Episodios

  • What does industry think of the White House's cybersecurity strategy?

    What does industry think of the White House's cybersecurity strategy?
    Apr 10 2026
    Bob Ackerman (founder of Allegis Cyber and a partner at DataTribe) joins Safe Mode to talk about where the new national cybersecurity strategy is trying to push the industry—especially around more open, coordinated “active disruption” with government support (and what that does not mean, like hack-back). He shares what he’s hearing from leaders who want clearer “rules of the road,” and why it’s tough to move from reactive collaboraBob Ackerman (founder of Allegiance Cyber and a partner at DataTribe) joins Safe Mode to talk about where the new national cybersecurity strategy is trying to push the industry—especially around more open, coordinated “active disruption” with government support (and what that does not mean, like hack-back). He shares what he’s hearing from leaders who want clearer “rules of the road,” and why it’s tough to move from reactive collaboration to getting ahead of threats. The conversation then turns to AI and why the next couple of years could get “a little spicy,” with offensive tooling accelerating fast and defenders struggling with visibility, noise, and prioritization. Ackerman’s bottom line: don’t get distracted by shiny objects—double down on fundamentals and hygiene, because you can’t defend what you can’t see.tion to getting ahead of threats. The conversation then turns to AI and why the next couple of years could get “a little spicy,” with offensive tooling accelerating fast and defenders struggling with visibility, noise, and prioritization. Ackerman’s bottom line: don’t get distracted by shiny objects—double down on fundamentals and hygiene, because you can’t defend what you can’t see. In our reporter chat, Greg talks with Tim Starks about the proposed CISA budget and warnings that Iran is going after critical infrastructure in cyber domain.
    Más Menos
    31 m
  • When iPhone exploits turn into commodities

    When iPhone exploits turn into commodities
    Mar 26 2026
    A sophisticated iPhone exploit kit known as DarkSword has escaped the world of targeted espionage and landed in public view—leaked on GitHub in a form that researchers say is trivial to repurpose and deploy. With the barrier to entry collapsing to “copy, paste, host,” the immediate concern is no longer whether advanced actors can use it, but how quickly criminal groups and opportunistic attackers will operationalize it against the enormous population of out-of-date iOS devices.
 In this episode, Jame’s Michael Covington joins us for a practitioner-level breakdown of what the DarkSword leak changes, who’s exposed, and what defenders can do right now. We dig into the real enterprise blast radius for organizations with BYOD and partially managed fleets, what meaningful detection and response looks like on iOS when visibility is limited, and how to prioritize patch enforcement, quarantine decisions, and Lockdown Mode for high-risk users. We also zoom out to the bigger pattern: highly capable mobile exploitation frameworks (including recent reporting on Coruna) increasingly surfacing outside tightly controlled circles—reshaping the threat model for Apple devices in the enterprise.

In our reporter chat, Greg talks with Matt Kapko on what they heard during their many conversations during their time at the RSAC 2026 Conference.
    Más Menos
    35 m
  • Behind the scenes of the Socksescort takedown

    Behind the scenes of the Socksescort takedown
    Mar 19 2026
    In this episode, we sit down with Chris Formosa to break down the Socksescort disruption—a proxy botnet powered by AVRecon that compromised edge devices at scale. Chris walks us through why the operation was so dangerous, how investigators tracked its command-and-control infrastructure, and what changed between the 2023 disclosure and the eventual takedown in coordination with the Department of Justice. We also dig into why edge devices remain prime targets, where most organizations still have visibility gaps, and what the next evolution of this threat could be. In our reporter chat, Greg Otto and Tim Starks break down DarkSword, a iOS exploit kit that could impact hundreds of millions of people.
    Más Menos
    35 m
  • What comes next for Trump's cybersecurity plan?

    What comes next for Trump's cybersecurity plan?
    Mar 12 2026
    On this episode of Safe Mode, Greg Otto and Tim Starks look past the headline release of President Trump’s new cyber strategy and focus on what comes next: the promised follow-on guidance, the rollout of an interagency “cell” spanning DOJ, State, FBI, DoD and others that pairs cyber operations with diplomacy and arrests, and the state-by-state critical infrastructure pilot programs designed to test what actually works before scaling. In our interview segment, acting Federal CISO Mike Duffy lays out his priorities for 2026.
    Más Menos
    29 m
  • A plea to improve quantum security in the federal government

    A plea to improve quantum security in the federal government
    Mar 5 2026
    In this episode, we sit down with Gharun Lacy, Deputy Assistant Secretary for the Cyber and Technology Security Directorate at the U.S. Department of State, who issues a stark warning: no organization can defend against quantum-enabled cyber threats alone. Hear Lacy explain why adversaries like China are already harvesting encrypted data today—planning to crack it years from now when quantum computers arrive. He breaks down the "harvest now, decrypt later" threat and why your encrypted data may outlive multiple leadership cycles, creating risks that stretch across generations like an accordion through time. Lacy challenges both public and private sector defenders to stop thinking about their post-quantum encryption plans in isolation. Instead, he argues we must defend "holistically as an ecosystem," with industries and sectors coordinating their transition to quantum-resistant algorithms by 2035. But is that timeline fast enough? In our reporter chat, Greg talks with Derek Johnson about a new study that finds that LLMs can used to deanonymize online profiles.
    Más Menos
    18 m
  • Is the 'Shields Up' era of CISA over?

    Is the 'Shields Up' era of CISA over?
    Feb 26 2026
    One year into the second Trump administration, the Cybersecurity and Infrastructure Security Agency (CISA) is facing what former officials and industry partners describe in stark terms: “decimated,” “amateur hour,” and “pretty much fallen apart.” In this episode, Greg Otto dives in with Tim Starks to unpack what’s happened inside the nation’s lead civilian cyber defense agency—and what it could mean for the country’s ability to withstand the next major cyber crisis. In the interview segment, we bring two experts from the DOD's Cyber Crime Center to speak about what they're seeing on the threat landscape.
    Más Menos
    33 m
  • Should you still trust your password manager?

    Should you still trust your password manager?
    Feb 19 2026
    In this episode, Greg explores the gap between password manager marketing claims of "Zero Knowledge Encryption" and the reality uncovered by Swiss researchers who found 25 attacks against Bitwarden, LastPass, and Dashlane. Professor Kenny Patterson joins Greg to discuss why the industry's "honest-but-curious" security model is dangerously inadequate compared to a "malicious server" threat model, diving into three critical vulnerability categories: account recovery mechanisms that allow attackers to swap encryption keys, seemingly innocent features like icon fetching that leak passwords, and "vault malleability" where individual item encryption lets attackers cut-and-paste data between vault fields. They also discuss how legacy code support and backwards compatibility create cryptographic hazards, and what non-negotiable features are needed to build a truly "provably secure" password manager from scratch.
    Más Menos
    37 m
  • No exceptions: How Amazon killed the password and unified security

    No exceptions: How Amazon killed the password and unified security
    Feb 12 2026
    In this episode, we sit down with Stephen Schmidt, SVP & Chief Security Officer at Amazon, to explore the engineering and leadership required to run a "no exceptions" identity program at a global scale. Most organizations suffer from the "fragmentation problem"—a mix of high-security cloud apps and vulnerable legacy systems. Stephen explains how Amazon unified its authentication standard to ensure that every internal account, from a fresh developer environment to a legacy application from 2003, meets the same rigorous bar. In our reporter chat, Greg talks with Derek Johnson on why your AI doctor does not have the same privacy protections as your real doctor. https://cyberscoop.com/radio/how-amazon-killed-the-password-and-unified-security/ Join Virtru on Feb 18th for the inaugural DCMMC at 1801 Pennsylvania Ave for a no-nonsense CMMC deep dive followed by a bourbon tasting—grab your spot here. - https://www.virtru.com/dcmmc-event Follow CyberScoop on Social Media • https://www.twitter.com/CyberScoopNews • https://www.linkedin.com/company/cyberscoop • https://www.facebook.com/cyberscoop/ • https://www.instagram.com/cyberscoopnews/ • https://www.tiktok.com/@cyberscoopnews • https://bsky.app/profile/cyberscoop.bsky.social About Safe Mode Every week we break down the most pressing issues in technology, provide you with the knowledge and tools to stay ahead of the latest threats and take you behind the scenes of the biggest stories in cyberspace. https://cyberscoop.com/show/safe-mode/
    Más Menos
    37 m