CyberWire Daily

Steve Deitz, President of MANTECH's Federal Civilian Sector, delves into the innovative concept of cell-based Security Operations Centers (SOC). He highlights the urgent need for quick compliance, especially in light of the recent Microsoft Exchange vulnerabilities. The conversation also touches on the shift from espionage to financial crime by hackers, and how community efforts like the Franklin Project are bolstering cybersecurity. A humorous cautionary tale reveals the pitfalls of AI dietary advice—reminding listeners of the potential quirks of technology.

In this discussion, Ed Amoroso shares his journey from childhood fascination with ARPANET to becoming the CEO of TAG Cyber. He emphasizes the importance of foundational skills in networking and databases before diving into security, which he believes should be a natural progression. Ed reflects on impactful mentorships during his career and the evolution of cybersecurity, highlighting how experiences at places like Bell Labs helped shape his path. His insights provide a refreshing perspective on how to navigate a successful career in tech.

Nicolás Chiaraviglio, Chief Scientist at Zimperium's zLabs, specializes in malware detection and analysis. He delves into the advanced 'DoubleTrouble' mobile banking trojan, discussing its evolution and modern distribution methods like malicious APKs via Discord. Chiaraviglio highlights its sophisticated features such as screen recording and keylogging while emphasizing Zimperium's effective detection tools against these threats. He also shares strategies for safeguarding against mobile banking risks in an era of evolving cyber challenges.

David Wiseman, Vice President of Secure Communications at BlackBerry, dives into the daunting landscape of secure communications. He sheds light on the prevalent misconceptions that cloud understanding in this field. The discussion reveals how vulnerabilities in open-source tools and recent cyberattacks pose significant risks. Wiseman also touches on the challenges of end-to-end encryption and the implications of AI's role in communication security, urging a reevaluation of our current safety measures.

Ryan Whelan, Managing Director and Global Head of Cyber Intelligence at Accenture, joins to discuss critical cybersecurity topics emerging from Black Hat. He highlights a severe vulnerability in Microsoft Exchange Server and its implications for hybrid deployments. The alarming rise in data breaches affecting major organizations, including a Dutch airline and a French telecom, is addressed. Whelan also shares insights on evolving cyber threats like zero-click attacks and the notorious VexTrio cybercrime network, emphasizing the importance of community collaboration in cybersecurity.

Join Sarah Powazek from UC Berkeley's Center for Long-Term Cybersecurity as she unveils her innovative roadmap to enhance cyber defense for community organizations. Stacey Cameron, CISO at Halcyon, shares insights from Black Hat USA 2025, emphasizing the dynamic nature of cybersecurity discussions. They delve into pressing topics like vulnerabilities in major tech products, community resilience against cyber threats, and the importance of mentorship in the cybersecurity field, making it a rich resource for both novices and veterans.

Nigel Hedges, Executive General Manager of Cyber & Risk at Chemist Warehouse and Sigma Healthcare, emphasizes the importance of treating cybersecurity as a business imperative rather than just a technical issue. He discusses how this shift can aid in board-level discussions and align cybersecurity spending with overall business goals. Additionally, the conversation delves into rising cybersecurity threats, including phishing attacks and ransomware incidents, showcasing the evolving landscape that businesses must navigate.

Tim Starks, a senior reporter at CyberScoop, dives into the latest developments in cybersecurity policy. He discusses the U.S. Senate's confirmation of a national cyber director and the proposed Cyber Force amidst rising cyber threats. Starks highlights the alarming tactics of cybercriminals, including link wrapping for phishing attacks. The podcast also covers the spicy allegations between the U.S. and China over the exploitation of a Microsoft zero-day vulnerability and privacy concerns surrounding AI mishaps.

Hannah Kenney, a Manager at BARR Advisory's Cyber Risk Advisory Practice, shares her unexpected pathway into cybersecurity, ignited by a surprising passion during an information systems class. She emphasizes the importance of creative problem-solving in her work and advocates for a people-first approach in cybersecurity. Hannah also highlights the value of mentorship and resilience, inspiring young women to embrace growth in technology. Her journey reflects a unique blend of curiosity and dedication in a field often viewed as technical.

Eric Woodruff, Chief Identity Architect at Semperis, dives into the critical nOAuth authentication flaw affecting SaaS applications. He reveals how this vulnerability allows attackers to impersonate users with just an email address, leading to potential data breaches. The discussion highlights the urgent need for SaaS vendors to adopt more secure OpenID Connect practices. Woodruff also shares insights on the challenges of securing Active Directory and the complexities surrounding responsible disclosure in the tech industry.