CyberWire Daily

Blair Canavan, Director of Alliances for the PKI & PQC portfolio at Thales, dives into the urgency of post-quantum cryptography (PQC). He discusses the shift from apathy to active enterprise interest in PQC readiness. The conversation highlights the challenges of hybrid approaches versus pure PQC deployment, addressing roadblocks like cost and vendor readiness. Blair emphasizes the importance of standards and proactive planning to tackle impending quantum threats, framing quantum and AI as converging risks. A must-listen for anyone in cybersecurity!

Dave Baggett, co-founder and CEO of INKY, discusses the outdated nature of email security, emphasizing its origins dating back to 1971. He highlights how the proliferation of email makes it a prime target for attackers, citing challenges with sender authentication and brand spoofing. Baggett advocates for modern solutions like multi-factor authentication and AI-driven defenses to combat evolving threats. He also explores the potential of generative AI to enhance email security by refining tactics and significantly reducing malicious content.

The DOJ dismantles a scam operation in Myanmar, revealing troubling ties to fraudulent investment apps. A Mixpanel breach impacts OpenAI, raising data security concerns. Phishing schemes targeting executives are on the rise, employing clever tactics for credential theft. India's airports face GPS jamming issues, while Kaiser Permanente settles a lawsuit over data tracking. An international effort is underway to establish guidelines for commercial spyware, highlighting evolving security challenges in the digital age.

In this engaging conversation, Kam Chumley-Soltani, the Director of OT Solutions Engineering at Armis, shares invaluable insights into operational technology and critical infrastructure security. He delves into the importance of visibility in cyber defense and how unseen devices can become attack pivot points. Kam also highlights the role of AI in accelerating adversarial tactics and stresses the need for collaboration between IT and OT teams. Tune in to discover effective strategies for mitigating invisible threats in our increasingly connected world.

Joining the discussion is Stav Setti, Principal Researcher at Palo Alto Networks, who investigates cloud-based cyber threats. He dives into the Jingle Thief campaign, revealing how a Moroccan group exploited Microsoft 365 for gift card fraud. Stav highlights their patient, malware-free tactics and the importance of monitoring for security breaches, beyond just relying on MFA. Additionally, he explores the growing concerns around cybersecurity regulations and the implications of recent breaches across different countries.

In a riveting discussion, Eric Nagel, a former CISO with a diverse background in electrical engineering and patent law, delves into the complexities of responsible AI. He contrasts traditional machine learning with the unpredictable nature of generative AI, emphasizing the need for new safeguards like AI firewalls. Eric shares practical strategies for smaller organizations to manage AI risks and the importance of developer accountability in deploying AI tools. He also explores the evolving regulatory landscape and the need for robust governance in AI initiatives.

European authorities make headlines by shutting down an illegal cryptomixer, seizing a treasure trove of data tied to criminal activities. A shocking conviction occurs in Australia as a man receives a seven-year sentence for running fraudulent airport Wi-Fi networks. Major breaches are reported, including one affecting over 33 million customers in South Korea. The conversation shifts to cybersecurity innovations, with insights from Microsoft on redefining global defense strategies and addressing the evolving cyber threat landscape. Plus, holiday scammers target Cyber Monday shoppers!

Danielle Jablanski, an operational technology cybersecurity strategist at Nozomi Networks, shares her unique journey from law and human rights to cybersecurity. She emphasizes the importance of creating a 'target map' for one's career, allowing for detours and learning from less enjoyable experiences. Danielle discusses her experiences studying Arabic and shifting focus from nuclear issues to cyber policy, highlighting how impact, rather than prestige, has driven her career choices. Her insights offer valuable guidance for finding pathways to success.

Join Matthew Cassidy, a risk advisory partner at Grant Thornton, Kayne McGladrey, a seasoned CISO from Hyperproof, and Alam Ali, SVP of Product Management at Hyperproof, as they explore AI's transformative role in governance, risk, and compliance. They discuss AI's effectiveness in monitoring, the importance of auditability, and the need for human oversight to mitigate risks. The trio also dives into the market's cautious adoption of AI, emphasizing realistic ROI expectations and the need for documented processes before automation. A practical and insightful conversation awaits!

Joining the discussion is Michael Gorelik, Chief Technology Officer at Morphisec and expert in cybersecurity. He sheds light on the Noodlophile stealer, a malware campaign manipulating fake AI video generation platforms. Users are lured into downloading malware disguised as legitimate software through deceptive Facebook groups. Gorelik explains the theft of sensitive data, including browser credentials and crypto wallets, and discusses the unique tactics used to hide malware. He emphasizes the importance of caution when interacting with AI tools and shares tips for detection and prevention.