CyberWire Daily

Global bank CEO shares valuable cybersecurity insights, including the rise in credential stuffing attacks and new vulnerabilities in Intel processors. UK bans easy IoT passwords, while CISA unveils security guidelines for critical infrastructure. Researchers uncover a stealthy botnet-as-a-service from China. Police in Japan combat gift card fraud creatively.

Jack Rhysider shares his journey from studying computer engineering to using gamification in his career, leading to a focus on security. He talks about his transition to podcasting, emphasizing storytelling for cybersecurity education and inspiration.

Christopher Doman from Cado Security discusses Cerber ransomware targeting Linux servers through Confluence exploit. The research highlights Cerber's evolution and occasional campaigns since 2016. Recommendations are provided for protection against ransomware attacks.

Eric Goldstein, CISA's Executive Assistant Director for Cybersecurity, discusses healthcare breaches, global malware presence, exploiting vulnerabilities, and the success of CISA's ransomware warning program. They also touch on the importance of open source software security, password trends, and cybersecurity workforce development.

This podcast delves into the Cyber Workforce Pipeline, discussing sources of new talent like K-12 programs, higher education, and transitioning military. It highlights the importance of cybersecurity education early on, hands-on skill development, and creating a collaborative ecosystem for cyber professionals. The episode also explores the need for a national association to regulate training providers and certifications in the cybersecurity field.

Cisco rushes urgent patches for security appliances. Android TVs at risk of exposing Gmail inboxes. FTC refunds Ring customers. DOJ charges crypto mixers for money laundering. Critical vulnerability in Flowmon tool. Swiss blood donation company hit by ransomware. Brocade SANnav vulnerabilities discovered. New Android banking trojan emerges. Meta's ad business under EU scrutiny. Microsoft Security's Ann Johnson interviews LinkedIn's CISO. AI deepfake sparks community crisis.

Iranian hackers indicted by the DOJ, TikTok legislation, Russian hack on water treatment plant, dark web data leaks. Mandiant monitors dwell times, North Korean hackers target defense secrets. CISSP certification journey discussion, pain points for CISOs & CIOs. Ransomware impacts Sweden’s liquor stores.

Visa crackdown on spyware developers, UnitedHealth breach affects millions, LockBit leaks DC govt data, Microsoft warns of GooseEgg by APT28, updated HIPAA rules, vulnerable keyboard apps, NH hospital breach, Microsoft DRM flaws, Security in software supply chain, GoogleTeller's chatter

Topics in the podcast include renewed surveillance controversy, cybersecurity breaches at MITRE and CrushFTP, vulnerabilities in Windows Defender, data-stealing apps targeting Ukrainian soldiers, malware distribution through GitHub comments, VW's legacy Chinese espionage, winners of the President's Cup Cybersecurity Competition, and innovative cybersecurity approaches showcased at RSAC 2024.

Kiersten Todt, managing director of Cyber Readiness Institute, shares her journey in cybersecurity post-9/11. She emphasizes interdisciplinary skills in the field. Todt's insights on problem-solving and driving change are enlightening for cybersecurity enthusiasts.