CyberWire Daily

Join Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity as she unveils her innovative roadmap to enhance cyber defense for community organizations. Stacey Cameron, CISO at Halcyon, shares insights from Black Hat USA 2025, emphasizing the dynamic nature of cybersecurity discussions. They delve into pressing topics like vulnerabilities in major tech products, community resilience against cyber threats, and the importance of mentorship in the cybersecurity field, making it a rich resource for both novices and veterans.

Nigel Hedges, Executive General Manager of Cyber & Risk at Chemist Warehouse and Sigma Healthcare, emphasizes the importance of treating cybersecurity as a business imperative rather than just a technical issue. He discusses how this shift can aid in board-level discussions and align cybersecurity spending with overall business goals. Additionally, the conversation delves into rising cybersecurity threats, including phishing attacks and ransomware incidents, showcasing the evolving landscape that businesses must navigate.

Tim Starks, a senior reporter at CyberScoop, dives into the latest developments in cybersecurity policy. He discusses the U.S. Senate's confirmation of a national cyber director and the proposed Cyber Force amidst rising cyber threats. Starks highlights the alarming tactics of cybercriminals, including link wrapping for phishing attacks. The podcast also covers the spicy allegations between the U.S. and China over the exploitation of a Microsoft zero-day vulnerability and privacy concerns surrounding AI mishaps.

Hannah Kenney, a Manager at BARR Advisory's Cyber Risk Advisory Practice, shares her unexpected pathway into cybersecurity, ignited by a surprising passion during an information systems class. She emphasizes the importance of creative problem-solving in her work and advocates for a people-first approach in cybersecurity. Hannah also highlights the value of mentorship and resilience, inspiring young women to embrace growth in technology. Her journey reflects a unique blend of curiosity and dedication in a field often viewed as technical.

Eric Woodruff, Chief Identity Architect at Semperis, dives into the critical nOAuth authentication flaw affecting SaaS applications. He reveals how this vulnerability allows attackers to impersonate users with just an email address, leading to potential data breaches. The discussion highlights the urgent need for SaaS vendors to adopt more secure OpenID Connect practices. Woodruff also shares insights on the challenges of securing Active Directory and the complexities surrounding responsible disclosure in the tech industry.

Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, joins to discuss a critical vulnerability in SUSE Manager, revealing how it can be exploited for root access. He delves into recent hackers planting Raspberry Pis in banks and Russian state-backed attacks on diplomats. The conversation shifts to Scattered Spider, a financially motivated group using advanced social engineering, and highlights the urgent need for better cybersecurity measures amid rising threats and an evolving landscape of cyber tactics.

In this discussion, Ann Galchutt, Technical Lead at CISA, sheds light on their groundbreaking open-source eviction strategy tool aimed at enhancing cyber incident response. She reveals how the tool addresses vulnerabilities exposed by major malware campaigns, including those from North Korea's Lazarus Group. The conversation also highlights the importance of community collaboration and proactive measures in refining incident response strategies. Jermaine Roebuck from CISA joins her to emphasize a new approach to tackling emerging cyber threats, including clever mobile malware.

In this discussion, Keith Mularski, a retired FBI Special Agent and Chief Global Ambassador at Qintel, shares insights on a state of emergency declared in St. Paul due to a major cyberattack. He highlights urgent cybersecurity threats, including a critical vulnerability in SAP NetWeaver and the implications of personal data exposure in AI datasets. Mularski also discusses his transition from FBI investigations to the private sector, emphasizing the cultural shifts and challenges in combating cybercrime. Expect a mix of serious topics and engaging anecdotes!

Jason Schultz, a Technical Leader for Cisco Talos, dives into critical cybersecurity issues, particularly focusing on the vulnerabilities lurking in PDF files. He discusses the alarming Tea dating app breach, revealing the personal data at stake. The conversation delves into government actions against cyber threats and the exploitation of software flaws, emphasizing the necessity for enhanced security measures. Through thrilling insights, Schultz highlights the tricks attackers use in phishing scams, making the case for increased awareness and user education.

In this installment, Ben Yelin, from the University of Maryland Center for Cyber Health and Hazard Strategies, delves into major cyber breaches impacting Russia's Aeroflot and U.S. insurance giant Allianz Life. He highlights the emergence of the Chaos ransomware group and the need for new regulations on data brokers. There’s critical discussion on the Cybersecurity and Information Sharing Act’s impending expiration, including its role in fostering collaboration against cyber threats amidst rising tensions.