CyberWire Daily

The UK now classifies data centers as critical national infrastructure. Cisco has patched vulnerabilities in its network operating system, while BYOD risks continue to rise. A Pennsylvania healthcare network faces a $65 million settlement from a 2023 data breach. Google Cloud introduces innovative air-gapped backup solutions. New Android banking malware TrickMo emerges, and GitLab releases a critical security update. Expert Jon France discusses communicating cyber risks to corporate boards, and some bizarre claims emerge, including Pokémon as a potential spy tool.

Join Chris Hare, a content developer and project management whiz, and George Monsalvatge, a Microsoft Azure expert, as they dive into the essentials of the Azure Fundamentals (AZ-900) Practice Test. They discuss valuable study tips and effective strategies for mastering exam content. The duo also explores the implications of Microsoft's integration of post-quantum cryptography and the FTC's new rules against fake reviews, all while highlighting critical updates from the latest Patch Tuesday. A fascinating blend of tech insights and exam prep!

Mary Haigh, the Global CISO of BAE Systems, shares her unique 15-year journey in cybersecurity, reflecting on the challenges and triumphs of rising to leadership. She emphasizes the importance of diverse team dynamics and a data-driven approach in crafting a top-notch cybersecurity workforce. Haigh discusses the need for standardized job roles and the promotion of mentorship to enhance diversity. Additionally, she outlines strategies to bridge the gap between varying levels of talent in the industry, highlighting collaboration as key to professional growth.

Delve into the intricate cyber campaign targeting Asian organizations for the PRC, exposing significant data breaches and the tactics behind them. Discover how AI is reshaping offensive security, automating crucial tasks while presenting new challenges. Recent vulnerabilities from CISA highlight urgent security concerns in various sectors. The rise of sextortion scams takes a surprising turn, while the dual-edged nature of AI prompts a reevaluation of cybersecurity strategies. Stay updated on the ever-evolving landscape of cyber threats.

Amer Deeba, CEO of Normalyze, dives into the pressing issue of shadow data – the hidden risks lurking within our digital world. He discusses the alarming Veeam software vulnerability and how recent breaches, like the Avis data theft affecting 300,000 customers, highlight the urgency of robust data security. Deeba emphasizes the challenges that organizations face in managing sensitive information and the critical need for proactive measures to prevent potential data breaches, especially in the age of digital transformation.

Ann Johnson, Corporate Vice President of Cybersecurity Business Development at Microsoft, shares her unexpected journey from aspiring lawyer to cybersecurity leader. She emphasizes the importance of mentorship and continuous learning, unveiling her passion for public key infrastructure. Ann also highlights the need for diversity in cybersecurity and advocates for a human-centric approach, focusing on empathy and user experience. Her insights aim to inspire a more inclusive and accessible industry.

Kevin Lentz, Team Leader of the Cyber Pacific Project at the Global Disinformation Lab, dives into cyber competition between the U.S. and China. He discusses a recent threatcasting report predicting future cyber threats in the Indo-Pacific. Highlighting the importance of collaboration across sectors, Lentz shares insights on strategic defenses and narrative storytelling within cybersecurity practices. The conversation emphasizes innovative strategies to tackle emerging threats, shaping the future landscape of international security.

In this discussion, Cadet Blizzard, a member of Russia's elite GRU Unit, dives into the shadowy world of cyber warfare, shedding light on the notorious Whisper Gate malware attack on Ukraine. He highlights the urgent vulnerabilities recently uncovered in Apache, SonicWall, and the Linux kernel, prompting calls for enhanced security. A special segment features Mary Haigh, Global CISO of BAE Systems, emphasizing the importance of building diverse cybersecurity teams that go beyond technical skills, fostering collaboration and mentorship in the field.

Join Sara Siegle, Chief of Strategic Communications at the NSA, and Cam Potts, co-host of the new No Such Podcast, as they delve into hot topics in cybersecurity. They discuss the U.S. disruption of Russia's misinformation campaign aimed at the 2024 election and highlight cyber threats from North Korea and Iran. The conversation also touches on a troubling cyberattack on Planned Parenthood and the challenges facing the NSA in talent retention. Insightful and eye-opening, their discussion reveals the complexities of safeguarding national security.

A shocking vulnerability in YubiKeys reveals the risks of cloning attacks. Google issues a grave warning about an Android zero-day threat. Cybercriminals are targeting Latvian websites amid geopolitical unrest. Bitcoin ATM scams are surging, alarming the Federal Trade Commission. D-Link pushes users to dump outdated routers, while Clearview AI faces hefty fines for GDPR breaches. A humorous story about unauthorized Wi-Fi on a Navy ship highlights tech risks. Plus, a guest shares valuable insights from the NSA to venture capital.