CyberWire Daily

The Democratic Party's 2024 platform is sharpening its focus on cybersecurity, pushing for better protections against online threats. Recent warnings highlight Iran's escalating influence operations. A major flaw in a WordPress plugin puts thousands at risk, while the Lazarus Group exploits a Windows zero-day. Toyota's data appears on a hacking forum after a breach, and Oregon Zoo suffers a credit card theft. Amazon's CISO discusses community engagement in threat intelligence, emphasizing collaboration in facing modern cyber challenges.

Discover the latest vulnerabilities in Microsoft apps for macOS that risk user privacy by exposing microphones and cameras. Learn about OpenAI's disruption of an Iranian misinformation campaign and a significant data breach affecting over 100,000 individuals. Tim Starks dives into a Russian hacking group's deceptive tactics targeting human rights organizations. Explore the decline of support for diversity initiatives in tech and innovations like Google’s auto-redaction feature to enhance mobile security against persistent cyber threats.

Robert Lee, the CEO and co-founder of Dragos, transitioned to cybersecurity through his fascination with industrial control systems. He reflects on his military-influenced upbringing and how it shaped his tech interests. Robert emphasizes the importance of securing industrial systems to ensure reliable services for future generations. He discusses the need for improved documentation and standards in this field. His vision for a safer world for his son highlights the human element behind cybersecurity efforts.

Snir Ben Shimol, an expert from ZEST Security specializing in cloud security, dives into the crucial vulnerabilities associated with Terraform providers. He reveals how community-sourced providers can pose significant risks, emphasizing the need for rigorous vetting and regular scanning. The conversation also sheds light on best practices like version pinning to mitigate these threats. Snir highlights the importance of collaboration between security teams and DevOps to enhance visibility and control, ultimately safeguarding cloud infrastructure.

A clash over the security risks of an Android app highlights potential vulnerabilities for Pixel devices. Ransomware attacks are surging in industrial sectors, adding urgency to cybersecurity measures. The introduction of mandatory MFA by Microsoft seeks to strengthen defenses. Meanwhile, fresh malware threats like Banshee Stealer emerge, targeting macOS. Legal actions against deepfake pornography raise ethical questions amid rising sextortion cases. Finally, scams exploiting Google's own platform expose vulnerabilities even within tech giants.

Microsoft alerts users about a serious TCP/IP vulnerability affecting Windows systems. Texas has taken legal action against GM over privacy issues related to driving data. Google's security team attributes recent phishing attacks to Iran's APT42. The challenges of managing JavaScript in the digital landscape are explored, highlighting its dual nature for e-commerce security. Meanwhile, the extradition of a notorious internet figure raises interesting legal and cybersecurity questions. Plus, new threats to cycling tech emphasize the need for robust cybersecurity measures.

A major vulnerability in Microsoft's Azure Health Bot raises alarms about security in healthcare. Deepfake technology is being exploited on social media, affecting political campaigns. A data breach at Kootenai Health and alarming trends in ransomware disclosures highlight pressing cybersecurity issues. Experts emphasize stronger defenses against Snowflake account attacks. Plus, unexpected incidents involving Airbnb host scams lead to new policies addressing unauthorized cryptocurrency mining.

In this dialogue, Simone Petrella, president of N2K, teams up with Lee Parrish, Chief Information Security Officer at Newell Brands. They explore the dark world of ransomware, spotlighting the notorious DeathGrip platform and recent law enforcement successes against cybercriminals. Simone and Lee delve into governance in the cybersecurity landscape, discussing insights from Lee's book, 'The Shortest Hour.' They also touch on the growing challenges posed by AI-generated scams, particularly affecting crafters on platforms like Etsy.

Lee Parrish, CISO at Newell Brands and author of "The Shortest Hour," discusses the evolving landscape of cybersecurity. He shares insights on the importance of adaptive security measures amidst technological advancements. Parrish emphasizes the human factor in cybersecurity leadership, blending expertise with fresh perspectives. The conversation also highlights the need for strong relationships between CISOs and executives, addressing new regulations and collaborative governance to tackle real-world challenges in the field.

The Trump campaign alleges an email breach linked to Iranian hackers and a Nashville man gets arrested in a North Korean scam. DEF CON reveals serious vulnerabilities in Google’s Quick Share, while ransomware attacks hit an Australian gold mining company and U.S. local governments. GPS spoofing is on the horizon, and Cisco prepares for more layoffs. An astonishing 2.7 billion personal records have surfaced on a hacking forum. Plus, insights on formal verification from Amazon Security's Director, showcasing vital advancements in cybersecurity.