You can learn more about AWS in Orbit at space.n2k.com/aws.

Our guests today are Araz Feyzi, Co-founder and CTO at Kayhan Space and Tim Sills, Lead Security Solutions Architect at AWS for Aerospace and Satellite.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Be sure to follow T-Minus on LinkedIn and Instagram.

AWS Aerospace and Satellite

We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day.

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

Please send your pitch to [email protected] and include your name, affiliation, and topic proposal.

T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of the Managing Director at Cerberus Sentinel, Chief Compliance Officer and the President of TalaTek, Baan Alsinawi as she shares her cybersecurity journey from a teenager who wanted to understand computers and held several positions in IT from help desk to systems engineering and cybersecurity. Founding her own business focusing on compliance, Baan says she spends maybe only 20% of her day on technical tasks and that there is always so more to do. Finding the right people for her team is a marker of success for Baan. She talks of the importance of sharing the sense of community of women in technology and nurturing women in the field. We thank Baan for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Nati Tal, Head of Guardio Labs, sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking.

Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms.

The research can be found here:

• “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack

Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI warns agents of hacked call and text logs. The US Treasury sanctions entities tied to North Korea’s fake IT worker operations. Russian hacking group Star Blizzard attempted to infiltrate WhatsApp accounts of nonprofits supporting Ukraine. Yubico discloses a critical vulnerability in its Pluggable Authentication Module)software.  Google releases an open-source library for software composition analysis. CISA hopes to close the software understanding gap. Pumakit targets critical infrastructure. Simplehelp patches multiple flaws in their remote access software. The FTC bans GM from selling driver data. HHS outlines their efforts to protect hospitals and healthcare. Our guest Maria Tranquilli, Executive Director at Common Mission Project, speaks with N2K’s Executive Editor Brandon Karpf about the origins and impact of Hacking for Defense. Even the best of red teamers are humbled by AI. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Our guest Maria Tranquilli, Executive Director at Common Mission Project, speaks with N2K’s Executive Editor Brandon Karpf about the origins and impact of Hacking for Defense, and how universities can get involved.

FBI Has Warned Agents It Believes Hackers Stole Their Call Logs (Bloomberg)

US Announces Sanctions Against North Korean Fake IT Worker Network (SecurityWeek)

Russian Star Blizzard hackers exploit WhatsApp accounts to spy on nonprofits aiding Ukraine (The Record)

Yubico PAM Module Vulnerability Let Attackers Bypass Authentications In Certain Configurations (Cyber Security News)

Google Releases Open Source Library for Software Composition Analysis (SecurityWeek)

Closing the Software Understanding Gap (CISA)

Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure (Cyber Security News)

Vulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise (SecurityWeek)

FTC hands GM a 5-year ban on selling sensitive driver info to data brokers (The Record)

How HHS has strengthened cybersecurity of hospitals and health care systems (CyberScoop)

Microsoft AI Red Team says security work will never be done (The Register) 

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

President Biden issues a comprehensive  cybersecurity executive order. Updates on Silk Typhoon’s US Treasury breach. A Chinese telecom hardware firm is under FBI investigation. A critical vulnerability has been found in the UEFI Secure Boot mechanism. California-based cannabis brand Stiiizy suffers a data breach. North Korea’s Lazarus Group lures freelance developers. The FTC highlights major security failures at web hosting giant GoDaddy. Veeam patches a critical vulnerability in their Backup for Microsoft Azure product. Hackers leak sensitive data from over 15,000 Fortinet firewalls. Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. Shiver me timbers! Meta’s AI trains on a treasure chest of pirated books.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. You can read more in their “The State of Healthcare Cybersecurity 2025” report. 

Biden to sign executive order on AI and software security (Axios)

Treasury Breach by Chinese Sponsored Hackers Focused on Sanctions, Report Says (Bloomberg)

Exclusive: Chinese tech firm founded by Huawei veterans in the FBI's crosshairs (Reuters)

New UEFI Secure Boot Bypass Vulnerability Exposes Systems to Malicious Bootkits (Cyber Security News)

380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy (SecurityWeek)

North Korean Hackers Targeting Freelance Software Developers (SecurityWeek)

GoDaddy Accused of Serious Security Failings by FTC (Infosecurity Magazine)

Veeam Azure Backup Solution Vulnerability Allows Attackers To Enumerate Network (Cyber Security News)

Hacking group leaks Fortinet users’ details on dark web (Computing)

Meta Secretly Trained Its AI on a Notorious Piracy Database, Newly Unredacted Court Docs Reveal (WIRED)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI deletes PlugX malware from thousands of U.S. computers. Researchers uncover vulnerabilities in Windows 11 allowing attackers to bypass protections and execute code at the kernel level. A look at (a busy) Patch Tuesday. Researchers uncovered six critical vulnerabilities in a popular Linux file transfer tool. Texas sues Allstate for allegedly collecting, using, and selling driving data without proper consent. An executive order enables AI developers to build data centers on federal lands. On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. Meta profits while users suffer. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. You can read Mike’s thoughts here. 

FBI deletes Chinese PlugX malware from thousands of US computers (Bleeping Computer) 

Windows 11 Security Features Bypassed to Obtain Arbitrary Code Execution in Kernel Mode (Cyber Security News) 

Microsoft Patches Eight Zero-Days to Start the Year (Infosecurity Magazine)

Chrome 132 Patches 16 Vulnerabilities (SecurityWeek)

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities (SecurityWeek)

Ivanti Patches Critical Vulnerabilities in Endpoint Manager (SecurityWeek)

Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges (Cyber Security News)

Apple Patches Flaw That Allows Kernel Security Bypassing (GovInfo Security)

ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA (SecurityWeek)

Linux Rsync File Transfer Tool Vulnerability Let Attackers Execute Arbitrary Code (Cyber Security News)

Allstate car insurer sued for tracking drivers without permission (Bleeping Computer) 

Biden Opens US Federal Sites for AI Data Center Growth (BankInfo Security)

Instagram Ads Send This Nudify Site 90 Percent of Its Traffic (404 Media) 

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A draft cybersecurity executive order from the Biden administration seeks to bolster defenses. Researchers identify a “mass exploitation campaign” targeting Fortinet firewalls. A Chinese-language illicit online marketplace is growing at an alarming rate. CISA urges patching of a second BeyondTrust vulnerability. The UK proposes banning ransomware payments by public sector and critical infrastructure organizations. A critical flaw in Google’s authentication flow exposes millions to unauthorized access.OWASP releases its first Non-Human Identities (NHI) Top 10. A Microsoft lawsuit targets individuals accused of bypassing safety controls in its Azure OpenAI tools. Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection. The feds remind the health care sector that AI must first do no harm. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection.

Second Biden cyber executive order directs agency action on fed security, AI, space (CyberScoop)

Snoops exploited Fortinet firewalls with 'probable' 0-day (The Register)

The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says (WIRED)

CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks (SecurityWeek)

UK Considers Ban on Ransomware Payments by Public Bodies (Infosecurity Magazine)

Google OAuth "Sign in with Google" Vulnerability Exposes Millions of Accounts to Data Theft (Cyber Security News)

OWASP Publishes First-Ever Top 10 “Non-Human Identities (NHI) Security Risks (Cyber Security News)

Microsoft Sues Harmful Fake AI Image Crime Ring (GovInfo Security)

Feds Tell Health Sector to Watch for Bias in AI Decisions (BankInfo Security)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

An MFA outage affects Microsoft 365 Office apps. The Biden administration  introduces new export controls to block adversaries from accessing advanced AI chips. A Dutch university cancels lectures after a cyberattack. Three Russian nationals have been indicted for operating cryptocurrency mixers. Juniper Networks releases security updates for Junos OS. Spain’s largest telecommunications company confirms a data breach. The “Banshee” infostealer leverages a stolen Apple encryption algorithm. Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets. A major data broker suffers a major data breach. Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them. The weirdness of AI. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them. 

Microsoft MFA outage blocking access to Microsoft 365 apps (Bleeping Computer)

White House Moves to Restrict AI Chip Exports (GovInfo Security)

New Ransomware Group Uses AI to Develop Nefarious Tools (Infosecurity Magazine)

Cyberattack forces Dutch university to cancel lectures (The Record)

3 Russians Indicted for Operating Blender.io and Sinbad.io Crypto Mixers (Hackread)

Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS (SecurityWeek)

Aviatrix Controller RCE Vulnerability Exploited In The Wild (Cyber Security News) 

Hackers Exploiting YouTube to Spread Malware That Steals Browser Data (GB Hackers)

Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs (Dark Reading)

A breach of a data broker's trove of location data threatens the privacy of millions (TechCrunch) 

Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C (Halcyon) 

AI Mistakes Are Very Different Than Human Mistakes (IEEE Spectrum)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Kyla Cardona and Aurora Johnson from SpyCloud discussing their research "China’s Surveillance State Is Selling Citizen Data as a Side Hustle." Chinese technology companies, under CCP mandate, collect vast amounts of data on citizens, creating opportunities for corrupt insiders to steal and resell this information on dark markets. These stolen datasets, aggregated into "Social Work Libraries" (SGKs), mirror lower-tech versions of CCP internal security databases.

Kyla and Aurora discuss how Chinese cybercriminals use these SGKs and their implications compared to Western, European, and Russian cybercrime ecosystems. With expertise in Chinese OSINT and cybersecurity policy, both researchers bring deep insights into the geopolitical and technical dynamics of China's digital landscape.

The research can be found here:

Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore episode, where we are joined by Senior Security Officer at Centers for Medicare and Medicaid Services Michael Bishop Jr. as he shares his journey from Army infantryman deployed to Iraq to working in cybersecurity. After 12 years in the U.S. Army, Mike found himself in a rough spot. Looking for work and having some personal challenges, Mike's mentor, an Army officer he met while enlisted, recognized Mike's struggles and helped to nudge him toward cybersecurity. Mike credits his mentor with helping him transition to where he is today. Undergoing training for cybersecurity, he was tested in many areas and found the route he wanted to go. We thank Michael for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices