CyberWire Daily

Dave DeWalt, Founder and CEO of NightDragon, joins Nicole Bucala, CEO and GM at DataBee, to discuss their joint mission to drive cybersecurity innovation. They dive into the alarming rise of international hacking threats and the implications of new compliance regulations. The conversation touches on a botnet exploiting outdated security cameras and the humorous fallout from a McDonald's Instagram hack. DeWalt and Bucala also explore synergies in tech partnerships, particularly in AI and machine learning, addressing the landscape of modern cyber threats.

Threat actors are utilizing a malicious Pidgin plugin to spread malware, while the BlackByte ransomware group exploits vulnerabilities in VMware ESXi. A $2.5 million reward has been issued for a major malware distributor, and recent cyberattacks, including one on Park’N Fly affecting a million customers, highlight urgent security needs. The introduction of the CertByte segment offers insights into IT certification training, and federal agencies are on alert about Iranian cyber activity. Ethical project management and misinformation prevention in elections are also discussed.

The arrest of Telegram’s CEO ignites hacktivist cyberattacks against French websites. A stealthy Linux malware evades detection for two years, while zero-day vulnerabilities continue to pose significant risks. Gafgyt malware shifts tactics to target cryptocurrency mining. Learn about AI Goat, an open-source platform for AI security education that emphasizes machine learning risks. Plus, hear the eye-opening story of Kentucky prisoners tricking tablets to generate fake money. Cybersecurity is evolving, and so are the threats!

Telegram's CEO faces arrest over content moderation failures, sparking discussions on encryption and security in communications. A significant cyberattack affects Seattle-Tacoma Airport. SonicWall issues warnings about critical vulnerabilities. Regulators hit Uber with hefty fines for privacy breaches. Insights from AWS security experts on collaboration in higher education reveal the importance of fostering a security culture. Plus, Iran's attempts to meddle in the U.S. election highlight ongoing cybersecurity challenges.

Ellen Sundra, Vice President of Global Systems Engineering, shares her inspiring journey from college graduate to cybersecurity leader. She emphasizes the importance of education and training in tech, highlighting how soft skills complement technical expertise. Ellen discusses the challenges women face in a male-dominated industry and how gaining confidence helped her thrive. She encourages listeners to embrace their unique perspectives and stay open to diverse roles within cybersecurity for professional growth.

Dustin Moody, a mathematician at NIST specializing in post-quantum encryption standards, shares groundbreaking insights about newly finalized algorithms designed to safeguard against quantum computing threats. They discuss the selection process for robust algorithms like Crystals Dilithium and Falcon. The conversation sheds light on the vulnerabilities of traditional encryption methods such as RSA and AES, while emphasizing the vital need for organizations to transition to newer standards. Collaboration within the PQC Forum highlights the community's role in enhancing cybersecurity amid evolving technological challenges.

Robert Duncan, VP of Product Strategy at Netcraft, sheds light on the alarming implications of Mule-as-a-Service (MaaS) in global fraud schemes. He discusses how cybercriminals use MaaS to launder money, connecting various scams like romance fraud and investment scams. The conversation dives into the use of generative AI to analyze and combat these fraudulent networks. Duncan also emphasizes the importance of mapping cyber and financial infrastructures to expose vulnerabilities, offering crucial insights for preventing financial crimes.

Hackers are exploiting vulnerabilities in the LiteSpeed Cache WordPress plugin. Halliburton faces a confirmed cyberattack, while the Velvet Ant group targets Cisco appliances. The Qilin ransomware is stealing credentials from Google Chrome. Notably, a telecom company pays a hefty fine related to deepfakes. Meanwhile, NIST unveils new standards for post-quantum cryptography to tackle future risks. A phishing simulation at UCSC inadvertently causes panic over a fake Ebola virus scenario, raising concerns about sensitive topics in awareness exercises.

A critical vulnerability in a popular WordPress plugin puts millions of sites at risk. Google and Cisco rush out emergency updates to tackle actively exploited flaws. Meanwhile, Slack faces issues with AI vulnerabilities, and contactless smart cards are revealed to have backdoor risks. The FAA introduces new cybersecurity rules for aviation amidst rising cyberattacks. In an intriguing discussion, experts analyze historical cyber conflicts and the geopolitical implications of recent online disruptions.

A major American chipmaker falls victim to a cyberattack, spotlighting the vulnerabilities in Progressive Web Applications. Security updates from Microsoft create chaos for dual-boot systems, while Mandiant uncovers critical flaws in Kubernetes. The DOE launches Solarsnitch to enhance solar security, and an Iranian group uses a fake podcast for malicious lures. Guests discuss the escalating threat of deepfakes which pose risks to media, elections, and corporate integrity, urging improvements in detection tools.