including a look into his “State of the Cyber Union” keynote.
Selected Reading
Security Breach Exposes Dropbox Sign Users (Infosecurity Magazine)
The US Government Is Asking Big Tech to Promise Better Cybersecurity (WIRED)
CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog (Security Affairs)
Russian Hackers Target Industrial Systems in North America, Europe (SecurityWeek)
Microsoft says April Windows updates break VPN connections (Bleeping Computer)
LockBit publishes confidential data stolen from Cannes hospital in France (The Record)
Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware (The Record)
LabHost Crackdown: 37 Arrested In Global Cybercrime Bust (Security Boulevard)
Tesla cars to be banned from Chinese government buildings amid security fears — report (Drive)
The BASIC programming language turns 60 (Ars Technica)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
A breach at J.P. Morgan Chase exposes data of over 451,000 individuals. President Biden Signs a National Security Memorandum to Strengthen and Secure U.S. Critical Infrastructure. Verizon’s DBIR is out. Cornell researchers unveil a worm called Morris II. A prominent newspaper group sues OpenAI. Marriott admits to using inadequate encryption. A Finnish man gets six years in prison for hacking a psychotherapy center. Qantas customers had unauthorized access to strangers’ travel data. The Feds look to shift hiring requirements toward skills. In our Industry Voices segment, Steve Riley, Vice President and Field CTO at Netskope, discusses generative AI and governance. Major automakers take a wrong turn on privacy.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today on Industry Voices, Steve Riley, Vice President and Field CTO at Netskope, discusses generative AI and governance. For more of Steve’s insights into gen AI, check out his article in Forbes.
Selected Reading
Breach at J.P. Morgan Exposes Data of 451,000 Plan Participants (PLANADVISER)
White House releases National Security Memorandum on critical infrastructure security and resilience (Industrial Cyber)
DBIR Report 2024 - Summary of Findings (Verizon)
Experimental Morris II worm can exploit popular AI services to steal data and spread malware (Computing)
Major U.S. newspapers sue OpenAI, Microsoft for copyright infringement (Axios)
Marriott admits it falsely claimed for five years it was using encryption during 2018 breach (CSO Online)
Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms (AP News)
Qantas Airways Says App Showed Customers Each Other's Data (GovInfo Security)
Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says (CyberScoop)
Carmakers lying about requiring warrants before sharing location data, Senate probe finds (The Record)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. -
UnitedHealth’s CEO testimony before congress reveals details of the massive data breach. Major US mobile carriers are hit with hefty fines for sharing customer data. Muddling Meerkat manipulates DNS. A report from Sophos says ransomware payments skyrocketed this past year. The DOE addresses risks and benefits of AI. LightSpy malware targets macOS. A crucial Kansas City weather and traffic system is disabled by a cyberattack. A Canadian pharmacy chain shuts down temporarily following a cyberattack. Guest Kayla Williams, CISO from Devo, joins us to share CISO insights into the pressure of their roles they feel mounting on them and gives us a look into their plans for RSAC 2024. Pay attention - that AWS meter may be running.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Guest Kayla Williams, CISO from Devo, joins us to share CISO insights into the pressure of their roles they feel mounting on them and gives us a look into their plans for RSAC 2024.
Selected Reading
Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO (TechCrunch)
FCC Fines Carriers $200m For Selling User Location Data (Infosecurity Magazine)
Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (Bleeping Computer)
Ransom Payments Surge by 500% to an Average of $2m (Infosecurity Magazine)
US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure (Industrial Cyber)
LightSpy malware has made a comeback, and this time it's coming after your macOS devices (ITPro)
Kansas City system providing roadside weather, traffic info taken down by cyberattack (The Record)
London Drugs pharmacy chain closes stores after cyberattack (Bleeping Computer)
An Empty S3 Bucket Can Make Your AWS Bills Explode (GB Hackers) - kicker
How an empty S3 bucket can make your AWS bill explode (Medium)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. -
Okta warns of a credential stuffing spike. A congressman looks to the EPA to protect water systems from cyber threats. CISA unveils security guidelines for critical infrastructure. Researchers discover a stealthy botnet-as-a-service coming from China. The UK prohibits easy IoT passwords. New vulnerabilities are found in Intel processors. A global bank CEO shares insights on cybersecurity. Users report mandatory Apple ID resets. A preview of N2K CyberWire activity at RSA Conference. Police in Japan find a clever way to combat gift card fraud.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
It’s the week before the 2024 RSA Conference. Today, we have N2K’s own Rick Howard, Brandon Karpf, and Dave Bittner previewing N2K’s upcoming activities and where you can find our team at RSAC 2024.
Special Edition: Threat Vector
Understanding the Midnight Eclipse Activity and CVE 2024-3400: Host David Moulton and Andy Piazza, Sr. Director of Threat Intelligence at Unit 42, dive into the critical vulnerability CVE-2024-3400 found in PAN-OS software of Palo Alto Networks, emphasizing the importance of immediate patching and mitigation strategies for such vulnerabilities, especially when they affect edge devices like firewalls or VPNs.
Selected Reading
Okta warns customers about credential stuffing onslaught (Help Net Security)
Crawford puts forward bill on cybersecurity risks to water systems (The Arkansas Democrat-Gazette)
CISA unveils guidelines for AI and critical infrastructure (FedScoop)
Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services (GB Hackers)
UK becomes first country to ban default bad passwords on IoT devices (The Record)
Researchers unveil novel attack methods targeting Intel's conditional branch predictor (Help Net Security)
Standard Chartered CEO on why cybersecurity has become a 'disproportionately huge topic' at board meetings (The Record)
Security Bite: Did Apple just declare war on Adload malware? (9to5Mac)
Apple users are being locked out of their Apple IDs with no explanation (9to5Mac)
Japanese police create fake support scam payment cards to warn victims (Bleeping Computer)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. -
Host of Darknet Diaries podcast Jack Rhysider shares his experiences from studying computer engineering at university to his strategy of using gamification on his career that led to him landing in the security space. Jack talks about how his wide experiences came together in security and what prompted him to learn podcasting. Jack endeavors to share the whole story through his podcasts while making them entertaining, enlightening and inspirational. Our thanks to Jack for sharing his story with us.
-
Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit.
The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability."
The research can be found here:
Cerber Ransomware: Dissecting the three heads -
Healthcare providers report breaches affecting millions. PlugX malware is found in over 170 countries. Hackers exploit an old vulnerability to launch Cobalt Strike. A popular Wordpress plugin is under active exploitation. Developing nations may serve as a test bed for malware developers. German authorities question Microsoft over Russian hacks. CISA celebrates the success of their ransomware warning program. Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Password trends are a mixed bag.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software.
Selected Reading
Kaiser Permanente data breach may have impacted 13.4 million patients (Security Affairs)
LA County Health Services: Patients' data exposed in phishing attack (Bleeping Computer)
China-linked PlugX malware infections found in more than 170 countries (The Record)
Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike (GB Hackers)
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors (SecurityWeek)
Cybercriminals are using developing nations as test beds for ransomware attacks (TechSpot)
Microsoft Questioned by German Lawmakers About Russian Hack (GovInfo Security)
More than 800 vulnerabilities resolved through CISA ransomware notification pilot (The Record)
Most people still rely on memory or pen and paper for password management (Help Net Security)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. -
Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape.
In this episode, we center our conversation around the Cyber Workforce Pipeline. We discuss where the next great wave of talent is going to come.
We talk more about these sources of new talent, such as K-12 programs, higher education, and trade school programs, transitioning military, and other initiatives and programs focused on cultivating the next generation of cyber professionals.
Explore Cyber Talent Insights
N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights.
Connect with the N2K Cyber Workforce team on Linkedin:
Dr. Sasha Vanterpool, Cyber Workforce Consultant
Dr. Heather Monthie, Cybersecurity Workforce Consultant
Jeff Welgan, Chief Learning Officer
Resources for developing your cybersecurity teams:
N2K Cyber Workforce Strategy Guide
Workforce Media Resources
Strategic Cyber Workforce Intelligence resources for your organization
Cyber Talent Acquisition Woes for Enterprises
Workforce Intelligence: What it is and why you need it for cyber teams webinar
Setting Better Cyber Job Expectations to Attract & Retain Talent webinar -
Cisco releases urgent patches for their Adaptive Security Appliances. Android powered smart TVs could expose Gmail inboxes. The FTC refunds millions to Amazon Ring customers. The DOJ charges crypto-mixers with money laundering. A critical vulnerability has been disclosed in the Flowmon network monitoring tool. A Swiss blood donation company reopens following a ransomware attack. Multiple vulnerabilities are discovered in the Brocade SANnav storage area network management application. Brokewell is a new Android banking trojan. Meta’s ad business continues to face scrutiny in the EU. Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast speaks with LinkedIn's CISO Geoff Belknap. And an AI Deepfake Sparks a Community Crisis.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
We are joined by Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast talking with Geoff Belknap sharing "Insights from LinkedIn's CISO." You can listen to their full discussion here.
Selected Reading
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks (WIRED)
Cisco Releases Security Updates Addressing ArcaneDoor Campaign, Exploited Vulnerabilities in ASA and FTD (NHS England Digital)
Android TVs Can Expose User Email Inboxes (404 Media)
FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures (SecurityWeek)
Southern District of New York | Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses (United States Department of Justice)
Maximum severity Flowmon bug has a public exploit, patch now (Bleeping Computer)
Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack (The Record)
New Brokewell malware takes over Android devices, steals data (Bleeping Computer)
Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking (SecurityWeek)
Meta could face further squeeze on surveillance ads model in EU (TechCrunch)
Baltimore County educator framed principal with AI-generated voice, police say (Baltimore Banner)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. -
The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President’s desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden’s liquor stores bare.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guests
Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes:
Cryptographic life cycle
Cryptographic method
Public key infrastructure (PKI).
Industry Voices
On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness.
Selected Reading
Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers)
Congress passes bill that could ban TikTok after years of false starts (Washington Post)
Russian hackers claim cyberattack on Indiana water plant (The Record)
Major Data Leaks from Honda Vietnam, US Airports, and Chinese Huawei/iPhone Users (SOCRadar® Cyber Intelligence Inc.)
Global attacker median dwell time continues to fall (Help Net Security)
New Password Cracking Analysis Targets Bcrypt (SecurityWeek)
North Korean Hackers Target Dozens of Defense Companies (Infosecurity Magazine)
Hackers hijack antivirus updates to drop GuptiMiner malware (Bleeping Computer)
Sweden's liquor shelves to run empty this week due to ransomware attack (The Record)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. -
The State Department puts visa restrictions on spyware developers. UnitedHealth says its recent breach could affect tens of millions of Americans. LockBit leaks data allegedly stolen from the DC government. Microsoft says APT28 has hatched a GooseEgg. The White House and HHS update HIPAA rules to protect private medical data. Keyboard apps prove vulnerable. A New Hampshire hospital suffers a data breach. Microsoft’s DRM may be vulnerable to compromise. On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. GoogleTeller just can’t keep quiet.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain.
Selected Reading
U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity (Security Affairs)
UnitedHealth Group Previews Massive Change Healthcare Breach (GovInfo Security)
Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor (SecurityWeek)
Russian APT28 Group in New “GooseEgg” Hacking Campaign (Infosecurity Magazine)
HHS strengthens privacy protections for reproductive health patients and providers (The Record)
The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers (The Citizen Lab)
Records of almost 2,800 CMC patients vulnerable in 'data security incident': hospital | Crime (Union Leader)
Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services (SecurityWeek)
The creepy sound of online trackers (Axbom)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. -
Section 702 gets another two years. MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHub’s comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the President’s Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of RSAC 2024. Targeting kids online puts perpetrators in the malware crosshairs.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
We have two guests today. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists and what to look for on the innovation front at RSAC 2024. For 18 years, cybersecurity's boldest new innovators have competed in the RSAC Innovation Sandbox contest to put the spotlight on their potentially game-changing ideas. This year, 10 finalists will once again have three minutes to make their pitch to a panel of judges. Since the start of the contest, the Top 10 Finalists have collectively seen over 80 acquisitions and $13.5 billion in investments. Innovation Sandbox will take place on Monday, May 6th at 10:50am PT.
Selected Reading
Warrantless spying powers extended to 2026 with Biden’s signature (The Record)
MITRE breached by nation-state threat actor via Ivanti zero-days (Help Net Security)
CrushFTP File Transfer Vulnerability Lets Attackers Download System Files (Infosecurity Magazine)
Researchers Claim that Windows Defender Can Be Bypassed (GB Hackers)
Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (The Record)
GitHub comments abused to push malware via Microsoft repo URLs (Bleeping Computer)
Presumably Chinese industrial spies stole VW data on e-drive technology (Bleeping Computer)
CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading (Industrial Cyber)
Malware dev lures child exploiters into honeytrap to extort them (Bleeping Computer)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. - Mostrar mais
