CyberWire Daily

Dr. Lorrie Cranor, a leading researcher in usable security and the Director of the CyLab Security and Privacy Institute, joins Ann Johnson from Microsoft. They delve into why security tools often fail users, highlighting the disconnect between security design and real-world usability. Cranor discusses the persistent challenges with passwords, emerging strategies like passkeys, and the evolving expectations of privacy in today’s data-driven world. She emphasizes the need for user-centered design and practical testing to build effective security systems.

Crane Hassold, a Principal Security Researcher at Microsoft focusing on cybercrime and threat actors, joins Chloé Messdaghi, Senior Reporting Manager leading the Microsoft Digital Defense Report. They discuss the merging of nation-state operations with cybercrime, revealing that identity compromise is at the heart of 99% of attacks. The conversation delves into AI's dual role in enhancing attacks and bolstering defenses, while also unpacking trends in credential-based assaults and the rise of phishing. Their insights provide a valuable roadmap for organizations navigating today's complex cybersecurity landscape.

In the finale, guest Kim Jones, an experienced cybersecurity leader and former CISO, shares insights on navigating the complexities of today's tech landscape. They discuss the pitfalls of uncritical AI adoption and the importance of governance in managing shadow AI. Kim highlights the distinctions between the immediate effects of AI and the long-term threats posed by quantum computing. He emphasizes the need for CISOs to uphold professional ethics amidst rapid tech changes and advocates for education and critical thinking to close workforce skill gaps.

In this discussion, Hayden Smith, CEO of Hunted Labs and supply chain security expert, reveals the hidden dangers lurking in software supply chains. He explains how open source dependencies can lead to unseen vulnerabilities and how attackers exploit established trust. Listeners learn about real-world attacks, the significance of threat intelligence, and the growing role of AI in identifying risks. Hayden emphasizes essential practices like dependency pinning and continuous monitoring as crucial steps in safeguarding against these sophisticated threats.

Charity Wright, a threat intelligence analyst at Recorded Future, shares her fascinating journey from a U.S. Army linguist to cybersecurity expert. She discusses the transition from military life to the private sector amid a challenging job market. Charity emphasizes the importance of teamwork and bias recognition, urging listeners to embrace diverse perspectives. She also advocates for greater representation of women in cybersecurity, encouraging all to pursue their passions without being constrained by past roles.

Tom Hagel, a Principal Threat Researcher at SentinelLabs, dives deep into the recent Ghostwriter campaign targeting Ukraine and Belarusian opposition. He discusses how attackers utilize weaponized Excel documents and sophisticated obfuscation techniques to deliver malware. Hagel outlines the campaign's espionage objectives, emphasizing its ties to the Belarusian government. He also shares defensive measures like strict email filtering and disabling macros to combat such threats. Tune in for insights on evolving cyberattack strategies and their implications!

Join industry experts like Dave DeWalt, CEO of NightDragon, who highlights the need for public-private collaboration in cybersecurity. Nicole Bucala of DataBee discusses improving compliance through automation, while Michael Mastrole from Dataminr dives into using agentic AI for real-time threat detection. Joe Levy of Sophos reflects on AI's role in enhancing defenses, and Katie Jenkins of Liberty Mutual emphasizes the importance of workforce upskilling and peer collaboration. Together, they explore the evolving landscape of cybersecurity and the innovation driving it forward.

Join an intriguing exploration of cyber threats targeting the logistics industry. Discover how cybercriminals utilize clever schemes to hijack trucking operations and compromise carrier accounts. The discussion reveals historical comparisons to organized crime and the real-world tactics involved in cargo theft. Learn about the challenges of maintaining security while ensuring speedy logistics. Experts share prevention tips, from MFA to credential hygiene, keeping your supply chain safe from the latest cyber dangers.

Dive into the alarming world of data breaches exposed at the Electronic Frontier Foundation’s Breachies. Discover how companies mishandle data, like Mixpanel's vague disclosures and dating apps leaking sensitive biometric information. Learn about significant misconfigurations, such as Blue Shield’s analytics blunder and TransUnion's vulnerability through third-party apps. The podcast also humorously reimagines Christmas in a cybersecurity context with 'The 12 Days of Malware,' making complex topics entertaining and accessible.

Tim Starks, a Senior Reporter at CyberScoop, joins to dissect the latest in cybersecurity legislation and national security. He examines the recent Defense Authorization Bill and its implications for cyber provisions, including new phone security mandates. The conversation dives into funding increases for Cyber Command and NSA amidst a turbulent cybersecurity landscape. Starks also reflects on the challenges of rebuilding talent and programs in the face of growing cyber threats and the unsettling state of federal policy as we look towards 2025.