In this insightful episode of Cyber Voices, David Willett dives into the complexities of trust attacks with Max Heinemeyer at CyberCon 2025. Max brings an innovative perspective by simulating a politically motivated cyberattack on Australian infrastructure. He emphasises the growing concern over trust attacks, differentiating them from traditional cyber threats that focus on confidentiality and availability. Trust attacks, involving the manipulation of critical data, pose a severe risk to national stability. Through this discussion, the episode highlights the pressing need for improved cybersecurity frameworks to address the evolving threat landscape driven by hyper automation and modern AI technologies.Further reading provided by Max: On the Feasibility of Using LLMs to Autonomously Execute Multi-host Network Attacks https://arxiv.org/abs/2501.16466v3Teams of LLM Agents can Exploit Zero-Day Vulnerabilitieshttps://arxiv.org/abs/2406.01637Hexstrike AI Open Source Offensive Security AI Orchestrator - https://www.hexstrike.com/AI Agent XBOW making number one on Hackerone leaderboard - https://xbow.com/blog/top-1-how-xbow-did-itAI-enabled prototype ransomware PromptLocker - https://www.eset.com/us/about/newsroom/research/eset-discovers-promptlock-the-first-ai-powered-ransomware/?srsltid=AfmBOop67a943J8-_KuK_8dNC497RoWo1YCELz4eR8wSFUV6NqJy6R1RAnd then this happened since we recorded our podcast, but is highly relevant - https://www.anthropic.com/news/disrupting-AI-espionage
--------
29:42
--------
29:42
The Cyber Escape Room Challenge with Tony Nicholls
At the 2025 CyberCon in Melbourne, Tony Nicholls from CGI Australia introduced a new concept - a cyber escape room housed in a shipping container. Originally developed in the UK to raise cyber awareness, the escape room gamifies cybersecurity education, targeting both novices and professionals. It offers a hands-on approach to learning about phishing, social engineering, and malware, promoting a no-shame, team-based environment ideal for schools and businesses alike. With the ability to adjust difficulty on the fly, participants of all ages leave with a better understanding of cybersecurity threats and defenses, with a smile on their face.
--------
17:46
--------
17:46
Unmasking Insider Threat with Jason Plumridge
In this episode, Jason Plumridge from Thales Cyber discusses the growing threats posed by foreign intelligence entities. He explains how these operatives target individuals within organisations to access sensitive data. The conversation highlights the role of physical and personal security in mitigating these risks and stresses the importance of identifying employee behavioral changes as potential red flags. The discussion delves into recruitment strategies used by operatives and underscores the need for robust insider threat programs, including continuous employee monitoring and strategic controls at both the personnel and physical levels.
--------
26:21
--------
26:21
Igniting a Global STEM Revolution with Kari Byron
In this episode of Cyber Voices, Kari Byron, known for her role on MythBusters, discusses her evolution from television host to STEM advocate. She is spearheading a global mission to promote STEM through a reimagined version of the White House Science Fair, now a national festival that transcends politics by involving industry sponsors. Byron explains how this initiative not only highlights young talent but also creates vital connections between students and industry leaders. The end goal is to empower the next generation of innovators, making STEM careers more accessible and fostering a worldwide community of future leaders.Make sure you check out Kari's podcast, Mythfits!
--------
20:59
--------
20:59
Spotting Malicious Remote IT Applicants with Michael Puckridge and Jamie Lindsay
In this gripping episode of Cyber Voices, we delve into the intricate web of North Korean cyber operations, revealing how the nation operates more like an international criminal network than a traditional state entity. Michael Puckridge and Jamie Lindsay from DTEX discuss their investigations into North Korea's covert cyber workforce. These malevolent actors pose as legitimate IT professionals to penetrate organizations, siphoning funds back to their homeland. This episode uncovers how these operatives exploit the remote work trend to bypass security and steal advanced intellectual property, showing the nuances of modern cyber warfare in a world still grappling with the aftermath of the pandemic.
Welcome to CYBER VOICES, where we highlight and celebrate the diverse voices of the Australian cyber community. From top-ranking CISOs and government officials to threat hunters and vulnerability analysts, if there’s a voice to be heard, you’ll hear it on CYBER VOICES. Join us as we delve into the stories, insights, and expertise that shape the world of cybersecurity in Australia.
Australia