CyberWire Daily

It’s always DNS, but that may just be FUD.

Feb 14, 2024

Ann Johnson, Director for Cyber and Critical Infrastructure Security, talks with Frank Cilluffo about cyber threats to critical infrastructure. They discuss DNS attacks, FUD in cybersecurity marketing, a government email server breach, a class-action lawsuit by law enforcement, and burglaries using Wi-Fi jammers. Additionally, they touch on a copyright case against OpenAI and Microsoft's security patch update.

29:11

Creator website

Episode guests

Ann Johnson

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

A critical DNS sec flaw called key trap poses a serious threat to the availability of essential internet services, requiring a redesign of DNS sec core principles.

A report on fear, uncertainty, and doubt (FUD) in cybersecurity highlights the need for a critical approach to understanding and addressing cybersecurity risks.

Deep dives

DNS sec flaw threatens internet infrastructure

Researchers have discovered a critical DNS sec flaw called key trap that poses a serious threat to the availability of essential internet services like web browsing and email. The flaw, present for over two decades, exploits a design vulnerability that can exhaust CPU resources, affecting over 31% of web clients. Though patches have been released, fully mitigating the threat requires a redesign of DNS sec core principles.

Introduction

3min

DNS Attacks, Cybersecurity FUD, Data Breaches, Lawsuits, Burglaries, and Copyright Cases

7min

Campaign Utilizing Flawed Internet Shortcut Files

6min

Common Trends in Cyber Threats and the Cybersecurity of Critical Infrastructure

2min

Analysis of Critical Infrastructure and Online Scams

7min

It’s always DNS, but that may just be FUD. The DoD notifies victims of a cloud email server leak. New Jersey cops sue online data brokers. Crooks use WiFi jammers to thwart security systems. A copyright case against OpenAI is partially dismissed. Patch Tuesday includes two actively exploited zero days. CharmingCypress gathers political intelligence. Ann Johnson from Microsoft Security’s Afternoon Cyber Tea podcast talks with Frank Cilluffo, Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. And beware Cupid’s misleading arrow.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Ann Johnson from Microsoft Security’s Afternoon Cyber Tea podcast talks with Frank Cilluffo, Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. Check out the episode with the full conversation between Ann and Frank here.

Selected Reading

KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers (SecurityWeek)

US military notifies 20,000 of data breach after cloud email leak (TechCrunch)

New Jersey law enforcement officers sue 118 data brokers for not removing personal info (The Record)

Minnesota burglars are using Wi-Fi jammers to disable home security systems (TechSpot)

Sarah Silverman’s lawsuit against OpenAI partially dismissed (The Verge)

Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws (BleepingComputer)

DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability (The Hacker News)

CharmingCypress Use Poisoned VPN Apps to Install Backdoor (Cyber Security News)

Beyond the Hype: Questioning FUD in Cybersecurity Marketing (SecurityWeek)

Valentine's Day Scams Woo the Lonely-Hearted (Security Boulevard)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

It’s always DNS, but that may just be FUD.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

DNS sec flaw threatens internet infrastructure

Examining FUD in cybersecurity

Data breach exposes sensitive military emails

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts