CyberWire Daily

Old school, new threat.

Jul 10, 2024

Guest Jack Cable, Senior Technical Advisor at CISA, discusses Blast-RADIUS attack, Russian disinformation, and AI use in classrooms. Microsoft and Apple change OpenAI board seats. Australia reviews tech security. Patch Tuesday updates. CISA's Secure by Design Alert series highlighted. Plus, a cyber expert's geeky wedding.

35:29

Creator website

Episode guests

Jack Cable

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Critical vulnerabilities in RADIUS authentication due to outdated MD5 hash function highlight the need for immediate security measures and protocol updates.

US agencies disrupt Russian disinformation campaigns utilizing AI-powered fake personas, emphasizing the importance of collaboration with social media platforms for effective mitigation strategies.

Deep dives

Urgent Update: RADIUS Security Vulnerabilities Discovered

Researchers have identified critical vulnerabilities in the RADIUS authentication protocol, primarily due to the outdated MD5 hash function. These vulnerabilities enable unauthorized access to RADIUS devices by intercepting and manipulating authentication packets. Immediate security measures include transporting RADIUS traffic over TLS or DTS and implementing short-term mitigation strategies like using HMAC-MD5 for packet authentication. Over 90 vendors have issued security bulletins and patches, emphasizing the importance of updating legacy protocols for enhanced network infrastructure security.

Intro

3min

Discussion on RADIUS vulnerabilities, Russian disinformation campaign, and privacy concerns with an anonymous messaging app

6min

Cybersecurity Developments and Vulnerabilities

6min

SISA Secure by Design Alert series: Shifting the Burden of Software Security

5min

Secure by Design Initiative and Geeky Wedding

8min

Blast-RADIUS targets a network authentication protocol. The US disrupts a Russian disinformation campaign. Anonymous messaging app NGL is slapped with fines and user restrictions. The NEA addresses AI use in classrooms. Gay Furry Hackers release data from a conservative think tank. Microsoft and Apple change course on OpenAI board seats. Australia initiates a nationwide technology security review. A Patch Tuesday rundown. Guest Jack Cable, Senior Technical Advisor at CISA, with the latest from CISA's Secure by Design Alert series. Our friend Graham Cluley ties the knot.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Guest Jack Cable, Senior Technical Advisor at CISA, joins us to share an update on CISA's Secure by Design Alert series. For some background, you can find CISA’s Secure by Design whitepaper here. Details on today’s update can be found here.

Selected Reading

New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere (Ars Technica)

US Disrupts AI-Powered Russian Bot Farm on X (SecurityWeek)

FTC says anonymous messaging app failed to stop ‘rampant cyberbullying’ (The Verge)

NEA Approves AI Guidance, But It’s Vital for Educators to Tread Carefully (EducationWeek)

Hackvists release two gigabytes of Heritage Foundation data (CyberScoop)

Microsoft and Apple ditch OpenAI board seats amid regulatory scrutiny (The Verge)

Australia instructs government entities to check for tech exposed to foreign control (The Record)

Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days (BleepingComputer)

Graham Cluley ties the knot (Mastodon)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

Old school, new threat.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Urgent Update: RADIUS Security Vulnerabilities Discovered

US Disrupts Russian Disinformation Campaign Using AI

Settlement Imposes Restrictions on Anonymous Messaging App Targeting Youth

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts