POPULARITY
The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust investigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Korea's SK Telecom confirms a cyberattack. A critical zero-day puts thousands of SAP applications at potential risk. Researchers raise concerns over AI agents performing unauthorized actions. “Policy Puppetry” can break the safety guardrails of all major generative AI models. New research tallies the high costs of data breaches. A preview of the RSAC Innovation Sandbox with Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley. Stocking hard drives full of human knowledge, just in case. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn CyberWire Guest Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley, sit down with Dave to discuss the Innovation Sandbox Contest 2025. Selected Reading Acting Pentagon CIO Signing Off on New, Faster Cyber Rules for Contractors (airandspaceforces) Top employee monitoring app leaks 21 million screenshots on thousands of users (TechRadar) Router Maker TP-Link Faces US Criminal Antitrust Investigation (bloomberg) Yale New Haven Health Notifying 5.5 Million of March Hack (bankinfosecurity) Frederick Health data breach impacts nearly 1 million patients (BleepingComputer) Hackers access sensitive SIM card data at South Korea's largest telecoms company (bitdefender) SAP Zero-Day Possibly Exploited by Initial Access Broker (SecurityWeek) Chrome Extension Uses AI Engine to Act Without User Input (Infosecurity Magazine) All Major Gen-AI Models Vulnerable to 'Policy Puppetry' Prompt Injection Attack (SecurityWeek) US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures (Infosecurity Magazine) Sales of Hard Drives for the End of the World Boom Under Trump (404media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
- For those unfamiliar, please tell us a bit about your background, as well as about RAD Security. What do you all focus on and specialize in?- Your team recently was part of the RSAC Innovation Sandbox. Can you tell us a bit about that experience, and being able to highlight the innovative capabilities of RAD to such a key audience?- You recently published a comprehensive resource on Kubernetes Security Posture Management (KSPM), what are some of the key items in there folks need to be focusing on?- The RAD security team emphasizes their fingerprint capability for Kubernetes workloads. Can you unpack that this is and how it differs from say signature based security tools and so on?- When thinking about software supply chain security, how does Kubernetes fit in, given the current digital landscape and explosive growth of Kubernetes and Containerized workloads?- You all are big proponents of runtime security, a category that is getting increased attention latest in the security industry. Why do you think runtime is so critical, compared to say some other tools or products that may focus on different aspects of the SDLC or lean into "shifting left" for example?
In this conversation, we discuss:-
In this conversation, we discuss:
In this conversation, we discuss:
Today Laura and Kevin are joined by Shashwat Sehgal, the Co-Founder and CEO of P0 Security on a bonus episode. We talk about the RSA Conference next week in San Francisco. We talk about the Innovation Sandbox and P0 Security's nomination as a top 10 finalist! We talk about Shashwat's and P0 Security's journey from the launch of your flagship product in November 2023 to being selected as a top 10 finalist for the RSAC Innovation Sandbox 2024. We hear how Shashwat envisions universal access for all identities, both human and non-human, evolving in the future and how P0 Security leverages automation. Shashwat also shares his thoughts on the current state of cloud security, and trends shaping the industry in the coming years. Shashwat Sehgal is the Co-Founder and CEO of P0 Security. He's spent most of his career building security and observability products for developers, DevOps, and security teams. Shashwat is passionate about solving the problem of cloud access security and helping security engineers control 'who has access to what sensitive resources' in their clouds. He enjoys playing tennis, spending time with his family, teaching his son how to play chess, and geeking out on all things security.The RSA Conference RSA has been a driving force behind the world's cybersecurity community. The conference is an ongoing source for timely insights, thoughtful interactions, and actionable intelligence designed to help cybersecurity professionals continually strengthen their organizations and push their careers further. The RSAC Sandbox fosters innovative advancement in multiple disciplines of cybersecurity through interactive, cutting-edge experiences.
In this conversation we discuss:
In this conversation we discuss:
Section 702 gets another two years. MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHub's comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the President's Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of RSAC 2024. Targeting kids online puts perpetrators in the malware crosshairs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We have two guests today. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists and what to look for on the innovation front at RSAC 2024. For 18 years, cybersecurity's boldest new innovators have competed in the RSAC Innovation Sandbox contest to put the spotlight on their potentially game-changing ideas. This year, 10 finalists will once again have three minutes to make their pitch to a panel of judges. Since the start of the contest, the Top 10 Finalists have collectively seen over 80 acquisitions and $13.5 billion in investments. Innovation Sandbox will take place on Monday, May 6th at 10:50am PT. Selected Reading Warrantless spying powers extended to 2026 with Biden's signature (The Record) MITRE breached by nation-state threat actor via Ivanti zero-days (Help Net Security) CrushFTP File Transfer Vulnerability Lets Attackers Download System Files (Infosecurity Magazine) Researchers Claim that Windows Defender Can Be Bypassed (GB Hackers) Ukrainian soldiers' apps increasingly targeted for spying, cyber agency warns (The Record) GitHub comments abused to push malware via Microsoft repo URLs (Bleeping Computer) Presumably Chinese industrial spies stole VW data on e-drive technology (Bleeping Computer) CISA declares winners of President's Cup cybersecurity competition, with Artificially Intelligent team leading (Industrial Cyber) Malware dev lures child exploiters into honeytrap to extort them (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.
Idan: CEO and co-founder of Apiiro, securing software supply chains for cloud native applications Founder and CEO of Aorato which was acquired by Microsoft Founder of a cybersecurity services company Fellow surfer! Check out the episode for our discussion on contextualizing application security risk, acquisition decision-making, and RSA's Innovation Sandbox challenge. Links: https://apiiro.com/
Pro-Russian DDoS attacks. Sanctions and their effect on ransomware. BlackCat wants $5 million from Carinthia. A fraudster pressures Verizon. Spain will tighten judicial review of intelligence services. Johannes Ullrich looks at VSTO Office Files. Our guests are Cecilia Marinier and Niloo Howe with a preview of the RSAC Innovation Sandbox. CISA releases ICS advisories and with its partners issue guidelines for evaluating 5G implementation. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/11/103 Selected reading. Hacktivists Expanding DDoS Attacks as Part of International Cyber Warfare Strategy (Imperva) Cyberattacks against UK CNI increase amidst Russia-Ukraine war (Intelligent CIO Europe) A cyberwar is already happening in Ukraine, Microsoft analysts say (NPR.org) NSA: Sanctions on Russia Having a Positive Effect on Ransomware Attacks, Attempts Down Due to Difficulty Collecting Ransom Payments (CPO Magazine) BlackCat/ALPHV ransomware asks $5 million to unlock Austrian state (BleepingComputer) Hacker Steals Database of Hundreds of Verizon Employees (Vice) Drupal Releases Security Updates (CISA) Keysight N6854A Geolocation server and N6841A RF Sensor software (CISA) Horner Automation Cscape Csfont (CISA) Spain vows legal reforms in wake of spying allegations (MSN) Spain's PM vows to reform intelligence services following phone hacking scandal (The Record by Recorded Future) Spain set to strengthen oversight of secret services after NSO spying scandal (Times of Israel) CISA and DoD Release 5G Security Evaluation Process Investigation Study (CISA)
FireEye provides an overview of the DarkSide ransomware-as-a-service operation. Forcepoint suggests a connection between DarkSide and other ransomware gangs, notably REvil. Colonial Pipeline continues its recovery efforts from the cyber attack it sustained. As ransomware grows more common, CISA offers advice on how to prepare defenses. A new Android banking Trojan is in circulation. Cecelia Marinier from RSA on the RSAC Innovation Sandbox. Bret Arsenault from Microsoft previews his new Microsoft CISO podcast. And yesterday, of course, was Patch Tuesday. For links to all of today's stories check out our CyberWire daily news brief: https://www.thecyberwire.com/newsletters/daily-briefing/10/91
In this chat I welcome Nathan Burke to the show. Nathan is the Chief Marketing Officer at Axonius, a company solving what he calls “the least sexy part of cybersecurity” - asset management. Axonius was the winner of the 2019 RSAC Innovation Sandbox, and was named SC Magazine's Rookie Security Company of the Year. Nathan is passionate about bringing new technologies to market to solve real problems. And he must be, because Axonious is now his third cybersecurity startup. Nathan and I have a great chat about his concept of matching your marketing to phase, from Idea, to Product, to Scale. We talk about fear and hope as effective messages, and Nathan had the memorable quote that starts…”the next time there’s a breach, open your window and you’ll hear the sound of 10 thousand…” Nathan had two great and unexpected book recommendations: Decoded, by Jay Z The Presentation of Self in Everyday Life by Erving Goffman Nathan recommend you follow @MalwareJake for his info and his humor and @lennyzeltser for his insight and more. You can learn more about Axonius at axonius.com and connect with Nathan on LinkedIn, where he says he is much more active than on Twitter! Learn more about your ad choices. Visit megaphone.fm/adchoices
The team at Axonius often jokingly refer to themselves as the most “boring startup” around, but their industry peers don’t see it that way. The company just so happens to be one of the hottest in cybersecurity having been named “Most Innovative Startup” at the recent RSA Conference and SC Magazine’s “Rookie Security Company of the Year”. Axonius is a cybersecurity asset management platform providing actionable visibility and policy enforcement for all assets and users. Essentially the company is solving what they call the least sexy part of cybersecurity, which is the asset management problem. But once again, they are being incredibly modest. The RSA Conference is the world’s leading information security conferences and expositions, announced that Axonius was selected winner of the fourteenth-annual RSAC Innovation Sandbox Contest. A panel of leading venture capitalists, entrepreneurs and industry veterans judged the contest and named Axonius RSAC’s “Most Innovative Startup 2019.” “I am blown away that the judges recognized a problem as mundane as asset management to be the winner this year,” said Nathan Burke, chief marketing officer of Axonius. “It is amazing that a really big and nagging problem that hasn’t been solved yet is something that the judges decided is worthy of winning.” In its fourteenth year, the RSAC Innovation Sandbox Contest is a leading platform for startups to showcase their groundbreaking technologies that have the potential to transform the cybersecurity industry. In the past five years alone, the RSAC Innovation Sandbox Contest’s top 10 finalists have collectively seen 14 acquisitions and have received over $2.2 billion in investments. Past winners include companies such as Phantom, Invincea, UnifyID and, most recently, BigID. For a more complete picture of where past RSAC Innovation Sandbox participants stand today, visit the RSAC Innovation Sandbox Leaderboard, powered by Crunchbase, for updated status and funding totals. I wanted to learn more about the Axonius story and what inspired them to solve a nagging problem experienced by every business but hadn't been solved, until now. Nathan Burke joins me on my daily tech podcast to share his journey with Axonius and also the inspirational story of exactly how they earned the award of the “Most Innovative Startup 2019.” at the RSAC Innovation Sandbox Contest
In today’s podcast, we hear that an aluminum manufacturing giant in Norway has suffered a major ransomware attack. A new version of the Mirai botnet malware is targeting enterprise systems. The US Homeland Security Secretary says the private sector and the government in the United States need to work together against cyber threats. Europol has a new cyber incident response strategy. And cybersecurity executives say some vendors’ marketing tactics are having a detrimental effect on the security industry. Johannes Ullrich from SANS and the ISC Stormcast Podcast on hardware security issues at the perimeter. Guest is Nathan Burke from Axonius, winners of the 2019 RSAC Innovation Sandbox competition. For links to all of today's stories check our our CyberWire daily news brief: https://thecyberwire.com/issues/issues2019/March/CyberWire_2019_03_19.html Support our show
They say if you live long enough . . . Few things give me greater pleasure than seeing my friends well earned success. Rich Mogull and Mike Rothman (along with Adrian Lane, Jody Brazil & Brandy Peterson) have been chasing a dream for more than a few years now. How to make the SecOps persons life easier, while bringing security into the age of DevOps, automation, agile, CI/CD, etc. Say hello to DisruptOps (http://www.disruptops.com). I first interviewed Mike about DisruptOps a few months ago. The company was just emerging from stealth. While they are still in preview, they were one of hundreds of companies that threw their hat into the ring for the prestigious RSAC Innovation Sandbox. Very proud to report that they were one of 10 finalists selected for this years program. If history is any guide, the fact they made the final cut is a good indicator of success to come. And well it should frankly. This founding team are some of the most dynamic, talented and smartest people I know in the business. I had a chance to sit down with Rich Mogull and Mike Rothman to discuss what is driving DisruptOps and what the disruption is all about. Have a listen as we talk about it from the executive view, the security admin view and the market view. Also be sure to check out DisruptOps at DevOps Connect: DevSecOps Days at RSAC, Monday, March 4th. https://www.devopsconnect.com/event/devops-connect-devsecops-days-rsac-2019/ Rich is also on a panel at the event as well as several other sessions at RSAC this year. Enjoy!
RSA Conference is where the world comes to meet Security. For the last 14 years, the Innovation Sandbox Contest was where you could find out what the up and coming companies in security were up to. This year RSAC is doing something else in addition. The Launch Pad is where to come to if you have a great idea. You can pitch to VCs, the community and your peers - get great feedback. https://www.rsaconference.com/events/us19/agenda/rsac-launch-pad In this chat we speak with Cecilia Marinier of RSAC about Sandbox, Launch Pad and so much more that is RSAC. Listen to the chat, go to RSAC and enjoy.
Dr. Hugh Thompson, Paul Kocher, and Edward L Haletky talk about RSA Conferences Innovation Sandbox. An Amazing Event for Innovators in Security.
Youtube video podcast #14. Oliver Friedrichs discuss the RSA Innovation Sandbox. Oliver is CEO of the winning entrant: Phantom. Phantom provides orchestration and automation for Security