In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. Listen to part 1 here. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adve...
Sep 29, 2024•37 min•Ep 74•Transcript available on Metacast Enjoy this encore episode where we are joined by the Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be ...
Sep 28, 2024•7 min•Ep 35•Transcript available on Metacast We are joined by Yves Younan, Senior Manager, Talos Vulnerability Discovery and Research from Cisco, discussing their work on "How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions." Cisco Talos has uncovered eight vulnerabilities in Microsoft applications for macOS that could allow attackers to exploit the system's permission model by injecting malicious libraries. By leveraging permissions already granted to these apps, attackers could gain access to sen...
Sep 28, 2024•18 min•Ep 348•Transcript available on Metacast International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users’ passwords in plaintext. Delaware’s public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulne...
Sep 27, 2024•35 min•Ep 2160•Transcript available on Metacast Salt Typhoon infiltrates US ISPs. Researchers hack the connected features in Kia vehicles.WiFi portals in UK train stations suffer Islamophobic graffiti. International partners release a joint guide for protecting Active Directory. A key house committee approves an AI vulnerability reporting bill. India’s largest health insurer sues Telegram over leaked data. HPE Aruba Networking patches three critical vulnerabilities in its Aruba Access Points. OpenAI plans to restructure into a for-profit busi...
Sep 26, 2024•34 min•Ep 2159•Transcript available on Metacast CrowdStrike’s Adam Meyers testifies before congress. The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity. Foreign adversaries claim ongoing access to presidential campaign documents. Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than ten minutes. Exploiting ChatGPT’s long-term memory. Politicians and staffers find personal data exposed on the dark web. A cr...
Sep 25, 2024•31 min•Ep 2158•Transcript available on Metacast The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybersecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on prevention, resp...
Sep 24, 2024•34 min•Ep 2157•Transcript available on Metacast The US is set to propose a ban on Chinese software and hardware in connected cars. Dell investigates a breach of employee data. Unit 42 uncovers a North Korean PondRAT and a red team tool called Splinter. Marko Polo malware targets cryptocurrency influencers, gamers, and developers. An Iranian state-sponsored threat group targets Middle Eastern governments and telecommunications.The alleged Snowflake hacker remains active and at large. German officials quantify fallout from the CrowdStrike incid...
Sep 23, 2024•37 min•Ep 2156•Transcript available on Metacast Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Roselle Safran, the CEO and Founder of KeyCaliber and one of the original contributors to the N2K CyberWire Hash Table. She interviews Tia Hopkins, the eSentire Chief Cyber Resilience Officer, to make the business case for why resilience might be the most important cyber strategy. References: Black Women in Cyber Collective, 2024. Securing Our Future: Embracing The Resilience and Brilliance of Bl...
Sep 23, 2024•26 min•Ep 98•Transcript available on Metacast Enjoy this special encore episode, where we are jjoined by Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking c...
Sep 22, 2024•7 min•Ep 34•Transcript available on Metacast In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to t...
Sep 22, 2024•40 min•Ep 73•Transcript available on Metacast Jonathan Tanner, Senior Security Researcher from Barracuda, discussing their work on "Stealthy phishing attack uses advanced infostealer for data exfiltration." The recent phishing attack, detailed by Barracuda, uses a sophisticated infostealer malware to exfiltrate a wide array of sensitive data. The attack begins with a phishing email containing an ISO file with an HTA payload, which downloads and executes obfuscated scripts to extract and transmit browser information, saved files, and credent...
Sep 21, 2024•23 min•Ep 347•Transcript available on Metacast An FTC report confirms online surveillance and privacy concerns. Ukraine bans Telegram for state and security officials. Sensitive customer data from India’s largest health insurer is leaked. German law enforcement shuts down multiple cryptocurrency exchange services. HZ RAT sets its sights on macOS systems. Stolen VPN passwords remain a growing threat. Law enforcement dismantles the iServer phishing-as-a-service platform. Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for N...
Sep 20, 2024•34 min•Transcript available on Metacast The US government disrupts China’s Raptor Train botnet. A phishing campaign abuses GitHub repositories to distribute malware.Ransomware group Vanilla Tempest targets U.S. healthcare providers.Hackers demand $6 million for stolen airport data. The FCC opens applications for a $200 million cybersecurity grant program. GreyNoise Intelligence tracks mysterious online “Noise Storms”. Scammers threaten Walmart shoppers with arrest. CISA adds five critical items to its known exploited vulnerabilities l...
Sep 19, 2024•38 min•Ep 2154•Transcript available on Metacast Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups’ disinformation campaigns. California’s Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Glob...
Sep 18, 2024•30 min•Ep 2153•Transcript available on Metacast The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting soft...
Sep 17, 2024•31 min•Ep 2152•Transcript available on Metacast The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apple’s Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach. SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up creden...
Sep 16, 2024•38 min•Ep 2151•Transcript available on Metacast Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing. References: White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC. Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To impr...
Sep 16, 2024•25 min•Ep 97•Transcript available on Metacast Enjoy this encore of Carerr Notes, where the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An oppor...
Sep 15, 2024•7 min•Ep 33•Transcript available on Metacast Alex Delamotte, Threat Researcher from SentinelOne Labs, joins to share their work on "Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials." SentinelOne’s Labs team has uncovered new research on Xeon Sender, a cloud hacktool used to launch SMS spam attacks via legitimate APIs like Amazon SNS. First seen in 2022, this tool has been repurposed by multiple threat actors and distributed on underground forums, highlighting the ongoing trend of SMS spam through cloud services and Saa...
Sep 14, 2024•19 min•Ep 349•Transcript available on Metacast Fortinet reveals a data breach. The feds sanction a Cambodian senator for forced labor scams. UK police arrest a teen linked to the Transport for London cyberattack. New Linux malware targets Oracle WebLogic. Citrix patches critical Workspace app flaws. Microsoft unveils updates to prevent outages like the CrowdStrike incident. U.S. Space Systems invests in secure communications. Illegal gun-conversion sites get taken down. Tim Starks of CyberScoop tracks Russian hackers mimicking spyware vendor...
Sep 13, 2024•32 min•Ep 2150•Transcript available on Metacast The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over W...
Sep 12, 2024•34 min•Ep 2149•Transcript available on Metacast Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2K’s Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test. Hard Drive Heaven: How Iconic Music Sessions Are Disappearing. Remember to leave us a 5-star rating and rev...
Sep 11, 2024•29 min•Ep 2148•Transcript available on Metacast For the 20th anniversary of 9/11 in 2021, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center. Read Rick's related essay and check out his original notes of 9/11/01 written in the weeks following the attacks. Learn more about your ad choices. Visit megaphone.fm/adchoices
Sep 11, 2024•30 min•Ep 5572•Transcript available on Metacast On this Solution Spotlight, guest Dr. Mary Haigh, Global CISO of BAE Systems, speaks with N2K President Simone Petrella about moving beyond the technical to build a cybersecurity team. Learn more about your ad choices. Visit megaphone.fm/adchoices
Sep 11, 2024•29 min•Ep 72•Transcript available on Metacast Crimson Palace targets Asian organizations on behalf of the PRC. Europe’s AI Convention has lofty goals and legal loopholes. The NoName ransomware gang may be working as a RansomHub affiliate. Wisconsin Physicians Service Insurance Corporation, SLIM CD, and Acadian Ambulance Service each suffer significant data breaches. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Researchers from Ben-Gurion University in Israel develop new techniques to exfiltrate data from a...
Sep 10, 2024•31 min•Ep 2147•Transcript available on Metacast Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK’s National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and g...
Sep 09, 2024•33 min•Ep 2146•Transcript available on Metacast Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the ha...
Sep 08, 2024•7 min•Ep 35•Transcript available on Metacast This week, N2K's very own Brandon Karpf sits down with Kevin Lentz, Team Leader of the Cyber Pacific Project at the Global Disinformation Lab, and they discuss the recent threatcasting report "Cyber Competition in the Indo-Pacific Gray Zone 2035." This report, developed using the Threatcasting Method, examines how the U.S. and Indo-Pacific allies can coordinate their cyber defense efforts in response to future competition with China. It presents findings, trends, and recommendations based on twe...
Sep 07, 2024•27 min•Ep 345•Transcript available on Metacast Cadet Blizzard is part of Russia’s elite GRU Unit. Apache releases a security update for its open-source ERP system. SonicWall has issued an urgent advisory for a critical vulnerability. Researchers uncover a novel technique exploiting Linux’s Pluggable Authentication Modules. Google’s kCTF team has discloses a critical security vulnerability affecting the Linux kernel’s netfilter component. Predator spyware has resurfaced. US health care firm Confidant Health exposes 5.3 terabytes of sensitive ...
Sep 06, 2024•45 min•Ep 2145•Transcript available on Metacast 
