CyberWire Daily

Devin Ertel, Chief Information Security Officer at Menlo Security, dives into redefining enterprise security with a focus on zero trust. He reveals alarming vulnerabilities in Chrome and BitLocker encryption that attackers can exploit in moments. The conversation highlights the recent shutdown of a major black market and a cyberespionage effort targeting vulnerable webmail servers. Ertel also discusses the importance of integrating AI and remote browser isolation to enhance cybersecurity measures.

Neil Hare-Brown, CEO of STORM Guidance, dives into the urgent world of Cyber Incident Response. He discusses the crucial updates from Patch Tuesday, warning of vulnerabilities in power inverters and Intel CPUs. Neil sheds light on the financial aftermath of cyberattacks, including a UK retailer's hefty insurance claim. He also emphasizes the evolving nature of the CVE program and the necessity for a holistic incident response strategy that includes legal support and crisis management. It's a must-listen for anyone concerned about cybersecurity!

In this engaging discussion, Noelle Russell, CEO of the AI Leadership Institute and an advocate for responsible AI, explains how enterprises can scale AI beyond the hype. She emphasizes the necessity of prioritizing accuracy, fairness, and security as fundamental elements in AI development. The conversation touches on the recent bid by House Republicans to restrict state regulation of AI and highlights the vital role of governance in ensuring ethical AI deployment. Noelle's insights challenge listeners to consider the larger implications of emerging technologies.

Tim Starks, Senior Reporter at CyberScoop, sheds light on the recent ClickFix social engineering attack impacting a major student platform. He discusses Google’s hefty privacy settlement with Texas and alarming data breaches affecting healthcare providers. The conversation dives into the zero-day vulnerabilities in SAP and cybersecurity threats facing IT admins. Additionally, Starks analyzes congressional reactions to proposed CISA budget cuts and their potential consequences on national security amid escalating cyber threats.

Limor Kessem, an Executive Security Advisor at IBM Security, transitioned from a childhood dream of medicine to a vibrant career in cybersecurity. She discusses the importance of passion, discipline, and continual learning in navigating the tech landscape. Limor highlights the need for innovation while tightening security measures. She also sheds light on the challenges women face in the industry, advocating for allyship and the need for diversity. Her journey emphasizes standing up for others, motivating both herself and those around her.

In a special edition, cybersecurity experts share vital insights. Dave DeWalt, founder of NightDragon, highlights the latest cybersecurity trends and innovations. Nicole Bucala of DataBee emphasizes data-driven security amidst CISO challenges. Liberty Mutual's CISO Katie Jenkins discusses emerging threats and the role of AI in collaboration. Joe Levy from Sophos explores AI and integration across security platforms. Michael Mastrole from Dataminr explains how agentic AI keeps security teams ahead of threats, showcasing a future where collaboration and technology are paramount.

This week, we are joined by Lucija Valentić, Software Threat Researcher from ReversingLabs, who is discussing "Atomic and Exodus crypto wallets targeted in malicious npm campaign." Threat actors have launched a malicious npm campaign targeting Atomic and Exodus crypto wallets by distributing a fake package called "pdf-to-office," which secretly patches locally installed wallet software to redirect crypto transfers to attacker-controlled addresses. ReversingLabs researchers discovered that this package used obfuscated JavaScript to trojanize specific files in targeted wallet versions, enabling persistence even after the malicious package was removed. This incident highlights the growing threat of software supply chain attacks in the cryptocurrency space and underscores the need for vigilant monitoring of both open-source repositories and local applications. The research can be found here: ⁠⁠Atomic and Exodus crypto wallets targeted in malicious npm campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

In this engaging discussion, Alex Cox, Director of Information Security at LastPass, highlights the growing threats facing tax preparation agencies during the busy refund season. He navigates through the dangers of tax-related phishing attacks, urging vigilance among filers. The conversation also covers recent breaches affecting messaging apps used by government agencies and a notable data breach at a health system. Listeners will find insight into the evolving tactics of cybercriminals and the importance of robust password management.

Caleb Barlow, CEO of Cyberbit, dives into the pressing issue of the cyber skills gap, highlighting the contradictions between academic training and employer needs. He advocates for upskilling existing employees rather than just hiring new talent. Barlow also discusses the recent surge in cyber threats, such as new malware and high-profile data breaches, including the education sector. The conversation reveals the importance of practical experience and the evolving landscape of cybersecurity, emphasizing adaptability to meet modern security challenges.

Join AJ Gemer, co-founder and CTO of Lunar Outpost, and Salem El Nimri, CTO at AWS Aerospace & Satellite, as they venture into the future of space exploration. They discuss groundbreaking innovations in lunar robotics, including AI-driven navigation and the intricacies of the Stargate system for data analysis. The duo also highlights how AWS technology is revolutionizing missions on the Moon and Mars, emphasizing collaborative efforts in overcoming challenges. Learn how advanced rovers and swarm robotics are unlocking lunar mysteries!