CyberWire Daily

In this discussion, guest Tim Starks, a senior reporter at CyberScoop, delves into the recent Microsoft SharePoint zero-day vulnerability affecting organizations like the National Nuclear Security Administration. He highlights the rising threat of cyberattacks on critical infrastructure and the urgent need for improved operational technology security. The conversation also covers the UK's sanctions against Russian cyber operatives and Clorox's costly lawsuit against its former IT service provider, illustrating the growing stakes in cybersecurity.

Michael Daniel, a key figure at the Cyber Threat Alliance (CTA), dives into the pressing world of cybersecurity. He discusses the recent confusion over Microsoft SharePoint zero-days and highlights the troubling rise of AI-driven ransom negotiations. Daniel emphasizes the need for collaboration and trust among cybersecurity entities, drawing from lessons learned during incidents like WannaCry. The conversation further explores the evolving challenges in public-private partnerships and the critical responses to state-sponsored cyber threats.

Recent revelations highlight critical cybersecurity issues, including Microsoft’s emergency updates for zero-day SharePoint vulnerabilities that have exposed both government and private sectors to threats. Alaska Airlines faced significant disruption from an IT outage, while the UK government is reconsidering its stance on Apple iCloud backdoors. Concerns over digital sovereignty and security breaches ripple through major tech companies like Dell and HP. Plus, a controversial request regarding amateur radio spectrum for satellite communication stirs debate amid regulatory tensions.

Anisha Patel, Associate Director at Raytheon Intelligence and Space, has dedicated her career to STEM, especially in electrical engineering. She reflects on her journey as a first-generation American navigating the challenges of female representation in engineering. Anisha emphasizes the importance of mentorship and discusses her shift into program management, highlighting the need for diversity of thought in the industry. Her leadership philosophy promotes collaboration and high standards, underscoring her vision for a more inclusive future in STEM.

George Glass, Associate Managing Director of Kroll's Cyber Risk business, sheds light on the tactics of the cybercrime group Scattered Spider. They delve into Scattered Spider's recent focus on insurance companies and their fear-based social engineering techniques. Glass explores their cartel-like structure and aggressive strategies, including insider recruitment from telecoms. Key discussions focus on adapting defense mechanisms against such evolving threats, as well as the significance of proactive measures for vulnerable industries.

Will Markow, CEO of FourOne Insights and N2K CyberWire Senior Workforce Analyst, dives into how AI is reshaping the job market amidst rising tech threats. He debunks myths about AI job loss, revealing job growth instead. The podcast discusses alarming cybersecurity threats like AI-driven malware and significant data breaches affecting millions. With companies like Google and Nvidia facing vulnerabilities, Markow emphasizes the need for skill enhancement in this evolving landscape, highlighting creative campaigns to boost cybersecurity awareness.

Jacob Oakley, Technical Director at SIXGEN and Space Lead for the DEFCON Aerospace Village, dives into the urgent challenges of space cybersecurity with host Maria Varmazis. He highlights the increasing cybercrime crackdowns, including global efforts to dismantle pro-Russian hacker networks. The discussion also touches on vulnerabilities in political cybersecurity revealed by recent ransomware attacks. Oakley stresses the vital need for collaboration between aerospace experts and cybersecurity professionals to safeguard space operations against emerging threats.

Google and Microsoft roll out critical updates to address serious cybersecurity vulnerabilities. CISA alerts about a flaw in the Wing FTP Server that’s being actively exploited. A former U.S. Army soldier pleaded guilty to hacking and extortion charges. Alarmingly, malware has been discovered hidden within DNS records. The podcast also tackles rising threats to critical infrastructure, highlighting the need for enhanced cybersecurity legislation and skilled professionals to combat the growing complexities of cyber risks.

Ethan Cook, an analyst at N2K, delves into pressing cybersecurity issues. He discusses the recent leak of API keys by a DOGE employee and the alarming rise in malware linked to North Korean hackers. The conversation shifts toward the launch of MITRE's new framework aimed at securing digital financial systems amid looming budget cuts. Cook shares insights on the cybersecurity workforce gap and reflects on inspiring stories, including a hacker who turned hero, emphasizing collaboration and accountability in the industry.

Cynthia Kaiser, Senior Vice President at Halcyon’s Ransomware Research Center and former FBI Cyber Division leader, dives into the world of cyber fraud. She reveals the tactics of Scattered Spider, a group known for sophisticated social engineering and aggressive business targeting. The discussion extends to vulnerabilities in systems, including a major tax fraud scheme leading to arrests, and the rise of ransomware threats. Kaiser emphasizes the crucial need for enhanced cybersecurity measures as both luxury brands and other sectors face increasing risks.