CyberWire Daily

Tony Surak, a cybersecurity expert, joins the podcast to talk about the state of venture capital in the cyber market. Other topics include the NSA's purchase of Americans' internet records, senators proposing to add IT and ICS environments to federal employee cyber competitions, and the FTC questioning big tech companies about their investments in AI.

Lance Hood, cybersecurity expert, discusses rising fraud attacks on financial industry call centers. Cozy Bear breaches Hewlett Packard Enterprise. Global surveillance based on digital advertising is revealed. Cisco patches critical vulnerabilities. Meta enhances online safety of minors. iOS notifications exploited for tracking. EquiLend's systems go offline after cyberattack. DC theater faces financial crisis after bank account drained. Critical infrastructure targeted in Ukraine. Insights on ransomware. Teslas get POwned in Tokyo.

Guests Simone Petrella, President of N2K, and Lynn D, Executive Director of WiCyS, discuss a new partnership for a comprehensive Cyber Talent Study. They explore the potential ineffectiveness of data broker restrictions, the threat of AI-driven ransomware, and initiatives to promote diversity in cybersecurity through WISIS. The podcast also touches on the ban on Furbies by the NSA.

Cybersecurity expert Ann Johnson speaks with influencer Caitlin Sarian about a massive data leak, cybersecurity risks, advocacy on social media platforms, the importance of cyber and privacy awareness for the general public, and concerns surrounding HP printers.

Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. Swedish datacenter hit with ransomware. VMware patches vulnerability targeted by Chinese espionage. North Korean APTs focus on cybersecurity pros. FTC orders data broker to restrict location data. US Feds release security guidance for water and wastewater sectors. Senators question the DOJ on facial recognition technology. Ukraine’s Monobank gets DDoSed. CSO Rick Howard teases upcoming season of CSO Perspectives podcast. Tribute to David Mills, creator of NTP.

Matt Devost, a CEO with a red teamer perspective, shares his career milestones including hacking into systems on an aircraft carrier. He discusses the convergence of programming and national security studies, his research on information warfare, and the importance of solving hard problems in cybersecurity. Devost emphasizes the significance of self-directed learning and community engagement in the field.

Representatives from industry and inside government discuss the National Cybersecurity Strategy, including the emphasis on defending critical infrastructure, disrupting threat actors, shaping market forces, investing in a resilient future, and forging international partnerships. The podcast explores liability and compliance, secure software development practices in the government, collaborative approaches to cybersecurity, and the role of cybersecurity professionals in ensuring safety and security.

Jon Williams from Bishop Fox discusses their research on vulnerabilities in SonicWall firewalls. They found that 76% of scanned firewalls are vulnerable. The research explores the importance of code comments, identifies vulnerable devices, and discusses firewall bypass vulnerability research. The podcast also covers system interface accessibility and configuration, providing mitigation steps for optimal protection.

Microsoft warns of Iranian cyberespionage group. CyberSafety Review Board receives critical reviews. VMWare warns of product exploitation. Tax info leaked in accounting firm breach. Kansas State University reports cyber incident. CISA adds Citrix Netscaler vulnerabilities. UK councils suffer online disruptions. Cyber insurance can be a double edged sword. Email security breaches lead to firings. Partnership for Public Service updates Cybersecurity Talent Initiative. Generation Z vulnerable to cyber attacks.

A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestThis segment of Threat Vector dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. This thought-provoking discussion, hosted by David Moulton, director of thought leadership at Unit 42, ffocuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks. Visit Unit 42 by Palo Alto Networks to learn more. Check out the Threat Vector podcast and follow it on your favorite podcast app. Selected ReadingResearcher uncovers one of the biggest password dumps in recent history (Ars Technica)Troy Hunt: Inside the Massive Naz.API Credential Stuffing List (Troy Hunt)Feds warn China-made drones pose risk to US critical infrastructure (SC Media)TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks (The Hacker News)Swiss Government Reports Nuisance-Level DDoS Disruptions (Data Breach Today)Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners (HACKREAD)PixieFail: Nine flaws in UEFI open-source reference implementation (Security Affairs)Update Chrome! Google patches actively exploited zero-day vulnerability (Malwarebytes)Cybercrime crew infects 172,000 smart TVs and set-top boxes (Risky Biz News)Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware (Google Threat Analysis Group)Security Brief: TA866 Returns with a Large Email Campaign (Proofpoint)Each Facebook User Is Monitored by Thousands of Companies (Consumer Reports)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices