1,513 episodes

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

The CyberWire Daily CyberWire, Inc.

    • Technology
    • 4.8 • 778 Ratings

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

    Encore: You will pay for that one way or another. [Caveat]

    Encore: You will pay for that one way or another. [Caveat]

    Dave's got the story of a landlord who may run afoul of the Computer Fraud and Abuse Act, Ben wonders if the big tech CEOs could be held liable for contact tracking apps, and later in the show my conversation with Joseph Cox. He is a Senior Staff Writer at Motherboard and will be discussing his recent article How Big Companies Spy on Your Emails.
    While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. 
    Links to stories:

    Apple and Google CEOs should be held responsible for protecting coronavirus tracking data, says GOP Sen. Hawley

    The twitter thread from Dave's story


    Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com or simply leave us a message at (410) 618-3720. Hope to hear from you.

    • 36 min
    Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]

    Ann Johnson: Trying to make the world safer. [Business Development] [Career Notes]

    Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us.

    • 6 min
    Manufacturing sector is increasingly a target for adversaries. [Research Saturday]

    Manufacturing sector is increasingly a target for adversaries. [Research Saturday]

    Guest Selena Larson, senior cyber threat analyst at Dragos, Inc., joins us to discuss their research into recent observations of ICS-targeting threats to manufacturing organizations. 
    Cyber risk to the manufacturing sector is increasing, led by disruptive cyberattacks impacting industrial processes, intrusions enabling information gathering and process information theft, and new activity from Industrial Control Systems (ICS)-targeting adversaries. Dragos currently publicly tracks five ICS-focused activity groups targeting manufacturing: CHRYSENE, PARISITE, MAGNALLIUM, WASSONITE, and XENOTIME in addition to various ransomware activities capable of disrupting operations. 
    Manufacturing relies on ICS to scale, function, and ensure consistent quality control and product safety. It provides crucial materials, products, and medicine and is classified as critical infrastructure. Due to the interconnected nature of facilities and operations, an attack on a manufacturing entity can have ripple effects across the supply chain that relies on timely and precise production to support product fulfillment, health and safety, and national security objectives. 
    Ransomware adversaries are adopting ICS-aware functionality with the ability to stop industrial related processes and cause disruptive – and potentially destructive – impacts. Dragos has not observed ICS-specific malware targeting manufacturing operations on the same scale or sophistication as that used in the disruptive TRISIS and CRASHOVERRIDE malware attacks that targeted energy operations in Saudi Arabia and Ukraine, respectively. However, known and ongoing threats to manufacturing can have direct and indirect impact to operations. This report provides a snapshot of the threat landscape as of October 2020 and is expected to change in the future as adversaries and their behaviors evolve. 
    The research can be found here:
    ICS Threat Activity on the Rise in Manufacturing Sector

    • 25 min
    Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.

    Charming Kitten’s smishing and phishing. Solorigate updates. Supply chain attacks and the convergence of espionage and crime. Greed-bait. Ring patches bug. Best practices from NSA, CISA.

    Well-constructed phishing and smishing are reported out of Tehran. Estimates of SolarWinds compromise insurance payouts. Notes from industry on the convergence of criminal and espionage TTPs. Social engineering hooks baited with greed. Ring patches a bug that could have exposed users’ geolocation (and their reports of crime). Advice on cyber best practices from CISA and NSA. Robert M. Lee has thoughts for the incoming Biden administration. Our guest is Sir David Omand, former Director of GCHQ, on his book, How Spies Think: Ten Lessons in Intelligence. And an ethics officer is accused of cyberstalking.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/10

    • 26 min
    SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?

    SideWinder and South Asian cyberespionage. Project Zero and motivation to patch. CISA’s advice for cloud security. Classiscam in the criminal-to-criminal market. SolarLeaks misdirection?

    There are other things going on besides Solorigate and deplatforming. There’s news about the SideWinder threat actor and its interest in South Asian cyberespionage targets. Google’s Project Zero describes a complex and expensive criminal effort. CISA discusses threats to cloud users, and offers some security recommendations. A scam-as-a-service affiliate network spreads from Russia to Europe and North America. Awais Rashid looks at shadow security. Our own Rick Howard speaks with Christopher Ahlberg from Recorded Future on Cyber Threat Intelligence. And SolarLeaks looks more like misdirection, Guccifer 2.0-style.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/9

    • 25 min
    Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.

    Looking for that threat actor “likely based in Russia.” SolarLeaks and a probably bogus offer of stolen files. Notes on Patch Tuesday.

    Speculation grows that the Solarigate threat actors were also behind the Mimecast compromise. SolarLeaks says it has the goods taken from FireEye and SolarWinds, but caveat emptor. Notes on Patch Tuesday. Joe Carrigan has thoughts on a WhatsApp ultimatum. Our guest is Andrew Cheung of 01 Communique with an update on quantum computing. And farewell to an infosec good guy.
    For links to all of today's stories check out our CyberWire daily news brief:
    https://www.thecyberwire.com/newsletters/daily-briefing/10/8

    • 22 min

Customer Reviews

4.8 out of 5
778 Ratings

778 Ratings

jimmytoolongsmith53 ,

Best security podcast

This is among the best security podcasts out there, a great daily listen that doesn’t take too much time and you receive important information

Jason Allnutt ,

The easiest and most enjoyable way to get your cybersecurity news

I have been a subscriber to the daily Cyberwire for over a year now and it never disappoints. Each episodes is enjoyable and succinct; providing just enough information to keep me informed and not bore me. Dave’s chemistry with his usual guests are makes for easy, never awkward, listening. The daily newsletters is also a great way to follow up with particularly interesting segments of the show. I highly recommend you give it a shot as well as some of the other shows offered from the cyberwire. Have a great day!

Meatball_army ,

Hands down the best cyber security podcast

High quality, straight to the point, lightly humorous but appropriately serious tone. Exactly what I need to stay up to date and even learn a thing or two! Can’t believe how much content these guys crank out. Check out the other shows too.

Top Podcasts In Technology

Listeners Also Subscribed To