The CyberWire Daily Podcast 4.29.24
Ep 2056 | 4.29.24

An unprecedented surge in credential stuffing.

Show Notes

Okta warns of a credential stuffing spike. A congressman looks to the EPA to protect water systems from cyber threats. CISA unveils security guidelines for critical infrastructure. Researchers discover a stealthy botnet-as-a-service coming from China. The UK prohibits easy IoT passwords. New vulnerabilities are found in Intel processors. A global bank CEO shares insights on cybersecurity. Users report mandatory Apple ID resets. A preview of N2K CyberWire activity at RSA Conference. Police in Japan find a clever way to combat gift card fraud. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

It’s the week before the 2024 RSA Conference. Today, we have N2K’s own Rick Howard, Brandon Karpf, and Dave Bittner previewing N2K’s upcoming activities and where you can find our team at RSAC 2024.

Where you can find N2K’s team at the 2024 RSA Conference. 

RSA Conference Bookstore:

  • Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you.
  • JC Vega: May 6, 2024 | 02:00 PM PDT
  • Rick Howard: May 7, 2024 | 02:00 PM PDT
  • Helen Patton: May 8, 2024 | 02:00 PM PDT
  • Book signing: Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics
  • May 8, 2024 | 02:00 PM PDT

Birds of a Feather Session:

Rick Howard is hosting a small group discussion called “Cyber Fables: Debating the Realities Behind Popular Security Myths.” Rick will be using Eugene Spafford’s Canon Hall of Fame book, “Cybersecurity Myths and Misconceptions” as the launchpad for discussion.

  • Location: TBD
  • May. 7, 2024 | 9:40 AM - 10:30 AM PT

Cyware Panel:

Rick Howard is hosting a Cyware sponsored panel on the latest developments in SOC Fusion. Breakfast is provided. 

  • Location: The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103
  • May 8, 2024 | 8:30am-11am PST

Simone Petrella and Rick Howard Presentation:

The Moneyball Approach to Buying Down Risk, Not Superstars The hiring and training strategy is all wrong. When organizations hire, they are looking for all-stars. Drawing inspiration from the ground-breaking “Moneyball” approach of the Oakland A’s, this session outlines the necessary steps that security leaders must take to build skills in the aggregate, versus relying on superstars to prevent cyber attacks on the enterprise.

  • Location: Moscone South Esplanade level
  • May. 9, 2024 | 9:40 AM - 10:30 AM PT

Special Edition: Threat Vector

Understanding the Midnight Eclipse Activity and CVE 2024-3400: Host David Moulton and Andy Piazza, Sr. Director of Threat Intelligence at Unit 42, dive into the critical vulnerability CVE-2024-3400 found in PAN-OS software of Palo Alto Networks, emphasizing the importance of immediate patching and mitigation strategies for such vulnerabilities, especially when they affect edge devices like firewalls or VPNs. 

Selected Reading

Okta warns customers about credential stuffing onslaught (Help Net Security)

Crawford puts forward bill on cybersecurity risks to water systems (The Arkansas Democrat-Gazette) 

CISA unveils guidelines for AI and critical infrastructure (FedScoop)

Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services (GB Hackers)

UK becomes first country to ban default bad passwords on IoT devices (The Record)

Researchers unveil novel attack methods targeting Intel's conditional branch predictor (Help Net Security)

Standard Chartered CEO on why cybersecurity has become a 'disproportionately huge topic' at board meetings (The Record)

Security Bite: Did Apple just declare war on Adload malware? (9to5Mac)

Apple users are being locked out of their Apple IDs with no explanation (9to5Mac)

Japanese police create fake support scam payment cards to warn victims (Bleeping Computer)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.