CyberWire Daily

Technical account manager Dominique West takes us on her career journey from engineering to cybersecurity. Even though her undergraduate degree was in information systems, Dominique did not learn about cybersecurity until she personally experienced credit card fraud. She had a range of positions from working the help desk in an art museum to vulnerability management and cloud security. Dominique mentions remembering feeling isolated as the only black person and one of few women in many situations. These experiences spurred her into action to create Security in Color to help others navigate their way into cybersecurity and share resources are available to them. Dominique recommends those interested in cybersecurity to go ahead and get your hands dirty out there; figure out what you like and what you don't like and do community. We thank Dominique for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

The U.S. sanctions Russian and Iranian groups over election misinformation. Apple settles a class action lawsuit over Siri privacy allegations. DoubleClickjacking exploits a timing vulnerability in browser behavior. FireScam targets sensitive info on Android devices. ASUS issues a critical security advisory for several router models. A former crypto boss faces extradition amidst allegations of defrauding investors out of more than $40 billion. HHS unveils proposed updates to HIPAA. Millions of email servers have yet to enable encryption. Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security discussing the complexities of safeguarding critical infrastructure. Using Doom to prove you’re human.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security. Joe joins us to discuss the complexities of safeguarding critical infrastructure amid the looming threat of cyber attacks and military conflict. Selected Reading US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters (SecurityWeek) Apple Agrees $95M Settlement Over Siri Privacy Violations (Infosecurity Magazine) SysBumps - New Kernel Break Attack Bypassing macOS Systems Security (Cyber Security News) 'DoubleClickjacking' Threatens Major Websites’ Security (GovInfo Security) FireScam Android Malware Packs Infostealer, Spyware Capabilities (SecurityWeek) ASUS Routers Vulnerabilities Allows Arbitrary Code Execution (Cyber Security News) Crypto Boss Extradited to Face $40bn Fraud Charges (Infosecurity Magazine) What's in HHS' Proposed HIPAA Security Rule Overhaul? (GovInfo Security) Over 3 million mail servers without encryption exposed to sniffing attacks (Bleeping Computer) CAPTCHAs now run Doom – on nightmare mode (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese hackers breach the U.S. Treasury Department. At least 35 Chrome extensions are compromised. Federal authorities arrest a U.S. Army soldier over accusations of sensitive data stolen from AT&T and Verizon. A misconfigured Amazon cloud server exposes sensitive data from over 800,000 VW EV owners. Rhode Island confirms a data breach linked to ransomware group Brain Cipher. Ascension healthcare confirms the exposure of the personal and medical data of 5.6 million customers. A recent patch to Windows BitLocker encryption proves inadequate. A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls for espionage. The DOJ bans the sale of Americans’ sensitive data to adversarial nations. HHS proposes a HIPAA update to address cybersecurity. Our guest is Mick Baccio, Global Security Advisor at Splunk, with insights on the cybersecurity resilience gap. CISA Director Easterly looks back at 2024.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mick Baccio, Global Security Advisor at Splunk’s security research team SURGe, sharing some insights on the cybersecurity resilience gap and top cyber challenges/priorities for the public sector. You can read more about this in SURGe’s blog and whitepaper.  Selected Reading US Treasury Department breached through remote support platform (Bleeping Computer) New details reveal how hackers hijacked 35 Google Chrome extensions (Bleeping Computer) U.S. Army Soldier Arrested in AT&T, Verizon Extortions (Krebs on Security) AT&T and Verizon Say Chinese Hackers Ejected From Networks (GovInfo Security) Volkswagen leak exposes private information of 800,000 EV owners, including location data (TechSpot) Hackers Leak Rhode Island Citizens' Data on Dark Web (Infosecurity Magazine) Ascension cyberattack exposed medical data of 5.6M customers (Healthcare IT News) Patched BitLocker Flaw Still Susceptible to Hack (GovInfo Security) Palo Alto Firewalls Backdoored by Suspected Chinese Hackers (BankInfo Security) US prohibits data sales to adversarial nations (SC Media)  Massive healthcare breaches prompt US cybersecurity rules overhaul (Bleeping Computer) CISA's 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Sharon Lemac-Vincere is an academic that focuses her research on the intersection of space and cyber. She has released a report on space and cybersecurity which outlines how Scotland can lead the way in both industries.  You can connect with Sharon on LinkedIn, and read her paper on The Cyber-Safe Gateway : Unlocking Scotland's Space Cybersecurity Potential on this website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. Want to join us for an interview? Please send your pitch to [email protected] and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices