Episódios
-
Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups’ disinformation campaigns. California’s Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work and the recently-published guide on maintaining security support at all levels of cyber maturity. You can check out their guide “Cyber Fundamentals: Critical baseline security practices for today’s threat landscape” here.
Selected Reading
Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (The New York Times)
Criminal-favored Ghost messaging app busted, owners arrested (Cybernews)
Russians made videos falsely accusing Harris of hit-and-run, Microsoft says (The Washington Post)
California governor signs laws to crack down on election deepfakes created by AI (Associated Press)
Researcher chains multiple old macOS flaws to compromise iCloud with no user interaction (Beyond Machines)
iPhone Users Warned As New Email Password-Stealing Attacks Reported (Forbes)
Deterrence in cyberspace is possible — and ‘urgent’ — amid ‘alarming’ hybrid attacks, State cyber ambassador says (CyberScoop)
New Chatbot ETF Promises to Mimic Warren Buffett, David Tepper (Bloomberg)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Service’s ability to meet the challenges of the upcoming election. Cisco’s second round of layoffs hit hard.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest today is Tim Starks, Senior Reporter from CyberScoop, joining us to discuss his piece on "Election officials say U.S. Postal Service woes place election mail at risk."
Selected Reading
DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military (SecurityWeek)
US Ramps Up Sanctions on Spyware-Maker Intellexa (Infosecurity Magazine)
All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them (Security Boulevard)
Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers (Cyber Security News)
D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (Bleeping Computer)
Breach-Weary Snowflake Moves to MFA, 14-Character Passwords (GovInfo Security)
Owner of only US platinum mine confirms data breach after ransomware claims (The Record)
Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software (Huntress)
Cisco's second layoff of 2024 affects thousands of employees (TechCrunch)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Estão a faltar episódios?
-
The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apple’s Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach. SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up credentials. Brian Krebs reveals the threat of growing online “harm communities.” Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on prompt injection attacks. How theoretical is the Dead Internet Theory?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on their recent work "Agent Hijacking: the true impact of prompt injection attacks."
Selected Reading
FBI tells public to ignore false claims of hacked voter data (Bleeping Computer)
Russia’s RT news agency has ‘cyber operational capabilities,’ assists in military procurement, State Dept says (The Record)
The Dark Nexus Between Harm Groups and ‘The Com’ (Krebs on Security)
China suspected of hacking diplomatic body for Pacific islands region (The Record)
Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works (WIRED)
Apple seeks to drop its lawsuit against Israeli spyware pioneer NSO (Washington Post)
23andMe settles data breach lawsuit for $30 million (Reuters)
SolarWinds Patches Critical Vulnerability in Access Rights Manager (SecurityWeek)
Malware locks browser in kiosk mode to steal Google credentials (Bleeping Computer)
Is anyone out there? (Prospect Magazine)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing.
References:
White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC.
Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes [Law]. Library of Congress.
Staff, n.d. National Council of ISACs [Website]. NCI.
Staff, 2020. Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 [Guidance]. CISA.
Staff, 2023. Information Sharing Best Practices [White paper]. Health-ISAC.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Enjoy this encore of Carerr Notes, where the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An opportunity to be a teaching assistant turned out to be one of those sliding door scenarios that led Ben to where he is now, a lawyer in the academic and consulting worlds specializing in cybersecurity and digital privacy issues. Through his work, Ben hopes to elevate the course of the debate on these very important issues. And, we thank Ben for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Alex Delamotte, Threat Researcher from SentinelOne Labs, joins to share their work on "Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials." SentinelOne’s Labs team has uncovered new research on Xeon Sender, a cloud hacktool used to launch SMS spam attacks via legitimate APIs like Amazon SNS.
First seen in 2022, this tool has been repurposed by multiple threat actors and distributed on underground forums, highlighting the ongoing trend of SMS spam through cloud services and SaaS.
The research can be found here:
Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Fortinet reveals a data breach. The feds sanction a Cambodian senator for forced labor scams. UK police arrest a teen linked to the Transport for London cyberattack. New Linux malware targets Oracle WebLogic. Citrix patches critical Workspace app flaws. Microsoft unveils updates to prevent outages like the CrowdStrike incident. U.S. Space Systems invests in secure communications. Illegal gun-conversion sites get taken down. Tim Starks of CyberScoop tracks Russian hackers mimicking spyware vendors. Cybersecurity hiring gaps persist. Hackers use eye-tracking to steal passwords.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we welcome back Tim Starks, senior reporter from CyberScoop, to discuss “Google: apparent Russian hackers play copycat to commercial spyware vendors.” You can read the article Tim refers to here.
Selected Reading
Fortinet Data Breach: What We Know So Far (SOCRadar)
Cambodian senator sanctioned by US over cyber-scams (The Register)
UK NCA arrested a teenager linked to the attack on Transport for London (Security Affairs)
New 'Hadooken' Linux Malware Targets WebLogic Servers (SecurityWeek)
Citrix Workspace App Vulnerabilities Allow Privilege Escalation Attacks (Cyber Security News)
Microsoft Vows to Prevent Future CrowdStrike-Like Outages (Infosecurity Magazine)
Space Systems Command Awards $188M Contract for meshONE-T Follow-on (Space Systems Command)
Domains seized for allegedly importing Chinese gun switches (The Register)
Why Breaking into Cybersecurity Isn’t as Easy as You Think (Security Boulevard)
Apple Vision Pro’s Eye Tracking Exposed What People Type (WIRED)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over WHOIS trust and security. Our guest is Jon France, CISO at ISC2, with insights on Communicating Cyber Risk of New Technology to the Board. And, could Pikachu be a double-agent for Western intelligence agencies?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Jon France, CISO at ISC2, sharing his take on "All on "Board" for AI – Communicating Cyber Risk of New Technology to the Board." This is a session Jon presented at Black Hat USA 2024. You can check out his session’s abstract. Also, N2K CyberWire is a partner of ISC2’s Security Congress 2024. Learn more about the in-person and virtual event here.
Selected Reading
UK Recognizes Data Centers as Critical National Infrastructure (Infosecurity Magazine)
Cisco Patches High-Severity Vulnerabilities in Network Operating System (SecurityWeek)
BYOD Policies Fueling Security Risks (Security Boulevard)
Healthcare Provider to Pay $65M Settlement Following Ransomware Attack (SecurityWeek)
Google Unveils Air-gapped Backup Vaults to Protect Data from Ransomware Attacks (Cyber Security News)
New Android Banking Malware TrickMo Attacking Users To Steal Login Credentials (Cyber Security News)
GitLab Releases Critical Security Update, Urges Users to Patch Immediately (Cyber Security News)
Rogue WHOIS server gives researcher superpowers no one should ever have (Ars Technica)
Pokémon GO was an intelligence tool, claims Belarus military official (The Register)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential security leaders in the industry. Learn more about our network sponsorship opportunities and build your brand where industry leaders get their daily news.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2K’s Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test. Hard Drive Heaven: How Iconic Music Sessions Are Disappearing.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CertByte Segment
Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K.
In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s Microsoft Azure Fundamentals (AZ-900) Practice Test.
Have a question that you’d like to see covered? Email us at [email protected]. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.
Reference:
What is public cloud? (RedHat)
Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.
Remembering 9/11
In today’s episode, we pause to honor and remember the lives lost on September 11, 2001. We pay tribute to the courageous first responders, the resilient survivors, and the families whose lives were forever altered by that tragic day. Amidst the profound loss, the spirit of unity and compassion shone brightly, reminding us of our shared humanity.
Additionally, you can check out our special segment featuring personal remembrances from N2K CyberWire’s very own Rick Howard, who was in the Pentagon on that fateful day. His reflections provide a heartfelt perspective on the events and are well worth your time. Tune in to hear his poignant insights.
Special Edition Podcast
In today’s special edition of Solution Spotlight, we welcome Mary Haigh, Global CISO of BAE Systems, as she sits down with N2K’s Simone Petrella. Together, they discuss moving beyond the technical aspects of cybersecurity to build and lead a high-performing security team.
Selected Reading
Microsoft Fixes Four Actively Exploited Zero-Days (Infosecurity Magazine)
Adobe releases september 2024 patches for flaws in multiple products, including critical (Beyond Machines)
Chrome 128 Update Resolves High-Severity Vulnerabilities (SecurityWeek)
ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA (SecurityWeek)
Ivanti fixes maximum severity RCE bug in Endpoint Management software (Bleeping Computer)
Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library (SecurityWeek)
Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials (Federal Trade Commission)
Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details (Bitdefender)
Inside Iron Mountain: It’s Time to Talk About Hard Drives (Mixonline)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach top security leaders. Explore our network sponsorship opportunities and build your brand where industry leaders get their daily news.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
For the 20th anniversary of 9/11 in 2021, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center.
Read Rick's related essay and check out his original notes of 9/11/01 written in the weeks following the attacks.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Crimson Palace targets Asian organizations on behalf of the PRC. Europe’s AI Convention has lofty goals and legal loopholes. The NoName ransomware gang may be working as a RansomHub affiliate. Wisconsin Physicians Service Insurance Corporation, SLIM CD, and Acadian Ambulance Service each suffer significant data breaches. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Researchers from Ben-Gurion University in Israel develop new techniques to exfiltrate data from air-gapped computers. In our latest Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Sextortion scammers have gone to the dogs.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Threat Vector Segment
In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Ryan delves into the practical applications of AI in tasks such as OSINT analysis, payload development, and evading endpoint detection systems. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network.
Selected Reading
Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets (Dark Reading)
The AI Convention: Lofty Goals, Legal Loopholes, and National Security Caveats (SecurityWeek)
NoName ransomware gang deploying RansomHub malware in recent attacks (Bleeping Computer)
Wisconsin Insurer Discloses Data Breach Impacting 950,000 Individuals (SecurityWeek)
Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted (HACKREAD)
Acadian Ambulance service is reporting data breach, exposing almost 3 Million people (Beyond Machines)
CISA Warns of Three Vulnerabilities That Are Actively Exploited in the Wild (Cyber Security News)
Researchers Detail Attacks on Air-Gapped Computers to Steal Data (Cyber Security News)
Sextortion scams now use your "cheating" spouse’s name as a lure (Bleeping Computer)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK’s National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and go seek - the emergence of shadow data. A crypto leader resigns after being held at gunpoint.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and go seek, or the emergence of shadow data.
Selected Reading
Progress LoadMaster vulnerable to 10/10 severity RCE flaw (Bleeping Computer)
New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW! (HACKREAD)
Thousands of Avis car rental customers had personal data stolen in cyberattack (TechCrunch)
UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,’ warns report (The Record)
2 Brothers Sentenced to More Than 17 Years in Prison in Sextortion Scheme (The New York Times)
SpyAgent Android malware steals your crypto recovery phrases from images (Bleeping Computer)
Highline schools closing Monday because of cyberattack (Seattle Times)
Crypto Firm CEO Resigns Following Armed Robbery of Company Funds (Blockonomi)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
This week, N2K's very own Brandon Karpf sits down with Kevin Lentz, Team Leader of the Cyber Pacific Project at the Global Disinformation Lab, and they discuss the recent threatcasting report "Cyber Competition in the Indo-Pacific Gray Zone 2035." This report, developed using the Threatcasting Method, examines how the U.S. and Indo-Pacific allies can coordinate their cyber defense efforts in response to future competition with China.
It presents findings, trends, and recommendations based on twenty-five scenarios simulated by a cross-functional group of experts to anticipate and address emerging threats over the next decade.
The research can be found here:
Cyber Competition in the Indo-Pacific Gray Zone 2035
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Cadet Blizzard is part of Russia’s elite GRU Unit. Apache releases a security update for its open-source ERP system. SonicWall has issued an urgent advisory for a critical vulnerability. Researchers uncover a novel technique exploiting Linux’s Pluggable Authentication Modules. Google’s kCTF team has discloses a critical security vulnerability affecting the Linux kernel’s netfilter component. Predator spyware has resurfaced. US health care firm Confidant Health exposes 5.3 terabytes of sensitive health information. Dealing with the National Public Data breach. On our Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, speaks with N2K's Simone Petrella about moving beyond the technical to build an effective cybersecurity team. An AI music streaming scheme strikes a sour note.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Solution Spotlight segment, Mary Haigh, Global CISO of BAE Systems, speaks with N2K President Simone Petrella about moving beyond the technical to build a cybersecurity team.
Selected Reading
Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team (WIRED)
Apache Makes Another Attempt at Patching Exploited RCE in OFBiz (SecurityWeek)
SonicWall Access Control Vulnerability Exploited in the Wild (GB Hackers)
Linux Pluggable Authentication Modules Abused to Create Backdoors (Cyber Security News)
PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access (Cyber Security News)
Predator spyware resurfaces with signs of activity, Recorded Future says (CyberScoop)
Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database (WIRED)
Frustration Trying to Opt-Out After the National Public Data Breach (Security Boulevard)
Musician charged with $10M streaming royalties fraud using AI and bots (Bleeping Computer)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The DOJ disrupts Russia’s Doppelganger. NSA boasts over 1,000 public and private partners. The FBI warns of North Korean operatives launching “complex and elaborate” social engineering attacks. Iran pays the ransom to sure up their banking system. Cisco has disclosed two critical vulnerabilities in its Smart Licensing Utility. A Nigerian man gets five years in prison for Business Email Compromise schemes. Planned Parenthood confirms a cyberattack. Our guests are Sara Siegle and Cam Potts from NSA, Co-Hosts of the new show, No Such Podcast. OnlyFans hackers get more than they bargained for.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guests are Sara Siegle, Chief, Strategic Communications and Cam Potts, Co-Host, from NSA sharing their new podcast, No Such Podcast. The NSA launched the first two episodes of their new weekly podcast today. You can catch their trailer here. Visit their show on Libsyn.
Selected Reading
US Targets Russian Media and Hackers Over Election Meddling (BankInfoSecurity)
NSA Eyes Global Partnerships to Combat Chinese Cyberthreats (BankInfoSecurity)
North Korean scammers prep stealth attacks on crypto outfits (The Register)
Iran pays millions in ransom to end massive cyberattack on banks, officials say (Politico)
DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign (SecurityWeek)
Critical Cisco Smart Licensing Vulnerabilities Let Attackers Take Over System (Cyber Security News)
Nigerian man sentenced to 5 years for role in BEC operation (CyberScoop)
Planned Parenthood confirms cyberattack as RansomHub claims breach (Bleeping Computer)
Fake OnlyFans cybercrime tool infects hackers with malware (Bleeping Computer)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is George Barnes, Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge, discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024.
Selected Reading
YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica)
Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes)
Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek)
D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer)
Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record)
New FTC Data Shows Massive Increase in Losses to Bitcoin ATM Scams (FTC)
Dutch DPA imposes a fine on Clearview because of illegal data collection for facial recognition | Autoriteit Persoonsgegevens (Autoriteit Persoonsgegevens)
Red Teaming Tool Abused for Malware Deployment (Infosecurity Magazine)
CISA moves away from trying to influence content moderation decisions on election disinformation (CyberScoop)
How Navy chiefs conspired to get themselves illegal warship Wi-Fi (Navy Times)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Brazil blocks access to X/Twitter. Transport for London has been hit with a cyberattack. Threat actors have poisoned GlobalProtect VPN software to deliver WikiLoader. “Voldemort” is a significant international cyber-espionage campaign. Researchers uncover an SQL injection flaw with implications for airport security. Three men plead guilty to running an MFA bypass service. The FTC has filed a complaint against security camera firm Verkada. CBIZ Benefits & Insurance Services disclosed a data breach affecting nearly 36,000. The cybersecurity implications of a second Trump term. On our Industry Insights segment, guest Caroline Wong, Chief Strategy Officer at Cobalt, discusses application security and artificial intelligence. A Washington startup claims to revolutionize political lobbying with AI.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
On our Industry Insights segment, guest Caroline Wong, Chief Strategy Officer at Cobalt, discusses application security and artificial intelligence. You can find out more from Cobalt’s The State of Pentesting Report 2024 here.
Selected Reading
Brazil Suspends Access to Elon Musk's X, Including via VPNs (GovInfo Security)
Cyberattack hits agency responsible for London’s transport network (The Record)
Hacking Poisoning GlobalProtect VPN To Deliver WikiLoader Malware On Windows (Cyber Security News)
Scores of Organizations Hit By Novel Voldemort Malware (Infosecurity Magazine)
Researchers find SQL injection to bypass airport TSA security checks (Bleeping Computer)
Three Plead Guilty to Running MFA Bypass Site (Infosecurity Magazine)
Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking (SecurityWeek)
Business services giant CBIZ discloses customer data breach (Bleeping Computer)
Who would be the cyber pros in a second Trump term? (CyberScoop)
Convicted fraudsters launch AI lobbying firm using fake names (Politico)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
You can learn more about AWS in Orbit at space.n2k.com/aws.
Our guests today are Jason Aspiotis, Global Director, In-Space Data & Security at Axiom Space and Jay Naves, Sr. Solutions Architect at AWS Aerospace & Satellite Solutions.
AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram.
Selected Reading
AWS Aerospace and Satellite
Audience Survey
We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
Want to join us for an interview?
Please send your pitch to [email protected] and include your name, affiliation, and topic proposal.
T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices - Mostrar mais
