CyberWire Daily

Tim Starks, a Senior Reporter at CyberScoop specializing in cybersecurity policy, dives into the UN's groundbreaking treaty to combat cybercrime. He discusses alarming trends, such as the exposure of sensitive security clearance data by House Democrats and the massive leak of 183 million email addresses. Starks highlights concerns over budget cuts affecting cyber preparedness and the troubling backsliding of U.S. cybersecurity posture according to the Cyberspace Solarium Commission, providing insights into what this means for future cyber resilience.

Derek Manky, Chief Security Strategist at FortiGuard Labs, shares his journey from teaching programming to becoming a key player in cybersecurity. He discusses his early interests in computers and malware analysis, highlighting the shift from basic threats to today's complex landscape. Derek emphasizes that entering the cybersecurity field can be straightforward, with numerous pathways available. He also outlines his leadership philosophy focused on teamwork and information sharing, and his mission to make a lasting impact against cybercrime.

Noam Moshe, Vulnerability Research Team Lead at Claroty, dives into alarming findings regarding vulnerabilities in Axis.Remoting. He reveals how attackers can exploit these flaws, which enable remote code execution on vital surveillance systems. With over 6,500 exposed Axis services, more than half in the U.S., the discussion highlights significant security risks to managed camera fleets. Noam emphasizes the importance of timely patching and vigilance, warning against solely relying on encryption for security.

In this engaging discussion, Chris Inglis, the first U.S. National Cyber Director, shares his insights on cyberwarfare and misinformation, emphasizing the need for societal awareness and action. He delves into the alarming vulnerabilities found in technology that powers our critical infrastructure. Inglis addresses the challenges of educating the public on cybersecurity and the urgent need for investment in this area. He also highlights the impact of recent cyber threats, such as Halloween-themed scams and attacks on key systems.

Lauren Zabierek, co-founder of the Share the Mic in Cyber initiative, and Camille Stewart Gloster, cyber policy expert, discuss the evolution of their program and the launch of the Catalyst Fellowship for cyber intelligence. They highlight the initiative's origins in amplifying Black voices in cybersecurity and dive into the fellowship's successes in professional development. The conversation also touches on the growing need for training in cyber threat intelligence amidst current cybersecurity challenges.

Ben Yelin, a researcher at the University of Maryland, discusses critical cybersecurity threats, including a foreign breach at a U.S. nuclear manufacturing site. He highlights the staggering £1.9 billion impact of the Jaguar Land Rover cyberattack and the role of AI in reshaping cybersecurity strategies. They also delve into whistleblower protections at the Social Security Administration, shedding light on retaliation claims and organizational challenges. The conversation uncovers the serious implications of cloud outages on smart technology, suggesting a pressing need for robust offline solutions.

In this engaging discussion, Josh Kamdjou, CEO of Sublime Security and former DoD white-hat hacker, shares insights on anticipating social engineering tactics from the notorious Scattered Spider. He emphasizes the importance of layered defenses and mapping valuable assets to mitigate risks. The conversation also dives into the rise of AI-driven email threats and how his company employs customized detection strategies to defend against them. Kamdjou highlights the balance between automation and human oversight in cybersecurity, ensuring rapid and accurate responses.

Ethan Cook, lead analyst and editor at N2K, shares his insights on cybersecurity regulation and privacy. He discusses the consequences of cutting resources for cyber reviews and how companies may normalize data exposure. Ethan draws parallels between AI and regulatory gaps, questioning whether current regulations stifle innovation or support it. He emphasizes the need for guidance over strict mandates and offers practical steps for adapting to policy changes. A thought-provoking look at the balance between oversight and individual responsibility!

Jeff Collins, CEO of WanAware and an expert in IT asset visibility for healthcare, dives into the implications of hospital consolidations on security. He reveals how these mergers lead to unknown assets, increasing operational risks. Collins discusses the importance of leveraging existing data for accurate inventory and emphasizes continuous discovery to adapt to tech changes. He also addresses the challenge of alert overload, advising on prioritizing high-risk incidents for cybersecurity teams to tackle effectively.

Kristin Strand, a Cybersecurity Associate Consultant at BARR Advisory, reflects on her inspiring journey from military service and teaching to a career in cybersecurity. She highlights her transition to IT through the Apprenti program, emphasizing the importance of self-teaching and goal-setting. Kristin also shares her experiences in the Army, her current drill sergeant training, and how a supportive company culture enhanced her career. Her takeaway? Be firm in your goals and clearly express what you want, as opportunities will arise.