CyberWire Daily

Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be seeking out jobs you're actually not qualified for. I think that's how you grow. If you know you could do the job, and you've got half the skills, go for it." Jason aspires to a legacy of increasing diversity in the cybersecurity industry and founded a non-profit to do just that. And, we thank Jason for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

This special edition podcast highlights three women, Priyanka, Ashley and Lauren, who chose to focus their careers in cybersecurity for the mission-based organization Northrop Grumman. Kathleen Smith from ClearedJobs.Net joins us as our panel moderator. The CyberWire's Jennifer Eiben hosts the event. We are excited to share this look into the world of women in cybersecurity. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guest Joe Slowik joins us from Domain Tools to share their research "Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity" where they examined technical artifacts emerging around the 2020 conflict between Armenia and Azerbaijan in the Caucasus region. Cyber Threat Intelligence (CTI) practitioners can gain insight into adversary operations by tracking conflicts or geopolitical tensions. Similar to a “follow the money” approach in criminal investigations, looking at conflict zones can reveal cyber capabilities deployed as part of events —either by the parties to the conflict itself, or third parties interested in monitoring events for their own purposes.Based on precedent, analysts can identify developments in adversary operations and technical capabilities by tracking identifiers related to major events and conflict zones. Identifying capabilities deployed to take advantage of such items can yield insights into fundamental attacker tradecraft and behaviors, and enable defense and response for incidents which may strike far closer to home at a later date.The research can be found here:Current Events to Widespread Campaigns: Pivoting from Samples to Identify Activity Learn more about your ad choices. Visit megaphone.fm/adchoices

Lazarus Group seems to have had an IE zero day. Brazilian power utility discloses a ransomware attack on business systems. TrickBot’s back. Automated attacks are going after web applications. Two security firms report breaches. Patching notes. A look at life in the cleared community. Caleb Barlow from CynergisTek with handling disinformation in our runbooks. And Washington and Moscow hold the usual frank discussions--the Americans, at least, talked about cybersecurity.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/24 Learn more about your ad choices. Visit megaphone.fm/adchoices

Hildegard malware is targeting Kubernetes clusters. Remote access flaws found in consumer security devices. A brief update on the spreading software supply chain incidents. Project Zero sees incomplete patches at the root of most successful zero-day attacks. Recruiting a privateer’s crew. The current mood among ransomware victims. We’ll search for the truth about 5G with Rob Lee and Rick Howard. And who’s behind zoom-bombing remote learning? A hint: the kids aren’t alright.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/23 Learn more about your ad choices. Visit megaphone.fm/adchoices

It appears Chinese intelligence services have been exploiting a vulnerability in SolarWinds to steal data from a US Government payroll system. The presumed Russian intrusion into SolarWinds may have been going on for nine months or more. Three new SolarWinds vulnerabilities are disclosed and patched. Amnesty accuses South Sudan of abusing intercept tools. BEC compromise is involved in gift card scams. Joe Carrigan has thoughts on opt-in privacy policies. Our guest is Dale Ludwig from CHERRY on USB attacks and hardware security. And carders steal from other carders.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/22 Learn more about your ad choices. Visit megaphone.fm/adchoices

Myanmar’s junta jams the Internet. Operation NightScout looks like a highly targeted cyberespionage campaign delivered through a compromised supply chain. SonicWall zero day is being actively exploited in the wild. StrangeU and RandomU are filling a niche in the criminal-to-criminal market. Ben Yelin ponders whether the Solarwinds attack can be considered an act of war. Our guest Jamie Brown from Tenable on the National Cyber Director position and what it means for the Biden administration. Another data breach is associated with Accellion FTA. And it’s Groundhog Day, campers.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/21 Learn more about your ad choices. Visit megaphone.fm/adchoices

Untangling Solorigate, and distinguishing primary targets from collateral damage (or maybe side benefits, or maybe battlespace preparation). Congress asks NSA for background on an earlier supply chain incident. The Cyberspace Solarium Commission offers the new US Administration some transition advice. Rick Howard hears from the hash table on Microsoft Azure. Andrea Little Limbago from Interos on the intersection of COVID and cyber vulnerabilities. And the week gets off to a rough start for smart Britons.For links to all of today's stories check out our CyberWire daily news brief:https://www.thecyberwire.com/newsletters/daily-briefing/10/20 Learn more about your ad choices. Visit megaphone.fm/adchoices

Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

For 20 years, the cybersecurity practitioner’s goto move when confronted with a new risk or compliance requirement has been to install a technical tool somewhere in the security stack to cover it. Over time, the number of tools that the infosec team has to manage has slowly grown. With the advent of bring-your-own device to the workplace, CIOs choosing SaaS applications to do work that has been traditionally handled in the data center, and organizations rushing to deploy their services into hybrid cloud environments, the number of individual data islands where company material information is routinely stored and must be covered by the security stack has increased. The complexity of this situation is immense. Two strategies have emerged to address this problem. The first is to continue down the path of installing more technical tools in each data island to cover the risk and having the infosec team manually process the telemetry of all the security devices with bigger teams and helper-automation-tools like SOAR platforms and SIEM databases. The second strategy is to choose a security vendor's platform that performs most of the security tasks on all the data islands but now makes the organization reliant on a single point of failure.Joining Rick Howard from the CyberWire's Hash Table's group of experts to consider the matter are Mike Higgins from Haven Health and Greg Notch from the National Hockey League, and later in the show, Rick speaks with Lior Div of Cybereason, who gives their point of view on this debate. Learn more about your ad choices. Visit megaphone.fm/adchoices