CyberWire Daily

• Will Plankey lead CISA to victory?

  The White House names their nominee for CISA’s top spot. Patch Tuesday updates. Apple issues emergency updates for a zero-day WebKit vulnerability. Researchers highlight advanced MFA-bypassing techniques. North Korea's Lazarus Group targets cryptocurrency wallets and browser data. Our guest today is Rocco D’Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Making sense of the skills gap paradox.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Rocco D’Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Selected Reading Trump nominates Sean Plankey as new CISA director (Tech Crunch) CISA worker says 100-strong red team fired after DOGE action (The Register) March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days (Hackread) ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens (SecurityWeek) CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild (Cyber Security News) Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks (Cyber Security News) Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (Cyber Security News) North Korean Lazarus hackers infect hundreds via npm packages (Bleeping Computer) Welcome to the skills gap paradox (Computing) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  32:09
• X marks the hack.

  X-Twitter had multiple waves of outages yesterday. Signal’s president warns against agentic AI. A new lawsuit alleges DOGE bypassed critical security safeguards. Is the Five Eyes Alliance fraying? The Minja attack poisons ai memory through user interaction. Researchers report increased activity from the SideWinder APT group. A critical Veritas vulnerability enables remote code execution. A Kansas healthcare provider breach exposes 220,000 patients’ data. New York sues Allstate over data exposure in insurance websites. CISA warns of critical Ivanti and VeraCode vulnerabilities. FTC to refund $25.5 million to victims of tech support scams. On our Industry Voices segment, we are joined by Gerald Beuchelt, CISO at Acronis, who is discussing how threat research and intelligence matter to MSPs. The UK celebrates a record-breaking CyberFirst Girls Competition.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Gerald Beuchelt, CISO at Acronis, who is discussing how threat research and intelligence matter to MSPs. Selected Reading Hackers Take Credit for X Cyberattack (SecurityWeek) X users report login troubles as Dark Storm claims cyberattack (Malwarebytes) Signal President Meredith Whittaker calls out agentic AI as having 'profound' security and privacy issues (TechCrunch) Lawsuit Says DOGE Is Ignoring Key Social Security Data Rules (BankInfo Security) As Trump pivots to Russia, allies weigh sharing less intel with U.S. (NBC News) MINJA sneak attack poisons AI models for other chatbot users (The Register) SideWinder APT Group Attacking Military & Government Entities With New Tools (Cyber Security News) Critical Veritas Vulnerability Let Attackers Execute Malicious Code (Cyber Security News) Kansas healthcare provider says more than 220,000 impacted by cyberattack (The Record) Allstate sued for exposing personal info in plaintext (The Register) CISA Urges All Organizations to Patch Exploited Critical Ivanti Vulnerabilities (Infosecurity Magazine) FTC will send $25.5 million to victims of tech support scams (Bleeping Computer) Record Number of Girls Compete in CyberFirst Contest (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  36:00
• software bill of materials (SBOM) (noun) [Word Notes]

  Please enjoy this encore of Word Notes. A formal record containing the details and supply chain relationships of various components used in building software.  Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  6:59
• PHP flaw sparks global attack wave.

  PHP exploits are active in the wild. Security researchers discover undocumented commands in a popular Wi-Fi and Bluetooth-enabled microcontroller. The ONCD could gain influence in this second Trump administration. The Akira ransomware gang leverages an unsecured webcam. Mission, Texas declares a state of emergency following a cyberattack. The FBI and Secret Service confirm crypto-heists are linked to the 2022 LastPass breach. A popular home appliance manufacturer suffers a cyberattack. Switzerland updates reporting requirements for critical infrastructure operators.  Our guest is Errol Weiss, Chief Security Officer at the Health-ISAC, who warns “the cavalry isn’t coming—why the private sector must take the lead in critical infrastructure cybersecurity.” A termination kill switch leads to potential jail time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have Errol Weiss, Chief Security Officer at the Health-ISAC, sharing his take “the cavalry isn’t coming—why the private sector must take the lead in critical infrastructure cybersecurity.” Selected Reading Mass Exploitation of Critical PHP Vulnerability Begins (SecurityWeek) Undocumented commands found in Bluetooth chip used by a billion devices (Bleeping Computer) White House cyber director’s office set for more power under Trump, experts say (The Record) Ransomware gang encrypted network from a webcam to bypass EDR (Bleeping Computer) Texas border city declares state of emergency after cyberattack on government systems (The Record) Feds Link $150M Cyberheist to 2022 LastPass Hacks (Krebs on Security) Home appliance company Presto says cyberattack causing delivery delays (The Record) Switzerland Mandates Cyber-Attack Reporting for Critical Infrastructure (Infosecurity Magazine) Developer sabotaged ex-employer IT systems with kill switch (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  36:31
• Peter Baumann: Adding value to data. [CEO] [Career Notes]

  Please enjoy this encore of Career Notes. CEO of ActiveNav, Peter Baumann, takes us on his career journey from minor home electrical experiments to the business of data discovery. He began his career as an electrical engineer, but felt an entrepreneurial spirit was part of his makeup. Following his return to college to study business and finance, Peter talks about being set on the path to shine the light on the data to provide discovery capability. To those interested in the field, he suggests having a broad familiarity of different approaches. We thank Peter for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  8:14

More News podcasts

Trending News podcasts

About CyberWire Daily

CyberWire Daily: Podcasts in Family