CyberWire Daily

Tim Starks, a Senior Reporter at CyberScoop, shares critical insights on how ransomware is being viewed as a public health crisis at the U.N. He discusses alarming trends, like the impact on healthcare systems and significant breaches involving major companies. The conversation shifts to geopolitical threats from North Korea and China, and the implications of political changes on cybersecurity policy. Starks also speculates on how a potential second Trump administration may influence future cybersecurity efforts.

Kevin Magee, the Chief Security Officer of Microsoft Canada and a former historian, discusses how historical insights shape his approach to cybersecurity. He emphasizes the importance of understanding the motivations behind cyber threats rather than just the attacks themselves, likening his role to that of an archer focusing on the source of arrows. Magee also shares his journey from the arts to tech, highlighting key moments in history and his passion for mentoring aspiring cybersecurity leaders.

Join Alex Stamos, Chief Information Security Officer at SentinelOne and a leading figure in cybersecurity, as he tackles 2024's tech turmoil. He discusses unprecedented breaches and crucial lessons learned in restoring trust amidst chaos. Stamos emphasizes the importance of diverse cybersecurity solutions to prevent systemic failures and advocates for adequate workforce sustainability in the face of declining professionals. Discover how AI is revolutionizing threat response strategies, empowering organizations to stay resilient against evolving adversaries.

Jon Williams, a Senior Security Engineer at Bishop Fox, reveals alarming vulnerabilities in SonicWall firewalls that affect over 178,000 devices. He delves into his research on unauthenticated denial-of-service bugs, emphasizing the critical flaws in implementation. Williams explains how 76% of scanned firewalls with open management interfaces are vulnerable and provides insights on navigating vulnerability assessments without disrupting services. This discussion underscores the urgent need for enhanced security measures to protect against potential exploits.

Aaron Griffin, Chief Architect at Sevco Security, dives into a critical Apple iOS bug related to the iPhone Mirroring feature, which can expose personal data to employers. He explains how this vulnerability in iOS 18 poses significant privacy risks for employees using company devices. The discussion also touches on the recent CISA warning about a serious flaw in Palo Alto Networks' tools and the rise of ransomware attacks targeting key suppliers. The importance of software updates and protection against emerging malware is emphasized throughout.

In this discussion, Jeremy Huval, Chief Innovation Officer at HITRUST, dives into the explosive growth of AI and the accompanying risks. He emphasizes the importance of having a structured framework for managing AI-related threats. The conversation also touches on the urgent need for a National Cyber Guard amidst rising cyber threats like SteelFox malware and North Korean campaigns targeting remote workers. Huval warns that without proper governance, the integration of AI could elevate vulnerabilities in various sectors.

Javed Hasan, CEO and Co-founder of Lineaje, delves into the rising risks associated with open source ecosystems. He highlights alarming statistics on security vulnerabilities and stresses the urgent need for improved management practices. The discussion touches on critical cybersecurity incidents from election day, including warnings from the FBI and a significant Google Chrome update. Hasan emphasizes the necessity for governance and better analysis tools to protect software supply chains, underscoring the state of open-source security challenges.

On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Google claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management.  I spy air fry?Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.Threat Vector SegmentIn this segment of the Threat Vector podcast, host David Moulton sits down with Christopher Scott, Managing Partner at Unit 42 by Palo Alto Networks, to explore the essentials of crisis leadership and management in cybersecurity. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. Selected ReadingIn final check-in before Election Day, CISA cites low-level threats, and not much else (The Record)Joint ODNI, FBI, and CISA Statement (FBI Federal Bureau of Investigation)Exclusive: Nakasone says all the news about influence campaigns ahead of Election Day is actually 'a sign of success' (The Record)Virginia Company and Two Senior Executives Charged with Illegally Exporting Millions of Dollars of U.S. Technology to Russia (United States Department of Justice)Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late (Forbes)Mandatory MFA is coming to Google Cloud. Here’s what you need to know (Google Cloud)Schneider Electric says hackers accessed internal project execution tracking platform (The Record)Google claims AI first after SQLite security bug discovered (The Register)Suspected Snowflake Hacker Arrested in Canada (404 Media)Is your air fryer spying on you? Concerns over ‘excessive’ surveillance in smart devices (The Guardian) Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alex Stamos, CISO at SentinelOne and a prominent figure in cybersecurity, shares crucial insights from 2024. He discusses the alarming rise in fake videos and the FBI's efforts to combat misinformation. The conversation touches on ransomware's impact on healthcare finances and the importance of diverse cybersecurity strategies in an evolving threat landscape. Stamos also emphasizes the need for proactive measures and collaboration to tackle increasing vulnerabilities and challenges in the digital world.

Dinah Davis, VP of R&D at Arctic Wolf Networks, shares her inspiring journey into cybersecurity, blending a love for math with computer science. She emphasizes how a university course and a government job guided her path. Dinah discusses the critical role networking played in her career and encourages aspiring professionals to pursue their passions despite feelings of imposter syndrome. With a focus on collaboration and personal growth, she advocates for embracing unique contributions to overcome challenges in the tech industry.