CyberWire Daily

In this discussion, Ian Bramson, the Global Head of Industrial Cybersecurity at Black & Veatch, tackles the pressing issue of cyberattack readiness in industrial settings. He highlights the dangers of BADBOX 2.0 malware targeting IoT devices and exposes the vulnerabilities found in Chrome extensions. Ian emphasizes the need for organizations to transition from compliance-driven practices to a more proactive cybersecurity approach. With threats evolving, he underscores the urgency of foundational security measures and board commitment to safeguard critical infrastructure.

Anika Gupta, the Chief Product Officer at Rubrik, dives into the massive data leak from China, potentially exposing over 4 billion records. She discusses the pitfalls organizations face when transitioning to the cloud, where security is often mistakenly assumed to be managed. Gupta highlights the rising threats from ransomware gangs and the critical vulnerability of U.S. infrastructure to cyberattacks. The conversation also touches on the role of leadership in enhancing security measures amidst rapid technological changes.

Rohan Pinto, CTO of 1Kosmos, sheds light on the repercussions of AI deepfakes for biometric security. He discusses the urgent need to bolster biometric systems against sophisticated digital threats. The conversation reveals limitations in traditional methods like Face ID and introduces innovative solutions such as Live ID to enhance real-time authentication. Pinto emphasizes balancing security and user accessibility while leveraging advanced analytics for effective risk management in organizations. This episode is a must-listen for anyone concerned about the future of digital identity security.

Jon Miller, CEO and Co-founder of Halcyon, specializes in anti-ransomware solutions. He dives into the emerging threat of Bring Your Own Vulnerable Driver (BYOVD) attacks, explaining their security implications. The discussion highlights recent cybersecurity incidents such as a critical Chrome zero-day vulnerability and a pivotal Splunk flaw. Miller emphasizes the need for targeted defenses against evolving ransomware tactics and explores challenges in identifying hackers amid increasing cyber risks and compliance complexities.

An international law enforcement operation successfully dismantles the AVCheck criminal organization, spotlighting a significant win against cybercrime. Meanwhile, major budget cuts loom over U.S. cybersecurity agencies, impacting crucial defenses. The rise of stealthy malware like Lactrodectus poses new threats, as vulnerabilities in high-profile software created alarm. AI's complexities in attention mechanisms reveal biases, blending physics with technology. The importance of human connection in cybersecurity is highlighted, showcasing the spirit of collaboration at conferences.

Brandon Karpf, a Lieutenant in the US Navy and Skillbridge Fellow at the CyberWire, shares his fascinating journey from the Naval Academy to a career in cyber operations. He discusses the stark contrasts between military life and his educational experience at MIT, shaped by mentorship and national security missions. As he navigates the transition to civilian life, Brandon opens up about personal identity struggles and the importance of adaptability. He emphasizes the value of community in cybersecurity and cherishing moments with loved ones while pursuing meaningful work.

John Hammond, Principal Security Researcher at Huntress, dives deep into the critical CVE-2025-30406 vulnerability affecting Gladinet CentreStack and Triofox. He shares alarming findings about how this vulnerability allows remote code execution via hardcoded keys, with hundreds of servers already compromised. John discusses the importance of endpoint security, the risks of deserialization, and proactive measures organizations can take to protect themselves. His insights underscore the urgent need for patching and security awareness among system administrators.

Matt Covington, VP of Product at Black Cloak, sheds light on cutting-edge impersonation techniques like deepfakes and the critical need for digital executive protection. He discusses alarming cybersecurity incidents, from recent DDoS attacks to the implications of regulatory changes in U.S. and Australia. Covington also emphasizes the new Browser-in-the-Middle attack targeting Safari users and provides insights on maintaining privacy and security amidst evolving threats.

Tim Starks, a senior reporter at CyberScoop specializing in cybersecurity, dives into pressing issues like the controversial collection of children's DNA for criminal databases. He highlights a troubling malware incident involving ASUS routers and new tactics from the APT41 group using Google Calendar for attacks. The discussion also covers the Salt Typhoon breach, revealing serious national security failures and the need for better public-private collaboration. Additionally, Starks addresses Victoria's Secret facing a significant cybersecurity crisis and its potential impact on consumer data.

Tony Velleca, CEO of CyberProof, brings insights on exposure management and risk-focused strategies in cybersecurity. He dives into how organizations can prioritize threats against a backdrop of a rising tide of cyberespionage activities, including allegations against Chinese hackers. The discussion sheds light on the alarming growth of AI-driven malware and highlights the need for proactive security measures. Velleca emphasizes tailored risk assessments and the importance of collaboration among security teams to counter these evolving threats effectively.