Renewed surveillance sparks controversy.

Section 702 gets another two years.  MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHub’s comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the President’s Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of RSAC 2024. Targeting kids online puts perpetrators in the malware crosshairs.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We have two guests today. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists and what to look for on the innovation front at RSAC 2024. For 18 years, cybersecurity's boldest new innovators have competed in the RSAC Innovation Sandbox contest to put the spotlight on their potentially game-changing ideas. This year, 10 finalists will once again have three minutes to make their pitch to a panel of judges. Since the start of the contest, the Top 10 Finalists have collectively seen over 80 acquisitions and $13.5 billion in investments. Innovation Sandbox will take place on Monday, May 6th at 10:50am PT. Selected Reading Warrantless spying powers extended to 2026 with Biden’s signature (The Record) MITRE breached by nation-state threat actor via Ivanti zero-days (Help Net Security) CrushFTP File Transfer Vulnerability Lets Attackers Download System Files (Infosecurity Magazine) Researchers Claim that Windows Defender Can Be Bypassed (GB Hackers) Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns  (The Record) GitHub comments abused to push malware via Microsoft repo URLs (Bleeping Computer) Presumably Chinese industrial spies stole VW data on e-drive technology (Bleeping Computer) CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading (Industrial Cyber) Malware dev lures child exploiters into honeytrap to extort them (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.