CyberWire Daily

A cyberattack on Ukraine's largest telecom operator, hit on Russia's tax service, cybersecurity breach in the Air Force, urgent security updates from Apple, and an arrest in the Kelvin Security hacking group. Andre Durand discusses digital experiences, brand trust, loyalty, and attitudes towards security. Plus, a cautionary tale about burning bridges.

Chinese hackers target US critical infrastructure, Iranian CyberAv3ngers attack Irish village water supply. EU sets precedent with AI regulations. Lazarus Group's maneuvers unraveled. Sandman APT's ties to Chinese cyber threats. Challenges of '5Ghoul' vulnerabilities. Deceptive dangers of MrAnon infostealer. GRU's phishing tactics spread Headlace malware.

Tracy Maleeff, a cyber analyst, shares her journey from librarian to cybersecurity, emphasizing the importance of human connection and advocacy for skills. She discusses the need for diversity and inclusion in hiring and her commitment to representing library sciences and security.

Discover how Alteia and the World Bank use AWS's cloud, AI, and space tech to monitor critical road networks at scale. Learn about real-world applications in emerging economies and the transformative intersection of cloud computing, space technologies, and generative AI.

Dana Behling, researcher from Carbon Black, discusses their work on 'Hunting Vulnerable Kernel Drivers.' They discovered 34 unique vulnerable drivers, two of which were fixed by vendors. The research highlights the need for more comprehensive approaches to address these vulnerabilities and the potential risks of exploiting them.

Allan Liska, creator of a new comic book featuring the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator, discusses the challenges of updating a public domain comic book character for the modern age. Topics include the indictment of FSB hackers, a critical Bluetooth vulnerability, Russian influence efforts, encryption issues, and supply chain data breaches. The podcast also reports on a QR code campaign by Russian opposition activists to encourage people to vote against Putin.

"New vulnerability packs a punch" discusses the threat of LogoFAIL to Windows and Linux, the US DHS's healthcare cybersecurity strategy, and dual Russian influence campaigns. The podcast explores supply chain risks, increased bot activity in retail, Meta's end-to-end encryption in Messenger, and Android's Autospill vulnerability. It also features an Industry Voices segment with Todd Thorsen, CISO from CrashPlan, who provides insights on data resiliency. Lastly, the podcast covers the discovery of an alleged software 'kill switch' in Polish trains.

Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director, discusses women in cybersecurity, diversity efforts, and the future. Other topics include governments targeting push notification metadata, GRU cyber activities, Russia's AI-powered influence campaigns, ransomware's financial impacts, and TSA's embrace of AI for security.

Discussion on cyber attack denial at Sellafield nuclear site. Surge in Iranian cyberattacks on US infrastructure. Misuse of Apple's lockdown mode and a clever Disney+ scam. Application security trends and cybersecurity futures study. Insights on intersection of AI, cloud, and insider threats. Importance of data security in AI implementation and limiting access to protect data.

Lynn Dohm, Executive director of WiCyS, discusses the power of diverse perspectives in cybersecurity. Topics also include Iran's attacks on PLCs, cyber espionage by XDSpy, mobile banking fraud, repository hijacking, and creating inclusive environments in cybersecurity.