CyberWire Daily

Joe Saunders, Co-founder and CEO of RunSafe Security, dives into the pressing challenges of protecting critical infrastructure from cyber threats. He emphasizes the role of both government and commercial sectors in fortifying security measures while grappling with outdated technologies. The conversation also touches on the geopolitical implications of cybersecurity, particularly regarding China and Taiwan. Lastly, they introduce a unique CAPTCHA game to make security awareness more engaging, blending fun with essential protection strategies.

Mick Baccio, Global Security Advisor at Splunk, discusses the alarming breach of the U.S. Treasury by Chinese hackers and the vulnerabilities exposed in Chrome extensions and cloud servers. He highlights the urgent need for enhanced cybersecurity measures and the importance of collaboration between public and private sectors. Topics include proposed HIPAA updates to protect health data and the implications of recent legislative efforts. Baccio emphasizes the resilience gap and the critical need for effective security training to navigate evolving cyber threats.

Sharon Lemac-Vincere, an academic specializing in the intersection of cybersecurity and space, shares her insights on Scotland's potential leadership in these critical fields. She discusses the importance of integrating security into satellite design and emphasizes how small enterprises can overcome funding challenges. Sharon also highlights exciting opportunities for collaboration between cybersecurity experts and the space industry. Additionally, she reveals plans for a distinctive tartan spacesuit to showcase Scottish heritage in space exploration.

In this enlightening discussion, Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator, and Bob Erdman, Associate VP at Fortra, dive into the serious issue of cracked Cobalt Strike software, often exploited in ransomware attacks. They reveal innovative uses of DMCA notifications to disrupt cybercrime globally and share insights on the significant decline in active threats due to their collaborative efforts. The conversation also touches on automation's role in detecting threats and enhancing cybersecurity measures.

Mike Silverman, Chief Strategy and Innovation Officer at FS-ISAC, shares his expertise on cryptographic agility and its importance in finance. He discusses vulnerabilities from quantum computing and offers strategies for financial institutions to safeguard sensitive data. The conversation covers the pressing need to evolve cryptographic standards and actively manage cryptographic keys. Silverman underscores the urgency for organizations to prepare for a post-quantum environment, ensuring trust and security in a rapidly changing landscape.

Yonatan Zunger, CVP of AI Safety & Security at Microsoft, shares his journey from theoretical physics to AI leadership. He distinguishes between generative and predictive AI, emphasizing their unique strengths and ethical implications. Zunger highlights the need for proactive safety measures and diverse perspectives in AI development. With real-world examples, he illustrates both the benefits and risks of AI applications. The discussion encourages critical thinking about AI's evolving role in society and the importance of designing for safety.

Justin Fanelli, the Acting CTO of the US Navy, shares insights on revolutionizing the Navy's innovation process. He discusses the critical need for effective public-private partnerships to enhance national security. The conversation dives into innovative portfolio management strategies that improve operational performance. Fanelli emphasizes the importance of clear communication in innovation adoption and outlines essential steps for engaging with federal systems. This dialogue showcases a transformative approach to integrate technology into military operations.

Tia Hopkins, VP of Global Solutions Architecture at eSentire, shares her inspiring journey from engineering to a leadership role in cybersecurity. She recounts her childhood curiosity that drove her to take apart computers, and how grit led her to success without formal education. Tia emphasizes the importance of validation, having earned multiple degrees later in her career. A passionate advocate for diversity, she discusses her new organization aimed at empowering women of color in cybersecurity, fostering confidence and leadership in the industry.

Asheer Malhotra and Vitor Ventura from Cisco Talos dive into the intriguing world of mobile malware, focusing on the espionage campaign known as Operation Celestial Force. They reveal how a Pakistani group has been exploiting vulnerabilities in Indian defense and tech sectors for years. The discussion uncovers the evolution of mobile malware tactics, the role of social media in attacks, and the significance of understanding threat actor attribution. Listeners will gain insights into the urgent need for enhanced cybersecurity awareness to combat these sophisticated threats.

Selena Larson, a Proofpoint intelligence analyst and host of DISCARDED, joins Dave Bittner and Rick Howard to explore the intersection of cybersecurity and holiday cheer. They share chilling yet entertaining tales of malware and social engineering amidst festive anecdotes. The trio discusses the evolution of security measures like two-factor authentication and the rise of consumer-targeted scams. They wrap up with quirky reflections on classic holiday stories, urging listeners to stay vigilant and protect their digital lives this season.