CyberWire Daily

Salem El Nimri and Declan Ganley discuss building a resilient outernet with AWS, focusing on the outer net project, generative AI in space tech, Revada's satellite constellation management using AWS, and the transformative impact of 'the alternate' technology on global communications.

Tomer Peled, a Security & Vulnerability Researcher from Akamai, discusses a high-severity vulnerability in Kubernetes allowing remote code execution on Windows endpoints. The research uncovers two other vulnerabilities sharing the same root cause. Topics include risks of command injection, exploitation, and mitigation strategies for Kubernetes security.

Kevin Magee from Microsoft Canada discusses cross domain prompt injection and AI. Topics include Sisense and Heritage Foundation breaches, D-Link vulnerabilities, zero-day exploits, deepfake phishing, and AI models' persuasiveness. The podcast also covers Section 702 debate, cybersecurity risks, legacy app security, AI vulnerabilities like XPI attacks, and collaboration in cybersecurity.

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In the first episode of the series on cybersecurity workforce development, we dive into the complex world of cyber workforce management and planning, particularly as it pertains to the perspective of the enterprise.We explore the current state of the cybersecurity workforce, navigate various challenges in talent acquisition, and explore the nuances of job classifications, titles, compensation, and the dynamics of remote, onsite, and hybrid work environments. Our experts further address talent development strategies like professional development, training, conferences, mentorship programs, communities of interest, and corporate cyber academies. Finally, we touch upon the critical aspect of talent retention, an essential component in closing the cybersecurity talent gap. We hope you will join us on this journey.Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool, Cyber Workforce Consultant  Dr. Heather Monthie, Cybersecurity Workforce Consultant Jeff Welgan, Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Strategic Cyber Workforce Intelligence resources for your organization Cyber Talent Acquistion Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple warns users of spyware attacks by mercenaries, CISA expands services, US Cyber Command operations, taxi fleets leak data, Trend Micro tracks DeuterBear malware, GitHub search manipulation by cybercriminals, Scully Spider possibly using AI scripts, ISC2 study on salary disparities. Military mindset in cybersecurity discussed with former Recon Marine, transitioning veterans to cybersecurity, cyber talent insights explored, AI music creation and licensing.

House progresses on Section 702 reauthorization. Ukraine suspends top cyber official. Wisconsin health coop hit by data breach. Sophos reveals malicious backdoor. Fortinet patches vulnerabilities. Microsoft server leaks employee data. LG secures smart TVs. IMF warns of cyber threats triggering bank runs. CISSP study tips and Elon Musk's impulsive decisions discussed.

This podcast covers a healthcare ransomware attack on Change Healthcare, a cyberattack warning from a French football team, a misconfigured SaaS application breach at Home Depot, and FCC efforts to secure car connectivity for domestic violence survivors. It also touches on disruptive cyberattacks at Targus, a doxxing event in El Salvador, a customer data breach in India, and the Israeli military's GPS jamming. Additionally, the episode features a discussion on nurturing trust in cybersecurity with Microsoft Security's Ann Johnson and cyber expert Jason Healey.

Cybersecurity expert Caleb Barlow discusses the evolving role of CISOs. Topics include data privacy legislation, cyber incidents in healthcare and UK veterinary services, hardcoded backdoors in storage devices, and the market for zero-days.

Selena Larson, a cyber threat intelligence analyst, shares her journey from journalism to industrial security. She discusses the similarities between investigative journalism and threat intelligence, emphasizing the value of a non-traditional background in cybersecurity.

Noah Pack, a SANS Intern, discusses leaking AWS API keys intentionally for research. He shares insights on responses from different automated processes and security services. The aftermath of publicly revealing AWS API keys and the alerts triggered by GitGuardian, AWS, and suspicious IP addresses are highlighted. Implications of accidental leaks and risk mitigation strategies are explored, emphasizing the need for immediate action and key rotation.