Javed Hasan, CEO and Co-founder of Lineaje, delves into the rising risks associated with open source ecosystems. He highlights alarming statistics on security vulnerabilities and stresses the urgent need for improved management practices. The discussion touches on critical cybersecurity incidents from election day, including warnings from the FBI and a significant Google Chrome update. Hasan emphasizes the necessity for governance and better analysis tools to protect software supply chains, underscoring the state of open-source security challenges.

On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Google claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management.  I spy air fry?Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.Threat Vector SegmentIn this segment of the Threat Vector podcast, host David Moulton sits down with Christopher Scott, Managing Partner at Unit 42 by Palo Alto Networks, to explore the essentials of crisis leadership and management in cybersecurity. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected ReadingIn final check-in before Election Day, CISA cites low-level threats, and not much else (The Record)Joint ODNI, FBI, and CISA Statement (FBI Federal Bureau of Investigation)Exclusive: Nakasone says all the news about influence campaigns ahead of Election Day is actually 'a sign of success' (The Record)Virginia Company and Two Senior Executives Charged with Illegally Exporting Millions of Dollars of U.S. Technology to Russia (United States Department of Justice)Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late (Forbes)Mandatory MFA is coming to Google Cloud. Here’s what you need to know (Google Cloud)Schneider Electric says hackers accessed internal project execution tracking platform (The Record)Google claims AI first after SQLite security bug discovered (The Register)Suspected Snowflake Hacker Arrested in Canada (404 Media)Is your air fryer spying on you? Concerns over ‘excessive’ surveillance in smart devices (The Guardian) Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alex Stamos, CISO at SentinelOne and a prominent figure in cybersecurity, shares crucial insights from 2024. He discusses the alarming rise in fake videos and the FBI's efforts to combat misinformation. The conversation touches on ransomware's impact on healthcare finances and the importance of diverse cybersecurity strategies in an evolving threat landscape. Stamos also emphasizes the need for proactive measures and collaboration to tackle increasing vulnerabilities and challenges in the digital world.

William MacMillan, Chief Product Officer at Andesite, shares insights from his unique background as a former CISO at the CIA and a helicopter pilot. He delves into the evolution of Security Operations Centers, discussing how automation has transformed these environments. The conversation highlights the critical balance between AI and human analysts, advocating for a collaborative model that improves decision-making. MacMillan emphasizes the importance of transparency and ethics in deploying AI tools for enhanced cybersecurity outcomes.

Dinah Davis, VP of R&D at Arctic Wolf Networks, shares her inspiring journey into cybersecurity, blending a love for math with computer science. She emphasizes how a university course and a government job guided her path. Dinah discusses the critical role networking played in her career and encourages aspiring professionals to pursue their passions despite feelings of imposter syndrome. With a focus on collaboration and personal growth, she advocates for embracing unique contributions to overcome challenges in the tech industry.

Amnon Kushnir, Director of Incident Response at Sygnia and expert in threat analysis, dives into the chilling activities of the Velvet Ant threat group. He reveals how they exploited a zero-day vulnerability in Cisco Nexus switches to deploy stealthy malware known as VelvetShell. The discussion emphasizes the challenges of detecting such advanced threats in enterprise networks. Kushnir also shares insights on improving security measures and the importance of community collaboration in combating cyber threats.

Gary Barlet, Public Sector CTO at Illumio and election security expert, dives into critical topics in the realm of election integrity. He highlights the rising threat of disinformation with Russia's influence looming large. The discussion also includes vulnerabilities found in U.S. elections, especially with decentralized systems and electronic voting technology. Barlet emphasizes the need for collaboration among tech firms and government agencies to enhance cybersecurity measures and protect voter confidence ahead of the 2024 elections.

Frederico Hakamine, a Technology Evangelist at Axonius, dives into the intricate world of cybersecurity threats affecting both individuals and critical infrastructure. He discusses the newly established election operations war room by CISA aimed at safeguarding the upcoming U.S. presidential election. The conversation highlights vulnerabilities in IoT devices and the role of AI in discovering zero-day threats. Frederico also emphasizes the importance of tailored security strategies and the risks posed by 'spooky data,' urging a proactive approach to cybersecurity.

Celebrate Halloween with a playful dive into the world of malware! The hosts blend humor and rhythm to explore cyber threats, from botnets to ransomware. With references to infamous malware like Stuxnet, they keep it entertaining. They even bring in the Shadow Brokers and the infamous Turla Trojan, all while shaking a fist at cyber chaos. It's a mashup of music and cybersecurity education that keeps you on the edge of your seat!

Election security takes center stage as a password leak raises eyebrows among Colorado officials. Ransomware attacks on CyberPanel instances leave experts concerned. Cyber threats from Russia's intelligence services escalate, while LinkedIn faces lawsuits over privacy issues. The FBI charges a Russian national linked to malware creation, highlighting global cyber cooperation. On a lighter note, a former Disney employee's antics add a dash of corporate mischief. Lastly, insights into preparing for the Certified Associate in Project Management exam offer valuable tips for aspiring project managers.