CyberWire Daily

Asheer Malhotra and Vitor Ventura from Cisco Talos dive into the intriguing world of mobile malware, focusing on the espionage campaign known as Operation Celestial Force. They reveal how a Pakistani group has been exploiting vulnerabilities in Indian defense and tech sectors for years. The discussion uncovers the evolution of mobile malware tactics, the role of social media in attacks, and the significance of understanding threat actor attribution. Listeners will gain insights into the urgent need for enhanced cybersecurity awareness to combat these sophisticated threats.

Selena Larson, a Proofpoint intelligence analyst and host of DISCARDED, joins Dave Bittner and Rick Howard to explore the intersection of cybersecurity and holiday cheer. They share chilling yet entertaining tales of malware and social engineering amidst festive anecdotes. The trio discusses the evolution of security measures like two-factor authentication and the rise of consumer-targeted scams. They wrap up with quirky reflections on classic holiday stories, urging listeners to stay vigilant and protect their digital lives this season.

Claire Rosso, CEO of ISC2, is a key advocate for workforce development in cybersecurity, emphasizing the need for diversity and inclusion in the field. She discusses the critical shortage of cybersecurity professionals and highlights initiatives designed to attract new talent, including an entry-level certification. The conversation also covers the importance of bridging gaps between accounting and cybersecurity and the role of collaboration between nonprofits and employers to enhance DEI initiatives. Rosso sheds light on fostering an inclusive environment to retain diverse talent.

Dive into a festive twist on cybersecurity with a humorous rendition of malware mischief. From keyloggers to zero days, the catchy parody highlights the lurking threats in a merry format. Special guests join the fun, blending holiday cheer with crucial warnings about cybercrime. Enjoy a light-hearted yet informative exploration that underscores the importance of staying vigilant during the holiday season!

This festive tale offers a modern twist on a classic Christmas story. Follow a contemporary Scrooge as they're visited by spirits enlightening them about the perils of phishing, vishing, and smishing. It's a humorous yet cautionary journey that highlights the importance of staying vigilant in our digital lives. Packed with holiday cheer, this narrative not only entertains but also imparts crucial cybersecurity lessons to keep you safe this season.

Clémence Poirier, a Senior cyber defense researcher at ETH Zurich with a focus on space cybersecurity, discusses the Viasat cyberattack that impacted Ukraine’s military communications just before the Russian invasion. She reveals the vulnerabilities highlighted by this attack and how it has reshaped perspectives on satellite security. Poirier also addresses the rise of hacktivist groups targeting space operations and emphasizes the urgent need for enhanced defenses in the evolving landscape of cyber threats, especially in the context of ongoing conflicts.

Allie Mellen, Principal Analyst at Forrester and expert in security operations, dives deep into the evolving landscape of cybersecurity. She discusses the game-changing role of XDR in threat detection and how it’s reshaping strategies in security operations. The conversation touches on the challenges within the SIEM market and emphasizes the need for a balance between technology and human factors in cybersecurity. Listeners gain insights on navigating complex vendor interactions and making data-driven decisions in a rapidly changing environment.

Sven Krasser, CrowdStrike's Senior VP of Data Science and Chief Scientist, delves into the critical balance between AI technology and human judgment in cybersecurity. He discusses the federal ruling against NSO Group for hacking WhatsApp and ongoing international cyber tensions, particularly between the U.S. and China. Krasser highlights the importance of incorporating AI in threat detection while also emphasizing the need for human oversight. The conversation also touches on Apple’s struggles with spyware and the unique challenges facing tech giants in today’s cyber landscape.

Jim Zufoletti, CEO and co-founder of SafeGuard Cyber, dives into his rich entrepreneurial journey that started with a B2B e-commerce venture in the mid-90s. He discusses the concept of an 'experience portfolio' and the importance of an effectual mindset for aspiring entrepreneurs in the cybersecurity space. Jim emphasizes adaptability when launching impactful businesses while considering the balance between professional goals and personal responsibilities. He also highlights the need for digital identity protection in today’s remote work environment.

Adam Khan, VP of Security Operations at Barracuda, shares insights on the alarming rise of QR code phishing, dubbed 'quishing'. He highlights how cybercriminals embed malicious QR codes in emails, tricking users into revealing their credentials. With over half a million phishing attempts detected, major brands like Microsoft and DocuSign are often impersonated. Khan emphasizes the importance of multilayered email security, AI detection tools, and employee education to combat these evolving threats.