Podcasts about national cyber director

Watch The X22 Report On Video No videos found (function(w,d,s,i){w.ldAdInit=w.ldAdInit||[];w.ldAdInit.push({slot:17532056201798502,size:[0, 0],id:"ld-9437-3289"});if(!d.getElementById(i)){var j=d.createElement(s),p=d.getElementsByTagName(s)[0];j.async=true;j.src="https://cdn2.decide.dev/_js/ajs.js";j.id=i;p.parentNode.insertBefore(j,p);}})(window,document,"script","ld-ajs");pt> The layoff number show no signs of a weakening labor market. Jobs are coming back to the US. The fake news will not admit that the economy is improving, but the people will feel it. The Fed cannot control employment or inflation with QE, they use it to keep their system alive. Banks are getting message, crypto will be included in the future economy of the US. The [DS] attacks will intensify as we get closer to the midterms, they will use division tactics with the people and the military. The [DS] is trying to muddy the water with the Epstein files, this has already failed. The [DS] is pushing war to keep their crimes from being exposed. Trump has initiated the cyber attack offensive strategy. Trump and we the people have the leverage and control. Economy (function(w,d,s,i){w.ldAdInit=w.ldAdInit||[];w.ldAdInit.push({slot:18510697282300316,size:[0, 0],id:"ld-8599-9832"});if(!d.getElementById(i)){var j=d.createElement(s),p=d.getElementsByTagName(s)[0];j.async=true;j.src="https://cdn2.decide.dev/_js/ajs.js";j.id=i;p.parentNode.insertBefore(j,p);}})(window,document,"script","ld-ajs"); Layoffs Show No Signs of a Weakening Labor Market If the labor market is weakening, it's on the job-creation side of the equation, maybe in part due to AI.     the four-week average, which largely irons out the week-to-week squiggles, and which ticked up to 216,750, seasonally adjusted, which is historically low, and in the same low range that it has been in for the past four years. This is administrative data, not survey-based data. Freshly laid-off people filed these applications for unemployment insurance at state unemployment agencies, which then reported them to the US Department of Labor by the weekly deadline, which then combined the data and published it today. In a longer timespan going back to the 1970s, initial claims are very low, despite the growth of nonfarm payrolls over the decades. They were lower only during the tight labor market of 2018 and 2019 and during the labor shortages coming out of the pandemic. Layoffs show no signs of a weakening labor market. If the labor market is weakening, it's on the job-creation side of the equation. So layoffs are low, but once laid off, it takes people longer to find a job as companies have slowed their hiring, but even that has improved since the summer. Source: wolfstreet.com   for having created, with No Inflation, perhaps the Greatest Economy in the History of our Country? When will people understand what is happening? When will Polls reflect the Greatness of America at this point in time, and how bad it was just one year ago? https://twitter.com/profstonge/status/1999141753442414645?s=20 https://twitter.com/TheCryptoLark/status/1999161790886711747?s=20 Political/Rights Tim Walz Vows to Bring More Somalis to Minnesota, Despite Growing Fraud Scandal Reaching Into the Billions Minnesota Governor Tim Walz is vowing to bring more Somali immigrants to his state, despite the massive fraud scandal that has unfolded in the Minnesota Somali community on his watch. The Washington Free Beacon reports: Tim Walz Pledges To ‘Welcome More' Somalis Into Minnesota as Evidence of Staggering Fraud Scheme Makes National Headlines CBS News reports: https://twitter.com/amuse/status/1999531988210909599?s=20 Source: thegatewaypundit.com Garcia. But immigration courts do not issue such a form, and Congress removed district courts from reviewing these cases nearly 30 years ago. By declaring the order “nonexistent,” she manufactured jurisdiction and granted release. Her six month obstruction of Garcia's removal shows exactly why Congress barred district judges from intervening in INA cases. Trump Admin Pulls 9,500 Truck Drivers Off The Road For Failing English Tests  https://twitter.com/SecDuffy/status/1998787357416501638?s=20 Source: zerohedge.com Democrat Rep. Attempts to Embarrass Kristi Noem by Introducing Her to a ‘Harmless' Veteran She Supposedly Deported – But the Move Backfires When the Actual Truth is Revealed (VIDEO) During the hearing, Rep. Seth Magaziner (D-MA) decided to ambush Noem, first by demanding how many US military veterans she had deported. When Noem responded that she had not, the congressman then pulled out his next nasty stunt. “We are joined on Zoom by a gentleman named Sae Joon Park. He is a United States combat veteran who was shot twice,” Magaziner announced. “Like many veterans, he struggled with PTSD, he was arrested in the 1990s for some minor drug offenses. “He never hurt anyone besides himself. He is a Purple Heart recipient; he has sacrificed more for this country than most people ever have,” he added. “Earlier this year, you deported him to Korea, a country he has not lived in since he was seven.” “Will you join me in thanking Mr. Park for his service?” Noem said she would, but reiterated that America's laws needed to be enforced, which displeased Magaziner. https://twitter.com/EricLDaugh/status/1999200511820763484?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1999200511820763484%7Ctwgr%5E71b314ce22abe6b529570dbbaed5501f8b066bd1%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fwww.thegatewaypundit.com%2F2025%2F12%2Fdemocrat-rep-attempts-embarrass-kristi-noem-introducing-her%2F  Park had a removal order over felony drug charges and bail jumping – and was NOT a citizen, but a green card holder. Democrats lie, lie, LIE. https://twitter.com/TriciaOhio/status/1999207164603433210?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1999207164603433210%7Ctwgr%5E71b314ce22abe6b529570dbbaed5501f8b066bd1%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fwww.thegatewaypundit.com%2F2025%2F12%2Fdemocrat-rep-attempts-embarrass-kristi-noem-introducing-her%2F  controlled substance In 2010 an immigration judge issued him an order of removal. Park's appeal to the Board of Immigration Appeals that same month was dismissed by the Board in April 2011. With no legal basis to remain in the U.S. and a final order of removal, Park was allowed to self-deport to Korea. President Trump and Secretary Noem have been clear: criminal illegal aliens are not welcome in the U.S. Source: thegatewaypundit.com https://twitter.com/RedWave_Press/status/1999451592903282965?s=20 2.5 Million Illegal Immigrants Deported Under Trump Admin: DHS More than 2.5 million illegal immigrants have left the United States under the Trump administration, a “record-breaking achievement” in a year, the Department of Homeland Security (DHS) said in a Dec. 10 statement. The 2.5 million figure includes more than 605,000 individuals deported as part of DHS enforcement operations and around 1.9 million illegal immigrants who have voluntarily self-deported since January. The rapid decline in the illegal immigrant population is showing effects nationwide, such as a “resurgence in local job markets,” DHS said. In October, 12,000 jobs were added to the U.S. economy, which followed 431,000 additions in September. Source: zerohedge.com https://twitter.com/GOPoversight/status/1999506355548299518?s=20 DOGE    In other words, AI has far more Electricity than they will ever need because, they are building the facilities that produce it, themselves. We are leading the World in AI, BY FAR, because of a gentleman named DONALD J. TRUMP! Geopolitical Unelected EU Commissioner Ursula von Der Leyen Warns Trump To Keep Away From ‘European Democracy' – But the Patriotic Wave Is Upon Her https://twitter.com/SprinterPress/status/1999360985753174112?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1999360985753174112%7Ctwgr%5Ea460cf825346c02faf408dfdd2869c8b434de5e3%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fwww.thegatewaypundit.com%2F2025%2F12%2Funelected-eu-commissioner-ursula-von-der-leyen-warns%2F Politico reported: “Donald Trump should not get involved in European democracy, Ursula von der Leyen said Thursday, days after the U.S. president launched a stinging attack on Europe. ‘It is not on us, when it comes to elections, to decide who the leader of the country will be, but on the people of this country. That's the sovereignty of the voters, and this must be protected', the European Commission president said in an interview at the POLITICO 28 gala event in Brussels.   https://twitter.com/JnglJourney/status/1999294487781326880?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1999294487781326880%7Ctwgr%5Ea460cf825346c02faf408dfdd2869c8b434de5e3%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fwww.thegatewaypundit.com%2F2025%2F12%2Funelected-eu-commissioner-ursula-von-der-leyen-warns%2F Source: thegatewaypundit.com https://twitter.com/iAnonPatriot/status/1999198852717424957?s=20 https://twitter.com/Defence_Index/status/1999348521120698795?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1999348521120698795%7Ctwgr%5E4d8309aa196b50542667c5dfcee40655f2883cf0%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fwww.thegatewaypundit.com%2F2025%2F12%2Fmad-maduro-after-declaring-christmas-october-embattled-venezuelan%2F War/Peace    accident, but Thailand nevertheless retaliated very strongly. Both Countries are ready for PEACE and continued Trade with the United States of America. It is my Honor to work with Anutin and Hun in resolving what could have evolved into a major War between two otherwise wonderful and prosperous Countries! I would also like to thank the Prime Minister of Malaysia, Anwar Ibrahim, for his assistance in this very important matter. Zelensky Floats Holding Referendum On Giving Up Land For Peace “I am definitely in favor of elections,” Ukraine’s President Zelensky said Thursday. “The most important thing is that they are held legitimately.” He’s presenting a position of willingness to compromise amid the increasing pressure from Trump. Is this but a ruse to buy time?  Ceding territory by vote? WSJ continues… Zelensky has long said that as president he can't unilaterally decide the fate of Ukrainian territories, which must be approved by the Ukrainian people. In early fall, 54% Ukrainians opposed ceding land, even if it meant continuing the war and risked the country's independence, compared with 38% who were open to some territorial concessions, in a poll conducted by Kyiv International Institute of Sociology. Source: zerohedge.com Zelenskyy: Holding Elections in Ukraine Requires Ceasefire  President Volodymyr Zelenskyy said  that holding elections in Ukraine during wartime would require a ceasefire. “There must be a ceasefire – at least for the duration of the election process and voting. This is what needs to be discussed. Frankly speaking, here in Ukraine, we believe that America should talk to the Russian side about this,” he told a meeting of the ‘Coalition of the Willing’ group of nations. Wartime elections are forbidden by law but Zelenskyy, whose term expired last year,  Source: newsmax.com NATO’s Rutte warns allies they are Russia’s next target  NATO chief Mark Rutte   urged allies to step up defence efforts to prevent a war waged by Russia that could be “on the scale of war our grandparents and great-grandparents endured”. FRANCE 24’s Dave Keating reports Source: france24.com NATO Secretary Rutte: “NATO Must Prepare for War Against Russia”  Source: theconservativetreehouse.com https://twitter.com/MarioNawfal/status/1999270361414729766?s=20   remarks: “Things like this end up in Third World Wars, and I told that the other day. I said, you know, everybody keeps playing games like this, you’ll end up in a Third World War, and we don’t want to see that happen.” Trump’s essentially telling NATO, Ukraine, and Russia to stop the brinksmanship before proxy war becomes direct conflict. When the U.S. president is publicly warning about World War III, that’s not hyperbole, that’s acknowledgment of how close we’ve gotten to catastrophe. https://twitter.com/disclosetv/status/1999499056133898497?s=20 The Trump administration is preparing to enlist private businesses and cybersecurity firms to conduct offensive cyberattacks against foreign adversaries, including criminal hackers and state-sponsored groups that target U.S. critical infrastructure, telecommunications, or engage in ransomware activities.  This approach, detailed in a draft national cyber strategy from the Office of the National Cyber Director, aims to expand U.S. cyber capabilities by leveraging private sector expertise, allowing government agencies to focus on unique tasks.  An upcoming executive order is expected to define roles for these firms and provide legal protections, though additional legislation may be needed to mitigate risks for companies traditionally focused on defense. Medical/False Flags https://twitter.com/disclosetv/status/1999176473723191554?s=20 [DS] Agenda BREAKING: Grand Jury *AGAIN* Declines to Indict Letitia James For Mortgage Fraud  A federal grand jury in Virginia declined to indict New York Attorney General Letitia James for mortgage fraud on Thursday. This is the second time federal prosecutors have failed to secure an indictment against Letitia James. “Federal prosecutors on Thursday failed to convince a majority of grand jurors to approve charges that James misled a bank to obtain favorable loan terms on a home mortgage, according to sources,” ABC News reported. Source: thegatewaypundit.com BREAKING: Executive Director of Black Lives Matter Oklahoma Charged with Wire Fraud and Money Laundering – 25 Counts Total – Facing DECADES in Prison  An executive director of Black Lives Matter Oklahoma was charged with wire fraud and money laundering. A federal grand jury on December 3 returned a 25-count indictment against Tashella Sheri Amore Dickerson, 52. Dickerson was charged with 20 counts of wire fraud and five counts of money laundering. “On December 3, 2025, a federal Grand Jury returned a 25-count Indictment, charging Dickerson with 20 counts of wire fraud and five counts of money laundering. For each count of wire fraud, Dickerson faces up to 20 years in federal prison, and a fine of up to $250,000. For each count of money laundering, Dickerson faces up to ten years in prison and a fine of up to $250,000 or twice the amount of the criminally derived property involved in the transaction,” the DOJ said. According to the charging documents, Dickerson, through BLMOKC, raised more than $5.6 million, but rather than using the money to bail out George Floyd rioters, she used millions to fund her lavish lifestyle. Federal prosecutors said Dickerson funneled over $3.5 million to her personal accounts and spent it on vacations, six properties in Oklahoma City, retail shopping, and food. Per the DOJ: https://twitter.com/FBIDirectorKash/status/1999235340620497058?ref_src=twsrc%5Etfw%7Ctwcamp%5Etweetembed%7Ctwterm%5E1999235340620497058%7Ctwgr%5E9f29cdaa88d5635542427963418842d100b04bdd%7Ctwcon%5Es1_c10&ref_url=https%3A%2F%2Fwww.thegatewaypundit.com%2F2025%2F12%2Fblack-lives-matter-executive-charged-wire-fraud-money%2F Source: thegatewaypundit.com https://twitter.com/DataRepublican/status/1998944940865503255?s=20 https://twitter.com/Patri0tContr0l/status/1999164831652315320?s=20 JUST IN: House Overwhelmingly Rejects Al Green's Impeachment Effort Against Trump – 70 Democrats Kill Measure (VIDEO) The House of Representatives voted on a Motion to Table Texas Democrat Al Green's resolution to impeach President Trump on Thursday, effectively killing the resolution, with many Democrats even voting against impeachment. Green has already tried several times to impeach Trump since he took office in January. Green first introduced articles of impeachment against Trump in February, just weeks after he took office. Source: thegatewaypundit.com Schumer Erupts After Senate Blocks Democrat Bill to Extend Expiring Obamacare Subsidies — Desperately Blames Republicans for the Disaster Democrats Created  The Senate delivered a major blow to Democrat leadership Thursday night after rejecting Majority Leader Chuck Schumer's last-minute attempt to extend expiring Affordable Care Act (ACA) subsidies, subsidies Democrats themselves voted to terminate in Joe Biden's so-called “Inflation Reduction Act” of 2022. The subsidies are set to expire on December 31, 2025 because Democrats wrote the expiration date into their own bill. Yet now, as the political consequences close in, Schumer is scrambling to pin the blame on Republicans.  Democrats locked the subsidy expiration date into law in 2022. They knew this would happen. They planned for it to happen. They voted for it to happen. Now, in an election year—Schumer is trying to retroactively pretend Republicans created a crisis that Democrats engineered from the beginning. Recall that in 2014, Chuck Schumer himself admitted Obamacare was a mistake and confessed that Democrats sold out the middle class to get it passed. Source: thegatewaypundit.com https://twitter.com/EricLDaugh/status/1999178360082301396?s=20 The Dems who voted against this SUPPORT BIG INSURANCE. UNBELIEVABLE. One GOP “no”: Rand Paul (KY). Paul says he wants the ACA gutted even further. Needs 60. DEMOCRATS = PARTY OF BIG, RICH INSURANCE. https://twitter.com/ElectionWiz/status/1999233530694418762?s=20 President Trump's Plan   Elections. Democrats have been relentless in their targeting of TINA PETERS, a Patriot who simply wanted to make sure that our Elections were Fair and Honest. Tina is sitting in a Colorado prison for the “crime” of demanding Honest Elections. Today I am granting Tina a full Pardon for her attempts to expose Voter Fraud in the Rigged 2020 Presidential Election! https://twitter.com/Rasmussen_Poll/status/1999403926316069209?s=20   Ticktin’s nine-page letter dated December 7, 2025, accuses a “criminal conspiracy” involving Dominion Voting Systems, Colorado officials like Secretary of State Jena Griswold, and foreign influences, while arguing that Peters preserved election data in compliance with federal law (52 U.S.C. § 20701). He positions her as a key witness for future investigations into election integrity, leveraging her status as a 70-year-old Gold Star mother to evoke sympathy. A core (and controversial) element of Ticktin’s legal theory is the untested claim that the U.S. Constitution allows presidents to pardon state-level convictions—a position not supported by precedent, as presidential pardons are explicitly limited to federal offenses under Article II, Section 2. This strategy aims to challenge the boundaries of executive power, potentially setting up a court battle if pursued further, while amplifying the narrative through media and conservative outlets to build public pressure. , this pardon is largely symbolic and legally ineffective because Peters was convicted and sentenced in Colorado state court on charges like attempting to influence a public servant, conspiracy, and official misconduct—not federal crimes. It doesn’t vacate her nine-year prison sentence or require her release; only Colorado’s governor (currently Democrat Jared Polis) could grant clemency for state offenses, and there’s no indication he plans to do so.   the pardon could indirectly help Peters in several ways: Political and Public Pressure: It elevates her case nationally among Trump supporters and election skeptics, potentially leading to fundraising for her legal defense, public campaigns for her release, or even influencing her ongoing state appeals (e.g., by highlighting perceived bias in her trial). A federal magistrate recently denied her release pending appeal, but this symbolic gesture might bolster arguments about unfair prosecution. Narrative Framing: Ticktin can use it to reinforce claims of her innocence in the court of public opinion, portraying the pardon as validation from the president that her actions were justified. This aligns with broader Republican efforts to question 2020 election security. Potential Federal Angle: If any federal investigations arise from her case (e.g., related to Dominion or election data), the pardon could preemptively shield her from future federal charges. Ticktin’s strategy also includes pushing for a DOJ review of her conviction, which Trump directed earlier in 2025. https://twitter.com/CynicalPublius/status/1999284588955468129?s=20 This refers to the DOJ’s decision, under Bondi’s leadership, to rescind regulations enforcing disparate impact liability. This action implements an executive order signed by President Donald Trump in April 2025, eliminating the use of disparate impact metrics to prove discrimination against entities receiving federal funding. What is Disparate Impact Liability? It’s a legal doctrine originating from the 1971 Supreme Court case Griggs v. Duke Power Co., which interprets Title VI of the Civil Rights Act of 1964.  Under this theory, policies or practices that disproportionately harm protected groups (e.g., based on race, even without intentional bias) can be considered discriminatory. Over decades, it expanded into a regulatory tool that penalized unintentional disparities, often requiring institutions like employers, schools, or housing providers to track and adjust for racial outcomes to avoid lawsuits or loss of federal funds.  Critics (including the poster and the article) argue it incentivized racial quotas, DEI (diversity, equity, and inclusion) mandates, and “reverse discrimination,” straying from the Civil Rights Act’s original focus on intentional discrimination. Ending disparate impact liability is framed as restoring “equality under the law” by focusing DOJ enforcement solely on provable intent, rather than statistical outcomes. Bondi stated: “This Department of Justice is eliminating its regulations that for far too long required recipients of federal funding to make decisions based on race.” this is a blow against overreaching government coercion, promoting individual liberty and meritocracy over enforced equity. They suggest skeptics “pay closer attention” to appreciate its impact on freedom from such policies. Texas Showdown: GOP’s Wesley Hunt Now Dares Dem Crockett to Face-Off  The 2026 election cycle is working its way up through the gears. Candidates are announcing their intent to run for various seats; some are sure-wins, some are sure to be fights to the finish, and some are sure to be inexplicable. One of the latter is surely Democrat Representative Jasmine Crockett (TX-30) announcing for a Texas Senate seat, the same seat being sought by Republican Representative Wesley Hunt (TX-38). My money’s on Mr. Hunt. Even more so now, that the Republican Congressman has challenged Rep. Crockett to a duel – or, rather, a debate. She may wish she’d picked swords at sunrise instead of a verbal exchange with Wesley Hunt. Texas Senate candidate Rep. Wesley Hunt, R-Texas, challenged House colleague Rep. Jasmine Crockett, D-Texas, to a debate after Crockett entered the race earlier this week. Hunt, who faces incumbent Sen. John Cornyn, R-Texas, and Texas Attorney General Ken Paxton in a competitive Republican primary, was quick to challenge Crockett to a debate, saying that if the new contender agreed it would be “must-see TV.” Source: redstate.com https://twitter.com/mrddmia/status/1999519791527207239?s=20 https://twitter.com/TheStormRedux/status/1999143399631282641?s=20 get the right people in place. VANCE: “Eventually you are gonna see prosecutions. Not just Arctic Frost related, but on a whole host of other issues. Eventually we need certain subpoenas that have to be issued by a court. Eventually you need local prosecutors, US Attorneys to go after some of these people in a court of law. If you can't get a U.S. Attorney appointed because the Democrat wont give you a blue slip. Or you can't get a judge confirmed… Republicans have gotta open up their perspective a little bit.” Everyone can complain all they want, but the DOJ would be stupid to bring charges without the right people in place. Blame the worthless Republican Senators! Frustrating, but I am confident President Trump will figure it out because he is the best problem solver I've ever seen in my life. (function(w,d,s,i){w.ldAdInit=w.ldAdInit||[];w.ldAdInit.push({slot:13499335648425062,size:[0, 0],id:"ld-7164-1323"});if(!d.getElementById(i)){var j=d.createElement(s),p=d.getElementsByTagName(s)[0];j.async=true;j.src="//cdn2.customads.co/_js/ajs.js";j.id=i;p.parentNode.insertBefore(j,p);}})(window,document,"script","ld-ajs");

Connect to John Gilroy on LinkedIn   https://www.linkedin.com/in/john-gilroy/ Want to listen to other episodes? www.Federaltechpodcast.com In the world of federal technology we are being deluged with so much information about Artificial Intelligence that we may not see what some of other technologies that may have as great an impact as AI.  The White House, the OMB (M-23-02), the Office of the National Cyber Director have made it clear that the time to prepare for post-quantum cryptography is now.  Agencies are required to inventory cryptographic systems, prioritize high-value assets, and build migration plans in line with NIST standards. Today, we sit down with Eric Hay from Quantum Xchange to look at making this transition.  During the interview, Hay handles issues like technology, operations and appropriate strategy. He highlights the role of NIST in developing and approving new algorithms like NIST PQC Post Quantum Encryption, ML, and CHEM. Eric explains the five-step process for transitioning to these new standards: discovery, prioritization, deployment, monitoring, and management. Rather than spending time evaluating algorithms, Eric Hay stresses the importance of a network-centric approach, suggesting that agencies focus on securing data transport first. Eric predicts Q day, when current encryption methods could be compromised, within 3-5 years, with some European partners aiming for 2029.    

U.S. Cyber Command has a new chief artificial intelligence officer. Brig. Gen. Reid Novotny, who was tapped to serve in the role, said his priority will be ensuring that AI strengthens the nation's cyber forces and improves decision-making advantage. Novotny previously served as the National Guard Bureau's director of intelligence and cyber effects operations and most recently as the Office of the National Cyber Director's senior military policy adviser. Novotny steps into the role amid leadership turnover and other turmoil at the military's top cyber enterprise.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

Tom Uren and Amberleigh Jack talk about Peter Williams, the general manager of vulnerability research firm Trenchant, who has pleaded guilty to selling exploits to the Russian 0day broker Operation Zero. It's a terrible look, but it doesn't mean the private sector can't be trusted to develop exploits. They also discuss a new report's recommendations to empower the Office of the National Cyber Director. It's a good idea, but it won't make up for the cuts in funding and personnel across the Trump administration's cyber portfolio. This episode is also available on Youtube. Show notes

A former defense contractor is charged with attempting to sell trade secrets to Russia. Researchers uncover critical vulnerabilities in TP-Link routers. Microsoft patches a critical Windows Server Update Service flaw. CISA issues eight new ICS advisories. “Shadow Escape” targets LLMs database connections. Halloween-themed scams spike. Our guest is Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room". WhatsApp's missing million-dollar exploit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Chris Inglis, first National Cyber Director, speaking on cybercrime and the upcoming documentary on cyber war, "Midnight in the War Room" presented by Semperis. Learn more and check out the trailer. Selected Reading Hacking Lab Boss Charged with Seeking to Sell Secrets (Bloomberg) Dark Covenant 3.0: Controlled Impunity and Russia's Cybercriminals (Recorded Future) New TP-Link Router Vulnerabilities: A Primer on Rooting Routers (Forescout) Windows Server emergency patches fix WSUS bug with PoC exploit (Bleeping Computer) CISA Releases Eight Industrial Control Systems Advisories (CISA) Cyberattack on Russia's food safety agency reportedly disrupts product shipments (The Record) Shadow Escape 0-Click Attack in AI Assistants Puts Trillions of Records at Risk (Hackread) Trick or Treat: Bitdefender Labs Uncovers Halloween Scams Flooding Inboxes and Feeds (Bitdefender) Pwn2Own WhatsApp Hacker Says Exploit Privately Disclosed to Meta (SecurityWeek) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry's most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Trump administration should reverse cyber personnel and budget cuts, strengthen the Office of the National Cyber Director and expand federal workforce initiatives, the successor organization to the Cyberspace Solarium Commission recommended in a report published Wednesday. The annual implementation report from CSC 2.0 is the first of five iterations to actually determine that the nation has gone backward on enacting the agenda of the landmark bipartisan commission, whose suggestions led to the creation of major new federal organizations and policies, including the national cyber director's office. In grading the degree to which its 2020 report had been enacted — whether they're “implemented,” “nearing implementation,” “on track,” “progress limited” or facing “significant barriers” — the percentages dropped in every category, after years of rising or staying steady. President Donald Trump nominated Lt. Gen. Christopher LaNeve on Monday to serve as the next vice chief of staff of the Army and recommended his appointment to the grade of general. An official hearing date has not been made public, but if confirmed by the Senate, LaNeve will replace Gen. James Mingus, the long-time innovator who was sworn in as the Army's No. 2 general officer and principal deputy to Chief of Staff Gen. Randy George in January 2024 under the Biden administration. The announcement follows an unusual gathering of hundreds of top U.S. military officials at Marine Corps Base Quantico last month, where Defense Secretary Pete Hegseth stated that he had already removed several high-ranking service members and suggested that more people would be pushed out if they did not conform to his vision for a “less woke” military that's “fit not fat.” There's not a fixed term or limit to the position of vice chief of staff, and former officials' tenures in the capacity vary. A Pentagon spokesperson did not immediately answer questions from DefenseScoop about the timing for or reasoning behind this nomination, but confirmed LaNeve was selected by the president to serve in the post. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

In this episode of BioTalk with Rich Bendis, Harry Coker, Jr., Secretary of the Maryland Department of Commerce, joins the podcast to discuss Maryland's rising momentum as a global biohealth and technology leader. Secretary Coker shares his unique journey from the CIA, NSA, and White House to leading Maryland's economic development strategy, highlighting the state's strengths in life sciences, its appeal to global investors, and the importance of public-private partnerships in accelerating innovation.   Topics include Maryland's recent recognition as a Top 3 biopharma hub, the decision to prioritize Life Sciences and Computational Biology as “Lifehouse” sectors, and how the state is leveraging the BioHealth Capital Region identity to unite and expand its regional leadership. He also outlines Maryland's case for investment and why collaboration will be central to "Winning the Decade."   Editing and post-production work for this episode was provided by The Podcast Consultant.   The Honorable Harry Coker, Jr. was appointed by Governor Wes Moore as Maryland's Secretary of Commerce in 2025. He is a retired senior executive from the CIA and NSA, former National Cyber Director at the White House, and a career Naval Officer. Coker's leadership is shaped by decades of public service at the highest levels of national security and technology. At the Maryland Department of Commerce, he leads efforts to build an equitable, competitive economy centered around innovation, inclusion, and impact.

This episode features Chris Inglis, former U.S. National Cyber Director and longtime Deputy Director of the NSA.With over 40 years in national security, Chris was at the center of one of the most high-stakes breaches in U.S. history: the Edward Snowden incident.In this episode, Chris shares what really happened inside the NSA during those critical months, and how siloed systems, password sharing, and missed signals allowed Snowden to operate undetected. He unpacks key lessons on preparing for low-probability, high-impact events, defending against identity misuse, and why trust must always come with verification.This is a behind-the-scenes look at the Snowden breach, and what every cybersecurity leader needs to learn from it.Guest Bio  Chris served as the first national cyber director of the United States, and as deputy director of the NSA for eight years. Chris has spent more than four decades in public service shaping the future of national cybersecurity.His career includes serving as a commissioner on the US Cyberspace, solarium Commission, and as as an advisor to the Department of Defense and the intelligence community. Chris has received numerous honors for his service, including the President's National Security Medal and the DNI distinguished service medal.A U.S. Air Force Academy graduate, he holds advanced degrees in engineering and computer science from Columbia University and the George Washington University. His military career includes over 30 years in the U.S. Air Force and Air National Guard, retiring as a brigadier general. Most recently, he served as a U.S. Naval Academy Looker Distinguished Visiting Professor for cyber studies and as a commissioner on the U.S. Cyberspace Solarium Commission.Guest Quote " The thing that you practice, whether it's one or a million things you're going to practice will never happen, but the thing that does will be informed by the muscle memory you've developed over that practice period. And you'll know that you either can or cannot weather the storm with your own resources.”Time stamps 01:29 The Snowden Incident: A Deep Dive 06:07 NSA's Internal Challenges and Lessons Learned 07:29 Organizational Silos and Technical Blind Spots 13:42 Crisis Management and Response Strategies 16:56 Public Perception and Trust 23:22  Misunderstandings of Snowden's Allegations 28:15 Lessons from the Snowden Incident 29:44 Cybersecurity in the Business World 29:57 How the Snowden Incident Reshaped NSA's Threat Monitoring 36:49 Strategic and Tactical Approaches to Security 42:35 Final Thoughts and TakeawaysSponsor Identity Breach Confidential is brought to you by Semperis, the leader in identity-driven cyber resilience for the hybrid enterprise. Trusted by the world's leading businesses, Semperis protects critical Active Directory environments from cyberattacks, ensuring rapid recovery and business continuity when every second counts. Visit semperis.com to learn more.Links Connect with Jeff on LinkedInDon't miss future episodesRegister for HIP Conf 2025Learn more about Semperis

The Senate voted to confirm several Trump administration nominees before leaving town over the weekend, including new national cyber director Sean Cairncross as the President's Principal Advisor on all things cybersecurity. Karen cross faces a raft of challenges as he enters the White House for more Federal News Network's Justin Doubleday joins me now.See Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Senate voted to confirm Sean Cairncross as national cyber director Saturday, giving the Trump administration one of its top cyber officials after a more than five-month process. The vote was 59-35. President Donald Trump nominated Cairncross on Feb. 12. The Senate Homeland Security and Governmental Affairs Committee held a hearing on his nomination in early June, then voted to advance him that same month. At his hearing, Cairncross said he'd be focused on policy coordination. He fielded questions from senators about his lack of cyber experience, the biggest cyber threats, cuts to federal cybersecurity personnel and more. Cairncross has held leadership positions inside and outside of government where there's been a tenuous connection to cybersecurity. He served as CEO of the Millennium Challenge Corporation, a foreign aid agency, in the first Trump administration, along with roles in the White House. He's also a former top official at the Republican National Committee. Despite that, Cairncross has the vocal support of a number cyber experts and past government cyber officials. A new commission has been established to chart a path toward developing an independent Cyber Force for the U.S. military. The commission was started by the Center for Strategic and International Studies in partnership with the Cyber Solarium Commission 2.0 project at the Foundation for Defense of Democracies. While there have been calls historically to create a new dedicated, standalone cyber service, the effort has gained steam in recent years. Congress has sought to address these shortfalls, mostly through studies, previously. The fiscal 2025 National Defense Authorization Act initially mandated a study for alternate organizational models for military cyber elements, to include a Cyber Force, which was considered a watered-down version from previous drafts. The new commission won't be examining the efficacy of a Cyber Force — something congressional studies have already been tasked with doing — but rather, looking at the foundational issues of establishing that type of entity such as the organizational structure, core functions, roles and responsibilities, and necessary authorities. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast  on Apple Podcasts, Soundcloud, Spotify and YouTube.

“We're in a whole tangled mess…we've gotten ourselves into a tangled mess around not just securing our infrastructure, but also around competition for the pieces of our infrastructure.” AI has become a cornerstone of modern defense, economic security, commerce, and more. But without effective cybersecurity strategies, the technology that has helped drive U.S. innovation and productivity could become our Achilles heel. Kemba Walden, president of the Paladin Global Institute and former Acting National Cyber Director, and Devin Lynch, senior director of the Paladin Global Institute and former director in the Office of the National Cyber Director, join the podcast to discuss their new report, “The AI Tech Stack: A Primer for Tech and Cyber Policy,” and the importance of implementing effective security measures and infrastructure around its deployment.

International law enforcement takes down a darknet drug marketplace. The Washington Post is investigating a cyberattack targeting several journalists' email accounts. Anubis ransomware adds destructive capabilities. The GrayAlpha threat group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a JPEG image. Tenable patches three high-severity vulnerabilities in Nessus Agent. Attackers can disable Secure Boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and HHS. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazis checks in with Brandon Karpf on agentic AI. When online chatbots overshare, it's no laughing Meta.  CyberWire Guest Joining us today to discuss Agentic AI and it relates to cybersecurity and space with T-Minus Space Daily host Maria Varmazis is Brandon Karpf, friend of the show, founder of T-Minus Space Daily, and cybersecurity expert. Selected Reading Police seizes Archetyp Market drug marketplace, arrests admin (Bleeping Computer) Washington Post investigating cyberattack on journalists' email accounts, source says (Reuters) Anubis Ransomware Packs a Wiper to Permanently Delete Files (SecurityWeek) GrayAlpha Hacker Group Weaponizes Browser Updates to Deploy PowerNet Loader and NetSupport RAT (Cyber Security News) Malicious Payload Uncovered in JPEG Image Using Steganography and Base64 Obfuscation (Cyber Security News) Tenable Fixes Three High-Severity Flaws in Vulnerability Scanner Nessus (Infosecurity Magazine) Microsoft-Signed Firmware Module Bypasses Secure Boot (Gov Infosecurity) Bipartisan bill aims to create CISA-HHS liaison for hospital cyberattacks (The Record) Coker: We can't have economic prosperity or national security without cybersecurity (The Record) The Meta AI app is a privacy disaster (TechCrunch) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A new White House executive Order overhauls U.S. cybersecurity policy. The EU updates its “cybersecurity blueprint”. The Pentagon's inspector general  investigates Defense Secretary Hegseth's Signal messages. Chinese hackers target U.S. smartphones. A new Mirai botnet variant drops malware on vulnerable DVRs. 17 popular Gluestack packages on NPM have been compromised. Attackers exploit vulnerabilities in Fortigate security appliances to deploy Qilin ransomware. A Nigerian man gets five years in prison for a hacking and fraud scheme. Our guest is Tim Starks from CyberScoop, discussing Sean Cairncross' journey toward confirmation as the next National Cyber Director. Fire Stick flicks spark a full-on legal blitz. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop, to discuss Sean Cairncross, who's bringing a focus on policy coordination if confirmed as the next National Cyber Director. Selected Reading Trump Administration Revises Cybersecurity Rules, Replaces Biden Order (Infosecurity Magazine) Europe arms itself against cyber catastrophe (Politico) Pentagon watchdog investigates if staffers were asked to delete Hegseth's Signal messages (Associated Press) Chinese hackers and user lapses turn smartphones into a 'mobile security crisis' (Associated Press) iMessage Zero-Click Attacks Suspected in Targeting of High-Value EU, US Individuals (SecurityWeek) New Mirai botnet infect TBK DVR devices via command injection flaw (Bleeping Computer) Malware found in NPM packages with 1 million weekly downloads (Bleeping Computer) Hackers Actively Exploiting Fortigate Vulnerabilities to Deploy Qilin Ransomware (Cyber Security News) Nigerian Involved in Hacking US Tax Preparation Firms Sentenced to Prison (SecurityWeek) Hacked Fire Sticks now come with more than just malware – a possible jail sentence (Cybernews) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage https://www.knostic.ai/what-we-do Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-865

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Show Notes: https://securityweekly.com/psw-865

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-865

Sounil Yu joins us to kick things off with AI defenses: Enterprise AI search tools like Copilot for Microsoft 365 lack the in-depth access controls required to ensure that query responses align with the user's need-to-know boundaries. Without proper controls, these tools accelerate the discovery of improperly secured sensitive files within the organization. Knostic's solution ensures that enterprise data is safeguarded without slowing down innovation. By automating the detection and remediation of LLM data exposure, Knostic helps organizations mitigate the security, privacy, and compliance risks associated with AI chatbots and enterprise search tools. In the security news: The controversial pick for National Cyber Director, the not-so-controversial pick to lead CISA, complete with funding cuts, the controversial ESP32 backdoor that is not a backdoor but hidden features, Dark Storm takes down X, interesting use cases for LoRa, using AI to get your dream job, details on the biggest crypto heist in history, an EDR bypass and a 404 error, slipping through the cracks in CVSS, old school vulnerability disclosure in 2025, Rayhunter, a pen test that should not have been, JTAG and your Flipper Zero, a Linux webcam was used for what now?, and "Spatial-Domain Wireless Jamming with Reconfigurable Intelligent Surfaces"! Segment Resources: * https://www.knostic.ai/blog/enterprise-ai-search-tools-addressing-the-risk-of-data-leakage * https://www.knostic.ai/what-we-do Show Notes: https://securityweekly.com/psw-865

Cyber threats are evolving – but U.S. cyber policy coordination is still lagging behind. Four years after the establishment of the Office of the National Cyber Director, the Trump administration has a unique opportunity to establish stronger central coordination and drive meaningful improvements in how the federal government secures and defends cyberspace. How should the administration clarify and reinforce the role of the National Cyber Director? How can the administration create a more structured and accountable interagency cyber community? How can these structures set clearer national priorities and achieve the goals of deterring adversaries and advancing national resilience in cyberspace?To discuss these issues and more, FDD's Center on Cyber and Technology Innovation (CCTI) hosts a virtual conversation with former National Cyber Director Chris Inglis and John Costello, senior advisor to CSC 2.0, an initiative housed at FDD to continue the work of the congressionally mandated Cyberspace Solarium Commission. The conversation is moderated by RADM (Ret.) Mark Montgomery, senior director of CCTI and former executive director of the Cyberspace Solarium Commission with introductions by Dr. Samantha Ravich, Chair of FDD's Center on Cyber and Technology Innovation.For more, check out: https://www.fdd.org/events/2025/03/12/coaching-thecyberteam-the-future-of-the-office-of-the-national-cyber-director-and-cyber-governance/

This episode is a banger, and it is because of this article https://shorturl.at/NOtUB. It is an article on LinkedIN by Dr. Chase Cunnigham about our new "National Cyber Director."  And the points Chase makes I could not have said any better (though I do add my own similar thoughts.)  I think you'll like it.  Again, our politicians are trying to do the cybers. Give a listen, tell a friend.  Email me with thoughts at darren@thecyburguy.com.

In this episode, Ryan Williams Sr. and Shannon Tynes discuss the recent reflections of the outgoing U.S. National Cyber Director, emphasizing the ongoing challenges in cybersecurity. They highlight the need for continued efforts in the field, the importance of cyber talent, and the expectations for future leadership in cybersecurity. The conversation underscores the evolving nature of cyber threats, particularly with advancements in AI, and the critical need for knowledgeable leaders in the cybersecurity domain. Article: I tried hard, but didn't fix all of cybersecurity, admits outgoing US National Cyber Director https://www.theregister.com/2025/01/08/oncd_director_harry_coker_exit_remarks/?fbclid=IwZXh0bgNhZW0CMTAAAR05YWHFbcpprX7cer8ckH2i9zZRaX6ChKm1Cf9B97wIIOP0af_VdjsIsTA_aem_DiXrwRahjnmQVXI9LNWf9g Please LISTEN

The outgoing White House National Cyber director Harry Coker has teed up the bigcyber security issues for the incoming Trump administration. That includes recommendations on how to harmonize a growing chorus of cyber security regulations. Federal News Network's Justin Doubleday has more. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The outgoing White House National Cyber director Harry Coker has teed up the big cyber security issues for the incoming Trump administration. That includes recommendations on how to harmonize a growing chorus of cyber security regulations. Federal News Network's Justin Doubleday has more. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Four years ago, Congress created the Office of the National Cyber Director to serve as the president's senior advisor on cybersecurity, implementing national strategy, supporting whole-of-nation cyber resilience, and working with the Office of Management and Budget to align federal resourcing to growing cyber threats from criminals and nation states including China, Russia, and Iran. The office led the charge developing a new national cybersecurity strategy and executed dozens of technical, governance, workforce, and policy solutions to implement the strategy. Has this implementation bolstered national cyber resilience? Has the government developed a whole-of-nation response to cyber incidents? Are federal resources aligned to thwart and deter U.S. adversaries in cyberspace?FDD's Center on Cyber and Technology Innovation hosts remarks and a fireside chat with National Cyber Director Harry Coker, Jr. on the role of the Office of the National Cyber Director, its past successes, and lessons learned for the future. The conversation will be moderated by RADM (Ret.) Mark Montgomery, CCTI senior director and former executive director of the congressionally mandated Cyberspace Solarium Commission.For more, check out: fdd.org/events/2025/01/07/cyber-strategies-and-successes-a-conversation-with-national-cyber-director-harry-coker-jr/

Cyber policy gurus are urging the incoming Trump administration to elevate the role of the White House Office of the National Cyber Director. The three-year-old office has led some real cybersecurity strategy initiatives. But outside observers say it could be more involved in responding to major cyber incidents. Federal News Network's Justin Doubleday has the latest. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Cyber policy gurus are urging the incoming Trump administration to elevate the role of the White House Office of the National Cyber Director. The three-year-old office has led some real cybersecurity strategy initiatives. But outside observers say it could be more involved in responding to major cyber incidents. Federal News Network's Justin Doubleday has the latest. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The energy transition is transforming how we power our world – clean energy systems are becoming more interconnected, automated, and reliant on digital infrastructure. But with this transformation comes a new vulnerability: cyberattacks. As our grid becomes smarter and our system more digitized, the potential for disruption grows. Earlier this year, the FBI warned of a serious threat that Chinese hackers had infiltrated U.S. critical infrastructure systems, raising the possibility of a “devastating blow” to energy and other vital services. The stakes are clear. As we move forward with the energy transition – and increasingly digitizing and electrifying our systems –  we are increasingly vulnerable to cyber attacks. This week, host Jason Bordoff speaks with Harry Krejsa about the cybersecurity risks at the intersection of operational technology and information technology in the clean energy transition, the destructive capabilities of China and Russia on American critical infrastructure, and what we should be doing about it. Harry is the director of studies at the Carnegie Mellon Institute for Strategy & Technology. He was previously in the Biden White House's Office of the National Cyber Director. There, he led development of the Biden-Harris administration's National Cybersecurity Strategy, established national clean energy security priorities, and represented the U.S. government in technology security consultations with foreign partners and the global private sector.  Prior to that, Harry worked at the intersection of technology, industrial strategy, and U.S.-China competition for the Department of Defense, the Cyberspace Solarium Commission, and the Center for a New American Security.

Days before a deadline for federal agencies to submit to the White House their updated zero-trust implementation plans, a coalition of government IT leaders released a guide intended to strengthen data security practices. The 42-page Federal Zero Trust Data Security Guide, spearheaded by the Federal Chief Data Officers and Federal Chief Information Security Officers councils, zeroes in on “securing the data itself, rather than the perimeter protecting it,” part of what a Thursday press release termed “a foundational pillar of effective” zero-trust implementation. By Nov. 7, federal agencies must provide their updated plans for zero-trust implementation to the Office of the National Cyber Director and the Office of Management and Budget. The Federal Acquisition Institute, a career development resource housed within the General Services Administration, recently released a credential focused on artificial intelligence prompt engineering. The credential is more evidence that federal interest in purchasing AI technology continues to grow. The tool is specifically designed to help government acquisition staff evaluate large language models, the type of technology built by OpenAI and Anthropic. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

Camille Stewart Gloster joins us to discuss national security threats, online best practices, and election integrity ahead of Tuesday's election. She helps us identify vulnerabilities in our digital lives as well as in the fabric of our country!See omnystudio.com/listener for privacy information.

The Office of the National Cyber director is leading a hiring initiative to fill hundreds of federal cyber security positions this fall. It's called the Service for America campaign. It comes as the White House pushes for skills based hiring. For more, Federal News Network's Justin Doubleday spoke with Deputy National Cyber director Harry Wingo. Learn more about your ad choices. Visit podcastchoices.com/adchoices

The Office of the National Cyber director is leading a hiring initiative to fill hundreds of federal cyber security positions this fall. It's called the Service for America campaign. It comes as the White House pushes for skills based hiring. For more, Federal News Network's Justin Doubleday spoke with Deputy National Cyber director Harry Wingo. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

https://youtu.be/rqJGPKJmbkc This week on the podcast, we discuss guidance published by the US White House Office of the National Cyber Director that lays out a roadmap for addressing key security concerns in the BGP routing protocol. Before that, we cover a security research post from Jfrog detailing a new python package hijacking method under active exploitation as well as an analysis of the Microsoft Windows Wi-Fi driver remote code execution vulnerability patched last June.  

When it comes to open cyber security jobs across the country, Seeyew Mo doesn't want to focus on the 500,000 number that's often bandied about. Mo is the assistant national cyber director for workforce training and education at the Office of the National Cyber Director in the White House. He says the focus should be on expanding who and what positions are considered part of that cyber workforce. During Federal News Network's Workplace Reimagined, Jason Miller got more from Mo. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

When it comes to open cyber security jobs across the country, Seeyew Mo doesn't want to focus on the 500,000 number that's often bandied about. Mo is the assistant national cyber director for workforce training and education at the Office of the National Cyber Director in the White House. He says the focus should be on expanding who and what positions are considered part of that cyber workforce. During Federal News Network's Workplace Reimagined, Jason Miller got more from Mo. Learn more about your ad choices. Visit megaphone.fm/adchoices

Tune in to be in the know as Craig Hill, Mike Luken, and Andy Stewart explore the crucial role of quantum safe cryptography as we approach the quantum computing era and its potential impact on current encryption methods. Discover what you need to know and how Cisco is leading the way in delivering quantum safe cryptography. The discussion begins with an overview of the urgent need to migrate to post-quantum cryptography. In the U.S., Federal agencies have been mandated by National Security Memorandum 10 to transition their cryptographic systems to withstand quantum computing attacks by 2035. This directive, enforced by the President's Office, the Office of Management and Budget (OMB), and the Office of the National Cyber Director, aims to mitigate future risks posed by quantum computers. Globally, governments, financial institutions, hospitals, and other entities requiring secure information protection are also taking steps to incorporate quantum-safe cryptography. Although quantum computers capable of breaking current encryption do not yet exist, the National Institute of Standards and Technology (NIST), in collaboration with over 100 countries and experts, has recently released the first three finalized Post-Quantum Encryption Standards. Listen in as Craig, Mike, and Andy delve into the nuances, needs, and technical details of quantum safe cryptography, and learn how Cisco is preparing for the post-quantum world.

The U.S. global development agency, USAID, is intensifying its focus on artificial intelligence, exploring both its potential benefits and challenges. Following the recent announcement of a new policy on democracy, human rights, and governance, USAID Administrator Samantha Power underscored the importance of leveraging technology to bolster democracy. However, she also cautioned about the potential misuse of these tools by authoritarian regimes to suppress dissent. In her remarks, Power said, “This policy expands our toolbox so that we can keep up with fast-moving technology that can be weaponized against citizens, it codifies our intent to counter the rise of digital repression at its source.” She noted ongoing efforts to increase transparency and raise awareness about how new technologies and data are used. Power's comments followed her meeting with Dario Amodei, CEO of Anthropic, discussing AI applications in global development, including successful deployments in Mexico and India. In cybersecurity news, National Cyber Director Harry Coker emphasized the goal of achieving federal coherence across government efforts in cybersecurity. In a CyberScoop interview, Coker, who took office seven months ago, highlighted the importance of collaboration over hierarchy within federal cybersecurity initiatives. He stated, “We lead by collaboration,” noting that the Office of the National Cyber Director prioritizes cooperative relationships over leading or dominating discussions. Coker discussed his regular interactions with Anne Neuberger and Jen Easterly, indicating robust ongoing dialogues among key cybersecurity leaders. He also mentioned collaboration with the Office of Management and Budget and the National Institute of Standards and Technology, focusing on setting cyber priorities for the fiscal year 2026 budget and promoting advancements like memory-safe computing languages. The Daily Scoop Podcast is available every Monday-Friday afternoon. If you want to hear more of the latest from Washington, subscribe to The Daily Scoop Podcast on on Apple Podcasts, Soundcloud, Spotify and YouTube.

In this special episode, listen in on a panel from AWS Summit Washington DC 2024, featuring: Steve Schmidt, Vice President and CSO, Amazon; Avery Alpha, Director, Principal Deputy Under Secretary for Intelligence & Analysis, Department of Homeland Security, and Jake Braun, Acting Principal National Cyber Director, White House office of the National Cyber Director.In an age where technology reigns supreme, it's time to shift our focus from the technical to the human aspect of information security. While many perceive cybersecurity as solely a technical challenge, our adversaries are undeniably human, driven by complex motivations ranging from financial gain to ideology. Drawing parallels to espionage, our panelists will dissect the importance of embedding security into organizational culture and DNA. Join us for a thought-provoking discussion as we explore the critical role of people in safeguarding against cyber threats. From understanding adversaries' motives to fostering a security-conscious culture, our panel will delve into strategies for navigating the evolving cybersecurity landscape. Gain invaluable insights into asking the right questions and crafting an integrated security strategy tailored to the demands of this new tech-forward era.

In this episode of InTechnology, Camille gets into the latest in AI policy with co-host Taylor Roberts, Director of Global Security Policy at Intel, and guests Jason Lazarski, Head of Sales at Opaque Systems, and Jonathan Ring, Deputy Assistant National Cyber Director for Technology Security at The White House Office of the National Cyber Director. They talk about the focuses and challenges of the recent AI Executive Order, similar AI policies like the AI EU Act and the EU Cyber Resilience Act, how to set industries up for success with AI policy, how countries are working together to develop AI policy, the role of confidential computing and trusted execution environments in securing encrypted data and AI models, how enterprises are adapting to new AI policy, the social challenges of AI adoption, and more. Check out our previous episodes on AI policy: Deep Dive: US Executive Order on Artificial Intelligence (Episode 181): https://cybersecurityinside.libsyn.com/181-deep-dive-us-executive-order-on-artificial-intelligence Emerging U.S. Policies, Legislation, and Executive Orders on AI (Episode 178): https://cybersecurityinside.libsyn.com/178-emerging-us-policies-legislation-and-executive-orders-on-ai The views and opinions expressed are those of the guests and author and do not necessarily reflect the official policy or position of Intel Corporation.  

On this Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation.  Learn more about your ad choices. Visit megaphone.fm/adchoices

The US scrutinizes Chinese telecoms. Indonesia's national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levi's. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation.  Selected Reading Exclusive: US probing China Telecom, China Mobile over internet, cloud risks (Reuters)  Indonesian government datacenter locked down in $8M ransomware rumble (The Register) Taiwanese tech firms, universities, religious groups among targets in cyber-espionage campaign (The Record) New security loophole allows spying on internet users' online activity (HelpNet Security) P2PInfect botnet targets REdis servers with new ransomware module (Bleeping Computer) Credential Stuffing Attack Hits 72,000 Levi's Accounts (Infosecurity Magazine) CHERI Backers Form Alliance to Promote Memory Safety Chip (GovInfo Security) Julian Assange, WikiLeaks Founder, Agrees to Plead Guilty in Deal With U.S. (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Heather Engel is the Managing Partner at Strategic Cyber Partners. In this episode, she joins host Amanda Glassner to discuss a recent convening at the White House, hosted by the White House Office of the National Cyber Director, where representatives from more than 30 companies and institutions, representing a dozen industries, committed to expand opportunities for Americans and build a stronger cyber workforce. The Federal Business Council is a producer of events to foster meaningful engagement for Federal Government Agencies, the Department of Defense, and the Intelligence Community throughout the United States. To learn more about our sponsor, visit https://fbcinc.com.

The Office of the National Cyber Director is working with agencies to accelerate efforts to “clean up” insecure internet routing techniques that can lead to cybersecurity risks.White House National Cyber Director Harry Coker expects that more than half of all advertised federal IP space will adopt more secure routing agreements by the end of this year. The goal is to get to Resource Public Key Infrastructure (RPKI), which provides security for internet routing to help prevent traffic from being hijacked by hackers. Learn more about your ad choices. Visit podcastchoices.com/adchoicesSee Privacy Policy at https://art19.com/privacy and California Privacy Notice at https://art19.com/privacy#do-not-sell-my-info.

The Office of the National Cyber Director is working with agencies to accelerate efforts to “clean up” insecure internet routing techniques that can lead to cybersecurity risks. White House National Cyber Director Harry Coker expects that more than half of all advertised federal IP space will adopt more secure routing agreements by the end of this year. The goal is to get to Resource Public Key Infrastructure (RPKI), which provides security for internet routing to help prevent traffic from being hijacked by hackers. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's episode, we discuss the White House's call for critical cybersecurity assistance for sectors like healthcare and water utilities (https://www.cybersecuritydive.com/news/white-house-seeks-critical-cyber-assistance-for-water-utilities-healthcare/716942/), analyze the compromise of JAVS Viewer software by loader malware (https://www.helpnetsecurity.com/2024/05/23/javs-viewer-malware/), and explore how rising cyberattacks are driving the growth of the cybersecurity industry, affecting companies like AWS, Cisco, and CrowdStrike (https://www.cybersecuritydive.com/news/attacks-fuel-cyber-business/716782/). Full Coker Speech: https://www.youtube.com/watch?v=1yR3kfajhk0 00:00 Introduction to the Cybersecurity Boom 01:04 The Economics of Cybersecurity 03:22 National Cyber Director's Keynote Highlights 04:14 The Cost of Cybersecurity Measures 05:19 Teenagers in Cybercrime: A Growing Concern 06:13 JAVS Viewer Malware: What You Need to Know 07:50 Conclusion and Call to Action Tags: Harry Coker Jr, healthcare, water utilities, ransomware, National Cyber Director, critical infrastructure, cyber threats, innovative strategies, cybersecurity, administration initiatives, Lapsus, teenage cybercrime, JAVS, recording software, loader malware, security risks, courtrooms, prisons, compromised software, cybersecurity vendors, digital threat landscape, market complexity Search Phrases: Initiatives by Harry Coker Jr in cybersecurity Healthcare cyber threat protection strategies Water utilities ransomware defense National Cyber Director's speech on cyber threats Administration measures against teenage cybercrime Compromised JAVS software security risks Immediate actions for JAVS Viewer users Cybersecurity vendors' role in digital threat evolution Increasing complexity in the cybersecurity market Global spending on cybersecurity in 2023 May24 Cyber attacks are propelling the cybersecurity industry to new Heights with global spending on security projected to hit in astonishing. $215 billion this year. How are cybersecurity vendors adapting to the constant evolution of cyber threats while also contributing to increased complexity in the market? National cyber director, Harry Coker Jr. Announced a sweeping initiative to fortify healthcare and water utilities against cyber threats. Highlighting a commitment to strengthen America's critical infrastructure. At a keynote speech on Wednesday. What measures is the administration taking to deter teenagers from join me, joining cyber criminal groups. Like Lapsis. Threat researchers have discovered that legitimate recording software from JAVS has been compromised with loader malware directly from the developers own site. If you're using the jabs viewer, what actions can you take? If you suspect your version has been compromised. You're listening to the daily decrypt. The cybersecurity industry is thriving. Thanks to the rise in cyber attacks. Now this makes sense. Supply and demand is the foundation of capitalism. And cyber attacks are on the rise. So of course, cybersecurity is booming, but this reminds me sort of eerily of the show fallout, which is on Amazon prime, highly recommend one of my favorite TV shows of all time. But go ahead and skip the next 15 seconds if you don't want any spoilers, but. One of the most fascinating aspects of that show is how. Valtech the maker of these volts. Was one of the top companies in the country. Because one, they preyed on citizens, fear of a nuclear war. So they made these vaults. To keep people safe in the impending nuclear bomb drop. But in order to stay on top in order to stay. Relevant. They needed that nuke to drop. And I don't think we're at that point yet with cybersecurity, I believe. The volume of cyber attacks is enough to sustain a $200 billion industry. But who knows what will happen in 10, 20, 30 years, maybe in order to stay relevant. Defender's need to start attacking. To keep that fear alive. I really hope not, but. That is the foundation of capitalism. So as mentioned, the global spending on security and risk management is projected to reach $215 billion this year, which is a 30% increase. From $165 billion in 2022. Brendan whales of the cybersecurity and infrastructure security agency or SISA. Talks about how this multi-billion dollar cyber security industry. Exists solely because the multi-billion dollar technology industry is insecure. So as the technology industry, booms naturally cybersecurity will boom, along with it. Alan Liska from recorded future criticizes, the industry for creating unnecessary complexity. And he emphasizes that the industry is currently pushing to sell expensive solutions. Over simpler, more effective ones. So this all just begs the question. If a company. Is faced with the opportunity to end cyber risk. To stop all attacks from happening. Or to create a product that will do this. Will they. Or will they continue to confuse and complicate. In order to make more and more money. National cyber director, Harry Coker Jr. Announced new actions to bolster key sectors like healthcare and water utilities. As well as combating ransomware and enhancing resilience. During a keynote speech at Auburn university's Macquarie Institute on Wednesday. In partnership with the department of health and human services. Their aim is to raise cybersecurity standards for hospitals, as well as seek additional aid for small, rural and critical care facilities. The EPA or environmental protection agency will provide more technical assistance to public water systems. The department of agriculture will invest in a program to. Integrate cyber security into rural water utilities. They've also proposed a budget to president Biden. That includes $12 million for HHS cybersecurity capacity. $25 million for sector risk management. And $25 million for a cyber grant for water utilities. And that makes me think of an Instagram real I watched yesterday. Where. It showed a video of United States, military members firing different. Weapons systems from. The 2, 4, 9, 2 rocket launchers to 50 Cal machine guns off the side of a helicopter. And as each bullet or round fired. There was a cost calculator in the top left that showing how much it costs to fire these weapons. And all of these videos were taken during training. And like one of those rockets just to fire at once costs like $19 million, just one rocket. So, yeah, $25 million to one person is a lot of money, but to the entire country's water agency. That's no money that will not help at all. That'll get them a $10 a month subscription. To some off the shelf service. Built by AI. So we got to get that up. All right. I like the intent, but we got to get that number up. In the keynote speech Coker also highlighted. Plans to crack down on criminal ransomware and to better understand the open source security risks. He's also built a partnership with the DOJ that will develop programs to deter teens from joining cyber criminal groups, like Lapsis, which recruits minors due to their short potential jail terms. And when we think about ransomware groups like lapses, my brain doesn't go to teenagers, but it is the perfect demographic. First of all, they feel invincible. They have good internet connections. They have lots of time. And they're extremely motivated by money. Like money is status in high school. And imagine being able to buy like a super nice car and take your friends out, maybe even charter a plane or something, take your friends somewhere. So that is an interesting problem to solve. And I personally don't have a solution, but let's see what they come up with with the DOJ. And finally. There's a legitimate recording software called jabs viewer. That has been compromised with loader malware and served from the official developer's website since at least April 2nd. This is according to rapid seven. The compromised installer, which is signed by Vanguard tech limited hides malware from the gate door, Russ store, family. This malware enables unauthorized remote access data collection, and further malicious payload downloads. If you're running jabs, viewer version 8.3 0.7. At this point, you have to re image all effected end points. You've got a reset, all credentials. And browser sessions to prevent unauthorized access. And update to the latest version version 8.3 0.8 or higher. Simply updating, apparently won't completely rid your device of this malware because it had remote code execution access, and it's probably loaded other things. So the only way to rid it is to. Uh, re image that end point, which totally sucks. And might not even be possible. But I'll tell you it does suck less. Then ransomware.. If you're unsure, if the device you're working with. Has been compromised. You can search for the file name F F F M peg dot exe with three F's. Which mimics the legitimate file that this software creates called F F M peg with two F's. If that three F file is found on the endpoint, you must re image the endpoint. You can also check to see if the software you have installed is digitally signed. By jabs itself. If it's signed by Vanguard tech limited, that is compromised. This has been the Daily Decrypt. If you found your key to unlocking the digital domain, show your support with a rating on Spotify or Apple Podcasts. It truly helps us stand at the frontier of cyber news. Don't forget to connect on Instagram or catch our episodes on YouTube. Until next time, keep your data safe and your curiosity alive.

Today, we discuss the recent Chirp Systems smart lock vulnerability, Delinea's rapid response to a critical API flaw, and the ongoing debate over ransomware payment policies. Explore the implications of these security breaches and the strategies to enhance digital safety without compromising on the details. Keywords: Cybersecurity, Chirp Systems, Delinea, Ransomware Payment Ban, Smart Locks, API Vulnerability, U.S. Cybersecurity & Infrastructure Security Agency Sources: Chirp Systems Smart Lock Issue: krebsonsecurity.com/2024/04/crickets-from-chirp-systems-in-smart-lock-key-leak Delinea Secret Server SOAP API Vulnerability: helpnetsecurity.com/2024/04/15/delinea-secret-server-vulnerability Ransomware Payment Ban Debate: cybersecuritydive.com/news/ransom-payment-ban-pushback/713206 Feel free to let me know if there are any tweaks you'd like to make! Follow us on Instagram: https://www.instagram.com/the_daily_decrypt/ Thanks to Jered Jones for providing the music for this episode. https://www.jeredjones.com/ Logo Design by https://www.zackgraber.com/ Tags for the Episode: Cybersecurity, Chirp Systems, Delinea, Ransomware, Smart Lock Security, API Vulnerability, Digital Safety, Cyber Attack, Security Breach, Tech News Search Phrases: Chirp Systems smart lock security issues Delinea SOAP API vulnerability fix Ransomware payment policy debate Cybersecurity latest news Smart lock vulnerabilities and solutions How to secure digital locks from hackers API security breaches and responses Impact of ransomware payment bans Expert analysis on Chirp Systems breach Preventing unauthorized access in smart devices Transcript: Apr16 Welcome back to the Daily Decrypt. Chirp system's smart locks are compromised With hard coded credentials, potentially unlocking 50, 000 U. S. homes remotely, warns the U. S. Cybersecurity Infrastructure Security Agency, highlighting severe oversight in digital security protocols. What can be done to secure these smart locks and prevent unauthorized remote access? Delinea acted swiftly to patch a critical vulnerability in their secret server SOAP API, which could have allowed attackers to gain administrative access and seize sensitive data. And finally, ransomware victims in the US shelled out 1. 5 billion between May 2022 and June of 2023 amidst heated debates over the effectiveness of ransomware payment bans, as highlighted by the Institute for Security and Technology. What strategies are cybersecurity experts recommending to reduce ransom payments without implementing a ban? In a recent warning issued by the U. S. Cybersecurity and Infrastructure Security Agency, or CISA, an estimated 50, 000 smart locks across the country are vulnerable to breaches due to hard coded credentials that allow remote access. These locks, developed by Chirp Systems, have been criticized for storing sensitive access information within their source code, making them susceptible to unauthorized entries with a CVSS severity rating of 9. 1 out of 10. Despite these concerns, Chirp Systems has yet to respond or collaborate with CISA to address these vulnerabilities. The issue first came to light when Matt Brown, a senior systems development engineer at Amazon Web Services, detected the flaw. Brown, while installing the Chirp app to his Access His Apartment, opted to scrutinize the app's security. He discovered that the app stored passwords and private keystrings in a decodable format, leaving residence doors wide open to potential hackers. In response to his findings, Brown approached his leasing office, which provided him with a 50 NFC key fob as a workaround. However, Brown pointed out that the FOB still transmitted the credentials in plain text, vulnerable to cloning via NFC enabled devices. The parent company of Chirp Systems, RealPage, Inc., is currently facing legal challenges including a massive lawsuit supported by the U. S. Department of Justice and multiple state attorneys general. The suits accuse RealPage of using its software to artificially inflate rents through collusion with landlords, employing algorithms that limit negotiation and push maximum possible rents on tenants. In a swift response to a security breach, Delinea, a leading provider of privileged access management solutions, recently addressed a critical vulnerability in their secret server SOAP API. The company first became aware of the issue late last week and took immediate action by blocking SOAP endpoints for its cloud customers. This precaution was necessary to mitigate any potential unauthorized access. while the cloud service was patched on the same day. By Saturday, Delenia confirmed their awareness of the vulnerability and assured that their engineering and security teams had conducted thorough investigations, revealing no evidence of compromised customer data or attempts to exploit the flaw. By Sunday, the company had released an update for Secret Server on premises, version 11. 7. 000001. Effectively fixing the vulnerability and announcing forthcoming patches for earlier versions upon completion of testing. Moreover, Delinea has provided a guide for customers using on premise versions to help determine if their systems were compromised. This includes instructions to generate custom reports to trace potentially unauthorized access, particularly from unfamiliar IP addresses which could indicate malicious activity. Kevin Beaumont, a security researcher, noted that the temporary unavailability of Delinia's secret server cloud last Friday stemmed from a published blog post by security engineer Johnny Yu, who discovered the vulnerability. Yu's post, which included a proof of concept for creating a golden token allowing admin access, was crucial in prompting the company's rapid response. Delinia has also established a continuous monitoring process updates on their service status to ensure ongoing security for their users. They urge all users to review any unusual audit records and verify the authenticity of the secret server mobile application access as part of their comprehensive security measures. In a report issued this past Wednesday, the Institute for Security and Technology's Ransomware Task Force has decided against the need for a ransomware payment ban. The report highlights several reasons, including concerns that a ban might discourage victims from reporting ransom payments, potentially pushing these transactions underground, and the complexity of any Exempting critical infrastructure. Instead of implementing a ban, the task force recommends focusing on 16 milestones they believe will effectively reduce ransom payments. And there's a quote from the RTF co chairs from an email that says, while a ban may be an easier policy lift than activities designing to drive preparedness, it will almost certainly create the wrong kind of impact. They noted a decline in organizations making payments, suggesting that current strategies may already be making an impact. Despite the resistance to a payment ban, the task force revealed that more than half of their proposed measures are already in progress or completed. These include significant policy changes like the requirement for publicly traded companies to report substantial cyber incidents, and the upcoming rule from CISA mandating that US critical infrastructure entities quickly report cyber attacks and ransom payments. The discussion on how best to tackle ransomware continues to evolve. While the Biden administration previously steered clear of a complete ban on ransomware payments, there are renewed calls for reconsidering this policy. Brett Callow, a threat analyst at Emsisoft, is an outspoken supporter of a ban, suggesting that even if attackers may not be aware of state level bans, a national policy might have a significant deterrent effect. The Ransomware Task Force, by figures like Kemba Walden, the former acting National Cyber Director, advocates for bolstering existing efforts rather than imposing new bans, indicating a strategic commitment to enhance cybersecurity resilience amidst ongoing debates. That's all I got for you today. Thanks for tuning in to this quick, news focused episode. Be sure to tune in later this week for a discussion on HackspaceCon, which just took place last weekend in Florida at Kennedy Space Center. Still working on editing that episode, but dogespan and I discussed our key takeaways and we wanted to share them with you. So stick around for that.

(3/6/24) - In today's Federal Newscast: When it comes to safety, many federal buildings can't keep up, according to the Government Accountability Office. The National Cyber Director is touting progress on the White House's cyber efforts. And a new House bill specifies how agencies should buy, use and manage artificial intelligence. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Today's guest is Tim Starks from the Washington Post's Cybersecurity 202 with China's influence operations in Taiwan, along with a look back at 2023. We'll touch on Microsoft's Patch Tuesday and why outdated password policies are still a problem. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today's guest is Tim Starks from the Washington Post's Cybersecurity 202. Tim and Dave discuss China's influence operations in Taiwan, along with a look back at 2023.  Selected Reading UK at high risk of ‘catastrophic ransomware attack', report says (The Guardian) Roll Call Vote 118th Congress - 1st Session  (United States Senate) How Does Access Impact Risk? (IST) API and App Security: Q3 2023 Snapshot (ThreatX) The Kids Aren't Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data (tenable) Press and pressure: Ransomware gangs and the media (Sophos) BazarCall Attack Leverages Google Forms to Increase Perceived Credibility (Abnormal) Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads (esentire) Spider-Man 2 developer Insomniac Games hit by Rhysida ransomware attack  (cyberdaily) Microsoft Patch Tuesday December 2023 (Sans) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at  Russia's AI-powered Doppelgänger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Camille Stewart Gloster, Deputy National Cyber Director, Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Camille shares her views on women in cybersecurity, their efforts in diversity, equity and inclusion and what she sees for the future. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/231 Selected Reading Governments spying on Apple, Google users through push notifications - US senator (Reuters)  Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian AI-generated propaganda struggles to find an audience (CyberScoop) How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) Russia's Fancy Bear launches mass credential collection campaigns (CSO) The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos) Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (CISA) CVE-2023-26360 Detail (NIST) SEC on 23andMe breach (SEC)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

FraudGPT is a chatbot with malign intent. Stealer logs in the C2C market. Signs in the blockchain that some Conti alumni are working with the Akira gang. Tim Starks from Washington Post's Cybersecurity 202 on the White House's new National Cyber Director nominee. Maria Varmazis speaks with David Luber, Deputy Director of NSA's Cybersecurity Directorate, on space systems as critical infrastructure. And a kinetic strike against a cyber target: Ukrainian drones may have hit Fancy Bear's Moscow digs. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/141 Selected reading. FraudGPT: The Villain Avatar of ChatGPT (Netenrich)  Stealer Logs & Corporate Access (Flare) Over 400,000 corporate credentials stolen by info-stealing malware (BleepingComputer) The Alarming Rise of Infostealers: How to Detect this Silent Threat (The Hacker News) Conti and Akira: Chained Together (Arctic Wolf) Ukraine-Russia war: Ukraine vows further drone strikes on Moscow and Crimea (The Telegraph) 

In this special episode of the CAFE Insider podcast, former Acting U.S. Deputy Attorney General John Carlin interviews Chris Inglis, while Preet and Joyce are out. Inglis recently served as the first U.S. National Cyber Director, in which role he advised President Biden on cybersecurity issues and helped develop a national cyber strategy. Before that, Inglis served as Deputy Director of the National Security Agency. In this excerpt from the interview, Inglis discusses the risks artificial intelligence poses for national security, including:   – The “black box problem” of AI algorithms; – The use of AI in cyberattacks;  – The AI arms race among United States, China, and Russia; and – The potential use of generative AI to spread misinformation ahead of the 2024 election. In the full interview, Inglis breaks down the job of the National Cyber Director and the Biden administration's cyber strategy. Stay informed. For analysis of the most important legal and political issues of our time, become a member of CAFE Insider for one month for $1.00: www.cafe.com/insider. You'll get access to full episodes of the podcast, and other exclusive benefits. This podcast is brought to you by CAFE Studios and Vox Media Podcast Network.  Check out other CAFE podcasts: Now & Then, Up Against The Mob Learn more about your ad choices. Visit podcastchoices.com/adchoices

Chris Inglis has had an illustrious career in the defense of this country, serving as an Air Force general, deputy director of the National Security Agency, and most recently as the first National Cyber Director in the White House. Chris stepped down from his position last week, and he sat down for his first interview as a private citizen with David Kris, Lawfare contributor and former assistant attorney general for the National Security Division, and Bryan Cunningham, Lawfare contributor and executive director of the University of California, Irvine's Cybersecurity Policy & Research Institute. They talked about a wide range of cyber topics, including the newly minted National Cyber Strategy, protection of critical infrastructure, cyber insurance, competition in the international front, and more.Support this show http://supporter.acast.com/lawfare. Hosted on Acast. See acast.com/privacy for more information.