CyberWire Daily

Ron Brash, a director of Cyber Security Insights at Verve Industrial and an industrial cybersecurity enthusiast, shares his captivating journey in the tech world. He details his early fascination with computers, which ignited his career path. Ron discusses transitioning to critical infrastructure, emphasizing the importance of secure management and how honest communication can prevent disruptions. Listeners will appreciate his insights on problem-solving within this vital sector and his drive to make a lasting impact in people's lives.

Notorious Russian cybercriminals make headlines with a historic prisoner exchange. An Israeli hacktivist group launches a significant cyberattack in Iran. The U.S. Copyright Office is pushing for laws to tackle deepfakes. Cybercriminals exploit a Cloudflare service for malware, while vulnerabilities in critical infrastructure raise concerns. President Biden’s cybersecurity legacy is under discussion, highlighting shifts towards private sector responsibility. Meanwhile, advancements like homomorphic encryption and the appointment of a Chief AI Officer signal a proactive approach to cybersecurity.

David Moulton, host of Palo Alto Networks' Threat Vector podcast and Director of Thought Leadership, discusses pressing cybersecurity issues. He highlights a ransomware attack on a major U.S. blood center, which disrupted services and heightened blood shortages. The conversation moves to CrowdStrike's legal troubles following a software outage. Moulton also touches on new threats like BingoMod malware and significant breaches at Western Sydney University, highlighting the evolving landscape of cybersecurity and the importance of user education.

Rakesh Nair, Senior Vice President of Engineering and Product at Devo, dives into the tumultuous world of cybersecurity. He discusses the recent massive Microsoft outage and the legislative push for online safety. Nair highlights the alarming rise in ransomware attacks and the vulnerabilities exposed by GeoServer flaws. Privacy concerns regarding the Paris 2024 Olympics app take center stage. He also sheds light on the challenges of data control faced by security teams and the role of automation in combatting these issues.

A remarkable discussion unfolds around the largest ransomware payment ever—$75 million! The average cost of data breaches is nearing a staggering five million dollars. Phishing emails are flooding inboxes due to exploited protections, while new tools emerge to enhance machine learning security. The legal landscape shifts with most charges against SolarWinds dismissed, prompting thoughts on corporate accountability. Plus, wild HDMI techniques reveal data leakage secrets. Tune in for a gripping dive into today’s cybersecurity climate!

Barath Raghavan, a cybersecurity expert, and Bruce Schneier, a leading authority on security tech, dive into the complexities of cyber threats. They discuss South Korea's military intelligence leak to North Korea and the increasing threat landscape. The conversation highlights the importance of building resilience in IT infrastructures through strategic failures. They also explore the convergence of cyber and physical security, emphasizing AI's transformative role in safeguarding critical infrastructure against sophisticated cyber attacks.

John Kindervag, the mind behind the zero trust model, joins Rick Howard for an insightful discussion. They delve into the origins of zero trust, sparked by frustrations with traditional security methods. The conversation shifts to the evolution of this framework, highlighting the necessity for a trust paradigm shift to combat modern threats. Kindervag underscores the importance of differentiating identities, devices, and software in network security. The duo also navigates the practical steps for transitioning to a zero trust strategy, emphasizing a deny-all approach to safeguard critical resources.

Camille Stewart, a cybersecurity attorney with extensive experience in security policy, discusses her journey shaped by a childhood passion for contracts and a tech-savvy upbringing. She emphasizes the importance of blending law and technology to address cybersecurity challenges. Camille shares insights from her roles in various sectors, including Big Tech at Google Play, where she focuses on user safety and informed decision-making. Her unique perspective highlights how technology acts as an equalizer in the legal landscape.

Justin Fanelli, the Acting CTO of the US Navy, dives into how the Navy is revolutionizing its innovation process through private sector collaboration. He discusses the crucial link between military prowess and economic strength, alongside the hurdles entrepreneurs face when transitioning ideas into practice. Fanelli also highlights the Navy's shift to portfolio management for enhancing operational effectiveness and the necessity of data-driven decisions. Finally, he underscores the significance of clear communication and feedback in successfully integrating new technologies.

Dick O'Brien, a cybersecurity researcher from Symantec's Threat Hunter team, discusses the ominous rise of the Black Basta ransomware group. He dives into a specific vulnerability, CVE-2024-26169, which allowed attackers to exploit privilege escalation as a zero-day before being patched. O'Brien outlines the group's origins and operational strategies, reveals their historical ties to the Quackbot botnet, and highlights essential cybersecurity measures for defending against such sophisticated threats. Tune in for vital insights into the evolving landscape of ransomware!