CyberWire Daily

Data Privacy Attorney Daniel Rosenzweig discusses aligning data privacy and cybersecurity laws with tech advancements. Topics include Microsoft prioritizing profit over security, global election interference warnings, cyber insurance claims, Tile data breach, phishing kit creation, and AI cheating. The importance of legal-tech partnerships for compliance and consumer trust is emphasized.

Dutch military intel warns of China's Coathanger RAT. Pure Storage breach. JetBrains fixes GitHub IDE flaw. Data broker halts driver location data sales. VLC Media player flaws. Patch Tuesday updates. Learning Layer on CISSP journey. Farewell to Lynn Conway. CyberWire Audience Survey ongoing for $100 Amazon gift card. Remember to leave a 5-star review!

Guest Chris Novak, Senior Director of Cyber Security at 23andMe, discusses the 2024 Data Breach Investigations Report. Topics include 23andMe's bankruptcy, BGP security, rural hospital cybersecurity, data breaches, SAP patches, and Apple's privacy measures. The podcast also touches on ransomware attacks, cyber risk quantification, and the risks of sharing personal digital information in relationships.

Microsoft makes Recall opt-in, Senate hearings on federal cybersecurity, Snowflake's scrutiny, NY Times source code leak, ransomware impacts British hospitals, Cisco Talos finds PLC vulnerabilities, Sticky Werewolf targets Russia, Frontier Communications data breach, Chinese nationals cybercrime sentencing in Zambia, AWS CISO concerns, DIY cell towers legality issues.

Investigative journalist Geoff White discusses his tech journalism journey, emphasizing the importance of storytelling and communication. He reflects on his career covering cybercrime and cybersecurity, highlighting the impact on the public.

Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes discusses how cybercriminals are exploiting the hype around the new Arc browser by distributing malware through deceptive Google search ads. They use techniques like embedding malware in image files and utilizing the MEGA cloud platform, emphasizing the need for caution with sponsored search results and the effectiveness of Endpoint Detection and Response systems.

Former Deputy National Cyber Director Camille Stewart Gloster discusses her public service career. Topics include Microsoft's recall, SolarWinds vulnerabilities, Russian hacktivists, LastPass issues, Apple's iPhone security commitment, and FCC's BGP protocol plan.

Snyk's CTO, Danny Allen, discusses the rush to implement GenAI and the gap between leadership and teams in security practices. Other topics include CISA's recommendations for JCDC, Snowflake breach due to single-factor authentication, publishers suing Google, and FBI sharing LockBit decryption keys. Commando Cat targets Docker servers for crypto mining, while Club Penguin fans uncover Disney secrets. AI adoption in software engineering and security measures are also highlighted.

OpenAI reveals reckless culture, Uganda biometric concerns. Sophos uncovers Crimson Palace cyberespionage. Poland bolsters defenses against Russia. Zyxel warns of NAS vulnerabilities. TikTok zero-day targets high profile accounts. Cisco patches Webex flaw. Learning Layer on CISSP certification. Canadian data breach leads to class action. Various cybersecurity incidents and developments discussed.

London hospitals face disruption from ransomware attack, vulnerabilities found in software systems, debt collection agency breach affects millions, rural hospitals at risk. Russian threat actors target Olympics. Sandy Bird discusses risks of unused identity infrastructure. Amazon rainforest goes online.