Multi-factor frustration. - CyberWire Daily

Summary7 min read

CyberWire Daily: "Multi-factor Frustration" Summary Release Date: January 13, 2025 Host: Dave Bittner, N2K Networks

Introduction

In the January 13, 2025 episode of CyberWire Daily, host Dave Bittner provides a comprehensive overview of the latest developments in the cybersecurity landscape. The episode delves into significant incidents, policy changes, and emerging threats, culminating in an insightful interview with Philippe Humeaud, CEO and founder of CrowdSec, who discusses the pivotal role of open-source cybersecurity platforms and the looming challenges posed by AI.

Headline News

1. Microsoft’s Multi-Factor Authentication (MFA) Outage

Microsoft experienced an MFA outage impacting Microsoft 365 Office applications, particularly affecting users in Western Europe due to a specific infrastructure failure. Symptoms included difficulties in MFA registration and resets, alongside crashes in Microsoft 365 apps on some Windows Server 2016 devices.

Dave Bittner [02:58]: "Microsoft rerouted traffic to alternative infrastructure during its investigation, which revealed the outage was limited to users in Western Europe served by a specific section of unresponsive infrastructure."

This incident follows a series of disruptions, including past outages affecting Office Web apps, the Admin Center, and a global service disruption in November impacting Teams, Exchange, SharePoint, and Outlook.

2. Biden Administration’s New Export Controls on AI Technology

The U.S. government is implementing stringent export controls aimed at preventing adversaries like Russia and China from accessing advanced AI chips and machine learning blueprints. Effective in 12 months, these rules feature a tiered restriction system, exempting key allies such as Australia, Japan, and the EU.

Commerce Secretary Gina Raimondo [02:58]: "We are protecting US leadership in AI while allowing secure technology diffusion."

However, the rollout has faced criticism from industry leaders like Nvidia, citing potential risks to innovation.

3. Emergence of Funk Sec Ransomware Group

A new ransomware group, Funk Sec, has claimed responsibility for 85 victims in December 2024. Operating as a ransomware-as-a-service (RaaS) entity, Funk Sec employs AI-assisted tools to facilitate low-skilled actors in deploying advanced malware.

Dave Bittner [03:55]: "Funk Sec employs double extortion tactics, combining data theft with encryption and targets organizations globally, particularly in countries aligned with Israel."

Checkpoint Research notes skepticism regarding the authenticity of some victim claims, suggesting overlaps with previous hacktivist activities.

4. Cyber Attack on Eindhoven University of Technology

Eindhoven University of Technology in the Netherlands halted lectures and network services following a cyber attack detected on a Saturday night. While no data theft has been confirmed, the university remains investigating the breach.

5. Indictment of Russian Nationals for Operating Cryptocurrency Mixers

Three Russian nationals have been indicted for running cryptocurrency mixers Blender IO and Sinbad IO, which laundered funds from various cybercrimes, including the Axie Infinity hack. Charges include money laundering, conspiracy, and operating an unlicensed money transmitting business, with potential sentences of up to 20 years.

6. Juniper Networks Releases Junos OS Security Updates

Juniper Networks announced critical security patches for Junos OS, addressing numerous vulnerabilities such as an out-of-bounds read in the routing protocol daemon and a kernel memory exhaustion flaw triggered by malformed IPv6 packets. Users are urged to apply these patches promptly.

7. Data Breach at Telefonica, Spain’s Largest Telecommunications Company

Telefonica confirmed a data breach involving its internal ticketing system, resulting in the leakage of 2.3 gigabytes of data on breach forums. The breach was executed using compromised employee credentials, with attackers associated with the Hellcat ransomware group.

Dave Bittner [07:45]: "Telefonica has blocked access and reset impacted accounts while enhancing security measures."

8. Banshee Infostealer Exploits Apple’s Encryption Algorithm

The Banshee malware targets macOS systems, utilizing a stolen Apple encryption algorithm to evade antivirus detection. Initially priced at $1,500 on Russian cybercrime marketplaces, newer variants have demonstrated heightened sophistication, effectively bypassing most antivirus solutions.

9. Novel Ransomware Campaign Targeting Amazon S3 Buckets

Researchers identified a ransomware campaign by a group dubbed Code Finger, which targets Amazon S3 buckets using AWS's server-side encryption with customer-provided keys. This approach results in permanent data loss for victims if ransom payments are not made.

10. Major Data Breach at Gravy Analytics

Gravy Analytics, a prominent location data broker, suffered a significant breach exposing millions of sensitive location data points. The compromised data includes information tracking individuals' movements to sensitive locations such as the White House and military bases, raising serious privacy and national security concerns.

Interview with Philippe Humeaud, CEO and Founder of CrowdSec

Topic: Open-Source Cybersecurity Platforms and the Impact of AI

Introduction to CrowdSec’s Approach

Philippe Humeaud introduces CrowdSec as an open-source, multiplayer firewall platform designed to enhance cybersecurity through collective intelligence. Unlike traditional proprietary solutions, CrowdSec leverages community-driven data to identify and mitigate threats in real time.

Philippe Humeaud [16:12]: "Right now our biggest concern, I would say, is the fact that we expect AI to be weaponized... we call this moai, Massively Multimodal Offensive AI."

The Threat of Massively Multimodal Offensive AI (MOLAI)

Humeaud elaborates on the concept of MOLAI, highlighting the risks associated with AI systems trained on vast datasets of human cyber activities, enabling them to develop sophisticated hacking techniques that can be offered as a service.

Philippe Humeaud [16:50]: "They learn from actually humans doing research and they become extremely good at that after quite some training... you will rent an offensive AI as a service as well."

CrowdSec’s Open-Source Advantage

CrowdSec’s open-source nature allows for widespread adoption, fostering a community where servers share information about malicious IP addresses in real time. This collective approach creates a dynamic and up-to-date map of cyber threats, enhancing the platform’s effectiveness.

Philippe Humeaud [18:34]: "We decided to give it for free because we wanted the largest number to use it... We get signals from all around the world constantly, day in, day out, something like 10 million signals per day."

Multiplayer Firewall Analogy

Humeaud compares CrowdSec to Waze, where shared data contributes to a global threat intelligence network. Each participating server acts like a node, sharing and receiving information about malicious activities to preemptively block threats.

Philippe Humeaud [19:36]: "We share with each other the dangers of the digital highways... It's something awfully similar with Waze as well."

Recommendations for Server Protection

Highlighting the sheer volume of automated attacks on servers, Humeaud emphasizes the necessity of automating defense mechanisms to filter out background noise and focus on highly qualified threats.

Philippe Humeaud [21:43]: "You want to automate that as best as possible and you want to get rid of the noise in the first place... On the other end of the spectrum... they know how to do it."

He advises organizations to prioritize automation in handling routine threats, thereby reducing alert fatigue and allowing cybersecurity teams to concentrate on targeted, sophisticated attacks.

The Importance of Sharing in Cyber Defense

Humeaud underscores the collaborative nature of cybersecurity, advocating for collective efforts to neutralize threats before they can inflict damage.

Philippe Humeaud [24:17]: "We should partake all together to defuse all the rockets. That's why... Join the army. It's free, it's open source, it's available to everyone."

Conclusion

The episode of CyberWire Daily encapsulates a broad spectrum of current cybersecurity challenges, from infrastructure outages and policy shifts to sophisticated malware campaigns and data breaches. The interview with Philippe Humeaud of CrowdSec offers a forward-thinking perspective on leveraging open-source platforms and collective intelligence to combat evolving threats, particularly those augmented by AI. As cybersecurity threats become increasingly complex and pervasive, the emphasis on collaboration and innovation, as advocated by CrowdSec, becomes ever more critical.

Notable Quotes

Philippe Humeaud [16:12]: "Right now our biggest concern, I would say, is the fact that we expect AI to be weaponized."
Dave Bittner [02:58]: "Microsoft rerouted traffic to alternative infrastructure during its investigation, which revealed the outage was limited to users in Western Europe served by a specific section of unresponsive infrastructure."
Gina Raimondo [02:58]: "We are protecting US leadership in AI while allowing secure technology diffusion."
Philippe Humeaud [18:34]: "We decided to give it for free because we wanted the largest number to use it."
Philippe Humeaud [19:36]: "We share with each other the dangers of the digital highways... It's something awfully similar with Waze as well."
Philippe Humeaud [24:17]: "We should partake all together to defuse all the rockets."

Additional Resources

For a deeper dive into today’s stories and more details on each topic, listeners are encouraged to visit thecyberwire.com. Feedback and ratings can be submitted through favorite podcast platforms or directly via email to cyberwire2k.com.

This episode was produced by Liz Stokes, mixed by Trey Hester, with original music and sound design by Elliot Penny. Executive production by Jennifer Ibin, executive editing by Brandon Carp, and publishing overseen by Simone Petrella and Peter Kilpe.

Loading summary

Transcript23 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K.
[00:12]
Zscaler Sponsor
And now a message from our sponsor. Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security Zscaler Zero Trust plus AI stops attackers by hiding your attack surface making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@zscaler.com Security.
[01:37]
Dave Bittner
An MFA outage affects Microsoft 365 Office apps the Biden administration introduces new export controls to block adversaries from accessing advanced AI chips. A Dutch university cancels lectures after a cyber attack. Three Russian nationals have been indicted for operating a cryptocurrency mixer. Juniper Networks releases security updates for Junos os. Spain's largest telecommunications company confirms a data breach. The Banshee infostealer leverages a stolen Apple encryption algorithm. Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets. A major data broker suffers a major data breach. Our guest is Philippe Humeaud, CEO and founder of CrowdSec. Sharing the biggest issues currently facing cybersecurity and how open source cybersecurity platforms can help combat them and the weirdness of AI. It's Monday, January 13th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Brief.
[02:53]
Philippe Humeaud
Foreign.
[02:59]
Dave Bittner
And thank you for joining us here today. It is always great to have you with us. Microsoft resolved a Multi Factor authentication outage affecting Microsoft 365 Office apps. The issue prevented users relying on MFA from accessing the apps, and some experienced problems with MFA registration and resets. Microsoft rerouted traffic to alternative infrastructure during its investigation, which revealed the outage was limited to users in Western Europe served by a specific section of unresponsive infrastructure. Additionally, some Windows Server 2016 devices experienced crashes in Microsoft 365 apps, prompting further investigation. The company continues monitoring service telemetry to address these issues. This outage follows several recent disruptions. In December, users faced product deactivated errors, while earlier incidents impacted Office Web apps and the Admin Center. In November, a global outage affected multiple services, including Teams Exchange, SharePoint and Outlook. Microsoft has since confirmed that services are stable. The Biden administration is introducing new export controls to block adversaries like Russia and China from accessing US Advanced AI chips and machine learning blueprints. The rules, taking effect in 12 months, implement a three tiered system with the harshest restrictions on adversaries, while exempting key allies such as Australia, Japan and the EU. Commerce Secretary Gina Raimondo emphasized protecting US leadership in AI while allowing secure technology diffusion. Exceptions permit up to 1700 advanced GPUs per order without a license and up to 320,000 over two years for buyers meeting security standards. Restrictions also apply to advanced AI models trained on massive computational operations. Critics, including Nvidia and the Semiconductor Industry association argue the rushed rollout risks stifling innovation. The rules extend 2022 through 2023 chip controls and include measures to secure AI models and data centers while enabling allies to maintain frontier AI infrastructure. A new ransomware group that surfaced in late 2024 called Funk Sec, claimed 85 victims in December alone, according to Checkpoint Research. The group, presenting itself as a ransomware as a service operation, uses AI assisted tools, enabling low skilled actors to develop advanced malware. Funsec employs double extortion tactics, combining data theft with encryption and targets organizations globally, particularly in countries aligned with Israel. Check point notes Many of the group's victim claims may be recycled from previous hacktivist campaigns questioning their authenticity. Eindhoven University of Technology cancelled lectures and activities after a cyber attack detected Saturday night. The Dutch university shut down its network as a precaution but noted it staff retain access to systems and are investigating. No data theft has been confirmed. Network dependent Services like email, Wi Fi and CanTeen registers are offline, although the campus remains open. Three Russian nationals have been indicted for operating cryptocurrency mixers Blender IO and Sinbad IO, which laundered money from cybercrimes, including funds stolen by the North Korean Lazarus Group. Roman Ostapenko and Alexander Olenyk were arrested in December 2024, while Anton Tarasov remains at large. Blender IO, active from 2018 through 2022, promised anonymity through a no logs policy. After its shutdown, Sinbad IO emerged offering similar services. Both mixers were previously sanctioned by the US treasury for laundering millions in cryptocurrency, including funds stolen from the Axie infinity hack in 2022. The suspects faced charges of money laundering, conspiracy and operating an unlicensed money transmitting business with potential sentences of up to 20 years. Authorities emphasized international cooperation in combating cybercrime and disrupting illicit financial networks. Juniper Networks kicked off 2025 by releasing security updates for Junos OS addressing dozens of vulnerabilities, including several high severity flaws. These include an out of bounds read bug in the routing protocol daemon that can cause denial of service via malformed BGP packets and a kernel memory exhaustion flaw triggered by malformed IPv6 packets. Fixes were also issued for high severity open SSH vulnerabilities and critical flaws in third party components like expatriates. No exploits have been reported, but users are urged to apply patches promptly. Telefonica, Spain's largest telecommunications company, confirmed a data breach involving its internal ticketing system after 2.3 gigabytes of data appeared on breach forums. Hackers using compromised employee credentials access the system, scraping documents and tickets, Some linked to telefonica.com emails. Attackers linked to the Hellcat ransomware group did not attempt extortion before leaking the data. Telefonica has blocked access and reset impacted accounts. While the full extent of the breach remains unclear, the company says they are investigating and enhancing security measures. A critical remote code execution vulnerability affects Aviatrix Controller, a popular cloud networking platform actively exploited. With a CVSS score of 10, it enables unauthenticated attackers to execute arbitrary code via unsanitized API inputs. Exploitation has led to cryptojacking malware and backdoors in unpatched systems, with attackers targeting publicly exposed controllers. Multiple versions are affected. Organizations are urged to patch immediately, restrict access, and monitor for lateral movement within cloud environments. The macOS info stealer Banshee has been leveraging a stolen Apple encryption algorithm to evade antivirus detection since September 2024. Initially sold on Russian cybercrime marketplaces as a fifteen hundred dollar stealer. As a service, Banshee targets macOS Systems to steal browser credentials, cryptocurrency, wallet data, system information and to unlock passwords. Earlier versions were easily detected due to plain text packaging, but a potent variant emerged using the same encryption algorithm as Apple's XProtect antivirus, bypassing nearly all antivirus solutions. For months, Banshee spread via GitHub repositories offering cracked software and phishing sites, mimicking legitimate programs like Google Chrome and Telegram. Despite its source code leaking in November and Yara rule updates addressing it, encrypted versions of Banshee largely remain undetected Researchers warn that this incident underscores the need for vigilance as macOS users are increasingly targeted by sophisticated malware campaigns. Researchers with the Halcyon Rise team have uncovered a novel ransomware campaign targeting Amazon S3 buckets using AWS's server side encryption with customer provided keys. The attack, orchestrated by a group dubbed Code Finger, leverages compromised AWS keys to encrypt S3 data, rendering it unrecoverable without the attacker's AES256 key, victims face permanent data loss, and files are set for deletion within seven days. To pressure ransom payments, organizations should restrict SSE C usage, audit AWS keys and enable advanced logging to mitigate this threat. Gravy Analytics, a major location data broker, has suffered a major data breach, exposing millions of people sensitive location data collected from popular smartphone apps. Hackers accessed Gravy's Amazon cloud storage using a misappropriated key, stealing terabytes of data, including over 30 million location data points. The leaked data set tracks individuals movements to sensitive sites such as the White House, military bases and personal residences, raising concerns about privacy and national security. Vulnerable groups like LGBTQ individuals in restrictive countries face heightened risks from deanonymization. Gravy sources much of its data via ad auctions, where apps unknowingly share users information. The breach follows an FTC ban on Gravy for unlawful tracking practices. Experts recommend using ad blockers, disabling app tracking, and restricting location sharing to protect against such risks. Gravy has confirmed the breach and is investigating while its website remains offline. Coming up after the break, my conversation with Philippe Humo, CEO and founder of CrowdSec. We discuss how open source cyber security platforms can help combat some of the biggest issues facing cybersecurity and the weirdness of AI. Stay with us.
[13:41]
KnowBe4 Sponsor
And now a word from our sponsor, Know before it's all connected and we're not talking conspiracy theories when it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBeFor, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBefor's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco 35. Vendor integrations and counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbe4.com SecurityCoach that's knowbe4.com SecurityCoach and we thank knowbe4 for sponsoring our show.
[15:14]
Dave Bittner
Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. Philippe Humeaud is CEO and founder of CrowdSec. I recently caught up with him to discuss some of the biggest issues facing cybersecurity and how open source cybersecurity platforms can help combat them.
[16:12]
Philippe Humeaud
Right now our biggest concern, I would say, is the fact that we expect AI to be weaponized. Not on the classical social layer when you try to hook people with crafted messages and spear phishing and crafted audio and video bits and so on, but rather on a purely technical standpoint. And we call this moai, Massively Multimodal Offensive AI. Sorry. And we think it's the next big.
[16:45]
Dave Bittner
Thing for folks who aren't familiar with that. Can you describe to us what that entails?
[16:51]
Philippe Humeaud
Yeah, sure. So mostly if you think about LLMs, it's somewhat similar. So take you're probably familiar with CTF, which is capture the flag. So in our world when cyber professionals are training, they often do what's called a ctf. So they try to compromise machines and they do this as fast as they can to get the most point. But all those attempts are logged, right? So they end up in a text file which can be easily parsed by an AI to learn how the best are doing and what are they doing. And then add to this the CVE databases that are pretty much freely available all around the globe. Some exploit databases, some metasploit, some academic paper research and stuff like that. Add all that together and you get a comprehensive guide on how to hack into any system. This is what the moais are learning from. They learn from actually humans doing research and they become extremely good at that after quite some training. But once it's ready, it can totally become a service like a ransomware as a service. You will rent an offensive AI as a service as well.
[18:12]
Dave Bittner
Well, you are of course the founder of CrowdSec and you describe yourselves as an open source multiplayer firewall provider. Can we go through those one at a time with the advantages? I think most people are familiar with open source, but let's start there. Why open source when talking about provisioning your firewall?
[18:34]
Philippe Humeaud
Yeah, so first I have to say that I'm not an open source zealot, right? I'm not an open source monk, someone that by default would go open source. I'm a businessman and I decided with my colleagues and co founders that open source would be the best way, the best route for us, which is fairly different. So we did open source this program, which is basically an ids, IPS and waf. So something that detect attacks, that remediate the attacks, and that also detect attacks on the web layer. So those are all the three acronyms I just gave you. So we decided to give it for free because we wanted the largest number to use it. And why that? It's because it's a bit like Waze. Every time Your server using CrowdStack is defending itself against an attack, it's sharing the IP address that has been aggressive towards itself. And we get signals from all around the world constantly, day in, day out, something like 10 million signals per day. And it gives us a map of IP addresses used by cybercriminals. And obviously we broadcast back this map to our clients.
[19:37]
Dave Bittner
And so that's the multiplayer element.
[19:39]
Philippe Humeaud
That's the multiplayer element, yeah. Actually it came from a joke. So people were always like, hey, how do you describe crowdsec? And I had a hard time at some point to describe because it's pretty disruptive. It's not something that's been seen so many times in the industry yet. So I was sometimes at the very beginning, first I had a hard time to define it really properly and one of my friends at Google said, hey, you know what, you're a multiplayer firewall. I'm like, hey, I like the sound of that. It's quite true. We also describe often enough as a ways of firewall. So basically why is it like this? Because since we share with each other the dangers of the digital highways and we tell where are the dangers and who you should not be pairing with, there's something awfully similar with Waze as well.
[20:24]
Dave Bittner
It's a great analogy. It reminds me, I was on a road trip with my father recently, who's quite a bit older than me, and he was looking at the Waze display up on my dashboard. And he said what are all those little dots on the road? And I said those are other people using the same system that we're using. So that's how it knows how fast the road's moving ahead of us and if there's an accident or something like that. So it's, I think that's really an effective metaphor for you.
[20:51]
Philippe Humeaud
Yeah. And in the sense we have like, I don't know, probably 300,000 servers nowadays in the system that are sharing the attacks they receive in real time. And you know, ways they are using your position, your heading and your speed basically and your unique phone identifier obviously to assess whether there is a problem or not ahead of you. And we do pretty much the same. We just use the IP address, the type of behavior it tried to play against your servers and the timestamp. And this is all we need to actually compute this real time map of IP addresses used by cybercriminals.
[21:29]
Dave Bittner
I think it's fair to say that these IP attacks are heading in one direction, that we continue to see more and more of them that's growing in size. What are your recommendations for folks to best protect themselves these days?
[21:44]
Philippe Humeaud
Yeah, so regarding servers, because obviously it's totally different when you speak about like workstations. Workstation is all about having a proper EDR AXDR or whatever, you know, glorified antivirus, proper MFA everywhere. We all know that. The thing is regarding servers, you don't have human interaction happening on the servers or very few actually. Sometimes admins comes and they check the logs or to check if something is broken and they fix it. But basically the servers are exposed to a ton of traffic, a lot of attention, something like probably along the lines of 2000 times per day they are pulled if they are not even known and a known server is pulled up to 4,000, 5,000 times a day. And if you are a bank or something like that, you're north of 200,000 times a day. So you want to automate that as best as possible and you want to get rid of, of the noise in the first place and say okay, I don't care about that. Those are very loud IP addresses. Those are the Gatling guns of the Internet. They're just like the humming of the microwave background, cosmic microwave background. They are the background humming of the Internet. It's just noise, it's not interesting. I don't need to do a lot of things to defend against this. It's really low hanging fruits attack. Now on the other end of the spectrum. There are people that are here to skin you alive and they know how to do it. So let's pretend for a second that we are a healthcare institution. Some IPs will be just a noise. Some IPs will try to reuse credential that they stole somewhere else. Some IPs will try to break into your website or your VPN or things like this. And some IPs we know for a fact they are specifically attacking healthcare industry.
[23:21]
Dave Bittner
Why?
[23:22]
Philippe Humeaud
Because they're not the protocols they know they use the habits or people are using the software, which software? And so on. So those one, even though there may be like a thousand or two thousand of them, only are far more dangerous than a million one just scanning stupidly your website, you know. So I think to avoid alert fatigue, what you need to do is automate and you know, leave this background noise in the garbage can. It's. It's really useless to deal with this, not even to store it, but pay extra attention to what is extremely qualified. Like the one that are trying to go after you specifically because you're a bank or a media or whatever. All the one that have attack patterns that you know can strike you in the back, like I don't know, credential Reviews or Expectations, 0 Days, CVS as things like this.
[24:09]
Dave Bittner
All right, well, I think I have everything I need for our story here. Is there anything I missed? Anything I haven't asked you that you think it's important to share?
[24:17]
Philippe Humeaud
Yeah, I think sharing is the key here. I mean we can try to diffuse endlessly payloads, right? The one that are like the rockets. When you think about the missile, you think about the rocket itself and you think about the payload. And the payload is obviously dangerous, but if you neutralize all the rockets, the payload is never going to reach you. And this is what we should all do. We should partake all together to defuse all the rockets. And that way we receive far more, far less, sorry, payloads. That's why, I mean join the army. It's free, it's open source, it's available to everyone. It's called Cross Ex. So please join the club.
[24:54]
Dave Bittner
That's Philippe Humeaux, CEO and founder of CrowdSec. Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security. But when it comes to our GRC programs, we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And finally, humans are experts at messing up. From losing our keys to occasionally misplacing a decimal, mistakes are just part of the human experience. To keep these slip ups in check, we've invented all sorts of clever checklists, double entry bookkeeping, and even writing not this leg on patients before surgery. But now we're integrating a whole new kind of AI. Unlike us, AI doesn't get tired or distracted, but its errors? They're a breed apart. While a human might flub a math problem, AI might suggest that cabbages eat goats or forget what money is mid task. A piece by Bruce Schneier and Nathan Sanders for IEEE Spectrum suggests the weirdness of AI errors lies in their unpredictability. They don't follow human patterns, making them both fascinating and unnerving. However, AI isn't entirely alien. It shares some human quirks, like repeating familiar terms or falling for social engineering tricks. It's also distractible. Get it to process long documents and it might zone out halfway through. Dealing with AI mistakes requires creativity. Asking the same question multiple ways or cross checking its output can help, since machines are endlessly patient with our nitpicking. And while we can train AI to make more human like errors, it's clear we need systems tailored to its peculiarities. The key is balance. Use AI where it excels, like processing vast amounts of data, but don't expect it to replace human judgment. After all, whether it's a person or an algorithm, everyone benefits from a second opinion, especially if goats and cabbages are involved. And that's the cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment on Jason and Brian's show. Every week, you can find Grumpy Old Geeks, where all the fine podcasts are listed. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Penny. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Carp, Simone Petrella is our president, Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomor.