CyberWire Daily

Lauren Zabierek, co-founder of the Share the Mic in Cyber initiative, and Camille Stewart Gloster, cyber policy expert, discuss the evolution of their program and the launch of the Catalyst Fellowship for cyber intelligence. They highlight the initiative's origins in amplifying Black voices in cybersecurity and dive into the fellowship's successes in professional development. The conversation also touches on the growing need for training in cyber threat intelligence amidst current cybersecurity challenges.

Ben Yelin, a researcher at the University of Maryland, discusses critical cybersecurity threats, including a foreign breach at a U.S. nuclear manufacturing site. He highlights the staggering £1.9 billion impact of the Jaguar Land Rover cyberattack and the role of AI in reshaping cybersecurity strategies. They also delve into whistleblower protections at the Social Security Administration, shedding light on retaliation claims and organizational challenges. The conversation uncovers the serious implications of cloud outages on smart technology, suggesting a pressing need for robust offline solutions.

In this engaging discussion, Josh Kamdjou, CEO of Sublime Security and former DoD white-hat hacker, shares insights on anticipating social engineering tactics from the notorious Scattered Spider. He emphasizes the importance of layered defenses and mapping valuable assets to mitigate risks. The conversation also dives into the rise of AI-driven email threats and how his company employs customized detection strategies to defend against them. Kamdjou highlights the balance between automation and human oversight in cybersecurity, ensuring rapid and accurate responses.

Ethan Cook, lead analyst and editor at N2K, shares his insights on cybersecurity regulation and privacy. He discusses the consequences of cutting resources for cyber reviews and how companies may normalize data exposure. Ethan draws parallels between AI and regulatory gaps, questioning whether current regulations stifle innovation or support it. He emphasizes the need for guidance over strict mandates and offers practical steps for adapting to policy changes. A thought-provoking look at the balance between oversight and individual responsibility!

Jeff Collins, CEO of WanAware and an expert in IT asset visibility for healthcare, dives into the implications of hospital consolidations on security. He reveals how these mergers lead to unknown assets, increasing operational risks. Collins discusses the importance of leveraging existing data for accurate inventory and emphasizes continuous discovery to adapt to tech changes. He also addresses the challenge of alert overload, advising on prioritizing high-risk incidents for cybersecurity teams to tackle effectively.

Kristin Strand, a Cybersecurity Associate Consultant at BARR Advisory, reflects on her inspiring journey from military service and teaching to a career in cybersecurity. She highlights her transition to IT through the Apprenti program, emphasizing the importance of self-teaching and goal-setting. Kristin also shares her experiences in the Army, her current drill sergeant training, and how a supportive company culture enhanced her career. Her takeaway? Be firm in your goals and clearly express what you want, as opportunities will arise.

Jesse Michael and Mickey Shkatov from Eclypsium delve into their groundbreaking research on "BadCam," revealing vulnerabilities in Lenovo webcams that could allow attackers to hijack these devices. They discuss the frightening potential of weaponizing Linux webcams, transforming them into malicious tools that can inject keystrokes and maintain persistent access. The duo highlights the insecure update practices that enable these threats, stressing the urgent need for stronger firmware validation across all Linux-based peripherals.

Danny Jenkins, CEO and co-founder of ThreatLocker, dives deep into the intricacies of zero trust security. He discusses how AI is reshaping cybersecurity, noting the rise of AI-generated malware and sophisticated phishing tactics. Jenkins explains why zero trust is more important today, particularly as organizations grapple with the rapid deployment of AI tools. He emphasizes that cybersecurity is not just about technology but also about cultivating a mindset focused on least privilege. Expect insightful predictions on the future of zero trust in a world increasingly influenced by AI.

Manoj Nair, Chief Innovation Officer at Snyk and AI security expert, dives into the evolving landscape of AI risks. He shares insights on critical issues like hallucinations, supply-chain vulnerabilities, and the importance of governance in AI development. With recent high-severity threats reshaping the security landscape, Nair emphasizes the need for organizations to adapt quickly. He also discusses strategies for CISOs, focusing on visibility, policy enforcement, and team education to effectively manage AI security challenges.

Tim Starks, a Senior Reporter at CyberScoop, discusses Senator Peters' latest efforts to reauthorize the critical cyber threat information-sharing law. He highlights the implications of name confusion and the pushback on free speech provisions. Meanwhile, Spencer Thielman from Palo Alto Networks dives into the explosive growth of AI applications in enterprises, emphasizing urgent security strategies. He outlines key pillars of AI security and warns of risks from agent autonomy and memory manipulation. Plus, explore North Korea's deceptive schemes in the digital space!