CyberWire Daily

Ben Folland, a Security Operations Analyst at Huntress with expertise in malware campaigns, delves into the ClickFix campaign that cleverly uses steganography to bury malicious payloads in PNG images. He explains how fake human verification checks and a convincing Windows Update screen lure users into executing harmful commands. The discussion highlights the technical intricacies of multi-stage attacks and the functions of infostealers like LummaC2 and Rhadamanthys, while emphasizing the critical need for user awareness and defensive practices.

Maria Varmasis, a producer and host associated with T-Minus Space Daily, chats with Zak Kassas from Ohio State University about innovative navigation using low Earth orbit satellites like Starlink. They explore how these satellites can provide GPS alternatives, with surprising accuracy for vehicles, balloons, and UAVs. Kassas discusses the unique challenges of satellite positioning and ethical considerations in passive signal reception. This enlightening conversation sheds light on the future of navigation technology and its implications.

In this engaging discussion, John Serafini, Founder and CEO of Hawkeye 360, dives into the fascinating world of commercial signals intelligence. He shares insights on the company’s innovative satellite technology and its recent acquisition of Innovative Signal Analysis. John emphasizes the importance of advanced RF processing for extracting valuable intelligence and contrasts Hawkeye’s approach with traditional government methods. He also highlights the critical role of AI in enhancing data analysis and the impact of supply-chain vulnerabilities in today's tech landscape.

Ian Swanson, AI security leader at Palo Alto Networks and former CEO of Protect AI, discusses the critical need for AI supply chain security. He emphasizes that organizations must manage dependencies and blind spots in AI systems aggressively. Swanson also highlights the risks of many operational models that can be exploited and the importance of vigilant monitoring. He shares insights on vulnerabilities in machine learning, like malicious models and credential theft, underscoring why securing AI is now an urgent priority.

Christine Blake, a communications professional and co-host of Inside the Media Minds, joins the discussion alongside Madison Farabaugh. They delve into the intricacies of media relations within the tech and cybersecurity landscape. Christine shares insights on the podcast's evolution as it joins the N2K CyberWire network while emphasizing the importance of communication for cybersecurity experts. They also explore governance challenges in AI and the critical need for tech talent, sparking a lively conversation about the future of media and technology.

Ed Adams, Head of Cybersecurity for North America at Bureau Veritas Group and author of 'See Yourself in Cyber', explores the severe disconnect in the cyber talent ecosystem. He discusses the urgency of addressing outdated job qualifications and the need for practical skill development to meet evolving industry demands. Adams also shares insights on fostering diversity in cybersecurity, advocating for inclusive hiring practices. His unique perspective emphasizes the importance of soft skills and collaboration across teams to reshape the industry's future.

Sasha Ingber, a journalist and host of the International Spy Museum's SpyCast podcast, dives into the fascinating world of espionage and intelligence. She shares the origins of SpyCast, highlighting memorable interviews with spies and intelligence experts. Sasha discusses the evolution of the show, with a focus on upcoming episodes covering vital themes in global espionage. Moreover, she emphasizes the significance of storytelling in understanding intelligence narratives. Listeners will be intrigued by her insights and previews of thrilling future content.

Laura Hoffner, Executive Vice President at Concentric and former U.S. Naval Intelligence Officer, shares her inspiring journey from setting her sights on working with SEALs in seventh grade to making a significant impact in intelligence. She discusses the value of mentorship and the unique culture of SEAL teams, emphasizing the lessons learned about ego and risk. Reflecting on her deployments and the pride in her service, Laura encourages listeners to pursue their goals relentlessly, showcasing how determination can lead to remarkable achievements.

Martin Zugec, Technical Solutions Director at Bitdefender, dives into the intricate world of the EggStreme APT framework targeting a Philippine military company. He unveils the multi-stage, fileless techniques used for stealth and persistence, such as DLL sideloading and in-memory execution. The discussion highlights the sophisticated capabilities of this malware, including keylogging and data theft. Additionally, Martin shares crucial defensive recommendations, emphasizing a layered security approach to combat evolving cyber threats.

Sonali Shah, CEO of Cobalt and a leader in offensive security, discusses the future of AI in cybersecurity. She predicts that by 2026, AI will transition from a mere concept to a fundamental battleground. Shah highlights the importance of focusing on malicious intent rather than just data theft, warns about the risks of deepfakes in social engineering, and emphasizes the need for a mix of traditional and novel authentication methods. She also addresses AI's impact on talent pipelines and the necessity of retaining human oversight in complex security scenarios.