CyberWire Daily

In a special edition, cybersecurity experts share vital insights. Dave DeWalt, founder of NightDragon, highlights the latest cybersecurity trends and innovations. Nicole Bucala of DataBee emphasizes data-driven security amidst CISO challenges. Liberty Mutual's CISO Katie Jenkins discusses emerging threats and the role of AI in collaboration. Joe Levy from Sophos explores AI and integration across security platforms. Michael Mastrole from Dataminr explains how agentic AI keeps security teams ahead of threats, showcasing a future where collaboration and technology are paramount.

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications. The research can be found here: ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

In this engaging discussion, Alex Cox, Director of Information Security at LastPass, highlights the growing threats facing tax preparation agencies during the busy refund season. He navigates through the dangers of tax-related phishing attacks, urging vigilance among filers. The conversation also covers recent breaches affecting messaging apps used by government agencies and a notable data breach at a health system. Listeners will find insight into the evolving tactics of cybercriminals and the importance of robust password management.

Caleb Barlow, CEO of Cyberbit, dives into the pressing issue of the cyber skills gap, highlighting the contradictions between academic training and employer needs. He advocates for upskilling existing employees rather than just hiring new talent. Barlow also discusses the recent surge in cyber threats, such as new malware and high-profile data breaches, including the education sector. The conversation reveals the importance of practical experience and the evolving landscape of cybersecurity, emphasizing adaptability to meet modern security challenges.

Join AJ Gemer, co-founder and CTO of Lunar Outpost, and Salem El Nimri, CTO at AWS Aerospace & Satellite, as they venture into the future of space exploration. They discuss groundbreaking innovations in lunar robotics, including AI-driven navigation and the intricacies of the Stargate system for data analysis. The duo also highlights how AWS technology is revolutionizing missions on the Moon and Mars, emphasizing collaborative efforts in overcoming challenges. Learn how advanced rovers and swarm robotics are unlocking lunar mysteries!

Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups, joins to share high-energy insights from the RSAC show floor. He highlights the fallout from a $167 million verdict against NSO Group and discusses urgent hacktivist threats to U.S. infrastructure. Magee also delves into privacy risks with government apps and outlines the implications of NSA workforce reductions and evolving deepfake technologies. With server room humor, he wraps up a whirlwind of cybersecurity challenges and emerging AI trends.

Monzy Merza, Co-Founder and CEO of Crogl, dives into the pressing issues faced by Chief Information Security Officers in a rapidly evolving AI landscape. The podcast discusses a critical vulnerability in Samsung’s MagicINFO, which is currently being exploited. Malware threats like ClickFix and sophisticated phishing tactics from the Luna Moth Group are highlighted. Merza also emphasizes the need for innovative tools to enhance security analysis, as traditional methods struggle to keep up with increasing cyber threats.

Critical vulnerabilities in a Signal messaging app used by top government officials bring hard-coded credentials to light. A leaked API key from xAI raises questions about security practices. The discussion includes a new SS7 zero-day exploit and the implications of SteelC malware updates. Experts advocate for viewing cybersecurity as a business-wide responsibility, emphasizing effective collaboration and communication. The move towards a passwordless future with Passkeys also highlights innovation in cybersecurity practices.

Discover Joe Bradley’s fascinating journey from aspiring opera singer to Chief Scientist in tech. He reflects on how diverse interests, like music and literature, enhance mathematical intuition. Joe emphasizes the importance of deep exploration in one's field to foster growth and innovation. The conversation also touches on the interplay between science and effective management within teams, highlighting how structured processes can lead to better outcomes and a focus on cybersecurity risks.

Shaked Reiner, Security Principal Security Researcher at CyberArk, dives into the intriguing realm of Agentic AI and its security challenges. He elaborates on how these AI systems can perform autonomous tasks, but also become potential threats through vulnerabilities like prompt injections. Shaked emphasizes treating agent outputs as untrusted code to mitigate risks. The conversation also touches on the vital need for monitoring, auditing, and innovative security strategies to keep pace with the rapidly evolving landscape of AI threats.