CyberWire Daily

Ami Luttwak, Co-founder and CTO of Wiz, dives into a critical NVIDIA vulnerability that affects over 35% of cloud environments using AI. He reveals how this flaw could let attackers break out of containers, jeopardizing sensitive data. Discussing the need for robust security measures, he highlights the vulnerabilities in AI codebases. Luttwak also emphasizes effective isolation techniques and the role of collaboration in addressing these security challenges, paving the way for stronger AI governance and risk mitigation.

Meta is cracking down on pig-butchering scams as a major telecom hack raises national security alarms. Microsoft disrupts a phishing platform while a gambling provider faces a cyberattack. As Black Friday approaches, experts warn of scams targeting shoppers, detailing phishing tactics and counterfeit promotions. Discussions also highlight online security vulnerabilities that retailers face and offer tips for safe shopping. The legacy of BASIC programming is celebrated, emphasizing its role in making tech accessible and fostering creativity.

Avihai Ben-Yossef, Co-founder and CTO of Cymulate, shares his insights into exposure management in cybersecurity. He discusses recent trends like the takedown of the PopeyeTools cybercrime marketplace and highlights the emerging threats from ransomware groups. The conversation dives into the implications of malicious AI packages and stresses the urgency for organizations to enhance visibility in their security measures. Ben-Yossef emphasizes the role of AI in threat identification and the importance of adapting strategies to combat evolving cyber threats.

A deep dive reveals the alarming ease of tracking U.S. military personnel and the urgent security updates from Apple addressing vulnerabilities. Disturbing false threat messages targeting marginalized communities raise significant concerns. The podcast examines a serious security breach in a fintech firm and discusses advanced defenses like Mantis against malicious LLMs. A spotlight on AI highlights systemic biases in resume screening, stressing the need for transparency and policy improvements to combat discrimination. Ransomware attacks and telecom intrusions also feature prominently.

The podcast delves into the contrasting cybersecurity strategies of Biden and a potential second Trump administration. Experts analyze the growing threats to the U.S. energy sector and alarming trends in cybercrime. High-profile ransomware incidents are addressed, including a pharmacy paying a $1.3 million ransom. The spotlight is on North Korean cyber actors, transforming from targeted attacks to a broader range of cyber warfare. Unique challenges arise with Swiss scammers mailing fake alerts, showcasing the evolving tactics of cybercriminals.

CISA's Director Easterly is set to step down, raising questions about leadership changes in cybersecurity. The DHS outlines benchmarks for AI's role in critical infrastructure. Threat actors exploit zero-day vulnerabilities in firewalls and Microsoft's Admin Portal for sextortion. A recent surge in the deceptive ClickFix social engineering technique raises alarms. Meanwhile, an 18-year-old faces serious consequences for swatting, and experts discuss the rising trend of SIM swapping in telecommunications. Nuisance calls are finally on the decline!

Kevin McGee, Global Director of Cybersecurity Startups at Microsoft and former CSO at Microsoft Canada, dives deep into cyber-entrepreneurship in the age of CyberAI. He shares insights on how AI technologies are transforming the cybersecurity landscape and the importance of collaboration among innovators. McGee reflects on his journey from hacker to entrepreneur, emphasizing the need for innovation and agility in security practices. He warns of the talent gap and stresses the importance of resilient governance to tackle the rapid technological evolution.

Discover Teresa Shea's inspiring journey from math enthusiast to a leader in cybersecurity. She shares her experiences as one of the few women in her electrical engineering program and how her internship at the NSA shaped her career. The conversation delves into the evolving challenges of the intelligence sector, especially in the post-Snowden era. Teresa also emphasizes the importance of embracing new technologies and impacting future generations through STEM opportunities.

Blake Darché, Head of Cloudforce One at Cloudflare, dives into the murky world of the threat actor known as SloppyLemming. He reveals their extensive espionage campaigns targeting critical sectors in South Asia, employing tactics like credential harvesting and malware delivery. Despite their advanced methods, SloppyLemming's poor operational security has provided investigators with crucial insights. Darché emphasizes the importance of collaboration and robust defenses in mitigating these evolving cyber threats.

Ambuj Kumar, Co-founder and CEO of Simbian, discusses the transformative role of AI agents in the realm of cybersecurity. They can autonomously manage alerts and enhance security strategies, but challenges like reliability remain. Kumar also unpacks the troubling implications of Pegasus spyware and state-sponsored cyber threats that compromise sensitive data. The conversation further delves into recent vulnerabilities and the need for robust cybersecurity training to combat the evolving landscape of cybercrime.