CyberWire Daily

Ben Nunez, CEO and co-founder of Evercoast, discusses his company's innovative approach to training data for embodied AI and robotics after winning the DataTribe Challenge. He highlights the importance of data integrity and how their multidisciplinary team brings diverse expertise from industries like animation. They also touch on the implications of recent budget cuts on U.S. cybersecurity, the emergence of cybercrime alliances, and the evolving legislative landscape around tech and data security.

Deepen Desai, Chief Security Officer at Zscaler, shares insights on AI's transformative role in Zero Trust security. He discusses how AI enhances threat prevention and automates data discovery, leading to better user experiences and efficient operations. Desai explains the need for robust governance to secure AI and highlights its financial benefits, advocating for its adoption to remain competitive. He warns that organizations must embrace AI to combat adversarial threats or risk falling behind in the ever-evolving security landscape.

Dr. Sasha O'Connell, Senior Director for Cybersecurity Programs at Aspen Digital and former FBI official, delves into the Aspen Cyber Summit's mission and ten years of cybersecurity progress. She discusses pressing issues like critical software vulnerabilities, CISA's controversial layoffs, and the return of Gootloader malware. O'Connell debates the complexities of offensive cyber operations and emphasizes the need for public education on cyber threats. Her insights illuminate the evolving landscape of cybersecurity policy.

Frank X. Shaw, Chief Communications Officer at Microsoft, joins Ann Johnson to delve into the vital role of communication in cybersecurity. They discuss how transparency can build trust during cyber incidents and the importance of breaking down silos between teams. Shaw emphasizes the transformative impact of AI on crisis communications, enabling faster insights and more effective responses. The conversation also highlights how tailored and localized security messaging can change employee behavior and enhance overall security culture.

Ben Yelin, a researcher at the University of Maryland Center for Cyber Health and Hazard Strategies, dives into ICE's controversial facial recognition initiative. He reveals the alarming policy that individuals cannot refuse a scan, raising Fourth Amendment issues. Yelin discusses the long retention periods for biometric data and the potential racial biases in the technology. Heightened security concerns are juxtaposed with civil liberties implications, as Yelin explores the reliability claims made by DHS and the legal challenges looming over this intrusive approach.

Merry Marwig, Vice President of Global Communications & Advocacy at Privacy4Cars, sheds light on the overlooked privacy risks associated with modern vehicles. She discusses how cars collect sensitive data like geolocation and biometrics, often without consumer awareness. Merry critiques the traditional notice-and-consent model and emphasizes the need for data sanitization in rental and fleet services. With real-world examples, she reveals the potential dangers of defleeted cars and calls on security leaders to reshape their approach to privacy in the automotive sector.

Caleb Tolan, host of Rubrik's Data Security Decoded podcast and an expert in data security research, joins the discussion on critical cybersecurity issues. He highlights the FCC's plan to roll back cybersecurity regulations established after the Salt Typhoon incident. Tolan also sheds light on surprising allegations against ransomware negotiators engaging in attacks themselves and discusses the implications of a massive data leak by Ernst & Young. He shares insights into his podcast's goals of bridging technical and policy narratives in cybersecurity.

Arti Lalwani, a knowledge leader in risk management and privacy at A-LIGN, shares her inspiring journey from finance to tech. She discusses how an unexpected hardware job opened new doors in her career. Arti emphasizes her commitment to inclusive management and the importance of mentorship, particularly for women in cybersecurity. She reflects on overcoming confidence barriers with the help of mentors and offers valuable advice for those facing career transitions, urging perseverance and strong support systems.

In this discussion, Dario Pasquini, a Principal Researcher at RSAC Labs specializing in AI security, explores groundbreaking research on subverting LLM-driven AIOps through telemetry manipulation. He unveils AIOpsDoom, a method that tricks automated systems to perform harmful actions, and contrasts it with traditional prompt injections. Dario introduces AIOpsShield, a proposed defense mechanism to counter these threats, emphasizing the urgent need for security-first designs in AI operations. This eye-opening dialogue highlights the delicate balance between innovation and security in tech.

Emily Austin, a Principal Security Researcher at Censys, sheds light on the alarming trends of nation-state attacks targeting critical infrastructure. She discusses how exposed devices and default credentials make these systems enticing targets. Key points include the dangers of remote access and the risks posed by specific devices like PLCs and building controls. Emily emphasizes the importance of proactive measures such as using VPNs and eliminating internet exposure to protect against these sophisticated threats.