CyberWire Daily

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.” REFERENCES: Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads. [https://www.goodreads.com/book/show/61057806-cybersecurity-myths-and-misconceptions] Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project. [https://icdt.osu.edu/cybersecurity-myths-and-misconceptions-avoiding-hazards-and-pitfalls-derail-us] Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University. [https://www.cerias.purdue.edu/] RICK HOWARD CYBERSECURITY CANON CONCIERGE Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you. RSA Conference Bookstore JC Vega: May 6, 2024  | 02:00 PM PDT Rick Howard: May 7, 2024  | 02:00 PM PDT Helen Patton: May 8, 2024  | 02:00 PM PDT RICK HOWARD RSA BIRDS OF A FEATHER SESSION:  I'm hosting a small group discussion called  “Cyber Fables: Debating the Realities Behind Popular Security Myths [https://www.rsaconference.com/USA/agenda/session/Cyber%20Fables%20Debating%20the%20Realities%20Behind%20Popular%20Security%20Myths].” We will be using Eugene Spafford’s Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion. If you want to engage in a lively discussion about the infosec profession, this is the event for you.  May. 7, 2024 | 9:40 AM - 10:30 AM PT RICK HOWARD RSA BOOK SIGNING I published my book at last year’s RSA Conference. If you’re looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you. RSA Conference Bookstore May 8, 2024 | 02:00 PM PDT Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. [https://www.goodreads.com/book/show/75671183-cybersecurity-first-principles] RICK HOWARD CYWARE PANEL:  The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103 May 8, 2024 | 8:30am-11am PST SIMONE PETRELLA AND RICK HOWARD RSA PRESENTATION:  Location: Moscone South Esplanade level May. 9, 2024 | 9:40 AM - 10:30 AM PT Simone Petrella, Rick Howard, 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. [https://www.rsaconference.com/USA/agenda/session/The%20Moneyball%20Approach%20to%20Buying%20Down%20Risk%20Not%20Superstars]

Secretary of State Antony Blinken is set to unveil a new international cybersecurity strategy at the RSA Conference in San Francisco. Paris prepares for Olympic-sized cybersecurity threats. Wichita, Kansas is recovering from a ransomware attack. A massive data breach hits citizens of El Salvador. Researchers steal cookies to bypass authentication. Cuckoo malware targets macOS systems. Iranian threat actors pose as journalists to infiltrate network targets. A former Microsoft insider analyzes the company’s recommitment to cybersecurity. Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2K’s Rick Howard to discuss the benefits of security lakes in a post-AI world. Ukrainian officials introduce an AI generated spokesperson.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing [https://thecyberwire.com/newsletters/daily-briefing], and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn [https://www.linkedin.com/company/10454826/admin/feed/posts/]. CYBERWIRE GUEST Guest Mark Terenzoni [https://www.linkedin.com/in/markterenzoni/], Director of Risk Management at AWS [https://aws.amazon.com/products/security/], joins N2K’s Rick Howard to discuss the benefits of security lakes and other security considerations for a post-AI world. Read Mark's blog [https://aws.amazon.com/blogs/security/how-amazon-security-lake-is-helping-customers-simplify-security-data-management-for-proactive-threat-analysis/] on the subject. SELECTED READING Biden administration rolls out international cybersecurity plan [https://www.politico.com/news/2024/05/06/biden-international-cybersecurity-plan-00156190] (POLITICO) Paris 2024 gearing up to face unprecedented cybersecurity threat [https://www.reuters.com/technology/cybersecurity/paris-2024-gearing-up-face-unprecedented-cybersecurity-threat-2024-05-06/] (Reuters) Wichita government shuts down systems after ransomware incident [https://therecord.media/wichita-kansas-government-ransomware-attack] (The Record) El Salvador suffered a massive leak of biometric data [https://securityaffairs.com/162790/data-breach/el-salvador-massive-leak-biometric-data.html] (Security Affairs) Stealing cookies: Researchers describe how to bypass modern authentication [https://cyberscoop.com/stealing-cookies-researchers-describe-how-to-bypass-modern-authentication/] (CyberScoop) Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware [https://blog.kandji.io/malware-cuckoo-infostealer-spyware] (Kandji) Iranian hackers pose as journalists to push backdoor malware [https://www.bleepingcomputer.com/news/security/iranian-hackers-pose-as-journalists-to-push-backdoor-malware/] (Bleeping Computer) Breaking down Microsoft’s pivot to placing cybersecurity as a top priority [https://doublepulsar.com/breaking-down-microsofts-pivot-to-placing-cybersecurity-as-a-top-priority-734467a8db01](DoublePulsar) Ukraine unveils AI-generated foreign ministry spokesperson | Artificial intelligence (AI) [https://www.theguardian.com/technology/article/2024/may/03/ukraine-ai-foreign-ministry-spokesperson] (The Guardian) SHARE YOUR FEEDBACK. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey [https://www.surveymonkey.com/r/cwdp-listener] as we continually work to improve the show.  WANT TO HEAR YOUR COMPANY IN THE SHOW? You too can reach the most influential leaders and operators in the industry. Here’s our media kit [https://docsend.com/view/5ncb2vvpz2ntg95q]. Contact us at cyberwire@n2k.com [cyberwire@n2k.com] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.” REFERENCES: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. [https://www.goodreads.com/book/show/60462182-tracers-in-the-dark] Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. [https://icdt.osu.edu/tracers-dark-global-hunt-crime-lords-cryptocurrency-1] Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. [https://icdt.osu.edu/tracers-dark-global-hunt-crime-lords-cryptocurrency] Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. [https://icdt.osu.edu/tracers-dark-global-hunt-crime-lords-cryptocurrency-0] TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube. [https://www.youtube.com/watch?v=mk48xRzuNvA] Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin [https://bitcoin.org/bitcoin.pdf]. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. [https://www.goodreads.com/book/show/75671183-cybersecurity-first-principles] RSA PRESENTATION:  May. 9, 2024 | 9:40 AM - 10:30 AM PT Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. [https://www.rsaconference.com/USA/agenda/session/The%20Moneyball%20Approach%20to%20Buying%20Down%20Risk%20Not%20Superstars]

Technology attorney and startup chief of staff Elizabeth Wharton shares her experiences and how she came to work with companies in technology. Elizabeth talks about how she always liked solving problems and Nancy Drew mysteries, but not litigation. These morphed finding into her home in the policy legal world and some time later, technology law. Elizabeth describes how she loves planning and strategy in her work and encourages others to ask questions and absorb all of the information. Our thanks to Elizabeth for sharing her story with us.

Adam Marré, CISO at Arctic Wolf, is diving deep into geopolitical tension with China including APT31, iSoon and TikTok with Dave this week. They also discuss some of the history behind China cyber operations. Adam shares information on how different APT groups are able to create spear phishing campaigns, and provides info on how to combat these groups.