CyberWire Daily

A “must patch” list in the making.

Oct 15, 2024

Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis, discusses the urgent need for data privacy regulations in the age of AI. He highlights how AI can exacerbate vulnerabilities. The conversation also touches on the rise of cyber threats ahead of the 2024 U.S. elections, including phishing scams and ransomware. Radolec emphasizes the importance of secure practices and encryption, while raising concerns about ethical challenges and user consent in data usage. It's a thought-provoking look at the intersection of technology and privacy.

36:23

Creator website

Episode guests

Matt Radolec

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

CISA has urgently classified a critical Fortinet vulnerability as a 'must patch' due to its potential for remote code execution, affecting 87,000 IPs.

The increasing use of AI necessitates stronger data privacy regulations to prevent misuse of personal information, exacerbated by the lack of federal laws in the U.S.

Deep dives

Critical Cybersecurity Vulnerabilities

CISA has identified a significant vulnerability in Fortinet that affects around 87,000 IP addresses, emphasizing the urgency for federal agencies to patch this flaw by October 30th. The vulnerability, rated 9.8 on the CVSS scale, could enable remote code execution, leading to potentially severe exploitation risks. A recent threat intelligence report from Fortinet highlights increasing phishing attempts targeting the U.S. presidential election, with numerous malicious domains being registered to impersonate legitimate fundraising sites. These trends underscore the pressing need for robust cybersecurity measures, such as multi-factor authentication and regular software updates, to mitigate these threats during sensitive times.

Intro

3min

Emerging Cyber Threats in Election Security and Software Vulnerabilities

3min

Analyzing Cyber Threats and Secure Development Practices

3min

Strengthening Cybersecurity and Identity Management Practices

5min

Navigating AI: Risks and Responsibilities

10min

Securing the Cloud: A Digital Legacy

7min

CISA adds a Fortinet flaw to its “must patch” list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse.

Selected Reading

Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds (CyberScoop)

Fortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential Election (Fortinet)

Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities (SecurityWeek)

Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign (Infosecurity Magazine)

Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds (CyberScoop)

Eight Million Users Download 200+ Malicious Apps from Google Play (Infosecurity Magazine)

TrickMo malware steals Android PINs using fake lock screen (Bleeping Computer)

CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (Bleeping Computer)

FIDO Alliance is Standardizing Passkey Portability (Thurrott)

So far, cybercriminals appear to be just shopping around for a Telegram alternative (The Record)

Ward Christensen, BBS inventor and architect of our online age, dies at age 78 (Ars Technica)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

A “must patch” list in the making.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Critical Cybersecurity Vulnerabilities

Emerging Threats in Mobile Banking

AI's Impact on Data Privacy Regulation

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts