CyberWire Daily N2K Networks

The FBI seizes BreachForums. NCSC rolls out a 'Share and Defend' initiative. ESports gaming gets a level up in their security. The spammer becomes the scammer. Bitdefender is sounding the alarm. The city of Wichita gets a wake-up call. In our Threat Vector segment, host David Moulton discusses the challenges and opportunities of AI adoption with guest Mike Spisak, the Managing Director of Proactive Security at Unit 42. And no one likes a cyber budgeting blunder.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
In our Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, discusses the challenges and opportunities of AI adoption with guest Mike Spisak, Managing Director of Proactive Security at Unit 42. They emphasize the importance of early security involvement in the AI development lifecycle and the crucial role of inventorying AI usage to tailor protection measures. You can listen to the full episode here. 

Selected Reading
FBI seize BreachForums hacking forum used to leak stolen data (Bleeping Computer) 
New UK system will see ISPs benefit from same protections as government networks (The Record)
Riot Games, Cisco to Connect and Protect League of Legends Esports Through Expanded Global Partnership (Cisco) 
To the Moon and back(doors): Lunar landing in diplomatic missions (WeLiveSecurity)
New Black Basta Social Engineering Scheme (ReliaQuest)
IoT Cameras Exposed by Chainable Exploits, Millions Affected (HackRead)
Kimsuky APT Using Newly Discovered Gomir Linux Backdoor (Decipher)
Law enforcement data stolen in Wichita ransomware attack (The Record) 
Nigeria Halts Cybersecurity Tax After Public Outrage (Dark Reading) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

U.S. Senators look to enhance American leadership in AI. Federal Agencies Warn of Rising Cyberattacks on Civil Society. The Pentagon says they’re satisfied with Microsoft’s post-breach security pivots. Patch Tuesday updates. A Mississippi health system alerts users of a post-ransomware data breach. The FTC cautions automakers over data collection. CISOs feel pressure to understate cyber risks. On the Learning Layer, Sam and Joe continue their certification journey. Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2K’s Brandon Karpf about cyber civil defense clinics. A crypto mixing service developer finds himself behind bars.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2K’s Brandon Karpf at 2024 RSA Conference about cyber civil defense clinics and the CLTC. Learn about their upcoming Cyber Civil Defense Summit being held at the International Spy Museum in Washington DC next month. 

Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss how to use the midterm exam and Test Day Strategy video. 

Selected Reading
Senators Propose $32 Billion in Annual A.I. Spending but Defer Regulation (The New York Times)
Civil society under increasing threats from 'malicious' state cyber actors, US warns (The Record)
Post-data breach, DOD held 'very candid discussions' with Microsoft (DefenseScoop)
Microsoft issues patches for over 60 software vulnerabilities (Tech Monitor)
Adobe releases May 2024 fixes for critical issues in Reader, Acrobat, Illustrator and other products (BeyondMachines.net)
CISA issues ICS advisories on hardware vulnerabilities from Rockwell, SUBNET, Johnson Controls, Mitsubishi Electric (Industrial Cyber)
900k Impacted by Data Breach at Mississippi Healthcare Provider (SecurityWeek)
FTC fires 'shot across the bow' at automakers over connected-car data privacy (The Record)
Security leaders report pressure from boards to downplay cyber risks (​​ITPro)
Tornado Cash Developer Jailed for Laundering Billions of Dollars (GB Hackers)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Google patches another Chrome zero-day. UK insurance agencies and the NCSC team up to reduce ransom payments. The FCC designates a robocall scam group. Vermont passes strong data privacy laws. A malicious Python package targets macOS users. ESET unpacks Ebury malware. Don’t answer Jenny’s email. Guest is author Barbara McQuade discussing her book "Attack from Within: How Disinformation is Sabotaging America.”  The White House says, “Keep your crypto mining away from our missile silos!” 
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Guest Barbara McQuade joins us to discuss her book "Attack from Within: How Disinformation is Sabotaging America" with Caveat co host Ben Yelin. You can hear Barbara and Ben’s full conversation on last week’s episode of Caveat here. You can catch Caveat on your favorite podcast app each Thursday where hosts Dave and Ben examine the latest in surveillance, digital privacy, cybersecurity law and policy. 

Selected Reading
Google Patches Second Chrome Zero-Day in One Week (SecurityWeek)
UK Insurance and NCSC Join Forces to Fight Ransomware Payments (Infosecurity Magazine)
FCC Warns of 'Royal Tiger' Robocall Scammers (SecurityWeek)
Vermont passes data privacy law allowing consumers to sue companies (The Record)
PyPi package backdoors Macs using the Sliver pen-testing suite (Bleeping Computer)
Apple backports fix for RTKit iOS zero-day to older iPhones (Bleeping Computer)
Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain (WeLiveSecurity)
Security Experts Issue Jenny Green Email Warning For Millions (Forbes)
US government shuts down Chinese-owned cryptomine near nuclear missile base in Wyoming (Data Centre Dynamics)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

IntelBroker claims to have breached a Europol online platform. The U.S. and China are set to discuss AI security. U.S. agencies warn against BlackBasta ransomware operators. A claimed Russian group attacks British local newspapers. Cinterion cellular modems are vulnerable to malicious SMS attacks. A UK IT contractor allegedly failed to report a major data breach for months. Generative AI is a double edged sword for CISOs. Reality Defender wins the RSA Conference's Innovation Sandbox competition. Our guest is Chris Betz, CISO of AWS, discussing how to build a strong culture of security. Solar storms delay the planting of corn. 
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Guest Chris Betz, CISO of AWS, discussing how to build a strong culture of security. In his blog, Chris writes about how AWS’s security culture starts at the top, and it extends through every part of the organization. 

Selected Reading
Europol confirms web portal breach, says no operational data stolen (Bleeping Computer)
US and China to Hold Discussions on AI Risks and Security (BankInfo Security)
CISA, FBI, HHS, MS-ISAC warn critical infrastructure sector of Black Basta hacker group; provide mitigations (Industrial Cyber)
'Russian' hackers deface potentially hundreds of local British news sites (The Record)
Cinterion IoT Cellular Modules Vulnerable to SMS Compromise (GovInfo Security)
MoD hack: IT contractor concealed major hack for months (Computing)
AI's rapid growth puts pressure on CISOs to adapt to new security risks (Help Net Security)
Reality Defender Wins RSAC Innovation Sandbox Competition (Dark Reading)
Solar Storms are disrupting farmer GPS systems during critical planting time (The Verge) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Cybersecurity Sales Engineer Brandon Robinson shares how he built his career in technology and the barriers he experienced along the way. He talks about how his job involves him interacting with customers at the highest levels making sure their solution is meeting needs. In addition, Brandon describes how as a black man and a trailblazer, he's been met with resistance. His positive spin on moving ahead involves relying on himself. Brandon's advice: find your passion, don't be intimidated and you will be met with success. Our thanks to Brandon for sharing his story with us. 

Dick O'Brien from Symantec Threat Hunter team is discussing their research on “Graph: Growing number of threats leveraging Microsoft API.” The team observed an increasing number of threats that have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services.
The research states "the technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes."
The research can be found here:
Graph: Growing number of threats leveraging Microsoft API