CyberWire Daily

Ben Yelin, a researcher at the University of Maryland Center for Cyber Health and Hazard Strategies, dives into ICE's controversial facial recognition initiative. He reveals the alarming policy that individuals cannot refuse a scan, raising Fourth Amendment issues. Yelin discusses the long retention periods for biometric data and the potential racial biases in the technology. Heightened security concerns are juxtaposed with civil liberties implications, as Yelin explores the reliability claims made by DHS and the legal challenges looming over this intrusive approach.

Merry Marwig, Vice President of Global Communications & Advocacy at Privacy4Cars, sheds light on the overlooked privacy risks associated with modern vehicles. She discusses how cars collect sensitive data like geolocation and biometrics, often without consumer awareness. Merry critiques the traditional notice-and-consent model and emphasizes the need for data sanitization in rental and fleet services. With real-world examples, she reveals the potential dangers of defleeted cars and calls on security leaders to reshape their approach to privacy in the automotive sector.

Caleb Tolan, host of Rubrik's Data Security Decoded podcast and an expert in data security research, joins the discussion on critical cybersecurity issues. He highlights the FCC's plan to roll back cybersecurity regulations established after the Salt Typhoon incident. Tolan also sheds light on surprising allegations against ransomware negotiators engaging in attacks themselves and discusses the implications of a massive data leak by Ernst & Young. He shares insights into his podcast's goals of bridging technical and policy narratives in cybersecurity.

Arti Lalwani, a knowledge leader in risk management and privacy at A-LIGN, shares her inspiring journey from finance to tech. She discusses how an unexpected hardware job opened new doors in her career. Arti emphasizes her commitment to inclusive management and the importance of mentorship, particularly for women in cybersecurity. She reflects on overcoming confidence barriers with the help of mentors and offers valuable advice for those facing career transitions, urging perseverance and strong support systems.

In this discussion, Dario Pasquini, a Principal Researcher at RSAC Labs specializing in AI security, explores groundbreaking research on subverting LLM-driven AIOps through telemetry manipulation. He unveils AIOpsDoom, a method that tricks automated systems to perform harmful actions, and contrasts it with traditional prompt injections. Dario introduces AIOpsShield, a proposed defense mechanism to counter these threats, emphasizing the urgent need for security-first designs in AI operations. This eye-opening dialogue highlights the delicate balance between innovation and security in tech.

Emily Austin, a Principal Security Researcher at Censys, sheds light on the alarming trends of nation-state attacks targeting critical infrastructure. She discusses how exposed devices and default credentials make these systems enticing targets. Key points include the dangers of remote access and the risks posed by specific devices like PLCs and building controls. Emily emphasizes the importance of proactive measures such as using VPNs and eliminating internet exposure to protect against these sophisticated threats.

Celebrate Halloween with a playful dive into malware history! Hear a catchy parody tracing everything from the infamous Stuxnet to sneaky rootkits. Explore how botnets and DDoS attacks have become a daunting threat, with ransomware lurking in the shadows. The podcast also takes a humorous jab at the infamous Shadow Brokers and Snowden’s escapades. Plus, enjoy a cheeky reference to Russian Trojans! It's a fun-filled ride urging defenders to stay sharp—just remember, don’t download Flash!

Mike Anderson, the Chief Digital and Information Officer at Netskope, joins to redefine how CIOs should approach Agentic AI by thinking like HR leaders. He emphasizes the need for HR-style access controls and guardrails to manage AI agents effectively. The conversation explores the risks of automating flawed processes and the importance of redesigning workflows before adopting AI. Anderson suggests that organizations should start with small, proven use cases to avoid disruption. This insightful dialogue bridges the gap between technology and human resource management.

Ben Seri, Co-founder and CTO of Zafran, delves into the rising threat of AI-native attacks, emphasizing how attackers are leveraging AI for vulnerability discovery and malware creation. He explains how organizations can harness generative AI for improved vulnerability management and remediation, suggesting a balanced approach with human oversight. Seri also cautions about the risks of in-house AI development and the potential for new exposures. Plus, he highlights the innovative use of agentic AI to simulate impacts and automate responses in security.

David Moulton, the host of the Threat Vector segment, chats with cybersecurity experts Sarit Tager and Krithivasan Mecheri from Palo Alto Networks. They tackle the pressing issue of securing modern development in the age of AI, discussing challenges like shifting security practices and the importance of AI training for developers. The trio also dives into overlooked vulnerabilities in AI-generated code, highlighting real-world implications like the Doritos misidentification incident. A conversation not to be missed for anyone interested in the intersection of AI and cybersecurity!