Cyber Security Headlines

Dan Holden, CISO at BigCommerce, shares his expertise on the surge of ransomware attacks targeting the agriculture sector, revealing its unique vulnerabilities. He discusses challenges faced by CISA, particularly regarding funding and the evolving nature of critical infrastructure post-COVID-19. The conversation also dives into insider threats, spotlighting a plea deal, and the NSO Group's legal battles over spyware like Pegasus. Lastly, Holden emphasizes the need for accountability in cybersecurity as organizations grapple with increasing threats in a digital landscape.

Discover the critical patch released by Cisco addressing a serious vulnerability in IOS XE, exposing unauthorized access risks. The nomination of a former Unilever CISO for a significant Pentagon role raises eyebrows in cybersecurity circles. Tune in for insights on a new zero-day vulnerability announced by SonicWall, along with the urgent need to protect systems amid rising cyber threats. Plus, hear about high-profile hacks, ransomware incidents, and the latest from the notorious Lockbit Ransomware Gang.

Europol has successfully shut down six notorious DDoS-for-hire services linked to global cyberattacks. In a surprising turn, CrowdStrike announces layoffs of 500 workers as they shift focus on revenue growth. Meanwhile, the UK government is adopting passkeys to enhance security for GOV.UK accounts against potential threats. The podcast also highlights rising cyberattacks, particularly in Poland, raising alarms over legal actions against those facilitating Russian cyber operations.

Congress is pushing back against proposed budget cuts that threaten CISA's effectiveness. A significant data breach in Texas affects over 47,000 individuals, raising alarm for cybersecurity measures in schools. Additionally, NSO Group faces a hefty $167 million payout to WhatsApp following legal disputes. The discussion also highlights modern threats like IoT exploitation and investment scams on social media, revealing vulnerabilities in widely used software.

A recent cybersecurity breach involved a hack on Signal clones, raising concerns about the integrity of encrypted communications. A warning was issued about the easyjson package, highlighting potential vulnerabilities. Meanwhile, a ransomware group claimed responsibility for attacking UK retailers, showcasing the evolving threat landscape. The discussion also touched on other cyber threats faced by organizations in Europe, including notorious groups targeting sensitive information across nations.

Microsoft is shifting away from password autofill in its Authenticator app, signaling a move toward passwordless security. The StealC malware has received stealth upgrades, raising concerns over data theft. In a controversial move, the White House is proposing significant budget cuts to CISA, potentially jeopardizing federal cyber defense efforts. Additionally, ransomware attacks are increasingly targeting the food sector, revealing a pattern of underreported incidents and concerns for cybersecurity in critical industries.

DJ Schleen, Head of Security at Boats Group, returns to discuss a shocking incident where a cybersecurity CEO was arrested for malware activities in hospitals, raising serious trust issues. They dive into the alarming surge in DDoS attacks and the FBI’s call for public assistance against the China-linked threat actor Salt Typhoon. Schleen emphasizes the security vulnerabilities of routers and smart devices in homes, advocating for better regulations and consumer awareness. The conversation highlights the importance of community engagement in tackling cybersecurity challenges.

The UK retailer Co-op is reeling from a significant cyberattack that has disrupted its operations. The FBI has issued a warning about 42,000 phishing domains associated with LabHost, raising concerns for online security. Meanwhile, the NSO Group faces potential hefty damages in their ongoing legal battles regarding WhatsApp hacks. Additionally, explore innovative cybersecurity strategies like ThreatLocker's zero-trust approach and emerging threats from groups using advanced techniques like IPv6 spoofing.

Alleged ‘Scattered Spider’ member extradited to U.S. Experts see little progress after major Chinese telecom hack Polish police take down impersonation scammers Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. For the stories behind the headlines, visit CISOseries.com.

Millions of Apple Airplay-Enabled Devices Can Be Hacked via Wi-Fi Google tracked 75 zero days exploited in the wild in 2024 France ties Russian APT28 hackers to 12 cyberattacks on French orgs   Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO.