CyberWire Daily

Ellen Sundra, Vice President of Global Systems Engineering, shares her inspiring journey from college graduate to cybersecurity leader. She emphasizes the importance of education and training in tech, highlighting how soft skills complement technical expertise. Ellen discusses the challenges women face in a male-dominated industry and how gaining confidence helped her thrive. She encourages listeners to embrace their unique perspectives and stay open to diverse roles within cybersecurity for professional growth.

Dustin Moody, a mathematician at NIST specializing in post-quantum encryption standards, shares groundbreaking insights about newly finalized algorithms designed to safeguard against quantum computing threats. They discuss the selection process for robust algorithms like Crystals Dilithium and Falcon. The conversation sheds light on the vulnerabilities of traditional encryption methods such as RSA and AES, while emphasizing the vital need for organizations to transition to newer standards. Collaboration within the PQC Forum highlights the community's role in enhancing cybersecurity amid evolving technological challenges.

Robert Duncan, VP of Product Strategy at Netcraft, sheds light on the alarming implications of Mule-as-a-Service (MaaS) in global fraud schemes. He discusses how cybercriminals use MaaS to launder money, connecting various scams like romance fraud and investment scams. The conversation dives into the use of generative AI to analyze and combat these fraudulent networks. Duncan also emphasizes the importance of mapping cyber and financial infrastructures to expose vulnerabilities, offering crucial insights for preventing financial crimes.

Hackers are exploiting vulnerabilities in the LiteSpeed Cache WordPress plugin. Halliburton faces a confirmed cyberattack, while the Velvet Ant group targets Cisco appliances. The Qilin ransomware is stealing credentials from Google Chrome. Notably, a telecom company pays a hefty fine related to deepfakes. Meanwhile, NIST unveils new standards for post-quantum cryptography to tackle future risks. A phishing simulation at UCSC inadvertently causes panic over a fake Ebola virus scenario, raising concerns about sensitive topics in awareness exercises.

A critical vulnerability in a popular WordPress plugin puts millions of sites at risk. Google and Cisco rush out emergency updates to tackle actively exploited flaws. Meanwhile, Slack faces issues with AI vulnerabilities, and contactless smart cards are revealed to have backdoor risks. The FAA introduces new cybersecurity rules for aviation amidst rising cyberattacks. In an intriguing discussion, experts analyze historical cyber conflicts and the geopolitical implications of recent online disruptions.

A major American chipmaker falls victim to a cyberattack, spotlighting the vulnerabilities in Progressive Web Applications. Security updates from Microsoft create chaos for dual-boot systems, while Mandiant uncovers critical flaws in Kubernetes. The DOE launches Solarsnitch to enhance solar security, and an Iranian group uses a fake podcast for malicious lures. Guests discuss the escalating threat of deepfakes which pose risks to media, elections, and corporate integrity, urging improvements in detection tools.

The Democratic Party's 2024 platform is sharpening its focus on cybersecurity, pushing for better protections against online threats. Recent warnings highlight Iran's escalating influence operations. A major flaw in a WordPress plugin puts thousands at risk, while the Lazarus Group exploits a Windows zero-day. Toyota's data appears on a hacking forum after a breach, and Oregon Zoo suffers a credit card theft. Amazon's CISO discusses community engagement in threat intelligence, emphasizing collaboration in facing modern cyber challenges.

Discover the latest vulnerabilities in Microsoft apps for macOS that risk user privacy by exposing microphones and cameras. Learn about OpenAI's disruption of an Iranian misinformation campaign and a significant data breach affecting over 100,000 individuals. Tim Starks dives into a Russian hacking group's deceptive tactics targeting human rights organizations. Explore the decline of support for diversity initiatives in tech and innovations like Google’s auto-redaction feature to enhance mobile security against persistent cyber threats.

Robert Lee, the CEO and co-founder of Dragos, transitioned to cybersecurity through his fascination with industrial control systems. He reflects on his military-influenced upbringing and how it shaped his tech interests. Robert emphasizes the importance of securing industrial systems to ensure reliable services for future generations. He discusses the need for improved documentation and standards in this field. His vision for a safer world for his son highlights the human element behind cybersecurity efforts.

Snir Ben Shimol, an expert from ZEST Security specializing in cloud security, dives into the crucial vulnerabilities associated with Terraform providers. He reveals how community-sourced providers can pose significant risks, emphasizing the need for rigorous vetting and regular scanning. The conversation also sheds light on best practices like version pinning to mitigate these threats. Snir highlights the importance of collaboration between security teams and DevOps to enhance visibility and control, ultimately safeguarding cloud infrastructure.