Episodios

  • AI on the offensive.

    AI on the offensive.
    May 1 2025
    Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France accuses Russia’s Fancy Bear of targeting at least a dozen French government and institutional entities. SonicWall has issued an urgent alert about active exploitation of a high-severity vulnerability in its Secure Mobile Access appliances. A China-linked APT group known as “TheWizards” is abusing an IPv6 networking feature. Gremlin Stealer emerges as a serious threat. A 23-year-old Scottish man linked to the Scattered Spider hacking group has been extradited from Spain to the U.S. Senators urge FTC action on consumer neural data. New WordPress malware masquerades as an anti-malware plugin. Our guest is Andy Cao from ProjectDiscovery, the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest. Our intern Kevin returns with some Kevin on the Street interviews from the RSAC floor. Research reveals the risk of juice jacking isn’t entirely imaginary. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Andy Cao from ProjectDiscovery, who is the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest 2025 event. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Shane Harding CEO of Devicie and Nathan Ostrowski Co-Founder Petrą Security. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Ex-NSA cyber boss: AI will soon be a great exploit dev (The Register) AI makes China leading threat to US critical infrastructure, says FBI official (SC World) North Korean operatives have infiltrated hundreds of Fortune 500 companies (CyberScoop) France Blames Russia for Cyberattacks on Dozen Entities (SecurityWeek) SonicWall OS Command Injection Vulnerability Exploited in the Wild (Cyber Security News) Hackers abuse IPv6 networking feature to hijack software updates (Bleeping Computer) New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials (GB Hackers) Alleged ‘Scattered Spider’ Member Extradited to U.S. (Krebs on Security) Senators Urge FTC Action on Consumer Neural Data, Signaling Heightened Scrutiny (Cooley) New WordPress Malware as Anti-Malware Plugin Take Full Control of Website (Cyber Security News) iOS and Android juice jacking defenses have been trivial to bypass for years (Ars Technica)Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    33 m
  • How do you gain “experience” in cyber without a job in cyber? [CISO Persepctives]

    How do you gain “experience” in cyber without a job in cyber? [CISO Persepctives]
    May 1 2025
    We're sharing a episode from another N2K show we thought you might like. It's the third episode of the new season of the show CISO Perspectives with Kim Jones. Enjoy! Show Notes: While the cybersecurity industry has expanded and grown in recent years, newcomers still struggle to gain relevant "experience" before officially beginning their cyber careers. In this episode of CISO Perspectives, host Kim Jones sits down with Kathleen Smith, the Chief Outreach Officer at clearedjobs.net and the co-host of Security Cleared Jobs: Who’s Hiring & How, to discuss this dilemma and what new entrants can do to account for these difficulties. Throughout the conversation, Kathleen and Kim will discuss the challenges associated with entry-level cyber positions, how to gain meaningful experience, and how the industry as a whole contributes to this problem. Want more CISO Perspectives?: Check out a companion ⁠blog post⁠ by our very own Ethan Cook, where he breaks down key insights, shares behind-the-scenes context, and highlights research that complements this episode. It’s the perfect follow-up if you’re curious about the cyber talent crunch and how we can reshape the ecosystem for future professionals. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    42 m
  • Less CISA, more private sector power?

    Less CISA, more private sector power?
    Apr 30 2025
    DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Researchers discover a critical flaw in Apple’s AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Ryan Lasmaili Co-Founder and CEO of Vaultree and Stan Golubchik CEO and co-founder of Contraforce, here are their conversations. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading DHS Secretary Noem: CISA needs to get back to ‘core mission’ (CyberScoop) Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote (The Record) Cyber experts, Democrats urge Trump administration not to break up cyber coordination in State reorg (CyberScoop) Infosec pros rally against Trump's attack on Chris Krebs (The Register) Scattered Spider Suspected in Major M&S Cyberattack (Hackread) AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi (Cyber Security News) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA Releases Three Industrial Control Systems Advisories (CISA) Instagram's AI Chatbots Lie About Being Licensed Therapists (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    36 m
  • Trends shaping the future at RSAC.

    Trends shaping the future at RSAC.
    Apr 29 2025
    RSAC 2025 is well under way, and Kevin the Intern files his first report. Authorities say Spain and Portugal’s massive power outage was not a cyberattack. Concerns are raised over DOGE access to classified nuclear networks. The FS-ISAC launches the Cyberfraud Prevention Framework. Real-time deepfake fraud is here to stay. On today’s Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Protecting your company…with a fat joke. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector In this segment of Threat Vector, host David Moulton speaks with Daniel B. Rosenzweig, a leading data privacy and AI attorney, about the growing complexity of privacy compliance in the era of big data and artificial intelligence. Dan explains how businesses can build trust by aligning technical operations with legal obligations—what he calls “say what you do, do what you say.” They explore U.S. state privacy laws, global data transfer regulations, AI compliance, and the role of privacy-enhancing technologies. You can hear David and Daniel's full discussion on Threat Vector here and catch new episodes every Thursday on your favorite podcast app. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading RSA Conference 2025 Announcements Summary (Day 1) (SecurityWeek) ISMG Editors: Day 1 Overview of RSAC Conference 2025 (GovInfo Security) ProjectDiscovery Named “Most Innovative Startup” at RSAC™ 2025 Conference Innovation Sandbox Contest (RSAC) Krebs: People should be ‘outraged’ at efforts to shrink federal cyber efforts (The Record) NSA, CISA top brass absent from RSA Conference (The Register) Power Is Restored in Spain and Portugal After Widespread Outage (New York Times) DOGE employees gain accounts on classified networks holding nuclear secrets (NPR) New Framework Targets Rising Financial Crime Threats (GovInfo Security) The Age of Realtime Deepfake Fraud Is Here (404 Media) The one interview question that will protect you from North Korean fake workers (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    33 m
  • Lights out, lines down.

    Lights out, lines down.
    Apr 28 2025
    A massive power outage strikes the Iberian Peninsula. Iran says it repelled a “widespread and complex” cyberattack targeting national infrastructure. Researchers find hundreds of SAP NetWeaver systems vulnerable to a critical zero-day. A British retailer tells warehouse workers to stay home following a cyberattack. VeriSource Services discloses a breach exposing personal data of four million individuals. Global automated scanning surged 16.7% in 2024. CISA discloses several critical vulnerabilities affecting Planet Technology’s industrial switches and network management products. A Greek court upholds a VPN provider’s no-logs policies. Law enforcement dismantles the JokerOTP phishing tool. Our guest is Tim Starks from CyberScoop with developments in the NSO Group trial. How Bad Scans and AI Spread a Scientific Urban Legend. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Special Edition On our ⁠Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub. Along with Microsoft’s ⁠Kevin Magee⁠, Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas. Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: ⁠Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. So whether you are building your own startup or just love a good innovation story, listen in. For more information, visit the ⁠Microsoft for Startups website⁠. CyberWire Guest We are joined by Tim Starks from CyberScoop who is discussing Judge limits evidence about NSO Group customers, victims in damages trial Selected Reading Nationwide Power Outages in Portugal & Spain Possibly Due to Cyberattack (Cyber Security News) Iran claims it stopped large cyberattack on country’s infrastructure (The Record) 400+ SAP NetWeaver Devices Vulnerable to 0-Day Attacks that Exploited in the Wild (Cyber Security News) M&S warehouse workers told not to come to work following cyberattack (The Record) 4 Million Affected by VeriSource Data Breach (SecurityWeek) Researchers Note 16.7% Increase in Automated Scanning Activity (Infosecurity Magazine) Critical Vulnerabilities Found in Planet Technology Industrial Networking Products (SecurityWeek) Court Dismisses Criminal Charges Against VPN Executive, Affirms No-Log Policy (Hackread) JokerOTP Dismantled After 28,000 Phishing Attacks, 2 Arrested (Hackread) A Strange Phrase Keeps Turning Up in Scientific Papers, But Why? (ScienceAlert) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    31 m
  • Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]

    Natali Tshuva: Impacting critical industries. [CEO] [Career Notes]
    Apr 27 2025
    Please enjoy this encore episode of Career Notes. CEO and co-founder of Sternum, Natali Tshuva shares how she took her interest in science and technology and made a career and company out of it. Beginning her computer science undergraduate degree at age 14 through a special program in Israel, Natali says it opened up a new world for her. Her required service in the IDF found Natali as a member of Unit 8200, the Israeli intelligence. In the Israeli corporate space following the IDF, Natali discovered how cybersecurity could actually create impact in the real world environment and found a way to combine her cybersecurity expertise with the passion to impact critical industries like the medical industry. Natali recommends that those entering the field get some hands-on experience and use your unique strengths to find a way to make the world a better place. We thank Natali for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    8 m
  • Microsoft for Startups: The benefits of the cyber startup ecosystem. [Special Edition]

    Microsoft for Startups: The benefits of the cyber startup ecosystem. [Special Edition]
    Apr 27 2025
    Welcome to the Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft. In this episode, we are shining a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. This episode is part of our exclusive RSAC series where we dive into the real world impact of the Microsoft for Startups Founders Hub. Along with Microsoft’s Kevin Magee, Dave Bittner talks with an entrepreneur and startup veteran, and founders from three incredible startups who are part of the Founders Hub, each tackling big problems with even bigger ideas. Dave and Kevin set the stage speaking with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur. Dave and Kevin then speak with three founders: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. So whether you are building your own startup or just love a good innovation story, listen in. For more information, visit the Microsoft for Startups website. Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    1 h y 15 m
  • China’s new cyber arsenal revealed. [Research Saturday]

    China’s new cyber arsenal revealed. [Research Saturday]
    Apr 26 2025
    Today we are joined by Crystal Morin, Cybersecurity Strategist from Sysdig, as she is sharing their work on "UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell." UNC5174, a Chinese state-sponsored threat actor, has resurfaced with a stealthy cyber campaign using a new arsenal of customized and open-source tools, including a variant of their SNOWLIGHT malware and the VShell RAT. Sysdig researchers discovered that the group targets Linux systems through malicious bash scripts, domain squatting, and in-memory payloads, indicating a high level of sophistication and espionage intent. Their evolving tactics, such as using spoofed domains and fileless malware, continue to blur attribution and pose a significant threat to research institutions, critical infrastructure, and NGOs across the West and Asia-Pacific regions. The research can be found here: UNC5174’s evolution in China’s ongoing cyber warfare: From SNOWLIGHT to VShell Learn more about your ad choices. Visit megaphone.fm/adchoices
    Más Menos
    26 m
adbl_web_global_use_to_activate_webcro768_stickypopup