CyberWire Daily

A lively panel discussion explores the intersection of cyber innovation with AI and space. The evolution from task-specific AI to foundational models highlights accessibility risks. The significance of cybersecurity in the commercial space industry is emphasized, along with vulnerabilities in satellites. Panelists debate whether AI is experiencing a bubble and discuss its dual role in enhancing cyber strategies while introducing new security challenges. There's cautious optimism about the future of AI, cyber, and space technology.

In this engaging discussion, Alex Berninger, Senior Manager of Intelligence at Red Canary, and Mike Wylie, Director of Threat Hunting at Zscaler, dive into the underbelly of phishing campaigns exploiting remote monitoring tools. They reveal four clever lures used by attackers, including fake browser updates and meeting invites. The duo emphasizes the stealthy nature of RMM tool abuse and outlines effective detection strategies. Their insights highlight the growing sophistication of threats and the necessity for vigilant monitoring of authorized RMM usage.

Cyber Command appoints a new AI chief, emphasizing responsible tech adoption. The UK introduces a significant Cyber Security and Resilience Bill, stirring concerns over readiness. A critical flaw in Oracle Identity Manager raises alarms about potential zero-day exploitation. Salesforce warns of a breach linked to Gainsight, involving sensitive customer data. Meanwhile, four individuals face charges for illegally exporting Nvidia AI chips to China, while NSO Group seeks to pause a legal injunction. The episode also features insights from Lt. General Daniel Karbler on missile defense and his role in a Netflix film.

In this engaging discussion, Stav Setty, a Principal Researcher at Palo Alto Networks, unveils the alarming tactics behind the Jingle Thief campaign, a sophisticated cloud-only fraud operation leveraging Microsoft 365 to print gift cards. Setty reveals how the Moroccan group Atlas Lion used tailored phishing methods and exploited legitimate business workflows to compromise identities. He emphasizes the importance of behavioral analytics in detecting such threats and offers actionable advice to enhance identity security in cloud environments.

Cliff Crosland, CEO and co-founder of Scanner.dev, dives into the benefits of security data lakes for AI in the Security Operations Center (SOC). He explains how these lakes, built on object storage, enhance AI workflows with fast query performance. Cliff highlights the power of human-AI collaboration in reducing false negatives and improving investigations. He also discusses the evolving roles of SOC analysts and the importance of managing unstructured logs, advocating for a flexible approach to data management in modern cybersecurity.

Rotem Tsadok, Director of Security Operations and Forensics at Varonis, shares insights from thousands of investigations in cybersecurity. He discusses a massive Cloudflare outage caused by a configuration error, and the alarming tactics used by China to target lawmakers through LinkedIn. Rotem highlights the rising challenges AI poses to security, including issues with LLMs and AI-driven phishing threats. He recommends immediate actions like enforcing MFA and aggressive patching to combat vulnerabilities. AI's potential for threat detection also gets a nod!

Kevin Kennedy, a retired U.S. Air Force lieutenant general and current VP at ManTech, explores the evolving landscape of future warfare. He emphasizes the significance of integrating non-kinetic effects in military operations and discusses the democratization of the cyber battleground, where state and non-state actors increasingly leverage cyber tools. Kennedy also highlights the need for public-private coordination to safeguard critical infrastructure and outlines his vision for developing a robust future cyber force.

Richard Bird, an identity expert and startup advisor, dives into the evolving world of digital identity in a candid discussion. He emphasizes that names alone fail as online identifiers and argues for a more nuanced understanding of identity as a human proxy. Bird traces the historical roots of access controls and urges cybersecurity leaders to shift identity management from mere access to a comprehensive security framework. He warns that AI will expose weaknesses in identity systems, suggesting proactive steps for leaders to enhance visibility and governance.

Jared Atkinson, CTO at SpecterOps and red teaming expert, delves into the complexities of identity-driven attack paths. He discusses how attackers exploit transitioned identities to elevate privileges and bypass security measures. Atkinson emphasizes the importance of visualizing risk like adversaries do, and highlights the challenges posed by hybrid attack paths across diverse systems. He underscores the necessity of cross-team collaboration in remediation efforts, providing actionable insights for enhancing cybersecurity.

In this engaging discussion, Chenxi Wang, founder of Rain Capital and a seasoned expert in cybersecurity, shares how she overcame personal fears to achieve her professional goals. She reflects on her journey from China to the U.S. and her pivotal shift from academia to the venture capital world. Chenxi emphasizes the importance of mentorship and community, detailing her work with the women's executive network. She also addresses breaking glass ceilings and how she aims to leave a legacy rooted in kindness and support for underrepresented groups.