CyberWire Daily

Volker Wagner, Chief Information Security Officer at BASF, dives into the intricate world of industrial cybersecurity. He discusses the ongoing threat landscape, highlighting espionage and ransomware as key concerns. Wagner shares insights on implementing zero trust frameworks to enhance resilience against attacks and the delicate balance between fostering innovation and maintaining security controls. He advocates for meaningful industry collaboration, emphasizing the importance of real-time partnerships to build trust and effectively defend against emerging threats.

Leo Scott, Chief Innovation Officer at DataTribe, discusses the evolving DataTribe Challenge, emphasizing its competitive format as a launchpad for cybersecurity startups. Anita D'Amico, a past winner, shares her Cinderella story from R&D to acquisition, highlighting the invaluable support she received. Greg Baker from Balance Theory explains the challenges of pitching and the benefits of DataTribe’s mentorship. Brian Proctor of Frenos shares his journey of creating AI-driven cybersecurity solutions, detailing how winning the Challenge boosted their visibility and investor interest.

Sloane Menkes, a Principal at PricewaterhouseCoopers' Cyber Risk Practice, shares her captivating journey from a non-linear math enthusiast to a cybersecurity leader. She discusses how a simple question, 'What is the 2%?', motivates her during tough times. Sloane reflects on her experiences at the Air Force Academy and influences from mentors like Howard Schmidt. She thrives in the dynamic consulting world and encourages women to pursue cybersecurity, emphasizing the importance of mentorship and continuous learning.

Assaf Dahan, Director of Threat Research at Cortex XDR and a leading investigator with Unit 42, reveals the secrets behind Phantom Taurus, a newly identified Chinese espionage group. They discuss its shift from email to targeting databases, showcasing the sophisticated NET-STAR malware suite designed for stealthy infiltration of government and telecommunications sectors. Dahan highlights the group's persistence and custom tools, emphasizing its strategic move towards higher-value intelligence collection. He also shares critical defensive tips for organizations to enhance their IT hygiene.

Brian Vecci, Field CTO at Varonis and data security expert, joins the discussion on rapid innovation amidst security risks. He highlights the challenges organizations face with unknown threats as they adopt AI technologies. Vecci exposes how innocent queries can lead to significant data leaks via collaboration tools. He also warns about data sprawl and emphasizes the need for robust controls in a landscape full of vulnerabilities. A fascinating exploration of how to innovate quickly without compromising sensitive data!

Cynthia Kaiser, Senior Vice President of Halcyon's Ransomware Research Center and former FBI Deputy Assistant Director, shares her insights on the recent CISA furloughs. She discusses how the shutdown jeopardizes cybersecurity operations and information sharing among agencies. Kaiser highlights the risks companies face without liability protections and how reduced staffing affects multi-agency responses. She also offers practical advice for employees dealing with the emotional and financial impacts of furloughs.

Tim Starks, a Senior Reporter at CyberScoop, delves into the alarming findings of a Senate Democrats' report on the Department of Government Efficiency (DOGE). He highlights that DOGE has operated outside privacy and cybersecurity regulations, sparking concerns about agency practices. The discussion also touches on bipartisan oversight efforts and how agencies have reacted to these findings. Starks warns citizens to stay vigilant about cybersecurity issues, emphasizing the importance of public engagement in governance.

CISA sounds the alarm over a critical sudo vulnerability that could lead to privilege escalation. South Korea escalates its cyber threat level after a data center fire raises concerns. Microsoft disrupts an AI-enhanced phishing campaign using malicious SVGs, while landlords face accusations of scraping sensitive payroll data. Cybercriminals prepare for potential FIFA fraud leading up to 2026. Plus, insights into the evolution of hacker culture and the burnout impacting cybersecurity professionals.

A Chinese state-sponsored group exploits enterprise devices for global espionage. The UK backs Jaguar Land Rover with a £1.5 billion loan following cyberattacks. A critical flaw in Fortra's file transfer product is under active exploitation. Akira ransomware bypasses MFA, raising security concerns. Dutch teens are arrested for spying near Europol, highlighting youth recruitment in espionage. Harrods suffers a significant data breach affecting thousands, while Interpol targets cybercrime in Africa. A deep dive into Japan's cybersecurity ecosystem reveals intriguing insights.

Joe Carrigan, a senior security engineer at the Johns Hopkins University Information Security Institute, shares his winding career journey from a theater enthusiast to a tech expert. He reveals how a chance conversation led him to pursue IT, the importance of cybersecurity education, and his concerns about the public’s cyber hygiene. Joe emphasizes the power of networking, noting that most of his job opportunities stem from his connections. His insights blend personal anecdotes with practical advice for anyone looking to navigate a career in technology.