POPULARITY
This episode features Chris Inglis, former U.S. National Cyber Director and longtime Deputy Director of the NSA.With over 40 years in national security, Chris was at the center of one of the most high-stakes breaches in U.S. history: the Edward Snowden incident.In this episode, Chris shares what really happened inside the NSA during those critical months, and how siloed systems, password sharing, and missed signals allowed Snowden to operate undetected. He unpacks key lessons on preparing for low-probability, high-impact events, defending against identity misuse, and why trust must always come with verification.This is a behind-the-scenes look at the Snowden breach, and what every cybersecurity leader needs to learn from it.Guest Bio Chris served as the first national cyber director of the United States, and as deputy director of the NSA for eight years. Chris has spent more than four decades in public service shaping the future of national cybersecurity.His career includes serving as a commissioner on the US Cyberspace, solarium Commission, and as as an advisor to the Department of Defense and the intelligence community. Chris has received numerous honors for his service, including the President's National Security Medal and the DNI distinguished service medal.A U.S. Air Force Academy graduate, he holds advanced degrees in engineering and computer science from Columbia University and the George Washington University. His military career includes over 30 years in the U.S. Air Force and Air National Guard, retiring as a brigadier general. Most recently, he served as a U.S. Naval Academy Looker Distinguished Visiting Professor for cyber studies and as a commissioner on the U.S. Cyberspace Solarium Commission.Guest Quote " The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps 01:29 The Snowden Incident: A Deep Dive 06:07 NSA's Internal Challenges and Lessons Learned 07:29 Organizational Silos and Technical Blind Spots 13:42 Crisis Management and Response Strategies 16:56 Public Perception and Trust 23:22 Misunderstandings of Snowden's Allegations 28:15 Lessons from the Snowden Incident 29:44 Cybersecurity in the Business World 29:57 How the Snowden Incident Reshaped NSA's Threat Monitoring 36:49 Strategic and Tactical Approaches to Security 42:35 Final Thoughts and TakeawaysSponsor Identity Breach Confidential is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jeff on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis
The Senate voted to confirm several Trump administration nominees before leaving town over the weekend, including new national cyber director Sean Cairncross as the President's Principal Advisor on all things cybersecurity. Karen cross faces a raft of challenges as he enters the White House for more Federal News Network's Justin Doubleday joins me now.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
The Senate voted to confirm Sean Cairncross as national cyber director Saturday, giving the Trump administration one of its top cyber officials after a more than five-month process. The vote was 59-35. President Donald Trump nominated Cairncross on Feb. 12. The Senate Homeland Security and Governmental Affairs Committee held a hearing on his nomination in early June, then voted to advance him that same month. At his hearing, Cairncross said he'd be focused on policy coordination. He fielded questions from senators about his lack of cyber experience, the biggest cyber threats, cuts to federal cybersecurity personnel and more. Cairncross has held leadership positions inside and outside of government where there's been a tenuous connection to cybersecurity. He served as CEO of the Millennium Challenge Corporation, a foreign aid agency, in the first Trump administration, along with roles in the White House. He's also a former top official at the Republican National Committee. Despite that, Cairncross has the vocal support of a number cyber experts and past government cyber officials. A new commission has been established to chart a path toward developing an independent Cyber Force for the U.S. military. The commission was started by the Center for Strategic and International Studies in partnership with the Cyber Solarium Commission 2.0 project at the Foundation for Defense of Democracies. While there have been calls historically to create a new dedicated, standalone cyber service, the effort has gained steam in recent years. Congress has sought to address these shortfalls, mostly through studies, previously. The fiscal 2025 National Defense Authorization Act initially mandated a study for alternate organizational models for military cyber elements, to include a Cyber Force, which was considered a watered-down version from previous drafts. The new commission won't be examining the efficacy of a Cyber Force — something congressional studies have already been tasked with doing — but rather, looking at the foundational issues of establishing that type of entity such as the organizational structure, core functions, roles and responsibilities, and necessary authorities. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on Apple Podcasts, Soundcloud, Spotify and YouTube.
“We're in a whole tangled mess…we've gotten ourselves into a tangled mess around not just securing our infrastructure, but also around competition for the pieces of our infrastructure.” AI has become a cornerstone of modern defense, economic security, commerce, and more. But without effective cybersecurity strategies, the technology that has helped drive U.S. innovation and productivity could become our Achilles heel. Kemba Walden, president of the Paladin Global Institute and former Acting National Cyber Director, and Devin Lynch, senior director of the Paladin Global Institute and former director in the Office of the National Cyber Director, join the podcast to discuss their new report, “The AI Tech Stack: A Primer for Tech and Cyber Policy,” and the importance of implementing effective security measures and infrastructure around its deployment.
International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. Tenable patches three high-severity vulnerabilities in Nessus Agent. Attackers can disable Secure Boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and HHS. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazis checks in with Brandon Karpf on agentic AI. When online chatbots overshare, it's no laughing Meta. CyberWire Guest Joining us today to discuss Agentic AI and it relates to cybersecurity and space with T-Minus Space Daily host Maria Varmazis is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Selected Reading Police seizes Archetyp Market drug marketplace, arrests admin (Bleeping Computer) Washington Post investigating cyberattack on journalists' email accounts, source says (Reuters) Anubis Ransomware Packs a Wiper to Permanently Delete Files (SecurityWeek) GrayAlpha Hacker Group Weaponizes Browser Updates to Deploy PowerNet Loader and NetSupport RAT (Cyber Security News) Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation (Cyber Security News) Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus (Infosecurity Magazine) Microsoft-Signed Firmware Module Bypasses Secure Boot (Gov Infosecurity) Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks (The Record) Coker: We can't have economic prosperity or national security without cybersecurity (The Record) The Meta AI app is a privacy disaster (TechCrunch) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
A new White House executive Order overhauls U.S. cybersecurity policy. The EU updates its “cybersecurity blueprint”. The Pentagon's inspector general investigates Defense Secretary Hegseth's Signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drops malware on vulnerable DVRs. 17 popular Gluestack packages on NPM have been compromised. Attackers exploit vulnerabilities in Fortigate security appliances to deploy Qilin ransomware. A Nigerian man gets five years in prison for a hacking and fraud scheme. Our guest is Tim Starks from CyberScoop, discussing Sean Cairncross' journey toward confirmation as the next National Cyber Director. Fire Stick flicks spark a full-on legal blitz. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop, to discuss Sean Cairncross, who's bringing a focus on policy coordination if confirmed as the next National Cyber Director. Selected Reading Trump Administration Revises Cybersecurity Rules, Replaces Biden Order (Infosecurity Magazine) Europe arms itself against cyber catastrophe (Politico) Pentagon watchdog investigates if staffers were asked to delete Hegseth's Signal messages (Associated Press) Chinese hackers and user lapses turn smartphones into a 'mobile security crisis' (Associated Press) iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals (SecurityWeek) New Mirai botnet infect TBK DVR devices via command injection flaw (Bleeping Computer) Malware found in NPM packages with 1 million weekly downloads (Bleeping Computer) Hackers Actively Exploiting Fortigate Vulnerabilities to Deploy Qilin Ransomware (Cyber Security News) Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison (SecurityWeek) Hacked Fire Sticks now come with more than just malware – a possible jail sentence (Cybernews) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage https://www.knostic.ai/what-we-do Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-865
Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Show Notes: https://securityweekly.com/psw-865
Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-865
Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Show Notes: https://securityweekly.com/psw-865
Cyber threats are evolving – but U.S. cyber policy coordination is still lagging behind. Four years after the establishment of the Office of the National Cyber Director, the Trump administration has a unique opportunity to establish stronger central coordination and drive meaningful improvements in how the federal government secures and defends cyberspace. How should the administration clarify and reinforce the role of the National Cyber Director? How can the administration create a more structured and accountable interagency cyber community? How can these structures set clearer national priorities and achieve the goals of deterring adversaries and advancing national resilience in cyberspace?To discuss these issues and more, FDD's Center on Cyber and Technology Innovation (CCTI) hosts a virtual conversation with former National Cyber Director Chris Inglis and John Costello, senior advisor to CSC 2.0, an initiative housed at FDD to continue the work of the congressionally mandated Cyberspace Solarium Commission. The conversation is moderated by RADM (Ret.) Mark Montgomery, senior director of CCTI and former executive director of the Cyberspace Solarium Commission with introductions by Dr. Samantha Ravich, Chair of FDD's Center on Cyber and Technology Innovation.For more, check out: https://www.fdd.org/events/2025/03/12/coaching-thecyberteam-the-future-of-the-office-of-the-national-cyber-director-and-cyber-governance/
This episode is a banger, and it is because of this article https://shorturl.at/NOtUB. It is an article on LinkedIN by Dr. Chase Cunnigham about our new "National Cyber Director." And the points Chase makes I could not have said any better (though I do add my own similar thoughts.) I think you'll like it. Again, our politicians are trying to do the cybers. Give a listen, tell a friend. Email me with thoughts at darren@thecyburguy.com.
In this episode, Ryan Williams Sr. and Shannon Tynes discuss the recent reflections of the outgoing U.S. National Cyber Director, emphasizing the ongoing challenges in cybersecurity. They highlight the need for continued efforts in the field, the importance of cyber talent, and the expectations for future leadership in cybersecurity. The conversation underscores the evolving nature of cyber threats, particularly with advancements in AI, and the critical need for knowledgeable leaders in the cybersecurity domain. Article: I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director https://www.theregister.com/2025/01/08/oncd_director_harry_coker_exit_remarks/?fbclid=IwZXh0bgNhZW0CMTAAAR05YWHFbcpprX7cer8ckH2i9zZRaX6ChKm1Cf9B97wIIOP0af_VdjsIsTA_aem_DiXrwRahjnmQVXI9LNWf9g Please LISTEN
The outgoing White House National Cyber director Harry Coker has teed up the bigcyber security issues for the incoming Trump administration. That includes recommendations on how to harmonize a growing chorus of cyber security regulations. Federal News Network's Justin Doubleday has more. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
The outgoing White House National Cyber director Harry Coker has teed up the big cyber security issues for the incoming Trump administration. That includes recommendations on how to harmonize a growing chorus of cyber security regulations. Federal News Network's Justin Doubleday has more. Learn more about your ad choices. Visit podcastchoices.com/adchoices
Four years ago, Congress created the Office of the National Cyber Director to serve as the president's senior advisor on cybersecurity, implementing national strategy, supporting whole-of-nation cyber resilience, and working with the Office of Management and Budget to align federal resourcing to growing cyber threats from criminals and nation states including China, Russia, and Iran. The office led the charge developing a new national cybersecurity strategy and executed dozens of technical, governance, workforce, and policy solutions to implement the strategy. Has this implementation bolstered national cyber resilience? Has the government developed a whole-of-nation response to cyber incidents? Are federal resources aligned to thwart and deter U.S. adversaries in cyberspace?FDD's Center on Cyber and Technology Innovation hosts remarks and a fireside chat with National Cyber Director Harry Coker, Jr. on the role of the Office of the National Cyber Director, its past successes, and lessons learned for the future. The conversation will be moderated by RADM (Ret.) Mark Montgomery, CCTI senior director and former executive director of the congressionally mandated Cyberspace Solarium Commission.For more, check out: fdd.org/events/2025/01/07/cyber-strategies-and-successes-a-conversation-with-national-cyber-director-harry-coker-jr/
Cyber policy gurus are urging the incoming Trump administration to elevate the role of the White House Office of the National Cyber Director. The three-year-old office has led some real cybersecurity strategy initiatives. But outside observers say it could be more involved in responding to major cyber incidents. Federal News Network's Justin Doubleday has the latest. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Cyber policy gurus are urging the incoming Trump administration to elevate the role of the White House Office of the National Cyber Director. The three-year-old office has led some real cybersecurity strategy initiatives. But outside observers say it could be more involved in responding to major cyber incidents. Federal News Network's Justin Doubleday has the latest. Learn more about your ad choices. Visit podcastchoices.com/adchoices
The energy transition is transforming how we power our world – clean energy systems are becoming more interconnected, automated, and reliant on digital infrastructure. But with this transformation comes a new vulnerability: cyberattacks. As our grid becomes smarter and our system more digitized, the potential for disruption grows. Earlier this year, the FBI warned of a serious threat that Chinese hackers had infiltrated U.S. critical infrastructure systems, raising the possibility of a “devastating blow” to energy and other vital services. The stakes are clear. As we move forward with the energy transition – and increasingly digitizing and electrifying our systems – we are increasingly vulnerable to cyber attacks. This week, host Jason Bordoff speaks with Harry Krejsa about the cybersecurity risks at the intersection of operational technology and information technology in the clean energy transition, the destructive capabilities of China and Russia on American critical infrastructure, and what we should be doing about it. Harry is the director of studies at the Carnegie Mellon Institute for Strategy & Technology. He was previously in the Biden White House's Office of the National Cyber Director. There, he led development of the Biden-Harris administration's National Cybersecurity Strategy, established national clean energy security priorities, and represented the U.S. government in technology security consultations with foreign partners and the global private sector. Prior to that, Harry worked at the intersection of technology, industrial strategy, and U.S.-China competition for the Department of Defense, the Cyberspace Solarium Commission, and the Center for a New American Security.
Days before a deadline for federal agencies to submit to the White House their updated zero-trust implementation plans, a coalition of government IT leaders released a guide intended to strengthen data security practices. The 42-page Federal Zero Trust Data Security Guide, spearheaded by the Federal Chief Data Officers and Federal Chief Information Security Officers councils, zeroes in on “securing the data itself, rather than the perimeter protecting it,” part of what a Thursday press release termed “a foundational pillar of effective” zero-trust implementation. By Nov. 7, federal agencies must provide their updated plans for zero-trust implementation to the Office of the National Cyber Director and the Office of Management and Budget. The Federal Acquisition Institute, a career development resource housed within the General Services Administration, recently released a credential focused on artificial intelligence prompt engineering. The credential is more evidence that federal interest in purchasing AI technology continues to grow. The tool is specifically designed to help government acquisition staff evaluate large language models, the type of technology built by OpenAI and Anthropic. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.
Camille Stewart Gloster joins us to discuss national security threats, online best practices, and election integrity ahead of Tuesday's election. She helps us identify vulnerabilities in our digital lives as well as in the fabric of our country!See omnystudio.com/listener for privacy information.
The Office of the National Cyber director is leading a hiring initiative to fill hundreds of federal cyber security positions this fall. It's called the Service for America campaign. It comes as the White House pushes for skills based hiring. For more, Federal News Network's Justin Doubleday spoke with Deputy National Cyber director Harry Wingo. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
The Office of the National Cyber director is leading a hiring initiative to fill hundreds of federal cyber security positions this fall. It's called the Service for America campaign. It comes as the White House pushes for skills based hiring. For more, Federal News Network's Justin Doubleday spoke with Deputy National Cyber director Harry Wingo. Learn more about your ad choices. Visit podcastchoices.com/adchoices
https://youtu.be/rqJGPKJmbkc This week on the podcast, we discuss guidance published by the US White House Office of the National Cyber Director that lays out a roadmap for addressing key security concerns in the BGP routing protocol. Before that, we cover a security research post from Jfrog detailing a new python package hijacking method under active exploitation as well as an analysis of the Microsoft Windows Wi-Fi driver remote code execution vulnerability patched last June.
When it comes to open cyber security jobs across the country, Seeyew Mo doesn't want to focus on the 500,000 number that's often bandied about. Mo is the assistant national cyber director for workforce training and education at the Office of the National Cyber Director in the White House. He says the focus should be on expanding who and what positions are considered part of that cyber workforce. During Federal News Network's Workplace Reimagined, Jason Miller got more from Mo. Learn more about your ad choices. Visit megaphone.fm/adchoices
When it comes to open cyber security jobs across the country, Seeyew Mo doesn't want to focus on the 500,000 number that's often bandied about. Mo is the assistant national cyber director for workforce training and education at the Office of the National Cyber Director in the White House. He says the focus should be on expanding who and what positions are considered part of that cyber workforce. During Federal News Network's Workplace Reimagined, Jason Miller got more from Mo. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
Tune in to be in the know as Craig Hill, Mike Luken, and Andy Stewart explore the crucial role of quantum safe cryptography as we approach the quantum computing era and its potential impact on current encryption methods. Discover what you need to know and how Cisco is leading the way in delivering quantum safe cryptography. The discussion begins with an overview of the urgent need to migrate to post-quantum cryptography. In the U.S., Federal agencies have been mandated by National Security Memorandum 10 to transition their cryptographic systems to withstand quantum computing attacks by 2035. This directive, enforced by the President's Office, the Office of Management and Budget (OMB), and the Office of the National Cyber Director, aims to mitigate future risks posed by quantum computers. Globally, governments, financial institutions, hospitals, and other entities requiring secure information protection are also taking steps to incorporate quantum-safe cryptography. Although quantum computers capable of breaking current encryption do not yet exist, the National Institute of Standards and Technology (NIST), in collaboration with over 100 countries and experts, has recently released the first three finalized Post-Quantum Encryption Standards. Listen in as Craig, Mike, and Andy delve into the nuances, needs, and technical details of quantum safe cryptography, and learn how Cisco is preparing for the post-quantum world.
The U.S. global development agency, USAID, is intensifying its focus on artificial intelligence, exploring both its potential benefits and challenges. Following the recent announcement of a new policy on democracy, human rights, and governance, USAID Administrator Samantha Power underscored the importance of leveraging technology to bolster democracy. However, she also cautioned about the potential misuse of these tools by authoritarian regimes to suppress dissent. In her remarks, Power said, “This policy expands our toolbox so that we can keep up with fast-moving technology that can be weaponized against citizens, it codifies our intent to counter the rise of digital repression at its source.” She noted ongoing efforts to increase transparency and raise awareness about how new technologies and data are used. Power's comments followed her meeting with Dario Amodei, CEO of Anthropic, discussing AI applications in global development, including successful deployments in Mexico and India. In cybersecurity news, National Cyber Director Harry Coker emphasized the goal of achieving federal coherence across government efforts in cybersecurity. In a CyberScoop interview, Coker, who took office seven months ago, highlighted the importance of collaboration over hierarchy within federal cybersecurity initiatives. He stated, “We lead by collaboration,” noting that the Office of the National Cyber Director prioritizes cooperative relationships over leading or dominating discussions. Coker discussed his regular interactions with Anne Neuberger and Jen Easterly, indicating robust ongoing dialogues among key cybersecurity leaders. He also mentioned collaboration with the Office of Management and Budget and the National Institute of Standards and Technology, focusing on setting cyber priorities for the fiscal year 2026 budget and promoting advancements like memory-safe computing languages. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.
In this special episode, listen in on a panel from AWS Summit Washington DC 2024, featuring: Steve Schmidt, Vice President and CSO, Amazon; Avery Alpha, Director, Principal Deputy Under Secretary for Intelligence & Analysis, Department of Homeland Security, and Jake Braun, Acting Principal National Cyber Director, White House office of the National Cyber Director.In an age where technology reigns supreme, it's time to shift our focus from the technical to the human aspect of information security. While many perceive cybersecurity as solely a technical challenge, our adversaries are undeniably human, driven by complex motivations ranging from financial gain to ideology. Drawing parallels to espionage, our panelists will dissect the importance of embedding security into organizational culture and DNA. Join us for a thought-provoking discussion as we explore the critical role of people in safeguarding against cyber threats. From understanding adversaries' motives to fostering a security-conscious culture, our panel will delve into strategies for navigating the evolving cybersecurity landscape. Gain invaluable insights into asking the right questions and crafting an integrated security strategy tailored to the demands of this new tech-forward era.
In this episode of InTechnology, Camille gets into the latest in AI policy with co-host Taylor Roberts, Director of Global Security Policy at Intel, and guests Jason Lazarski, Head of Sales at Opaque Systems, and Jonathan Ring, Deputy Assistant National Cyber Director for Technology Security at The White House Office of the National Cyber Director. They talk about the focuses and challenges of the recent AI Executive Order, similar AI policies like the AI EU Act and the EU Cyber Resilience Act, how to set industries up for success with AI policy, how countries are working together to develop AI policy, the role of confidential computing and trusted execution environments in securing encrypted data and AI models, how enterprises are adapting to new AI policy, the social challenges of AI adoption, and more. Check out our previous episodes on AI policy: Deep Dive: US Executive Order on Artificial Intelligence (Episode 181): https://cybersecurityinside.libsyn.com/181-deep-dive-us-executive-order-on-artificial-intelligence Emerging U.S. Policies, Legislation, and Executive Orders on AI (Episode 178): https://cybersecurityinside.libsyn.com/178-emerging-us-policies-legislation-and-executive-orders-on-ai The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.
On this Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation. Learn more about your ad choices. Visit megaphone.fm/adchoices
The US scrutinizes Chinese telecoms. Indonesia's national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levi's. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation. Selected Reading Exclusive: US probing China Telecom, China Mobile over internet, cloud risks (Reuters) Indonesian government datacenter locked down in $8M ransomware rumble (The Register) Taiwanese tech firms, universities, religious groups among targets in cyber-espionage campaign (The Record) New security loophole allows spying on internet users' online activity (HelpNet Security) P2PInfect botnet targets REdis servers with new ransomware module (Bleeping Computer) Credential Stuffing Attack Hits 72,000 Levi's Accounts (Infosecurity Magazine) CHERI Backers Form Alliance to Promote Memory Safety Chip (GovInfo Security) Julian Assange, WikiLeaks Founder, Agrees to Plead Guilty in Deal With U.S. (The New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Heather Engel is the Managing Partner at Strategic Cyber Partners. In this episode, she joins host Amanda Glassner to discuss a recent convening at the White House, hosted by the White House Office of the National Cyber Director, where representatives from more than 30 companies and institutions, representing a dozen industries, committed to expand opportunities for Americans and build a stronger cyber workforce. The Federal Business Council is a producer of events to foster meaningful engagement for Federal Government Agencies, the Department of Defense, and the Intelligence Community throughout the United States. To learn more about our sponsor, visit https://fbcinc.com.
The Office of the National Cyber Director is working with agencies to accelerate efforts to “clean up” insecure internet routing techniques that can lead to cybersecurity risks.White House National Cyber Director Harry Coker expects that more than half of all advertised federal IP space will adopt more secure routing agreements by the end of this year. The goal is to get to Resource Public Key Infrastructure (RPKI), which provides security for internet routing to help prevent traffic from being hijacked by hackers. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
The Office of the National Cyber Director is working with agencies to accelerate efforts to “clean up” insecure internet routing techniques that can lead to cybersecurity risks. White House National Cyber Director Harry Coker expects that more than half of all advertised federal IP space will adopt more secure routing agreements by the end of this year. The goal is to get to Resource Public Key Infrastructure (RPKI), which provides security for internet routing to help prevent traffic from being hijacked by hackers. Learn more about your ad choices. Visit megaphone.fm/adchoices
In today's episode, we discuss the White House's call for critical cybersecurity assistance for sectors like healthcare and water utilities (https://www.cybersecuritydive.com/news/white-house-seeks-critical-cyber-assistance-for-water-utilities-healthcare/716942/), analyze the compromise of JAVS Viewer software by loader malware (https://www.helpnetsecurity.com/2024/05/23/javs-viewer-malware/), and explore how rising cyberattacks are driving the growth of the cybersecurity industry, affecting companies like AWS, Cisco, and CrowdStrike (https://www.cybersecuritydive.com/news/attacks-fuel-cyber-business/716782/). Full Coker Speech: https://www.youtube.com/watch?v=1yR3kfajhk0 00:00 Introduction to the Cybersecurity Boom 01:04 The Economics of Cybersecurity 03:22 National Cyber Director's Keynote Highlights 04:14 The Cost of Cybersecurity Measures 05:19 Teenagers in Cybercrime: A Growing Concern 06:13 JAVS Viewer Malware: What You Need to Know 07:50 Conclusion and Call to Action Tags: Harry Coker Jr, healthcare, water utilities, ransomware, National Cyber Director, critical infrastructure, cyber threats, innovative strategies, cybersecurity, administration initiatives, Lapsus, teenage cybercrime, JAVS, recording software, loader malware, security risks, courtrooms, prisons, compromised software, cybersecurity vendors, digital threat landscape, market complexity Search Phrases: Initiatives by Harry Coker Jr in cybersecurity Healthcare cyber threat protection strategies Water utilities ransomware defense National Cyber Director's speech on cyber threats Administration measures against teenage cybercrime Compromised JAVS software security risks Immediate actions for JAVS Viewer users Cybersecurity vendors' role in digital threat evolution Increasing complexity in the cybersecurity market Global spending on cybersecurity in 2023 May24 Cyber attacks are propelling the cybersecurity industry to new Heights with global spending on security projected to hit in astonishing. $215 billion this year. How are cybersecurity vendors adapting to the constant evolution of cyber threats while also contributing to increased complexity in the market? National cyber director, Harry Coker Jr. Announced a sweeping initiative to fortify healthcare and water utilities against cyber threats. Highlighting a commitment to strengthen America's critical infrastructure. At a keynote speech on Wednesday. What measures is the administration taking to deter teenagers from join me, joining cyber criminal groups. Like Lapsis. Threat researchers have discovered that legitimate recording software from JAVS has been compromised with loader malware directly from the developers own site. If you're using the jabs viewer, what actions can you take? If you suspect your version has been compromised. You're listening to the daily decrypt. The cybersecurity industry is thriving. Thanks to the rise in cyber attacks. Now this makes sense. Supply and demand is the foundation of capitalism. And cyber attacks are on the rise. So of course, cybersecurity is booming, but this reminds me sort of eerily of the show fallout, which is on Amazon prime, highly recommend one of my favorite TV shows of all time. But go ahead and skip the next 15 seconds if you don't want any spoilers, but. One of the most fascinating aspects of that show is how. Valtech the maker of these volts. Was one of the top companies in the country. Because one, they preyed on citizens, fear of a nuclear war. So they made these vaults. To keep people safe in the impending nuclear bomb drop. But in order to stay on top in order to stay. Relevant. They needed that nuke to drop. And I don't think we're at that point yet with cybersecurity, I believe. The volume of cyber attacks is enough to sustain a $200 billion industry. But who knows what will happen in 10, 20, 30 years, maybe in order to stay relevant. Defender's need to start attacking. To keep that fear alive. I really hope not, but. That is the foundation of capitalism. So as mentioned, the global spending on security and risk management is projected to reach $215 billion this year, which is a 30% increase. From $165 billion in 2022. Brendan whales of the cybersecurity and infrastructure security agency or SISA. Talks about how this multi-billion dollar cyber security industry. Exists solely because the multi-billion dollar technology industry is insecure. So as the technology industry, booms naturally cybersecurity will boom, along with it. Alan Liska from recorded future criticizes, the industry for creating unnecessary complexity. And he emphasizes that the industry is currently pushing to sell expensive solutions. Over simpler, more effective ones. So this all just begs the question. If a company. Is faced with the opportunity to end cyber risk. To stop all attacks from happening. Or to create a product that will do this. Will they. Or will they continue to confuse and complicate. In order to make more and more money. National cyber director, Harry Coker Jr. Announced new actions to bolster key sectors like healthcare and water utilities. As well as combating ransomware and enhancing resilience. During a keynote speech at Auburn university's Macquarie Institute on Wednesday. In partnership with the department of health and human services. Their aim is to raise cybersecurity standards for hospitals, as well as seek additional aid for small, rural and critical care facilities. The EPA or environmental protection agency will provide more technical assistance to public water systems. The department of agriculture will invest in a program to. Integrate cyber security into rural water utilities. They've also proposed a budget to president Biden. That includes $12 million for HHS cybersecurity capacity. $25 million for sector risk management. And $25 million for a cyber grant for water utilities. And that makes me think of an Instagram real I watched yesterday. Where. It showed a video of United States, military members firing different. Weapons systems from. The 2, 4, 9, 2 rocket launchers to 50 Cal machine guns off the side of a helicopter. And as each bullet or round fired. There was a cost calculator in the top left that showing how much it costs to fire these weapons. And all of these videos were taken during training. And like one of those rockets just to fire at once costs like $19 million, just one rocket. So, yeah, $25 million to one person is a lot of money, but to the entire country's water agency. That's no money that will not help at all. That'll get them a $10 a month subscription. To some off the shelf service. Built by AI. So we got to get that up. All right. I like the intent, but we got to get that number up. In the keynote speech Coker also highlighted. Plans to crack down on criminal ransomware and to better understand the open source security risks. He's also built a partnership with the DOJ that will develop programs to deter teens from joining cyber criminal groups, like Lapsis, which recruits minors due to their short potential jail terms. And when we think about ransomware groups like lapses, my brain doesn't go to teenagers, but it is the perfect demographic. First of all, they feel invincible. They have good internet connections. They have lots of time. And they're extremely motivated by money. Like money is status in high school. And imagine being able to buy like a super nice car and take your friends out, maybe even charter a plane or something, take your friends somewhere. So that is an interesting problem to solve. And I personally don't have a solution, but let's see what they come up with with the DOJ. And finally. There's a legitimate recording software called jabs viewer. That has been compromised with loader malware and served from the official developer's website since at least April 2nd. This is according to rapid seven. The compromised installer, which is signed by Vanguard tech limited hides malware from the gate door, Russ store, family. This malware enables unauthorized remote access data collection, and further malicious payload downloads. If you're running jabs, viewer version 8.3 0.7. At this point, you have to re image all effected end points. You've got a reset, all credentials. And browser sessions to prevent unauthorized access. And update to the latest version version 8.3 0.8 or higher. Simply updating, apparently won't completely rid your device of this malware because it had remote code execution access, and it's probably loaded other things. So the only way to rid it is to. Uh, re image that end point, which totally sucks. And might not even be possible. But I'll tell you it does suck less. Then ransomware.. If you're unsure, if the device you're working with. Has been compromised. You can search for the file name F F F M peg dot exe with three F's. Which mimics the legitimate file that this software creates called F F M peg with two F's. If that three F file is found on the endpoint, you must re image the endpoint. You can also check to see if the software you have installed is digitally signed. By jabs itself. If it's signed by Vanguard tech limited, that is compromised. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.
Today, we discuss the recent Chirp Systems smart lock vulnerability, Delinea's rapid response to a critical API flaw, and the ongoing debate over ransomware payment policies. Explore the implications of these security breaches and the strategies to enhance digital safety without compromising on the details. Keywords: Cybersecurity, Chirp Systems, Delinea, Ransomware Payment Ban, Smart Locks, API Vulnerability, U.S. Cybersecurity & Infrastructure Security Agency Sources: Chirp Systems Smart Lock Issue: krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak Delinea Secret Server SOAP API Vulnerability: helpnetsecurity.com/2024/04/15/delinea-secret-server-vulnerability Ransomware Payment Ban Debate: cybersecuritydive.com/news/ransom-payment-ban-pushback/713206 Feel free to let me know if there are any tweaks you'd like to make! Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: Cybersecurity, Chirp Systems, Delinea, Ransomware, Smart Lock Security, API Vulnerability, Digital Safety, Cyber Attack, Security Breach, Tech News Search Phrases: Chirp Systems smart lock security issues Delinea SOAP API vulnerability fix Ransomware payment policy debate Cybersecurity latest news Smart lock vulnerabilities and solutions How to secure digital locks from hackers API security breaches and responses Impact of ransomware payment bans Expert analysis on Chirp Systems breach Preventing unauthorized access in smart devices Transcript: Apr16 Welcome back to the Daily Decrypt. Chirp system's smart locks are compromised With hard coded credentials, potentially unlocking 50, 000 U. S. homes remotely, warns the U. S. Cybersecurity Infrastructure Security Agency, highlighting severe oversight in digital security protocols. What can be done to secure these smart locks and prevent unauthorized remote access? Delinea acted swiftly to patch a critical vulnerability in their secret server SOAP API, which could have allowed attackers to gain administrative access and seize sensitive data. And finally, ransomware victims in the US shelled out 1. 5 billion between May 2022 and June of 2023 amidst heated debates over the effectiveness of ransomware payment bans, as highlighted by the Institute for Security and Technology. What strategies are cybersecurity experts recommending to reduce ransom payments without implementing a ban? In a recent warning issued by the U. S. Cybersecurity and Infrastructure Security Agency, or CISA, an estimated 50, 000 smart locks across the country are vulnerable to breaches due to hard coded credentials that allow remote access. These locks, developed by Chirp Systems, have been criticized for storing sensitive access information within their source code, making them susceptible to unauthorized entries with a CVSS severity rating of 9. 1 out of 10. Despite these concerns, Chirp Systems has yet to respond or collaborate with CISA to address these vulnerabilities. The issue first came to light when Matt Brown, a senior systems development engineer at Amazon Web Services, detected the flaw. Brown, while installing the Chirp app to his Access His Apartment, opted to scrutinize the app's security. He discovered that the app stored passwords and private keystrings in a decodable format, leaving residence doors wide open to potential hackers. In response to his findings, Brown approached his leasing office, which provided him with a 50 NFC key fob as a workaround. However, Brown pointed out that the FOB still transmitted the credentials in plain text, vulnerable to cloning via NFC enabled devices. The parent company of Chirp Systems, RealPage, Inc., is currently facing legal challenges including a massive lawsuit supported by the U. S. Department of Justice and multiple state attorneys general. The suits accuse RealPage of using its software to artificially inflate rents through collusion with landlords, employing algorithms that limit negotiation and push maximum possible rents on tenants. In a swift response to a security breach, Delinea, a leading provider of privileged access management solutions, recently addressed a critical vulnerability in their secret server SOAP API. The company first became aware of the issue late last week and took immediate action by blocking SOAP endpoints for its cloud customers. This precaution was necessary to mitigate any potential unauthorized access. while the cloud service was patched on the same day. By Saturday, Delenia confirmed their awareness of the vulnerability and assured that their engineering and security teams had conducted thorough investigations, revealing no evidence of compromised customer data or attempts to exploit the flaw. By Sunday, the company had released an update for Secret Server on premises, version 11. 7. 000001. Effectively fixing the vulnerability and announcing forthcoming patches for earlier versions upon completion of testing. Moreover, Delinea has provided a guide for customers using on premise versions to help determine if their systems were compromised. This includes instructions to generate custom reports to trace potentially unauthorized access, particularly from unfamiliar IP addresses which could indicate malicious activity. Kevin Beaumont, a security researcher, noted that the temporary unavailability of Delinia's secret server cloud last Friday stemmed from a published blog post by security engineer Johnny Yu, who discovered the vulnerability. Yu's post, which included a proof of concept for creating a golden token allowing admin access, was crucial in prompting the company's rapid response. Delinia has also established a continuous monitoring process updates on their service status to ensure ongoing security for their users. They urge all users to review any unusual audit records and verify the authenticity of the secret server mobile application access as part of their comprehensive security measures. In a report issued this past Wednesday, the Institute for Security and Technology's Ransomware Task Force has decided against the need for a ransomware payment ban. The report highlights several reasons, including concerns that a ban might discourage victims from reporting ransom payments, potentially pushing these transactions underground, and the complexity of any Exempting critical infrastructure. Instead of implementing a ban, the task force recommends focusing on 16 milestones they believe will effectively reduce ransom payments. And there's a quote from the RTF co chairs from an email that says, while a ban may be an easier policy lift than activities designing to drive preparedness, it will almost certainly create the wrong kind of impact. They noted a decline in organizations making payments, suggesting that current strategies may already be making an impact. Despite the resistance to a payment ban, the task force revealed that more than half of their proposed measures are already in progress or completed. These include significant policy changes like the requirement for publicly traded companies to report substantial cyber incidents, and the upcoming rule from CISA mandating that US critical infrastructure entities quickly report cyber attacks and ransom payments. The discussion on how best to tackle ransomware continues to evolve. While the Biden administration previously steered clear of a complete ban on ransomware payments, there are renewed calls for reconsidering this policy. Brett Callow, a threat analyst at Emsisoft, is an outspoken supporter of a ban, suggesting that even if attackers may not be aware of state level bans, a national policy might have a significant deterrent effect. The Ransomware Task Force, by figures like Kemba Walden, the former acting National Cyber Director, advocates for bolstering existing efforts rather than imposing new bans, indicating a strategic commitment to enhance cybersecurity resilience amidst ongoing debates. That's all I got for you today. Thanks for tuning in to this quick, news focused episode. Be sure to tune in later this week for a discussion on HackspaceCon, which just took place last weekend in Florida at Kennedy Space Center. Still working on editing that episode, but dogespan and I discussed our key takeaways and we wanted to share them with you. So stick around for that.
(3/6/24) - In today's Federal Newscast: When it comes to safety, many federal buildings can't keep up, according to the Government Accountability Office. The National Cyber Director is touting progress on the White House's cyber efforts. And a new House bill specifies how agencies should buy, use and manage artificial intelligence. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
(3/6/24) - In today's Federal Newscast: When it comes to safety, many federal buildings can't keep up, according to the Government Accountability Office. The National Cyber Director is touting progress on the White House's cyber efforts. And a new House bill specifies how agencies should buy, use and manage artificial intelligence. Learn more about your ad choices. Visit megaphone.fm/adchoices
Tune in to TechVibe Radio to hear Acting Principal Deputy National Cyber Director Jake Braun who addressed the Pittsburgh Technology Council's membership to discuss the White House's recently released National Cybersecurity Strategy. Plus, listen to Itha Cao, Director of Digital Inclusion and Innovation, talk about Neighborhood Allies' priority initiatives that improve resident access to the three critical pieces of achieving a high quality of life in the 21st century: computer literacy skills, computer ownership and high speed internet.
The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Today's guest is Tim Starks from the Washington Post's Cybersecurity 202 with China's influence operations in Taiwan, along with a look back at 2023. We'll touch on Microsoft's Patch Tuesday and why outdated password policies are still a problem. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Tim Starks from the Washington Post's Cybersecurity 202. Tim and Dave discuss China's influence operations in Taiwan, along with a look back at 2023. Selected Reading UK at high risk of ‘catastrophic ransomware attack', report says (The Guardian) Roll Call Vote 118th Congress - 1st Session (United States Senate) How Does Access Impact Risk? (IST) API and App Security: Q3 2023 Snapshot (ThreatX) The Kids Aren't Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data (tenable) Press and pressure: Ransomware gangs and the media (Sophos) BazarCall Attack Leverages Google Forms to Increase Perceived Credibility (Abnormal) Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads (esentire) Spider-Man 2 developer Insomniac Games hit by Rhysida ransomware attack (cyberdaily) Microsoft Patch Tuesday December 2023 (Sans) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
The White House released its National Cybersecurity Strategy in March and is ending the year with the first permanent National Cyber Director in nearly a year. On CyberCast, we covered it all. Take a listen back to some of the highlighted interviews with federal IT leaders, officials and experts this year as CyberCast traveled to Hawaii, California and Maryland. Our team interviewed leaders from agencies including the Federal Emergency Management Agency, the Cybersecurity Infrastructure Security Agency, the Department of Veterans Affairs and the Environmental Protection Agency. On this year-end episode of CyberCast, Managing Editor Ross Gianfortune, and Staff Writer/Researchers Jayla Whitfield and Jordan McDonald reflect on the most memorable episodes and cybersecurity topics of 2023. Featured episodes include: 1:45: The National Cyber Strategy https://governmentciomedia.com/listen-open-source-software-national-security-priority 7:00 Where the White House Wants Agencies to Prioritize Cybersecurity Investments https://governmentciomedia.com/listen-where-white-house-wants-agencies-prioritize-cybersecurity-investments 12:45 How the Pentagon Plans to Fill 30,000 Open Cyber Positions https://governmentciomedia.com/live-afcea-technet-cyber-how-pentagon-plans-fill-30000-open-cyber-positions 17:15: The White House Wants to Fix the Cybersecurity Workforce https://governmentciomedia.com/listen-white-house-wants-fix-cybersecurity-workforce
Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at Russia's AI-powered Doppelgänger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Camille Stewart Gloster, Deputy National Cyber Director, Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Camille shares her views on women in cybersecurity, their efforts in diversity, equity and inclusion and what she sees for the future. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/231 Selected Reading Governments spying on Apple, Google users through push notifications - US senator (Reuters) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian AI-generated propaganda struggles to find an audience (CyberScoop) How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) Russia's Fancy Bear launches mass credential collection campaigns (CSO) The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos) Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (CISA) CVE-2023-26360 Detail (NIST) SEC on 23andMe breach (SEC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
(11/14/23) - In today's Federal Newscast: The Technology Modernization Fund Board awards $3.5 million to establish an online "lost and found” registry for unclaimed retirement benefits. A DoD official arrested last month for involvement in a dogfighting ring, has been replaced. And Kemba Walden will step down as acting National Cyber Director at the end of the week. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.
(11/14/23) - In today's Federal Newscast: The Technology Modernization Fund Board awards $3.5 million to establish an online "lost and found” registry for unclaimed retirement benefits. A DoD official arrested last month for involvement in a dogfighting ring, has been replaced. And Kemba Walden will step down as acting National Cyber Director at the end of the week. Learn more about your ad choices. Visit megaphone.fm/adchoices
FraudGPT is a chatbot with malign intent. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. Tim Starks from Washington Post's Cybersecurity 202 on the White House's new National Cyber Director nominee. Maria Varmazis speaks with David Luber, Deputy Director of NSA's Cybersecurity Directorate, on space systems as critical infrastructure. And a kinetic strike against a cyber target: Ukrainian drones may have hit Fancy Bear's Moscow digs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/141 Selected reading. FraudGPT: The Villain Avatar of ChatGPT (Netenrich) Stealer Logs & Corporate Access (Flare) Over 400,000 corporate credentials stolen by info-stealing malware (BleepingComputer) The Alarming Rise of Infostealers: How to Detect this Silent Threat (The Hacker News) Conti and Akira: Chained Together (Arctic Wolf) Ukraine-Russia war: Ukraine vows further drone strikes on Moscow and Crimea (The Telegraph)
Two things to know today00:00 AI Concerns Prompt Voluntary Security and Trust Commitments from Tech Companies05:21 White House Turns to CIA Veteran as Preferred Choice for National Cyber DirectorAdvertiser: Gozynta: https://gozynta.com/payments/TimeZest: https://timezest.com/mspradio/Do you want the show on your podcast app or the written versions of the stories? Subscribe to the Business of Tech: https://www.businessof.tech/subscribe/Support the show on Patreon: https://patreon.com/mspradio/Want our stuff? Cool Merch? Wear “Why Do We Care?” - Visit https://mspradio.myspreadshop.comFollow us on:Facebook: https://www.facebook.com/mspradionews/Twitter: https://twitter.com/mspradionews/Instagram: https://www.instagram.com/mspradio/LinkedIn: https://www.linkedin.com/company/28908079/
In this special episode of the CAFE Insider podcast, former Acting U.S. Deputy Attorney General John Carlin interviews Chris Inglis, while Preet and Joyce are out. Inglis recently served as the first U.S. National Cyber Director, in which role he advised President Biden on cybersecurity issues and helped develop a national cyber strategy. Before that, Inglis served as Deputy Director of the National Security Agency. In this excerpt from the interview, Inglis discusses the risks artificial intelligence poses for national security, including: – The “black box problem” of AI algorithms; – The use of AI in cyberattacks; – The AI arms race among United States, China, and Russia; and – The potential use of generative AI to spread misinformation ahead of the 2024 election. In the full interview, Inglis breaks down the job of the National Cyber Director and the Biden administration's cyber strategy. Stay informed. For analysis of the most important legal and political issues of our time, become a member of CAFE Insider for one month for $1.00: www.cafe.com/insider. You'll get access to full episodes of the podcast, and other exclusive benefits. This podcast is brought to you by CAFE Studios and Vox Media Podcast Network. Check out other CAFE podcasts: Now & Then, Up Against The Mob Learn more about your ad choices. Visit podcastchoices.com/adchoices
Chris Inglis has had an illustrious career in the defense of this country, serving as an Air Force general, deputy director of the National Security Agency, and most recently as the first National Cyber Director in the White House. Chris stepped down from his position last week, and he sat down for his first interview as a private citizen with David Kris, Lawfare contributor and former assistant attorney general for the National Security Division, and Bryan Cunningham, Lawfare contributor and executive director of the University of California, Irvine's Cybersecurity Policy & Research Institute. They talked about a wide range of cyber topics, including the newly minted National Cyber Strategy, protection of critical infrastructure, cyber insurance, competition in the international front, and more.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.