CyberWire Daily

Rick Howard, N2K CyberWire’s Chief Analyst, CSO, and Senior Fellow, reflects on the evolution and significance of Memorial Day, paying tribute to fallen soldiers post-Civil War. The podcast explores the somber atmosphere of Arlington Cemetery, honoring sacrifices made for freedom. It also delves into the importance of honoring American heroes from different conflicts with poignant quotes from historical figures.

Richard Torres, director of security operations, shares his diverse background journey from law enforcement to cybersecurity, highlighting his transition from SWAT team member to cyber expert. He emphasizes the importance of diplomacy and continuous learning in the security industry.

Jon DiMaggio, Chief Security Strategist at Analyst1, discusses the international effort to dismantle LockBit ransomware gang's data leak site. The NCA, FBI, Europol, and other countries disrupted LockBit, collecting victim data, decryption keys, and compromising the new ransomware payload. The discussion highlights the meticulous work involved, caution when interacting with cyber criminals, and the complex relationship with the elusive leader of LockBit.

Legal expert Ben Yelin joins to discuss a groundbreaking legal case involving AI-generated CSAM. Topics also include data breach at London Drugs, backdoor in courtrooms' video software, Chrome zero-day vulnerability, solar power grid cyberattack, and a bill to enhance cyber workforce diversity.

Spyware found in U.S. hotel check-in systems. Microsoft outage impacts services. New cyber threat Unfading Sea Haze discovered. Flaws in Apple's Wi-Fi system exposed. SEC fines NY Stock Exchange. Operation Diplomatic Specter targets political entities. AI disclosure rules for political ads considered. Legal perspectives on cyber-attacks targeting space systems discussed. Tone-blasting underwater data centers explored.

Microsoft's Recall feature sparks privacy concerns. Texas healthcare provider breached, affecting 400K. Philippines police services shut down after breach. Ivanti and GitHub patch critical vulnerabilities. Honeywell's ControlEdge Controller vulnerable. DoD releases Cybersecurity Reciprocity Playbook. Hackers leak database of US criminal records. Mastercard enhances fraud detection with AI. Learning segment on CISSP certification journey. Remembering computing visionary C. Gordon Bell.

The podcast delves into the arrest of a dark web drug lord, new ransomware reporting regulations, JavaScript library updates, healthcare vulnerabilities, and a $50 million cybersecurity program. It also covers a Fluent Bit vulnerability, EPA alerts for drinking water systems, a threat intelligence platform, and discussions on innovation balancing. Plus, there's an interesting segment on AI assistant familiarity.

Topics include Germany suing Microsoft, AI chatbot vulnerabilities, banking trojan targeting South America, gender bias in open source contributors, personal cybersecurity risks for executives, college students unlocking free laundering, and Cybercom's origin story.

Monica Ruiz, a Cyber Initiative and Special Projects Fellow at the Hewlett Foundation, shares her journey from childhood aspirations to cybersecurity. She discusses the challenges faced as a woman of color in the field and emphasizes the importance of diversity and connectivity in cybersecurity to advance the industry.

Hosein Yavarzadeh from UC San Diego discusses control-flow attacks on high-performance CPUs, revealing how attackers can access specific CPU parts for dangerous exploits. They demonstrate recovering a secret image and extracting an AES encryption key, highlighting severe security vulnerabilities in these systems.