The CyberWire Daily

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Eine durchschnittliche Folge dieses Podcasts dauert 21m. Bisher sind 1834 Folge(n) erschienen. Dieser Podcast erscheint täglich.

Gesamtlänge aller Episoden: 26 days 22 hours 8 minutes


episode 63: Jennifer Walsmith: Pioneering and defining possible. [Cyber Solutions] [Career Notes]

Vice President for Cyber and Information Solutions within Mission Systems at Northrop Grumman, Jennifer Walsmith takes us on her pioneering career journey.



episode 197: Exploring vulnerabilities of off-the-shelf software. [Research Saturday]

Guest Tomislav Peričin, Reversing Labs' Chief Software Architect and Co-Founder, joins Dave to discuss his team's research that addresses the importance of validating third-party software components as a way to manage the risks that they can introduce. Developing software solutions is a complex task requiring a lot of time and resources...



episode 1401: Warm wallet pilferage. Advice on reducing the ransomware risk. Regulatory action in the T-Mobile breach. China’s privacy law. FTC refiles monopoly complaint against Facebook. Better MICE traps?

Pilferage reported from Liquid Global’s alt-coin warm wallets. CISA offers advice on reducing the risk of ransomware. The FCC is looking into the T-Mobile breach, and Moody’s raises questions about the telco’s risk management. China passes its own version of GDPR. The FTC refiles its monopoly complaint against Facebook. Caleb Barlow on 3rd Party Breach Notifications and finding out if your information is being traded on the dark web...



episode 1400: T-Mobile outlines what it’s offering customers hit by its data breach. Taliban on good T&C behavior? Apple’s CSAM. OS bug may affect medical devices. A report on 2020’s US Census Bureau hack.

T-Mobile describes what it intends to do for those who may have been affected by its big data breach. The Taliban is taking care not to get banned from social media. Apple defends its CSAM measures against a technical objection, but advocacy groups see a slippery policy slope. The US FDA warns of vulnerabilities in an OS used by medical devices. A report on a 2020 incident at the US Census Bureau. David Dufour shares a few surprises from Webroot’s 2021 Threat Report...



episode 1399: Taliban seizes HIIDE devices. T-Mobile customer data compromised. Ransomware attack against Brazil’s Treasury. Social engineering espionage. Ransomware vs. sewers. IoT bug disclosed.

The Taliban now has, among other things, a lot of biometric devices. T-Mobile concludes that some customer data were compromised in last week’s incident. InkySquid’s in the watering hole. Brazil’s Treasury sustained, and says it contained, a ransomware attack. Siamese Kitten’s social engineering on behalf of Tehran. Sewage systems hacked in rural Maine. Josh Ray from Accenture Security on what nation state adversaries may have learned from observing the events surrounding Colonial pipeline...



episode 1398: Consequence of the Taliban victory for influence operations and information security. Privateering gangs described. Data exposures, data compromises.

Al Qaeda online sources cheer the Taliban’s ascendancy. The new rulers of Afghanistan are likely to have acquired a good deal of sensitive data along with political rule and a quantity of US-supplied military equipment. Terrorist watchlist data were found in an exposed server (now taken offline). Connections between gangland and Russian intelligence. T-Mobile was hacked, but it’s unclear what if any data were compromised...


 2021-08-17  23m

episode 1397: Possible consequences of Afghanistan’s fall to the Taliban. Non-state actors’ political motives. Poly Network rewards “Mr. White Hat.” C2C offering will check your alt-coin. Breach at T-Mobile?

The Taliban has effectively taken control of Afghanistan, and the fall of Kabul is likely to have a quick, near-term effect on all forms of security. The Indra Group’s actions against Iranian interests suggest the potential of non-state, politically motivated actors. Crooks returned almost all the money rifled from DeFi provider Poly Network. A new C2C service tells hoods if their alt-coin is clean. DeepBlueMagic is a new strain of ransomware...


 2021-08-16  23m

episode 62: Rick Howard: Give people resources. [CSO] [Career Notes]

Chief Security Officer, Chief Analyst, and Senior Fellow at the CyberWire, Rick Howard, shares his travels through the cybersecurity job space.


 2021-08-15  8m

episode 196: You can add new features, just secure the old stuff first. [Research Saturday]

Guests Will Schroeder and Lee Christensen from SpecterOps join Dave to share the research they recently presented at Black Hat USA on the security of Microsoft's Active Directory Certificate Services. Their abstract: Microsoft’s Active Directory Public Key Infrastructure (PKI) implementation, known as Active Directory Certificate Services (AD CS), has largely flown under the radar of both the offensive and defensive communities...


 2021-08-14  32m

episode 1396: Cyberespionage follows South Asian conflict. LockBit’s $50 million demand. Insider risk. Trend Micro warns unpatched Apex is under attack. PrintNightmare persists. Google and Apple on privacy.

ReverseRat is back and better, and it’s sniffing at Afghanistan. LockBit wants $50 million from Accenture. When employees leave, do they take your data with them? (Survey, or rather, telemetry, says yes.) Unpatched Apex One instances are under active attack. PrintNightmare continues to resist patching. Google bans SafeGraph. Apple explains what’s up with iCloud privacy. Caleb Barlow wonders if ransomware payments financing criminal infrastructure in Russia...


 2021-08-13  29m