CyberWire Daily

• Kristin Strand: Be firm in your goals. [Consultant] [Career Notes]

  Please enjoy this encore of Career Notes. Cybersecurity Associate Consultant at BARR Advisory, Kristin Strand, shares her journey from the military to teaching and now to cybersecurity. Kristin shares how she'd wanted to be a teacher since she was young. She joined the Army to help pay for college and throughout her career has taken advantage of programs to help her move on to her next challenge. From teaching, Kristin decided to transition to IT and came to cybersecurity through a Department of Labor program. She's also currently training to be a drill sergeant. Kristin advises you stand firm to your goals and know what you want. It will come around. We thank Kristin for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  7:56

  --------

  7:56
• Smile for the malware. [Research Saturday]

  Eclypsium researchers Jesse Michael and Mickey Shkatov to share their work on "BadCam - Now Weaponizing Linux Webcams." Eclypsium researchers disclosed “BadCam,” a set of vulnerabilities in certain Lenovo USB webcams that run Linux and do not validate firmware signatures, allowing attackers to reflash the devices and turn them into BadUSB-style tools. An adversary who supplies a backdoored camera or who gains remote code execution on a host can weaponize the webcam to emulate human-interface devices, inject keystrokes, deliver payloads, and maintain persistence — even re-infecting systems after OS reinstalls. The findings were presented at DEF CON 2025, Lenovo issued updated firmware/tools in coordination with SigmaStar, and researchers warn the same vector could affect other Linux-based USB peripherals, underscoring the need for firmware signing and stronger device attestation. The research can be found here: BadCam: Now Weaponizing Linux Webcams Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  28:12

  --------

  28:12
• Prosper’s not so prosperous week.

  Prosper data breach reportedly affected more than 17 million accounts. Microsoft revokes certificates used in Rhysida ransomware operation. Threat actors exploit Cisco flaw to deploy Linux rootkits. Europol disrupts cybercrime-as-a-service operation. BeaverTail and OtterCookie merge and display new functionality. Singapore cracks down on social media. On our Industry Voices segment, we are joined by Danny Jenkins who is talking about defending against AI. And who let the bots out? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Danny Jenkins, CEO and Co-Founder of ThreatLocker, talking about defending against AI. You can tune into Danny’s full conversation here. Selected Reading Have I Been Pwned: Prosper data breach impacts 17.6 million accounts (BleepingComputer) Microsoft Revokes Over 200 Certificates to Disrupt Ransomware Campaign (SecurityWeek) Operation Zero Disco: Attackers Exploit Cisco SNMP Vulnerability to Deploy Rootkits (Trend Micro) Critical ConnectWise Vulnerabilities Allow Attackers To Inject Malicious Updates  (Cybersecurity News) European police bust network selling thousands of phone numbers to scammers (The Record) North Korean operatives spotted using evasive techniques to steal data and cryptocurrency (CyberScoop) New Singapore law empowers commission to block harmful online content (Reuters)  Niantic’s Peridot, the Augmented Reality Alien Dog, Is Now a Talking Tour Guide (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  26:41

  --------

  26:41
• When hackers go BIG in cyber espionage.

  F5 discloses long-term breach tied to nation-state actors. PowerSchool hacker receives a four-year prison sentence. Senator scrutinizes Cisco critical firewall vulnerabilities. Phishing campaign impersonates LastPass and Bitwarden. Credential phishing with Google Careers. Reduce effort, reuse past breaches, recycle into new breach. Qilin announces new victims. Manoj Nair, from Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. And AI faces the facts. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manoj Nair, Chief Innovation Officer at Snyk, joins us to explore the future of AI security and the emerging risks shaping this rapidly evolving landscape. In light of the recent high-severity vulnerability in Cursor, Manoj discusses how threats like tool poisoning, toxic flows, and MCP vulnerabilities are redefining what secure AI-driven development means—and why organizations must move faster to keep up. Selected Reading F5 disclosures breach tied to nation-state threat actor (CyberScoop) CISA Directs Federal Agencies to Mitigate Vulnerabilities in F5 Devices (CISA) ED 26-01: Mitigate Vulnerabilities in F5 Devices (CISA)  PowerSchool hacker sentenced to 4 years in prison (The Record)  Cisco faces Senate scrutiny over firewall flaws (The Register) Fake LastPass, Bitwarden breach alerts lead to PC hijacks (Bleeping Computer)  Google Careers impersonation credential phishing scam with endless variation (Sublime Security)  Elasticsearch Leak Exposes 6 Billion Records from Scraping, Old and New Breaches (HackRead)  Qilin Ransomware announced new victims (Security Affairs)  When Face Recognition Doesn’t Know Your Face Is a Face (WIRED) Semperis Announces Midnight in the War Room: A Groundbreaking Cyberwar Documentary Featuring the World's Leading Defenders and Reformed Hackers (PR Newswire) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  26:37

  --------

  26:37
• Prince of fraud loses crown.

  A record-breaking Bitcoin seizure. Patch Tuesday notes. Capita fined for unlawful access to personal data. Unity site skimmed by malicious script. Vietnam Airlines breached potentially exposing 20 million passengers. An automotive giant experiences a third-party breach. Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing. In our latest Threat Vector, David Moulton⁠ sits down with⁠ Harish Singh about hybrid work. And inside North Korea's blueprints for deception. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Tim Starks from CyberScoop is discussing how Sen. Peters tries another approach to extend expired cyber threat information-sharing law. Threat Vector Hybrid work has changed the game, but has your security kept up? In this segment of Threat Vector, David Moulton⁠ sits down with⁠ Harish Singh⁠, Vice President and Global Head of Infrastructure and Application Management at Wipro, to unpack the evolving cybersecurity landscape at the intersection of digital transformation, SaaS expansion, and AI-powered operations. You can listen to their full discussion here, and catch new episodes every Thursday on your favorite podcast app. Selected Reading Feds Seize Record-Breaking $15 Billion in Bitcoin From Alleged Scam Empire (WIRED) Microsoft October 2025 Patch Tuesday fixes 6 zero-days, 172 flaws (Bleeping Computer)  Patch Tuesday, October 2025 ‘End of 10’ Edition (Krebs on Security) Capita Fined £14m After 2023 Breach that Hit 6.6 Million People (Infosecurity Magazine)                     Malicious Code on Unity Website Skims Information From Hundreds of Customers (SecurityWeek) Airline with over 20 million passengers a year involved in customer data breach (Daily Mail) Information Regarding Customer Data Breach (Vietnam Airlines) Auto giant Stellantis discloses data breach affecting North American customers (Top Class Actions) North Korean Scammers Are Doing Architectural Design Now (WIRED) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  31:43

  --------

  31:43

Weitere Nachrichten Podcasts

Trending Nachrichten Podcasts

Über CyberWire Daily

CyberWire Daily: Zugehörige Podcasts