A backdoor turns out to be a familiar kind of Telnet implementation (and it was fixed seven years ago in any case). A large database of US household personally identifiable information was found exposed online, but who owned it remains unclear. The US Department of Homeland Security releases a Critical Functions List. ISIS’s sometime Caliph is back online. And piracy streaming is loaded with malware. Who knew? Craig Williams from Cisco Talos on their research into malware markets on Facebook. Guest is Dean Pipes from TetraVX on the root cause of shadow IT.
 For links to all of today's stories check our our CyberWire daily news brief:
  https://thecyberwire.com/issues/issues2019/April/CyberWire_2019_04_30.html 
 Support our show

Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Technology

Tech News

Podcasting

Gadgets

Software How-To

News

Daily News

Secretary Blinken and Senator Warner weigh in on cybersecurity at RSA Conference. Ransomware profits are falling. Proton Mail is under scrutiny for information sharing. A senior British lawmaker blames China for a UK cyberattack. Medstar Health notifies patients of a potential data breach. A study finds cybersecurity education programs across the U.S vary wildly. Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference. An Australian pension fund gets lost in the clouds.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guests
Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference. 

Selected Reading
Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’ (The Record)
Warner: Lawmakers 'in process' of finding Section 702 fix (The Record)
Ransomware operations are becoming less profitable (Help Net Security)
Proton Mail Discloses User Data Leading to Arrest in Spain (Restore Privacy)
UK says defence ministry targeted in cyberattack (Digital Journal)
Novel attack against virtually all VPN apps neuters their entire purpose (Ars Technica)
MedStar Health data breach affects 183,079 patients (WUSA9)
Researchers say cybersecurity education varies widely in US (Tech Xplore)
System outage affecting UniSuper services (UniSuper) 
UniSuper private cloud, secondary systems taken out by "rare" Google Cloud "issues" (iTnews)
Superannuation: What It Is, How It Works, Types of Plans (Investopedia)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Hack-proofing the future to shape cyberspace.

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.”
References:
Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads.
Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project. 
Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University. 
Rick Howard Cybersecurity Canon Concierge
Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you.
RSA Conference Bookstore
JC Vega: May 6, 2024  | 02:00 PM PDT
Rick Howard: May 7, 2024  | 02:00 PM PDT
Helen Patton: May 8, 2024  | 02:00 PM PDT
Rick Howard RSA Birds of a Feather Session: 
I'm hosting a small group discussion called  “Cyber Fables: Debating the Realities Behind Popular Security Myths.” We will be using Eugene Spafford’s Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion.
If you want to engage in a lively discussion about the infosec profession, this is the event for you. 
May. 7, 2024 | 9:40 AM - 10:30 AM PT
Rick Howard RSA Book Signing
I published my book at last year’s RSA Conference. If you’re looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you.
RSA Conference Bookstore
May 8, 2024 | 02:00 PM PDT
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. 
Rick Howard Cyware Panel: 
The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103
May 8, 2024 | 8:30am-11am PST
Simone Petrella and Rick Howard RSA Presentation: 
Location: Moscone South Esplanade level
May. 9, 2024 | 9:40 AM - 10:30 AM PT
Simone Petrella, Rick Howard, 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.

Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us by Eugene Spafford, Leigh Metcalf, Josiah Dykstr

Secretary of State Antony Blinken is set to unveil a new international cybersecurity strategy at the RSA Conference in San Francisco. Paris prepares for Olympic-sized cybersecurity threats. Wichita, Kansas is recovering from a ransomware attack. A massive data breach hits citizens of El Salvador. Researchers steal cookies to bypass authentication. Cuckoo malware targets macOS systems. Iranian threat actors pose as journalists to infiltrate network targets. A former Microsoft insider analyzes the company’s recommitment to cybersecurity. Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2K’s Rick Howard to discuss the benefits of security lakes in a post-AI world. Ukrainian officials introduce an AI generated spokesperson. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2K’s Rick Howard to discuss the benefits of security lakes and other security considerations for a post-AI world. Read Mark's blog on the subject. 

Selected Reading
Biden administration rolls out international cybersecurity plan (POLITICO)
Paris 2024 gearing up to face unprecedented cybersecurity threat (Reuters)
Wichita government shuts down systems after ransomware incident (The Record)
El Salvador suffered a massive leak of biometric data (Security Affairs)
Stealing cookies: Researchers describe how to bypass modern authentication (CyberScoop)
Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware (Kandji)
Iranian hackers pose as journalists to push backdoor malware (Bleeping Computer)
Breaking down Microsoft’s pivot to placing cybersecurity as a top priority (DoublePulsar)
Ukraine unveils AI-generated foreign ministry spokesperson | Artificial intelligence (AI) (The Guardian)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Charting the course: Biden's blueprint for global cybersecurity.

Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.”
References:
Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. 
Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. 
Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project.
Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. 
TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube. 
Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin.
Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads.
RSA Presentation: 
May. 9, 2024 | 9:40 AM - 10:30 AM PT
Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference.

Bonus Episode: 2024 Cybersecurity Canon Hall of Fame Inductee: Tracers in the Dark by Andy Greenberg. [CSOP]

Technology attorney and startup chief of staff Elizabeth Wharton shares her experiences and how she came to work with companies in technology. Elizabeth talks about how she always liked solving problems and Nancy Drew mysteries, but not litigation. These morphed finding into her home in the policy legal world and some time later, technology law. Elizabeth describes how she loves planning and strategy in her work and encourages others to ask questions and absorb all of the information. Our thanks to Elizabeth for sharing her story with us.

Telnet may not be the backdoor you’re looking for. Large PII database left exposed by parties unknown. DHS has a Critical Functions List. ISIS inspiration is back.

Download our free app to listen on your phone