CyberWire Daily

Errol Weiss, Chief Security Officer of HEALTH-ISAC and a key contributor to the N2K CyberWire Hash Table, discusses the vital need for information sharing in cybersecurity. He presents a compelling case for collaboration among organizations to tackle advanced threats. Weiss addresses legal and compliance challenges that hinder this sharing, emphasizing how executive leadership can foster a culture of cooperation. The conversation highlights the significant benefits of shared insights, including improved incident response and cost savings for all involved.

Ben Yelin, Program Director for Public Policy and External Affairs at the University of Maryland, shares his path from political enthusiast to Fourth Amendment expert. He reflects on how crucial events like the 2000 election and 9/11 steered his interest in law and public policy. Ben discusses the hurdles facing defense contractors in achieving compliance with CMMC 2.0, and he emphasizes the value of mentorship in shaping his career in national security law. His goal is to elevate the debate surrounding cybersecurity and digital privacy.

Alex Delamotte, a Threat Researcher from SentinelOne Labs, unveils the troubling rise of the Xeon Sender tool, a cloud-based hacktool facilitating SMS spam campaigns. He discusses its technical workings and alarming distribution on underground forums. The conversation highlights detection techniques for SMS abuse and cybersecurity best practices for organizations facing this modern threat. With SMS attacks on the rise, Delamotte emphasizes the urgent need for vigilance and effective monitoring to combat these malicious activities.

Tim Starks, a cybersecurity journalist from CyberScoop, dives into alarming threats in the digital landscape. He discusses a recent Fortinet data breach and the arrest of a teenager linked to a Transport for London attack. The conversation highlights Russian hackers mimicking spyware vendors, exploiting eye-tracking technology for password theft. Starks emphasizes the critical need for improved hiring practices in the cybersecurity field as new vulnerabilities arise, underlining the ongoing challenges faced by the industry.

The UK now classifies data centers as critical national infrastructure. Cisco has patched vulnerabilities in its network operating system, while BYOD risks continue to rise. A Pennsylvania healthcare network faces a $65 million settlement from a 2023 data breach. Google Cloud introduces innovative air-gapped backup solutions. New Android banking malware TrickMo emerges, and GitLab releases a critical security update. Expert Jon France discusses communicating cyber risks to corporate boards, and some bizarre claims emerge, including Pokémon as a potential spy tool.

Join Chris Hare, a content developer and project management whiz, and George Monsalvatge, a Microsoft Azure expert, as they dive into the essentials of the Azure Fundamentals (AZ-900) Practice Test. They discuss valuable study tips and effective strategies for mastering exam content. The duo also explores the implications of Microsoft's integration of post-quantum cryptography and the FTC's new rules against fake reviews, all while highlighting critical updates from the latest Patch Tuesday. A fascinating blend of tech insights and exam prep!

Mary Haigh, the Global CISO of BAE Systems, shares her unique 15-year journey in cybersecurity, reflecting on the challenges and triumphs of rising to leadership. She emphasizes the importance of diverse team dynamics and a data-driven approach in crafting a top-notch cybersecurity workforce. Haigh discusses the need for standardized job roles and the promotion of mentorship to enhance diversity. Additionally, she outlines strategies to bridge the gap between varying levels of talent in the industry, highlighting collaboration as key to professional growth.

Delve into the intricate cyber campaign targeting Asian organizations for the PRC, exposing significant data breaches and the tactics behind them. Discover how AI is reshaping offensive security, automating crucial tasks while presenting new challenges. Recent vulnerabilities from CISA highlight urgent security concerns in various sectors. The rise of sextortion scams takes a surprising turn, while the dual-edged nature of AI prompts a reevaluation of cybersecurity strategies. Stay updated on the ever-evolving landscape of cyber threats.

Amer Deeba, CEO of Normalyze, dives into the pressing issue of shadow data – the hidden risks lurking within our digital world. He discusses the alarming Veeam software vulnerability and how recent breaches, like the Avis data theft affecting 300,000 customers, highlight the urgency of robust data security. Deeba emphasizes the challenges that organizations face in managing sensitive information and the critical need for proactive measures to prevent potential data breaches, especially in the age of digital transformation.

Ann Johnson, Corporate Vice President of Cybersecurity Business Development at Microsoft, shares her unexpected journey from aspiring lawyer to cybersecurity leader. She emphasizes the importance of mentorship and continuous learning, unveiling her passion for public key infrastructure. Ann also highlights the need for diversity in cybersecurity and advocates for a human-centric approach, focusing on empathy and user experience. Her insights aim to inspire a more inclusive and accessible industry.