CyberWire Daily

Meta is cracking down on pig-butchering scams as a major telecom hack raises national security alarms. Microsoft disrupts a phishing platform while a gambling provider faces a cyberattack. As Black Friday approaches, experts warn of scams targeting shoppers, detailing phishing tactics and counterfeit promotions. Discussions also highlight online security vulnerabilities that retailers face and offer tips for safe shopping. The legacy of BASIC programming is celebrated, emphasizing its role in making tech accessible and fostering creativity.

Avihai Ben-Yossef, Co-founder and CTO of Cymulate, shares his insights into exposure management in cybersecurity. He discusses recent trends like the takedown of the PopeyeTools cybercrime marketplace and highlights the emerging threats from ransomware groups. The conversation dives into the implications of malicious AI packages and stresses the urgency for organizations to enhance visibility in their security measures. Ben-Yossef emphasizes the role of AI in threat identification and the importance of adapting strategies to combat evolving cyber threats.

A deep dive reveals the alarming ease of tracking U.S. military personnel and the urgent security updates from Apple addressing vulnerabilities. Disturbing false threat messages targeting marginalized communities raise significant concerns. The podcast examines a serious security breach in a fintech firm and discusses advanced defenses like Mantis against malicious LLMs. A spotlight on AI highlights systemic biases in resume screening, stressing the need for transparency and policy improvements to combat discrimination. Ransomware attacks and telecom intrusions also feature prominently.

The podcast delves into the contrasting cybersecurity strategies of Biden and a potential second Trump administration. Experts analyze the growing threats to the U.S. energy sector and alarming trends in cybercrime. High-profile ransomware incidents are addressed, including a pharmacy paying a $1.3 million ransom. The spotlight is on North Korean cyber actors, transforming from targeted attacks to a broader range of cyber warfare. Unique challenges arise with Swiss scammers mailing fake alerts, showcasing the evolving tactics of cybercriminals.

CISA's Director Easterly is set to step down, raising questions about leadership changes in cybersecurity. The DHS outlines benchmarks for AI's role in critical infrastructure. Threat actors exploit zero-day vulnerabilities in firewalls and Microsoft's Admin Portal for sextortion. A recent surge in the deceptive ClickFix social engineering technique raises alarms. Meanwhile, an 18-year-old faces serious consequences for swatting, and experts discuss the rising trend of SIM swapping in telecommunications. Nuisance calls are finally on the decline!

Discover Teresa Shea's inspiring journey from math enthusiast to a leader in cybersecurity. She shares her experiences as one of the few women in her electrical engineering program and how her internship at the NSA shaped her career. The conversation delves into the evolving challenges of the intelligence sector, especially in the post-Snowden era. Teresa also emphasizes the importance of embracing new technologies and impacting future generations through STEM opportunities.

Blake Darché, Head of Cloudforce One at Cloudflare, dives into the murky world of the threat actor known as SloppyLemming. He reveals their extensive espionage campaigns targeting critical sectors in South Asia, employing tactics like credential harvesting and malware delivery. Despite their advanced methods, SloppyLemming's poor operational security has provided investigators with crucial insights. Darché emphasizes the importance of collaboration and robust defenses in mitigating these evolving cyber threats.

Ambuj Kumar, Co-founder and CEO of Simbian, discusses the transformative role of AI agents in the realm of cybersecurity. They can autonomously manage alerts and enhance security strategies, but challenges like reliability remain. Kumar also unpacks the troubling implications of Pegasus spyware and state-sponsored cyber threats that compromise sensitive data. The conversation further delves into recent vulnerabilities and the need for robust cybersecurity training to combat the evolving landscape of cybercrime.

In this conversation, guest Sarah Hutchins, a partner at Parker Poe law firm and an expert in state data privacy laws, sheds light on the complexities businesses face in navigating these regulations. She discusses the rise of state privacy laws and their implications for compliance. The dialogue also touches on major cybersecurity challenges, from Chinese intrusions in telecom systems to the urgent need for enhanced security measures. Sarah emphasizes understanding the patchwork of laws to avoid legal pitfalls while remaining proactive in an evolving digital landscape.

Cybersecurity is front and center as federal agencies reveal the most exploited vulnerabilities of the past year. A significant ransomware attack rattles Sheboygan, while authorities crack down on cybercriminals linked to high-profile breaches. Tensions rise over a UN cybercrime treaty, balancing security needs with potential human rights abuses. On a lighter note, legal troubles mount for Bitcoin Jesus with a staggering $48 million tax fraud charge, highlighting the challenges in the cryptocurrency landscape.