AI on the offensive. - CyberWire Daily

Summary9 min read

CyberWire Daily: “AI on the Offensive” – Detailed Summary

Release Date: May 1, 2025
Host: Maria Varmazes (in place of Dave Bittner)
Guest Highlight: Andy Chow from Project Discovery

Introduction

In the May 1, 2025 episode of CyberWire Daily, hosted by Maria Varmazes for Dave Bittner, the focus centers on the escalating role of Artificial Intelligence (AI) in cyber threats. The episode delves into key updates from the RSAC 2025 conference, recent cybersecurity incidents, expert interviews, and emerging threats in the cyber landscape. This comprehensive summary captures the essential discussions, insights, and conclusions presented throughout the episode.

RSAC 2025 Conference Highlights

Day 3 Overview

Maria begins by summarizing Day 3 of the RSAC 2025 conference, which featured a series of high-profile keynotes and sessions:

Dmitri Alperovich’s Keynote: "World on the Brink"
Alperovich presented a "sobering look at rising Indo-Pacific tensions" and emphasized that "cyber warfare is now central to geopolitical instability" ([03:00]).
Kevin Mandia’s "State of Cyber" Address
Mandia discussed the evolving role of CISOs, the expanding influence of AI in cybersecurity, and resilience strategies. He collaborated with journalist Nicole Perlroth for a critical analysis of major threats and future outlooks ([03:11]).
Magic Johnson’s Session: "The Art of the Assistance"
The NBA legend drew parallels between sports leadership and cybersecurity teamwork, highlighting the importance of collaboration and strategic thinking ([03:22]).
Fireside Chat with Anne Keast Butler and Chris Inglis
GCHQ Director Butler and Chris Inglis underscored the necessity of cross-sector collaboration to bolster cybersecurity defenses ([03:34]).
SANS Institute’s Attack Techniques Breakdown
The day concluded with an analysis of the "five most dangerous new attack techniques" and preparation strategies ([03:45]).

AI’s Growing Role in Cybersecurity

A significant portion of the conference addressed AI’s increasing capabilities and threats:

Rob Joyce’s Warning on AI Exploits
Former NSA Cyber Chief Rob Joyce cautioned that "AI is rapidly approaching the ability to develop high-level software exploits" ([03:54] 06:15).

Rob Joyce: "AI could become a reliable exploit developer as soon as this year or the next." ([03:54] 06:15)

Joyce highlighted AI’s proficiency in coding competitions and its potential to enable skilled hackers to operate faster and at scale. He noted AI’s role in enhancing phishing attacks by generating "convincing personalized emails" and speeding up tasks like reversing complex code ("seconds instead of hours") ([03:54] 06:15).
FBI Official Cynthia Kaiser on China’s Cyber Threats
Kaiser identified China as the "top threat to US critical infrastructure," detailing how Chinese state-backed hackers leverage AI to "boost their cyber capabilities." This includes creating fake business profiles, spear phishing, and improving network scans ([03:54] 06:15).

Kaiser emphasized the importance of multi-factor authentication to defend against these AI-powered threats.

Current Cyber Threats and Incidents

North Korean IT Infiltration

Mandiant and Google raised alarms about the widespread infiltration of global companies by North Korean IT workers. Charles Carmichael, Mandiant CTO, revealed that "most Fortune 500 firms have unknowingly received job applications and often hired North Korean nationals" ([06:15]).

These operatives earn high salaries, hold multiple jobs, and funnel millions back to Pyongyang. Initially perceived as a revenue strategy, the risk has now escalated, with some ex-employees turning to extortion. Mandiant and Google warn that these insiders could leak data or disrupt critical systems, especially under pressure. Evidence suggests some operatives have links to North Korea’s Intelligence Bureau, indicating potential handovers to state-sponsored threat actors.

Russian APT28 (Fancy Bear) Targets France

France has accused the Russian state-backed hacking group APT28, also known as Fancy Bear and linked to the GRU, of targeting at least a dozen French government and institutional entities since 2004. The group focuses on espionage using phishing, vulnerability exploitation, and brute-force attacks with low-cost disposable infrastructure ([06:15]).

The French cybersecurity agency ANSI and Cyber Crisis Coordination Center identified attacks on local governments, ministries, research institutions, and think tanks, including efforts targeting the 2024 Olympics. Tools used by APT28 include the Headlace backdoor and Ocean Map stealer, which hide infrastructure behind compromised routers and free services. France condemned these attacks as violations of UN norms and pledged continued vigilance and international cooperation.

SonicWall Vulnerability Exploitation

SonicWall issued an urgent alert about active exploitation of a high-severity vulnerability in its secure mobile access appliances. This flaw allows authenticated attackers with admin access to execute arbitrary commands, risking full system compromise. Initially disclosed in December 2023, the vulnerability is now being weaponized in real attacks. SonicWall advises customers to upgrade firmware, audit devices for unauthorized access, and strengthen authentication practices immediately ([06:15]).

China-Linked APT Group Wizards Exploiting IPv6

The Wizards, a China-linked APT group, is abusing an IPv6 networking feature to conduct man-in-the-middle attacks and hijack software updates on Windows systems, according to ESET ([06:15]).

Active since at least 2022, the group targets entities in Asia and the Middle East, including individuals and gambling firms. Their tool, Spellbinder, exploits IPv6's stateless address auto-configuration by sending spoofed router advertisement messages, tricking systems into routing traffic through attacker-controlled gateways. Spellbinder is deployed via a fake AVG archive and uses DLL sideloading to load malicious code into memory, capturing traffic to Chinese software, redirecting requests, and installing the WizardNet backdoor for persistent access. ESET recommends monitoring IPv6 traffic or disabling IPv6 if not required.

Gremlin Stealer Malware Emergence

A new malware strain dubbed Gremlin Stealer has emerged as a serious threat, targeting sensitive data like credit cards, browser cookies, and credentials. Discovered by Palo Alto Networks’ Unit 42, the malware is aggressively promoted on Telegram and employs advanced techniques to bypass browser protections ([06:15]).

Written in C, Gremlin Stealer harvests data from browsers, cryptocurrency wallets, and apps like Telegram and Discord. It exfiltrates data via a Telegram bot or a dedicated server. With ongoing development and a polished user interface, Gremlin Stealer represents a growing professionalized cybercrime threat.

Extradition of Tyler Robert Buchanan

Tyler Robert Buchanan, a 23-year-old Scottish man linked to the Scattered Spider hacking group, has been extradited from Spain to the United States to face charges of wire fraud, conspiracy, and identity theft ([06:15]).

Prosecutors allege that Buchanan and co-conspirators hacked dozens of companies, stealing over $26 million through SMS, phishing, and SIM swapping attacks in 2022. Victims included Twilio, DoorDash, and Mailchimp. The FBI connected Buchanan to the phishing campaign using domain registration data and IP addresses linked to his UK residence. Arrested in Mallorca after fleeing the UK, Buchanan is one of five indicted in November 2024, with ongoing investigations into broader cybercrime operations.

US Senators Urge FTC Action on Neural Data

On April 28, 2025, US Senators Chuck Schumer, Maria Cantwell, and Ed Markey urged the Federal Trade Commission (FTC) to scrutinize consumer neurotechnology companies over the handling of neural data ([06:15]).

They expressed concerns that Brain-Computer Interface (BCI) devices collect sensitive neural information capable of revealing mental health conditions and emotional states, often without adequate user consent or transparency. The senators called for the FTC to investigate potential unfair or deceptive practices, assess data transfers to foreign entities, clarify existing privacy standards for neural data, enforce the Children's Online Privacy Protection Act (COPPA), and initiate rulemaking to establish clear safeguards for neural data.

WordPress Malware Threat

A sophisticated malware strain targeting WordPress sites has been discovered, masquerading as a legitimate anti-malware plugin. Identified by Wordfence on January 22, 2025, this malware grants attackers persistent access through remote code execution, admin privilege escalation, and JavaScript injection for adware ([06:15]).

Employing stealth tactics such as hiding from the plugin dashboard and modifying WPCRON PHP to reinstall itself upon deletion, the malware communicates with a Command and Control (CNC) server in Cyprus every minute, reporting site details. Wordfence released detection signatures to premium users in January, with free users receiving updates by May 23, 2025.

Interviews and Discussions

RSAC 2025 Participant Insights

Maria Varmazes introduces Kevin McGee, Global Director of Cybersecurity Startups at Microsoft, who interacts with Shane Harding, CEO of Devicee, and Nathan Ostroski, Co-founder of Petra Security, providing on-the-ground perspectives from RSAC 2025 ([06:15]).

Nathan Ostroski (Petra Security):
Discusses Petra Security’s focus on detecting Microsoft 365 breaches and expresses excitement about AI’s role in cybersecurity. He highlights interest in automated red teaming solutions presented by companies like Runcible ([06:40]).
Shane Harding (Devicee):
Shares Devicee’s transition towards outcome-driven software services, emphasizing the importance of automating mundane cybersecurity tasks to allow human focus on strategic initiatives ([06:40]).

Winner Interview: Andy Chow from Project Discovery

Andy Chow, representing Project Discovery, was named the winner of the 20th annual RSAC Innovation Sandbox Contest. In his interview with Dave Bittner, Chow elaborates on Project Discovery’s achievements and future plans ([19:50]).

Andy Chow:
Describes Project Discovery’s mission to "solve vulnerability management with an open-source tool that thinks like an attacker." He emphasizes the importance of automating vulnerability management workflows and reducing noise generated by traditional scanners ([20:28]).

Andy Chow: "We're solving vulnerability management with an open source tool that thinks like an attacker." ([20:28]).

Chow attributes the success to the global community and contributors who believed in their open-source tools like Nuclei. He highlights plans to scale their cloud solution and continue delivering meaningful cybersecurity solutions without adding cumbersome workflows ([22:11]).
Dave Bittner:
Encourages aspiring participants to "practice, believe in the vision, tell a differentiated story, and come with energy," reflecting Chow’s advice to others aiming for success at RSAC ([22:40]).

Emerging Threats: Juice Jacking

Despite longstanding skepticism, the episode addresses the resurgence of juice jacking threats. Security researchers have uncovered a method called "choice jacking" that defeats both Apple’s and Google’s mitigations designed to prevent malicious chargers from accessing phone data ([24:16]).

Choice Jacking Explained

Mechanism:
The attack exploits weaknesses in the USB protocol and OS-level trust models, allowing chargers to spoof user input and hijack file access permissions. It works on 10 of 11 tested devices and can steal files in under 30 seconds if the attacker controls the charger and the device is vulnerable ([24:16]).
Current Status:
No real-world attacks have been reported, but the risk is significant for Android devices with USB debugging enabled. Apple and Google have issued fixes, but many Android devices remain unpatched, justifying caution when using public chargers ([24:16]).

Conclusion

The episode wraps up by emphasizing the critical need for organizations to stay ahead in the rapidly evolving cybersecurity landscape. Topics such as AI-driven threats, sophisticated malware, geopolitical cyber warfare, and emerging vulnerabilities like juice jacking were thoroughly examined. The interviews provided valuable insights into industry innovations and strategies to bolster defenses against multifaceted cyber threats.

Listeners are encouraged to stay informed through CyberWire Daily’s comprehensive briefings and to engage with the podcast by providing feedback or sharing ratings to help shape future content.

Notable Quotes

Rob Joyce (Former NSA Cyber Chief):
"AI could become a reliable exploit developer as soon as this year or the next." ([06:15] 03:54)
Andy Chow (Project Discovery):
"We're solving vulnerability management with an open source tool that thinks like an attacker." ([20:28])
Cynthia Kaiser (FBI Deputy Assistant Director):
"China is the top threat to US critical infrastructure." ([06:15])

Further Information

For more details on the topics discussed, listeners can refer to the CyberWire Daily show notes or visit thecyberwire.com. Engage with the podcast by sharing your feedback and staying updated with the latest in cybersecurity.

This summary aims to provide an accurate and comprehensive overview of the CyberWire Daily episode "AI on the Offensive" for those who have not listened to the original podcast.

Loading summary

Transcript43 lines

[00:02]
Maria Varmazes
You're listening to the Cyberwire network, powered by N2K.
[00:12]
Dave Bittner
And now a word from our sponsor, Black Kite. If third party risk is keeping you up at night, you're not alone. It's a constant battle. Black Kite's third party cyber risk platform is built on real world threat intelligence straight from their research team's ongoing breach analysis, dark web monitoring and attacker tactics. That means you get a hacker's eye view of your supply chain to proactively spot risks. And speaking of research, they just dropped their 2025 third party breach report, breaking down last year's biggest trends and what's coming next. Grab the report now at www.blackkite.com.
[00:57]
Maria Varmazes
Foreign updates from RSAC 2025 Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high level software exploits. An FBI official warns that China is the top threat to US Critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France accuses Russia's Fancy Bear of targeting at least a dozen French government and institutional entities. Sonicwall has issued an urgent alert about active exploitation of a high severity vulnerability in its secure mobile access appliances. A China linked APT group known as the Wizards is abusing an IPv6 networking feature. Gremlin Stealer emerges as a serious threat. A 23 year old Scottish man linked to the Scattered Spider hacking group has been extradited from Spain to the United States. Senators urge FTC action on consumer neural data. New WordPress malware masquerades as an anti malware plugin. Our guest is Andy Chow from Project Discovery, the winner of the 20th annual RSAC Innovation Sandbox Contest. Our intern Kevin returns with some Kevin on the street interviews from the RSAC floor and Research reveals the risk Risk of juice jacking isn't entirely imaginary. Today is Thursday, May 1, 2025. I'm Maria Varmazes in for Dave Bittner and this is your Cyberwire Intel Brief.
[02:56]
Dave Bittner
Foreign.
[03:00]
Maria Varmazes
Let'S get into it Day 3 of the RSAC 2025 conference concluded, having delivered a packed agenda of insights, warnings and inspiration. The day opened with Dmitri Alperovich's keynote World on the Brink, offering a sobering look at rising Indo Pacific tensions and how cyber warfare is now central to geopolitical instability. Kevin Mandia followed with his annual State of Cyber address, highlighting the evolving CISO role, AI's growing influence and resilience strategies. He was joined by journalist Nicole Perlroth for a sharp analysis of the year's major threats and what lies ahead. In a shift from technical talk, NBA legend Magic Johnson took the stage, drawing parallels between sports leadership and cybersecurity teamwork in the Art of the Assistance. A fireside chat between GCHQ director Anne Keast Butler and Chris Inglis emphasized the need for cross sector collaboration, and the day closed with a SANS Institute's breakdown of the five most dangerous new attack techniques and how to prepare for them. We will continue our coverage of RSAC 2025 over the next few days. Speaking of RSAC, former NSA cyber chief Rob Joyce warned that AI is rapidly approaching the ability to develop high level software exploits. Joyce, who is now an advisor to Sandfly Security, predicted that AI could become a reliable exploit developer as soon as this year or the next. He pointed to AI's strong performance in coding contests and the recent Hack the Box challenge where an AI team nearly matched top human competitors. While he's not worried about AI creating Script Kitty attackers, he cautions that AI will enable skilled hackers to work faster and at scale. AI also enhances phishing attacks by generating convincing personalized emails. Even with fake email threads and PDFs on defense, AI offers speed advantages like reversing complex code in seconds instead of hours. Joyce also shared a clever ransomware attack that pivoted to a Linux video camera to encrypt data, highlighting how attackers exploit weak spots in unexpected places. Elsewhere at the RSAC conference, FBI Deputy Assistant Director Cynthia Kaiser called China the top threat to US Critical infrastructure. She said Chinese state backed hackers are increasingly using AI to boost their cyber capabilities. This includes crafting fake business profiles, launching more convincing spear phishing campaigns and improving early stage network scans. While AI isn't yet creating shapeshifting malware, it's enhancing targeting efforts. Kaiser stressed the importance of multi factor authentication as a defense against these evolving AI powered threats. Joining us this week from RSAC 2025 we have our partner Kevin McGee, Global Director of Cybersecurity Startups at Microsoft. For startups today, Kevin is joined by Shane Harding, CEO of Devicee, and Nathan Ostroski, co founder of Petra Security.
[06:15]
Nathan Ostroski
I'm Nathan Ostrowski, I'm one of the founders at Petra security. We detect M365 breaches. We live in San Francisco. So the trip here was pretty short. Pretty sweet.
[06:24]
Kevin McGee
Awesome. So how was the trip here? Not too bad.
[06:32]
Nathan Ostroski
Kind of great. Kind of great. Hey 20 minute Uber, you can't beat it.
[06:35]
Kevin McGee
Awesome. Well that was better than mine. What themes are you looking to see at the show this year?
[06:40]
Nathan Ostroski
To talk My own book. I feel like becs are going up like crazy and I'm always looking for people who are solving them in cool ways. Also, agentic AI is without a doubt the theme of. I feel like every presentation this entire year, so I'm interested in what people are doing.
[06:54]
Kevin McGee
Any cool sessions you're looking forward to seeing.
[06:57]
Nathan Ostroski
Also going to give a biased take. One of my friends runs a company called Runcible. They are doing some really, really cool things with automated red teaming and I'm super excited to see what they have on stock.
[07:08]
Kevin McGee
Anyone else you're looking to connect with here at rsa?
[07:10]
Nathan Ostroski
Hey, RSA is the craziest event of the year. There's always something unexpected and that's what I'm looking for, frankly. The unexpected.
[07:16]
Maria Varmazes
Awesome.
[07:16]
Kevin McGee
Thanks a lot.
[07:22]
Shane Harding
Shane Harding, CEO of Device, right. Just flew in 22 hours from Melbourne, Australia. So feeling a little bit jet lag, but absolutely pumped to be here. Right. You know, for us, I think, you know, this year is a really big year for us as we're having a look at what we're going to, the impact we're going to have across cyber and particularly from an RSA perspective. And we've really kicked it off is this movement around sort of the agency impact that's going to happen. And for us, we think about this more from a software as a service transitioning to services software and maybe finally the ability to actually drive outcomes, right, Instead of just additional workflows and buttons. And for us, and why that's important for what we do for organizations is we think we focus on what is the hardest but often boring part of cyber and that's getting the foundations right, particularly across the endpoints, right? Getting your policies, your applications, all of that in order initially and then consistently and forever the things that no one else wants to do. And so what better way than to provide knowledge based, dynamically driven workflows into an organization while still keeping them in control? And even the kickoff from Microsoft perspective talked about this, right? How do agents or sort of this agentic movement allow for humans to still be involved in the workflow at the right time, but without having to do the mundane, boring things, right? And so we really find the synthesis of human and agent as we move forward. And if I compare it to last year, I think when we have a look at the patterning that started to develop, we can see the sophistication in the space and the real acceleration of trying to understand how we're going to move into this area. A year ago it felt, it felt new, it felt clunky now we're starting to understand that interplay and just to see how many companies are innovating in the space sort of gives us, and I know my broader team so much encouragement in the direction that we're heading. Because for the first time I think we can taste actually solving meaningful problems in a complete way instead of sort of pretending that those problems are being solved while just giving someone another button to click and forcing them down another clunky workflow that they've got to build their business around.
[09:26]
Maria Varmazes
Thank you to Kevin McGee from Microsoft for coming to us from RSAC 2025 Mandiant and Google are raising alarms over widespread infiltration of global companies by North Korean IT workers, a threat more pervasive than previously believed. At RSAC 2025, Mandiant CTO Charles Carmichael revealed that most Fortune 500 firms have unknowingly received job applications and often hired North Korean nationals. These operatives earn high salaries, often holding multiple jobs, funneling millions of dollars back to Pyongyang. While initially seen as a revenue strategy, the risk has escalated, with some ex employees resorting to extortion after termination. Mandiant and Google warn that these insiders could leak data or disrupt critical systems, especially under pressure. Evidence links some of the operatives to IP addresses used by North Korea's Intelligence bureau, suggesting potential handovers of access to state sponsored threat actors. Though companies are catching and removing infiltrators more quickly, the embedded nature of these actors poses a significant long term cybersecurity risk to corporate and national infrastructure. France has publicly accused Russian state backed hacking group APT28, also known as Fancy Bear and linked to the GRU, of targeting or compromising at least a dozen French government and institutional entities active since 2004. APT28 has increasingly focused on espionage using phishing, vulnerability exploitation and brute force attacks, often with low cost disposable infrastructure. The French cybersecurity agency ANSI and Cyber Crisis Coordination center identified attacks on local governments, ministries, research institutions and think tanks, including efforts targeting the 2024 Olympics. APT28 has used tools like the headlace backdoor and Ocean map stealer hiding infrastructure behind compromised routers and free services. France condemned these cyber attacks as a violation of UN norms and vowed to respond, highlighting past incidents including interference in the 2017 French elections and attacks on TV5 Mond. The government pledged continued vigilance and coordinated defense with international partners. SonicWall has issued an urgent alert about active exploitation of a high severity vulnerability in its secure mobile access appliances. The flaw allows authenticated attackers with admin access to execute arbitrary commands, risking full system compromise. Initially disclosed in December 2023, it is now being weaponized in real attacks. SonicWall urges customers to upgrade firmware audit devices for unauthorized access and strengthen authentication practices immediately. A China linked apt group known as the Wizards is abusing an IPv6 networking feature to conduct adversary in the middle attacks and hijack software updates on Windows Systems, according to ESET. Active since at least 2022, the group targets entities in Asia and the Middle east, including individuals and gambling firms. Their tool, called spellbinder, exploits IPv6's stateless address auto configuration by sending spoofed router advertisement messages, tricking nearby systems into routing traffic through attacker controlled gateways. Spellbinder is deployed via a fake AVG archive and uses DLL sideloading to load malicious code into memory. It captures traffic to Chinese software, update domains, redirects requests, and installs the WizardNet backdoor for persistent access. ESET warns that organizations should monitor IPv6 traffic or disable IPv6 if not required. This tactic mirrors similar supply chain hijacking seen in January by another apt group called Blackwood. A new malware dubbed Gremlin Stealer has emerged as a serious threat targeting sensitive data like credit cards, browser cookies and credentials discovered by Palo Alto Networks unit 42. The malware, written in C, by the way, is aggressively promoted on Telegram and uses advanced techniques to bypass browser protections. It harvests data from browsers, cryptocurrency, wallets, apps like Telegram and Discord, and exfiltrates it all via a Telegram bot or a dedicated server. With ongoing development and a polished user interface, Gremlin Stealer signals a growing professionalized cybercrime threat. Krebs on security reports that Tyler Robert Buchanan, a 23 year old Scottish man linked to the Scattered Spider hacking group, has been extradited from Spain to the United States to face charges of wire fraud, conspiracy and identity theft. Prosecutors allege that Buchanan and co conspirators hacked dozens of companies stealing over $26 million, primarily through SMS, phishing and SIM swapping attacks back in 2022. Victims included Twilio, DoorDash and Mailchimp. The FBI tied Buchanan to the phishing campaign using domain registration data and IP addresses linked to his UK residence. Buchanan fled the UK after being targeted by a rival gang and was arrested in Mallorca. In 2024, US authorities seized 20 digital devices revealing stolen credentials and crypto wallet transactions involving 391bitcoin. Buchanan is one of five indicted in November 2024 as investigators continue probing scattered spiders, broader cybercrime operations, including links to ransomware attacks on MGM and Caesars. On April 28, 2025, U.S. senators Chuck Schumer, Maria Cantwell and Ed Markey urged the Federal Trade Commission, or ftc, to scrutinize consumer neurotechnology companies over the handling of neural data. They highlighted concerns that brain Computer Interface, or BCI devices ranging from medical implants to consumer grade wearables collect sensitive neural information capable of revealing mental health conditions and emotional states, often without adequate user consent or transparency. The senators called for the FTC to investigate potential unfair or deceptive practices under Section 5 of the FTC act to assess data transfers to foreign entities under section 6B, to clarify how existing privacy standards apply to neural data and to enforce the Children's Online Privacy Protection act, or coppa, to safeguard minors neural information. They also recommend initiating rulemaking to establish clear safeguards for neural data, ensuring that protections extend beyond existing biometric and health data rules and setting appropriate limits on secondary uses such as AI training or behavioral profiling. A sophisticated malware strain is targeting WordPress sites by masquerading as a legitimate anti malware plugin. Discovered by Wordfence on January 22, 2025, this malware grants attackers persistent access through remote code execution, admin privilege escalation and JavaScript injection for adware. It employs stealth tactics such as hiding from the plugin dashboard and modifying WPCRON PHP to reinstall itself upon deletion. The malware communicates with a CNC server in Cyprus every minute, reporting site details. Wordfence released detection signatures to premium users in January, with free users receiving updates by May 23, 2025. Stick around after the break. Dave Buettner sits down with Andy Chow from Project Discovery, winner of the 20th annual RSAC Innovation Sandbox contest. Plus juice jacking not just a myth?
[17:43]
Dave Bittner
Let's be real. Navigating security compliance can feel like assembling IKEA furniture without the instructions. You know you need it, but it takes forever, and you're never quite sure if you've done it right. That's where Vanta comes in. Vanta is a trust management platform that automates up to 90% of the work for frameworks like SoC2, ISO 27001 and HIPAA, getting you audit ready in weeks, not months. Whether you're a founder, an engineer, or managing it and security for the first time, Vanta helps you prove your security posture without taking over your Life. More than 10,000 companies, including names like Atlassian and Quora Trust Vanta to monitor compliance, stre risk, and speed up security reviews by up to five times and the roi. A recent IDC report found Vanta saves businesses over half a million dollars a year and pays for itself in just three months. For a limited time, you can get a thousand dollars off vanta@vanta.com cyber that's v a n t a.com cyber Foreign secure access is crucial for US public sector missions, ensuring that only authorized users can access certain systems, networks or data. Are your defenses ready? Cisco's security service Edge delivers comprehensive protection for your network and users. Experience the power of zero Trust and secure your workforce wherever they are. Elevate your security Strategy by visiting cisco.comgo.sse that's cisco.com go SSE.
[19:50]
Maria Varmazes
Andy Chow of Project Discovery was recently named the winner of the 20th annual RSAC Innovation Sandbox Contest at RSAC 2025. While at the conference, Dave Buettner caught up with him to discuss the event. Here's their conversation.
[20:07]
Dave Bittner
Who is the winner of the 2025 20th Anniversary Innovation Sandbox Competition?
[20:19]
Andy Chow
Project Discovery.
[20:20]
Shane Harding
Congrats.
[20:26]
Dave Bittner
Well, congratulations.
[20:28]
Andy Chow
Thank you.
[20:28]
Dave Bittner
You crossed the finish line. You must be full of adrenaline right now. How are you feeling?
[20:33]
Andy Chow
Absolutely. I mean, I'm absolutely thrilled. And I think this is really a testament to our contributors, our global community, people who have believed in our open source tools from from day one and the people who wrote the first lines of code to nuclei. And I think it's really an opportunity to show the industry that open source really is possible in security.
[20:54]
Dave Bittner
So for folks who aren't familiar with your tools, who couldn't be here today, give us the really brief description of what you all do.
[21:01]
Andy Chow
We're solving vulnerability management with a open source tool that thinks like an attacker. So we're not looking at traditional version matching that generate tons of noise that traditional scanners do. We help identify exploitable risks and help teams automate their vulnerability management workflows.
[21:20]
Dave Bittner
Why was the Innovation Sandbox on your radar to be here?
[21:24]
Andy Chow
I mean this is the event. I have sat for years in the seats wishing that one day I'd have an opportunity to tell the story about Project Discovery and today is just really a dream come true. But I think in security it's such a crowded landscape it can be really hard to tell a unique story and just to have the stage and the audience to be able to tell that is just such a special opportunity.
[21:47]
Dave Bittner
As you sat out there today and you saw who you were up against, what sort of things were going through your mind.
[21:54]
Andy Chow
Oh my God. I mean every single one of these companies deserve to get this. The stuff that we're all working on. I mean security is just so big and I really wish that everyone could walk away with one of these, but I have nothing but respect for all the other presenters. They did such a good job.
[22:10]
Dave Bittner
What's next?
[22:12]
Andy Chow
Growing. I mean we have a big pipeline but we're so excited to scale this even more and get the word out there. So many people love Nuclei. They have no idea that there's a company behind it with a cloud solution that can bring value in minutes. And so we're really excited to get that out there. And yeah, just grow and bring on.
[22:29]
Dave Bittner
More customers for that person who's sitting out there today just the way you were year after year, who's thinking maybe we have a shot at it. What's your advice?
[22:41]
Andy Chow
Practice. I rehearsed thousands of times in front of the mirror and yeah, just get believe in the vision, tell a differentiated story and come with energy. You know, it's the crowd's looking for something unique and just really, really sell it. Yeah.
[23:00]
Dave Bittner
Congratulations to you and your team.
[23:01]
Andy Chow
Thank you so much, Dave.
[23:03]
Maria Varmazes
That was Andy Chow from Project Discovery, winner of the 20th annual RSAC Innovation Sandbox Contest, speaking with Dave Bittner. If you'd like to learn more about the Innovation Sandbox Contest, check out the link in our show notes.
[23:32]
Dave Bittner
Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. Threat Locker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.
[24:17]
Maria Varmazes
And finally, despite years of skepticism and scaremongering about juicy new research reveals that the risk isn't entirely imaginary. Imagine that security researchers have uncovered a method called choice jacking that defeats both Apple and Google's decade old mitigations. Designed to stop malicious chargers from accessing your phone's data, the attack abuses weaknesses in the USB protocol and OS level trust models, allowing chargers to spoof user input and hijack file access permissions. It works on 10 of 11 tested devices and can steal files in under 30 seconds if the attacker controls the charger and the device is vulnerable. Still, it's worth noting that there are no known real world attacks of this kind. The biggest risk remains for Android phones with USB debugging enabled. Apple and Google have issued fixes, but many Android devices haven't adopted them. So while juice jacking still sounds like a hacker horror story, some caution around public chargers might be justified. Verily. And that's the Cyber Wire. For links to all of today's story, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@n2k.com N2K Senior Producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Maria Varmazes in for Dave Bittner. Thanks for listening. We'll see you tomorrow.
[27:01]
Dave Bittner
Foreign and now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic Identity Threat protection helps security teams uncover and automatically remediate hidden exposures. Cross your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire.