CyberWire Daily

Celebrate Halloween with a playful dive into malware history! Hear a catchy parody tracing everything from the infamous Stuxnet to sneaky rootkits. Explore how botnets and DDoS attacks have become a daunting threat, with ransomware lurking in the shadows. The podcast also takes a humorous jab at the infamous Shadow Brokers and Snowden’s escapades. Plus, enjoy a cheeky reference to Russian Trojans! It's a fun-filled ride urging defenders to stay sharp—just remember, don’t download Flash!

Mike Anderson, the Chief Digital and Information Officer at Netskope, joins to redefine how CIOs should approach Agentic AI by thinking like HR leaders. He emphasizes the need for HR-style access controls and guardrails to manage AI agents effectively. The conversation explores the risks of automating flawed processes and the importance of redesigning workflows before adopting AI. Anderson suggests that organizations should start with small, proven use cases to avoid disruption. This insightful dialogue bridges the gap between technology and human resource management.

Ben Seri, Co-founder and CTO of Zafran, delves into the rising threat of AI-native attacks, emphasizing how attackers are leveraging AI for vulnerability discovery and malware creation. He explains how organizations can harness generative AI for improved vulnerability management and remediation, suggesting a balanced approach with human oversight. Seri also cautions about the risks of in-house AI development and the potential for new exposures. Plus, he highlights the innovative use of agentic AI to simulate impacts and automate responses in security.

David Moulton, the host of the Threat Vector segment, chats with cybersecurity experts Sarit Tager and Krithivasan Mecheri from Palo Alto Networks. They tackle the pressing issue of securing modern development in the age of AI, discussing challenges like shifting security practices and the importance of AI training for developers. The trio also dives into overlooked vulnerabilities in AI-generated code, highlighting real-world implications like the Doritos misidentification incident. A conversation not to be missed for anyone interested in the intersection of AI and cybersecurity!

Kristy Westphal, Global Security Director, dives into the crucial intersection of data privacy and cybersecurity. She emphasizes that privacy shouldn't be an afterthought but a core focus of security efforts. Kristy discusses the complexities of laws like the Cloud Act, encryption's real-world weaknesses, and how small businesses can comply with varying privacy laws. She advocates for solid legal partnerships and threat modeling that aligns with business impact, underscoring the pressing need for heightened privacy measures in today's digital landscape.

Tim Starks, a Senior Reporter at CyberScoop specializing in cybersecurity policy, dives into the UN's groundbreaking treaty to combat cybercrime. He discusses alarming trends, such as the exposure of sensitive security clearance data by House Democrats and the massive leak of 183 million email addresses. Starks highlights concerns over budget cuts affecting cyber preparedness and the troubling backsliding of U.S. cybersecurity posture according to the Cyberspace Solarium Commission, providing insights into what this means for future cyber resilience.

Derek Manky, Chief Security Strategist at FortiGuard Labs, shares his journey from teaching programming to becoming a key player in cybersecurity. He discusses his early interests in computers and malware analysis, highlighting the shift from basic threats to today's complex landscape. Derek emphasizes that entering the cybersecurity field can be straightforward, with numerous pathways available. He also outlines his leadership philosophy focused on teamwork and information sharing, and his mission to make a lasting impact against cybercrime.

Noam Moshe, Vulnerability Research Team Lead at Claroty, dives into alarming findings regarding vulnerabilities in Axis.Remoting. He reveals how attackers can exploit these flaws, which enable remote code execution on vital surveillance systems. With over 6,500 exposed Axis services, more than half in the U.S., the discussion highlights significant security risks to managed camera fleets. Noam emphasizes the importance of timely patching and vigilance, warning against solely relying on encryption for security.

In this engaging discussion, Chris Inglis, the first U.S. National Cyber Director, shares his insights on cyberwarfare and misinformation, emphasizing the need for societal awareness and action. He delves into the alarming vulnerabilities found in technology that powers our critical infrastructure. Inglis addresses the challenges of educating the public on cybersecurity and the urgent need for investment in this area. He also highlights the impact of recent cyber threats, such as Halloween-themed scams and attacks on key systems.

Lauren Zabierek, co-founder of the Share the Mic in Cyber initiative, and Camille Stewart Gloster, cyber policy expert, discuss the evolution of their program and the launch of the Catalyst Fellowship for cyber intelligence. They highlight the initiative's origins in amplifying Black voices in cybersecurity and dive into the fellowship's successes in professional development. The conversation also touches on the growing need for training in cyber threat intelligence amidst current cybersecurity challenges.