CyberWire Daily

Colorado election officials downplay a partial password leak. Over 22,000 CyberPanel instances were targeted in a ransomware attack. Google issues a critical security update for Chrome. Microsoft says Russia’s SVR is conducting a wide-ranging phishing campaign. The FakeCall Android banking trojan gains advanced evasion and espionage capabilities. A New 0patch Fix Blocks Malicious Theme Files. iOS malware LightSpy adds destructive features. LinkedIn faces class-action lawsuits over alleged privacy violations. The U.S. charges a Russian national as part of Operation Magnus. On this week’s CertByte segment, Chris Hare is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification. An Ex-Disney Staffer Allegedly Adds a Side of Sabotage to Park Menus.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment In this segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Certified Associate in Project Management (CAPM®) Practice Test. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: The 9 Most In-Demand Professional Certifications You Can Get Right Now Selected Reading Partial Breach of Election Machine Passwords in Colorado Poses No Risk, State Says (The New York Times) Election Threats Escalating as US Voters Flock to the Polls (BankInfo Security) Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (Bleeping Computer) Critical Chrome Security Update: Patch for Out-of-Bounds & WebRTC Vulnerability (Cyber Security News) Russian spies use remote desktop protocol files in unusual mass phishing drive (The Register) FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities (SecurityWeek) 0patch Blog: We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day) (0patch) Recent Version of LightSpy iOS Malware Packs Destructive Capabilities (SecurityWeek) Lawsuits Accuse LinkedIn of Tracking Users' Health Info (GovInfo Security) Feds name a Russian accused of developing Redline (The Register) Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this Solution Spotlight episode, our very own Simone Petrella sits down with Chris Porter, the Chief Information Security Officer at Fannie Mae. As a seasoned expert in the financial and cybersecurity sectors, Chris shares insights into how Fannie Mae navigates the complexities of securing one of the nation's most critical financial institutions. Together, they discuss Fannie Mae's evolving cybersecurity posture, balancing innovation with risk management, and the critical strategies employed to protect sensitive data in an increasingly digital and interconnected world. Chris also delves into the importance of collaboration across the industry, highlighting partnerships and intelligence-sharing as vital components in mitigating cyber threats. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese hacking into US telecoms draws federal scrutiny. ESET examines Evasive Panda’s CloudScout toolset. A new ChatGPT jailbreak bypassed security safeguards. Nintendo warns users of a phishing scam. The Five Eyes launch the Secure Innovation initiative for startups. CISA releases “Product Security Bad Practices” guidelines. Apple’s new bug bounty program offers a million bucks for critical vulnerabilities. The City of Columbus drops its suit of a cybersecurity researcher. On our Solution Spotlight today, N2K’s Simone Petrella speaks with Chris Porter, CISO at Fannie Mae, on cultivating cybersecurity culture and talent. Spooky spam is back. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight today, N2K’s Simone Petrella speaks with Chris Porter, CISO at Fannie Mae, on cultivating cybersecurity culture and talent. You can hear Simone’s and Chris’ full conversation in this special edition podcast. Selected Reading Key Federal Cyber Panel to Probe Chinese Telecoms Hacking (Bank Info Security) CloudScout: Evasive Panda scouting cloud services (We Live Security) ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis (SecurityWeek) Nintendo Warns of Phishing Attack Mimics Company Email Address (gbhackers) Five Eyes Agencies Launch Startup Security Initiative (Infosecurity magazine) CISA sees elimination of ‘bad practices’ as next secure-by-design step (CyberScoop) Apple Launches 'Apple Intelligence' and Offers $1M Bug Bounty for Security (Hackread) Columbus drops lawsuit against data leak whistleblower Connor Goodwolf, but with a catch (NBC) Spooky Spam, Scary Scams: Halloween Threats Rise (Security Boulevard) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Operation Magnus disrupts notorious infostealers. Pennsylvania officials debunk election disinformation attributed to Russia. TeamTNT targets Docker daemons. Delta sues CrowdStrike. NVIDIA released a critical GPU Display Driver update. Fog and Akira ransomware exploit SonicWall VPNs. A researcher demonstrates Downgrade attacks against Windows systems. Qilin ransomware grows more evasive and disruptive. Pwn2Own Ireland awards over $1 million for more than 70 zero-day vulnerabilities. Our guest is Grant Geyer, Chief Strategy Officer at Claroty, talking about safeguarding our nation's critical food infrastructure. At long last, it’s legal to fix your McFlurry.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Grant Geyer, Chief Strategy Officer at Claroty, talking about safeguarding our nation's critical food infrastructure. The FBI recently held an Agriculture Threats Symposium in Nebraska, spotlighting growing concerns over the security of the nation's critical food infrastructure amid rising threats. As cyberattacks and bioterrorism increasingly target agriculture, the event highlighted urgent calls for stronger safety measures to protect the food supply chain.  Selected Reading Operation Magnus Disrupted Redline and Meta Infostealer Malware (Cyber Security News) Pennsylvania officials rebut false voter fraud claims from home and abroad (CyberScoop) TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters (Hackread) Delta sues CrowdStrike for $500 million in damages caused by massive airline cancelations (The Independent) NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux (Cyber Security News) Fog ransomware targets SonicWall VPNs to breach corporate networks (Bleeping Computer) New Windows Driver Signature bypass allows kernel rootkit installs (Bleeping Computer) Updated Qilin Ransomware Escalates Encryption and Evasion (BankInfo Security) Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland (Infosecurity Magazine) It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them (404 Media) DisMis: Explore our 3-part series on election propaganda. (N2K) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Dr. Rebecca Wynn, the Click Solutions Group Global Chief Security Strategist & CISO. She interviews Justin Daniels, a Baker Donelson lawyer and podcast host with expertise in cyber operations, M&A, and investment capital transactions, on the current state of cyber law and compliance. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Tatiana Rice, Keir Lamont, Jordan Francis, 2024. The Colorado Artificial Intelligence Act: An FPF U.S. Legislation Policy Brief [Explainer]. Colorado General Assembly. Dr Rebecca Wynn. Soulful CXO [Podcast]. Soulful CXO. Jodi Daniels, Justin Daniels. She Said Privacy/He Said Security [Podcast]. Apple Podcasts. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, N2K's Brandon Karpf interviews Pete Newell, CEO and Founder of BMNT, about the challenges facing technology adoption within the Department of Defense (DoD). They discuss the concept of “mission acceleration,” focusing on the DoD’s struggle to keep pace with rapid changes on the battlefield and the importance of a human-centered approach to technology adaptation. Newell emphasizes that true innovation in defense is more of a "people problem" than a technology issue, requiring shifts in organizational culture and internal education. Tune in to hear insights on accelerating change in defense through better problem articulation and training. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode where we are joined by Army Cyber Institute Technical Director and Chief of Staff Colonel Stephen Hamilton, as he takes us on his computer science journey. Fascinated with computers since the second grade, Stephen chose West Point after high school to study computer science. Following graduation he moved into the signal branch as it most closely matched his interest in ham radio as no branch related directly to computing. He was pulled from the motor pool to help with another area's computing needs and then worked his way to teaching computer science at. West Point and US Cyber Command. Stephen recommends coding it first to help realize the nuances, and then code it again. We thank Stephen for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are pleased to be joined by Mick Baccio, global security advisor for Splunk SURGe, sharing their research on "LLM Security: Splunk & OWASP Top 10 for LLM-based Applications." The research dives into the rapid rise of AI and Large Language Models (LLMs) that initially seem magical, but behind the scenes, they are sophisticated systems built by humans. Despite their impressive capabilities, these systems are vulnerable to numerous cyber threats. Splunk's research explores the OWASP Top 10 for LLM Applications, a framework that highlights key vulnerabilities such as prompt injection, training data poisoning, and sensitive information disclosure. The research can be found here: LLM Security: Splunk & OWASP Top 10 for LLM-based Applications Learn more about your ad choices. Visit megaphone.fm/adchoices

UnitedHealth confirms breach numbers. Patient privacy pains. Amazon vs. APT29. CDK vulnerability threatens user security. Fog and Akira take aim at SonicWall. Level up or log off. LinkedIn in hot water. Open source, closed doors.  Watt's the risk? Today, we are joined by Itzik Alvas, Entro Security’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. And Muni Metro hits Ctrl+Alt+Delete on floppy disks! Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Itzik Alvas, Entro Security’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. You can learn more here.  Selected Reading UnitedHealth: 100 Million Individuals Affected by the Change Healthcare Data Breach (Heimdal) OnePoint Patient Care data breach impacted 795916 individuals (Security Affairs) Amazon identified internet domains abused by APT29 (AWS Security Blog)  RDP configuration files as a means of obtaining remote access to a computer or "Rogue RDP" (CERT-UA#11690) (CERT-UA)  AWS Cloud Development Kit flaw exposed accounts to full takeover (The Register)  Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN (Arctic Wolf)  Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game (Hackread)  LinkedIn hit with $335 million fine for using member data for ad targeting without consent (The Record)  Linux creator approves de-listing of several kernel maintainers associated with Russia (The Record)  U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Cybersecurity Isn't Easy When You're Trying to Be Green (Dark Reading)  Goodbye, floppies - San Francisco pays Hitachi $212 million to remove 5.25-inch disks from its light rail service (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet confirms a recently rumored zero-day. Officials investigate how restricted chips ended up in products from Huawei. The White House unveils a coordinated AI strategy for national security. Researchers jailbreak LLMs with Deceptive Delight. A new ransomware group exploits vulnerable device drivers. Sensitive documents from a UN trust fund are leaked online. Penn State pays over a millions dollars to settle allegations of inadequate security in government contracts. CISA adds a SharePoint vulnerability to its Known Exploited Vulnerabilities Catalog. A Microsoft report warns of growing election disinformation. On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience.  China is shocked - shocked! - that its space program has drawn the attention of foreign spies.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience.  Selected Reading Mandiant says new Fortinet flaw has been exploited since June (Bleeping Computer) TSMC Cuts Off Client After Discovering Chips Sent to Huawei (Bloomberg) White House unveils plan for US government to keep its edge on AI development (The Record) FACT SHEET: Biden-Harris Administration Outlines Coordinated Approach to Harness Power of AI for U.S. National Security (The White House) New LLM jailbreak method with 65% success rate developed by researchers (SC Media) Embargo Ransomware Disables Security Defenses (GovInfo Security) Misconfigured UN Database Exposes 228GB of Gender Violence Victims' Data (Hackread) Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements (SecurityWeek) CISA Warns Active Exploitation of Microsoft SharePoint Vulnerability (Cyber Security News) As Election Looms, Disinformation ‘Has Never Been Worse’ (The New York Times)  Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions (WIRED) China’s space programme targeted by ‘audacity’ of foreign agents, anti-spy agency warns (South China Morning Post)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

NotLockBit mimics its namesake while targeting macOS. Symantec uncovers popular mobile apps with hardcoded credentials. Avast releases a Mallox ransomware decryptor. Akira ransomware reverts to tactics tried and true. Lawmakers ask the DOJ to prosecute tax prep firms for privacy violations. The SEC levies fines for misleading disclosures following the SolarWinds breach. Software liability remains a sticky issue. Updated guidance reiterates the feds’ commitment to the Traffic Light Protocol. A task force has cybersecurity recommendations for the next U.S. president. Today’s guest is Jérôme Segura, Sr. Director of Research at Malwarebytes, sharing their work on "Scammers advertise fake AppleCare+ service via GitHub repos." Warrantless surveillance, powered by your favorite apps.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Jérôme Segura, Sr. Director of Research at Malwarebytes, sharing their work on "Scammers advertise fake AppleCare+ service via GitHub repos." You can learn more about this research here.  Selected Reading NotLockBit Ransomware Can Target macOS Devices (SecurityWeek) Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys (Hackread) Mallox Ransomware Flaw Let Victims Recover Files Without Ransom Payment (Cyber Security News) Akira ransomware pivots back to double extortion, C++ code (SC Media) Lawmakers ask DOJ to prosecute tax prep firms for sharing customer data with big tech (The Record) SEC fines four companies $7M for 'misleading cyber disclosures' regarding SolarWinds hack (TechCrunch) The struggle for software liability: Inside a ‘very, very, very hard problem’ (The Record) US Government Pledges to Cyber Threat Sharing Via TLP Protocol (Infosecurity Magazine) Task force unveils cyber recommendations for the next president (CyberScoop) The Global Surveillance Free-for-All in Mobile Ad Data (Krebs on Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A zero-day affects Samsung mobile processors. A critical vulnerability is discovered in the OneDev DevOps platform. German authorities warn against vulnerable industrial routers. The Bumblebee loader buzzes around corporate networks. Ghostpulse hides payloads in PNG files. A Michigan chain of dental centers agrees to a multimillion dollar data breach settlement. A White House proposal tamps down international data sharing. Fortinet is reportedly patching an as-yet undisclosed severe vulnerability. In our Threat Vector segment, host David Moulton speaks with Nathaniel Quist about cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. Russian deepfakes spread election misinformation.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Threat Vector podcast, host David Moulton, Director of Thought Leadership at Palo Alto Networks, speaks with Nathaniel Quist, Manager of Cloud Threat Intelligence at Cortex & Unit 42. David and Nathaniel discuss recent cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app.  Selected Reading Google Warns of Samsung Zero-Day Exploited in the Wild (SecurityWeek) Critical OneDev DevOps Platform Vulnerability Let Attacker Read Sensitive Data (Cyber Security News) Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks (SecurityWeek) Hackers Use Bumblebee Malware to Gain Access to Corporate Networks (GB Hackers) CISA Adds Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog (Cyber Security News) Pixel perfect Ghostpulse malware loader hides inside PNG image files (The Register) Dental Center Chain Settles Data Breach Lawsuit for $2.7M (BankInfo Security) Biden administration proposes new rules governing data transfers to adversarial nations (The Record) Fortinet issues private notifications to FortiManager customers to patch an undisclosed flaw (Beyond Machines) Russian Propaganda Unit Appears to Be Behind Spread of False Tim Walz Sexual Abuse Claims (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

An alleged Australian scammer wanted by the FBI gets nabbed in Italy. The Internet Archive has been breached again. Researchers discover vulnerabilities in encrypted cloud storage platforms. Cisco confirms stolen files but insists it’s not a data breach.  A Chinese disinformation group targets Senator Marco Rubio. Malicious chatbot prompts can hide inside harmless ones. The DoD wants to offer senior cyber executives part-time roles as military reservists. Six years out, the specter of Spectre remains. Russian prosecutors seek prison for REvil operators. Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Microsoft uses clever deception to reel in phishers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Selected Reading Australian wanted by FBI over alleged $46 million scam arrested in Italy (The Sydney Morning Herald) Internet Archive breached again through stolen access tokens (Bleeping Computer) Severe flaws in E2EE cloud storage platforms used by millions (Bleeping Computer) Cisco Confirms Security Incident After Hacker Offers to Sell Data (SecurityWeek) Report: China’s Spamouflage disinformation campaign testing techniques on Sen. Marco Rubio (The Record) This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats (WIRED) Wanted: Weekend Warriors in Tech (Wall Street Journal) Spectre flaws continue to haunt Intel and AMD (The Register) Russia's case against REvil hackers proceeds as government recommends 6.5-year sentences (The Record) Microsoft creates fake Azure tenants to pull phishers into honeypots (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Kim Jones, the Managing Director at Ursus Security Consulting. He takes a first principles look at the idea of identity. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Olivia Gulin, Tomberry., Peter Steiner, Alan David Perkins, 2012. On the Internet, Nobody Knows You’re a Dog [History]. Know Your Meme. Staff, 2019. US Patent for Mutual authentication of computer systems over an insecure network Patent Patent]. Justia Patents Search. Staff, 2023. Federal Bureau of Investigation: Internet Crime Report [Report]. Internet Crime Complaint Center (IC3). Staff, 2024. Data Breach Investigations Report [Report]. Verizon Business. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode where we are joined by the Head of Product for IBM Security Aarti Borkar, who shares her journey which included going after her lifelong love of math rather than following in her parents' footsteps in the medical field. In following her passions, Aarti found herself studying computer engineering and computer science, and upon taking a pause from her studies, she found a niche working at IBM in a mix of databases and networking. In her current position, Aarti describes her favorite discussion topics very often involve being around the use of AI for converting security into predictive domains. Aarti reminds us that you should pause and see if you are on the right path. Staying on a path just because you started there can be a bad idea. And, we thank Aarti for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Chester Wisniewski, Global Field CTO from Sophos X-Ops team, to discuss their work on "Crimson Palace returns: New Tools, Tactics, and Targets." Sophos X-Ops has observed a resurgence in cyberespionage activity, tracked as Operation Crimson Palace, targeting Southeast Asian government organizations. After a brief lull, Cluster Charlie resumed operations in September 2023, using new tactics such as web shells and open-source tools to bypass detection, re-establish access, and map target network infrastructure, demonstrating ongoing efforts to exfiltrate data and expand their foothold. The research can be found here: Crimson Palace returns: New Tools, Tactics, and Targets  Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates from Bitdfender address Man-in-the-Middle attacks. An Alabama man is arrested for allegedly hacking the SEC. In our Industry Voices segment, Gerry Gebel, VP of Strata Identity, describes how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. CISOs want to see their role split into two positions. Game Freak’s Servers Take Critical Hit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have our Industry Voices segment with Gerry Gebel, VP of Products and Standards at Strata Identity, discussing how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. Resources to learn more:  Identity Continuity™: How to have uninterrupted IDP access Resilience in extreme conditions: Why DDIL environments need continuous identity access Selected Reading macOS Vulnerability Could Expose User Data, Microsoft Warns (Infosecurity Magazine) Microsoft warns it lost some customer's security logs for a month (Bleeping Computer) 3 Longtime Health Centers Report Hacks Affecting 740,000 (GovInfo Security) Cicada3301 ransomware affiliate program infiltrated by security researchers (SC Media) Instagram Rolls Out New Sextortion Protection Measures (Infosecurity Magazine) Bitdefender Total Security Vulnerability Exposes Users to Man-in-the-Middle Attacks (Cyber Security News) Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike (SecurityWeek) CISOs Concerned Over Growing Demands of Role (Security Boulevard) Pokémon video game developer confirms its systems were breached by hackers (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Brazilian authorities arrest the alleged “USDoD” hacker. The DoJ indicts the alleged operators of Anonymous Sudan. CISA and its partners warn of Iranian brute force password attempts. A new report questions online platforms’ ability to detect election disinformation. Recent security patches address critical vulnerabilities in widely-used platforms. North Korean threat actors escalate their fake IT worker schemes. CISA seeks comment on Product Security Bad Practices. Dealing effectively with post-breach stress. Tim Starks, Senior Reporter at CyberScoop, joins us to discuss “What’s new from this year’s Counter Ransomware Initiative summit.” Redbox DVD rental machines get a reboot.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome back Tim Starks, Senior Reporter at CyberScoop, to discuss “What’s new from this year’s Counter Ransomware Initiative summit, and what’s next.” Selected Reading Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil (The Record) Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World (US Department of Justice) Iranian Hackers Using Brute Force on Critical Infrastructure (GovInfo Security) Before US election, TikTok and Facebook fail to block harmful disinformation. YouTube succeeds (Global Witness) F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability (Security Week) Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters (Security Week) GitHub patches critical vulnerability in its Enterprise Servers (CyberScoop) North Korea Escalates Fake IT Worker Schemes to Extort Employers (Infosecurity Magazine) CISA Seeks Feedback on Upcoming Product Security Flaws Guidance (Infosecurity Magazine) Helping Your Team Cope With the Stress of a Cyber Incident (BankInfo Security) Tinkerers Are Taking Old Redbox Kiosks Home and Reverse Engineering Them (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams. Officials in Finland take down an online drug market. Cisco investigates an alleged data breach.  A major apparel provider suffers a data breach. Oracle’s latest patch update includes 35 critical issues. Microsoft has patched several high-severity vulnerabilities. The NCSC’s new boss calls for global collaboration to fight cybercrime. CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.Hackers steal data from Verizon’s push-to-talk (PTT) system. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Robot vacuums go rogue. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Candidates for the Microsoft Azure Administrator exam are Azure Administrators who manage cloud services that span storage, security, networking, and compute cloud capabilities. Candidates should be proficient in using PowerShell, the Command Line Interface, Azure Portal, ARM templates, operating systems, virtualization, cloud infrastructure, storage structures, and networking. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Reference: Microsoft Azure Blog > Virtual Machines > Gain business insights using Power BI reports for Azure Backup Selected Reading Sri Lankan Police Arrest Over 200 Chinese Scammers (BankInfo Security) Finnish Customs closed down the Sipulitie marketplace on the encrypted Tor network (Finnish Customs) Cisco investigates breach after stolen data for sale on hacking forum (Bleeping Computer) Varsity Brands Data Breach Impacts 65,000 People (SecurityWeek) Oracle October 2024 Critical Patch Update Addresses 198 CVEs (Security Boulevard) Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site (SecurityWeek) 'Nationally significant' cyberattacks are surging, warns the UK's new cyber chief (The Record) CISA Warns of Three Vulnerabilities Actively Exploited in the Wild (Cyber Security News) Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’ (404 Media) Hackers took over robovacs to chase pets and yell slurs (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher. Nate Silver, 2024. What’s behind Trump’s surge in prediction markets? [Analysis]. Silver Bulletin. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads. Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads. Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/ Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA adds a Fortinet flaw to its “must patch” list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. Selected Reading Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds (CyberScoop) Fortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential Election (Fortinet) Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities (SecurityWeek) Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign (Infosecurity Magazine) Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds (CyberScoop) Eight Million Users Download 200+ Malicious Apps from Google Play (Infosecurity Magazine) TrickMo malware steals Android PINs using fake lock screen (Bleeping Computer) CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (Bleeping Computer) FIDO Alliance is Standardizing Passkey Portability (Thurrott) So far, cybercriminals appear to be just shopping around for a Telegram alternative (The Record) Ward Christensen, BBS inventor and architect of our online age, dies at age 78 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of Solution Spotlight, join us for an exclusive conversation between ISC2's Executive Vice President of Corporate Affairs, Andy Woolnough, and N2K's Simone Petrella. Together, they take a deep dive into ISC2's 2024 Cybersecurity Workforce Study, offering a first look at the most pressing findings. Discover insights from a survey of 15,852 cybersecurity professionals and decision-makers across the globe, including the size of the current workforce, the demand for more professionals, and alarming trends around layoffs, budget cuts, and skills shortages. Andy and Simone also explore the growing disconnect between the skills in high demand by hiring managers and those that cybersecurity pros are prioritizing. Learn why organizations must take immediate action to foster talent and bridge these skills gaps to meet the industry's evolving needs. Plus, today marks the start of the ISC2 Security Congress 2024! Whether attending in person or virtually, this event is packed with opportunities to engage with industry experts and further your knowledge in cybersecurity. Tune in for actionable insights and exclusive details on the state of the cybersecurity workforce and how your organization can stay ahead. For more information on ISC2 Security Congress 2024, visit the event page here. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode, where we are joined by a High Performance Computing Systems Administrator at Brigham Young University. Billy Wilson tells his cybersecurity career story translating language skills to technical skills. According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning. He is currently pursuing his master's degree from SANS Technology Institute for Information Security Engineering while working to secure BYU's data for their computationally-intensive research. Billy notes that not everyone has one overarching passion which gives him variety in his work. And, we thank Billy for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Trevor Hilligoss, VP of SpyCloud Labs at SpyCloud, discusses the increasing threat of ransomware, emphasizing the role of infostealer malware in facilitating these attacks. He draws from SpyCloud's 2024 Malware and Ransomware Defense Report, highlighting how compromised identity data from infostealers creates opportunities for ransomware operators. With 75% of organizations experiencing multiple ransomware attacks in the past year, Trevor explores findings from over 500 security leaders in the US and UK, discussing the challenges businesses face and how they can use insights from this research to defend against ransomware and other cybercrimes. The research can be found here: MALWARE AND RANSOMWARE DEFENSE REPORT Learn more about your ad choices. Visit megaphone.fm/adchoices

A Colorado health system’s patient portal has been compromised. Malicious uploads to open-source repositories surge over the past year. Octo2 malware targets Android devices. A critical vulnerability in Veeam Backup & Replication software is being exploited. The U.S. and U.K. team up for kids online safety. The European Council adopts the Cyber Resilience Act. New York State adopts new cyber regulations for hospitals. The FBI created its own cryptocurrency to help thwart fraudsters. Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Getting dumped via AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Selected Reading Cyberattack targets healthcare nonprofit overseeing 13 Colorado facilities (The Record) Malicious packages in open-source repositories are surging (CyberScoop) Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices (HackRead) Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (Cybersecuritynews) Britain, US set up working group to improve children’s online safety (Reuters) European Council Adopts Cyber Resilience Act (BankInfoSecurity) New York State Enacts New Cyber Requirements for Hospitals (BankInfoSecurity) FBI created a crypto token so it could watch it being abused (The Register) Man learns he’s being dumped via “dystopian” AI summary of texts (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Internet Archive gets breached and DDoSed. Dutch police arrest the alleged proprietors of an illicit online market. Fidelity Investments confirms a data breach. Marriott settles for $52 million over a multi-year data breach. Critical updates from Mozilla, FortiNet, Palo Alto Networks, VMWare, and Apple. Mongolian Skimmer targets Magento installations. On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations." Bankruptcy pulls back the curtain on a data brokerage firm.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations."  Selected Reading Internet Archive Breach Exposes 31 Million Users (WIRED) Dutch cops reveal takedown of 'largest dark web market'  Fidelity says data breach exposed personal data of 77,000 customers (TechCrunch) Marriott Agrees $52m Settlement for Massive Data Breach (Infosecurity Magazine) Mozilla releases patches for actively exploited Firefox bug (The Register) CISA says critical Fortinet RCE flaw now exploited in attacks (Bleeping Computer) Palo Alto Warns of Critical Flaw That Let Attackers Takeover Firewalls (Cyber Security News) VMware NSX Vulnerabilities Allow Hackers To Execute Arbitrary Commands (Cyber Security News) iTunes Local Privilege Escalation (CVE-2024-44193) Vulnerability Analysis and Exploitation (CYFIRMA)  The Mongolian Skimmer (Jscrambler) National Public Data files for bankruptcy after info leak (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers target Russia’s court information system. Patch Tuesday rundown. GoldenJackal targets government and diplomatic entities in Europe, the Middle East, and South Asia.Cybercriminals are exploiting Florida’s disaster relief efforts. Australia introduced its first standalone cybersecurity law. CISA and the FBI issue guidance against Iranian threat actors. Mamba 2FA targets Microsoft 365 accounts. Casio reports a data breach. On our Solution Spotlight, Simone Petrella speaks with Andy Woolnough from ISC2's about their 2024 Cybersecurity Workforce Study.  Keeping the AI slop off Wikipedia.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight today, our guest is Andy Woolnough, ISC2's Executive Vice President Corporate Affairs Executive Vice President Corporate Affairs. Andy shares a first look at ISC2's 2024 Cybersecurity Workforce Study with N2K's Simone Petrella. You can catch Simone and Andy’s full conversation on Monday, October 14th in our CyberWire Daily feed. That is also the day the ISC2 Security Congress 2024 kicks off. You can find out more about the event that has a virtual option here.   Selected Reading For a second day, Ukrainian hackers hit Russian institutions (Washington Post) Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (Bleeping Computer) GoldenJackal APT Group Breached Air-Gapped European Government Systems (The Cyber Express) Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files (Hackread) Australia Introduces First Standalone Cybersecurity Law (Infosecurity Magazine) CISA Issues Guidance to Counter Iran's Election Interference (BankInfo Security) New Mamba 2FA bypass service targets Microsoft 365 accounts (Bleeping Computer) Casio says recent cyberattack 'caused system failure' (The Record) The Editors Protecting Wikipedia from AI Hoaxes (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1! Make sure to check out Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. References: Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Learn more about your ad choices. Visit megaphone.fm/adchoices

Western authorities I.D. a key member of Evil Corp. A major U.S. water utility suffers a cyberattack. ODNI warns of influence campaigns targeting presidential and congressional races. A California deepfakes law gets blocked. Europol leads a global effort against human trafficking. Trinity ransomware targets the healthcare industry. Qualcomm patches a critical zero-day in its DSP service. ADT discloses a breach of encrypted employee data. North Korean hackers use stealthy Powershell exploits. On our Threat Vector segment, David Moulton and his guests tackle the pressing challenges of securing Operational Technology (OT) environments.  Machine Learning pioneers win the Nobel Prize.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Palo Alto Networks, hosts cybersecurity experts Qiang Huang Chung hwang, Palo Alto Networks VP of Product Management for Cloud Delivered Security Services, and Michela Menting, Senior Research Director in Digital Security at ABI Research, discuss the pressing challenges of securing Operational Technology (OT) environments.  Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David, Michela and Qiang’s full discussion, check it out here.  Selected Reading Police unmask Aleksandr Ryzhenkov as Evil Corp member and LockBit affiliate (The Record) American Water, the largest water utility in US, is targeted by a cyberattack (Associated Press) US Warns of Foreign Interference in Congressional Races (Infosecurity Magazine) US Judge Blocks California's Law Curbing Election Deepfakes (BankInfo Security) Global Police Track Human Traffickers in Online Crackdown (Infosecurity Magazine) Recently spotted Trinity ransomware spurs federal warning to healthcare industry (The Record) Qualcomm patches high-severity zero-day exploited in attacks (Bleeping Computer) ADT says hacker stole encrypted internal employee data after compromising business partner (The Record) North Korean Hackers Employ PowerShell-Based Malware With Serious Evasion Techniques (Cyber Security News) ‘Godfather of AI’ shares Nobel Prize in physics for work on machine learning (CNN) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese hackers breach U.S. telecom wiretap systems. A third-party debt collection provider exposes sensitive information of Comcast customers. Homeland Security’s cybercrime division chronicles their success. Google removes Kaspersky antivirus from the Play store. Ukrainian hackers take down Russian TV and Radio channels. A crypto-thief pleads guilty to wire fraud and money laundering. A pig-butchering victim gets his money back. On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in. AI knows - the truth is out there.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in. Selected Reading Chinese hackers breached US court wiretap systems, WSJ reports (Reuters) Comcast says customer data stolen in ransomware attack on debt collection agency (TechCrunch) Cyber Cops Stopped 500 Ransomware Hacks Since 2021, DHS Says (Bloomberg) Google removes Kaspersky's antivirus software from Play Store (Bleeping Computer) Ukraine Claims Cyberattack Blocked Russian State TV Online on Putin’s Birthday (Bloomberg) Crypto Hacker Pleads Guilty for Stealing Over $37 Million in Cryptocurrency (Cyber Security News) A victim of a crypto ‘pig butchering’ scam just got his $140,000 back (NPR) How chatbots can win over crackpots (Fast Company) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, has a free-wheeling conversation with Merritt Baer, Reco AI’s CISO, about how infosec professionals should think about AI, Machine Learning, and Large Language Models (LLMs). Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this encore episode where we are joined by Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, as she shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in the human side of cybersecurity. She jumped in and the rest is history. Having experienced some negativity as a woman in cybersecurity, Jessica is a strong proponent of diversity in the field. She suggests that newcomers to the industry follow what interests them and jump in. And, we thank Jessica for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Joshua Miller from Proofpoint is discussing their work on "Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset." Proofpoint identified Iranian threat actor TA453 targeting a prominent Jewish figure with a fake podcast interview invitation, using a benign email to build trust before sending a malicious link. The attack attempted to deliver new malware called BlackSmith, containing a PowerShell trojan dubbed AnvilEcho, designed for intelligence gathering and exfiltration. This malware consolidates all of TA453's known capabilities into a single script rather than the previously used modular approach. The research can be found here: Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset Learn more about your ad choices. Visit megaphone.fm/adchoices

Interpol arrests eight in an international cybercrime crackdown. A MedusaLocker variant targets financial organizations. Cloudflare mitigates a record DDoS attempt. Insights from the Counter Ransomware Initiative summit. Fin7 uses deepnudes as a lure for malware. Researchers discovered critical vulnerabilities in DrayTek routers. CISA issues urgent alerts for products from Synacor and Ivanti. A former election official gets nine years in prison for a voting system data breach. Microsoft and the DOJ seize domains used by Russia’s ColdRiver hacking group. On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. to learn how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. Harvard students demonstrate glasses that can see through your privacy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. Eric talks about how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. You can check out Strata’s blog on “Understanding the 7 A’s of IAM” and their book on “Identity Orchestration for Dummies”.  Selected Reading International police dismantle cybercrime group in West Africa (The Record) New MedusaLocker Ransomware Variant Deployed by Threat Actor (Infosecurity Magazine) Cloudflare Mitigates Record Breaking 3.8 Tbps DDoS Attack (Hackread) Recently patched CUPS flaw can be used to amplify DDoS attacks (Bleeping Computer) More frequent disruption operations needed to dent ransomware gangs, officials say (CyberScoop) FIN7 hackers launch deepfake nude “generator” sites to spread malware (Bleeping Computer) 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs) CISA Warns Active Exploitation of Zimbra & Ivanti Endpoint Manager Vulnerability (Cyber Security News) Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop) Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (Bleeping Computer) Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Dmitri Alperovitch discusses his book World on the Brink: How America Can Beat China in the Race for the Twenty-First Century with host Ben Yelin. Alperovitch highlights the rising tensions between the U.S. and China, focusing on Taiwan as a critical flashpoint that could ignite a new Cold War. He shares insights on the strategies America must adopt to maintain its status as the world’s leading superpower while addressing the challenges posed by China. By examining both strengths and weaknesses, as well as providing a timely blueprint for navigating the complexities of global relations in the 21st century. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda. References: David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Jeff Berman, Renée DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Quentin Hardy, Renée DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube. Rob Tracinski, Renée DiResta, 2024.  The Internet Rumor Mill [Interview]. YouTube. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal. Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis. The New York Times. Stuart A. Thompson, 2024. Elon Musk’s Week on X: Deepfakes, Falsehoods and Lots of Memes [News]. The New York Times. Will Oremus, 2024. Zuckerberg expresses regrets over covid misinformation crackdown [News]. The Washington Post. Yascha Mounk, Renée DiResta, 2022. How (Not) to Fix Social Media [Interview]. YouTube. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Learn more about your ad choices. Visit megaphone.fm/adchoices

A global news agency suffers a cyberattack. CISA and the FBI provide guidance on cross site scripting attacks. A Texas health system diverts patients following a ransomware attack. Western Digital patches a critical vulnerability in network attached storage devices. California passes a law protecting domestic abuse survivors from being tracked. Verizon and PlayStation each suffer outages. CISA responds to critiques from the OIG. T-Mobile settles with the FCC over multiple data breaches. The DOJ indicts a Minnesota man on charges of selling counterfeit software license keys. On our Industry Voices segment kicking off Cybersecurity Awareness Month, we are joined by Chad Raduege, Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives. A Crypto Criminal Stretches His Limits—And His Legs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment kicks off Cybersecurity Awareness Month, we are joined by Chad Raduege, Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives.  Selected Reading AFP News Agency's Content Delivery Systems Hit by Cyberattack (Hackread) CISA and FBI Issue Alert on XSS Vulnerabilities (Security Boulevard) UMC Health System Diverts Patients Following Ransomware Attack (SecurityWeek) Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code (CyberSecurity News) California passes car data privacy law to protect domestic abuse survivors (The Record) The Playstation Network is down in a global outage (Bleeping Computer) Verizon Mobile Outages Reported Across the U.S. (The New York Times) DoJ audit finds CISA faces challenges in cyber threat information sharing, as participation hits record low (Industrial Cyber) T-Mobile pays $31.5 million FCC settlement over 4 data breaches (Bleeping Computer) Man charged for selling forged license keys for network switches (Bleeping Computer) Crooked Cops, Stolen Laptops & the Ghost of UGNazi (Krebs on Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical vulnerability has been discovered in the NVIDIA Container Toolkit. Representatives from around the world are meeting in Washington to address ransomware.  The Pentagon shoots down the notion of a separate cyber service. A genetic testing company leaves sensitive information in an unsecured folder. A public accounting firm breach affects 127,000 individuals. The DOJ charges a British national with hacking U.S. companies. California’s Governor vetoes an AI safety bill. CISOs deserve a seat at the table. Tim Starks from CyberScoop describes the House Homeland Security chair’s proposed cyber workforce bill. Password laziness leaves routers vulnerable.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Tim Starks from CyberScoop talking about the House Homeland Security chair releasing and pushing forth a cyber workforce bill. Read more in Tim’s article.  Selected Reading Critical flaw in NVIDIA Container Toolkit allows full host takeover (Bleeping Computer) Here's what to expect from the Counter Ransomware Initiative meeting this week (The Record) Pentagon asks lawmakers to kill third-party look at an independent cyber force (Breaking Defense) Facial DNA provider leaks biometric data via WordPress folder (Hackread) Accounting Firm WMDDH Discloses Data Breach Impacting 127,000 (SecurityWeek) British National Arrested, Charged for Hacking US Companies (SecurityWeek) California Gov. Newsom Vetoes Hotly Debated AI Safety Bill (BankInfo Security) PwC Urges Boards to Give CISOs a Seat at the Table (Infosecurity Magazine) New Critical Password Warning—86% Of All Router Users Need To Act Now (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Rick Doten, the VP of Information Security at Centene and one of the original contributors to the N2K CyberWire Hash Table.  He makes the case to invigorate the automation first principle cybersecurity strategy. In this case, he is specifically addressing remediation automation. References: Staff, n.d. National Pie Championships [Website]. American Pie Council. Rick Doten. Rick’s Cybersecurity Videos [Youtube Channel]. YouTube. Joe, 2020. The Unbearable Frequency of PewPew Maps [Explainer]. Stranded on Pylos. Aanchal Gupta, 2022. Celebrating 20 Years of Trustworthy Computing [Explainer]. Microsoft Security Blog. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. Listen to part 1 here. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this encore episode where we are joined by the Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be seeking out jobs you're actually not qualified for. I think that's how you grow. If you know you could do the job, and you've got half the skills, go for it." Jason aspires to a legacy of increasing diversity in the cybersecurity industry and founded a non-profit to do just that. And, we thank Jason for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

We are joined by Yves Younan, Senior Manager, Talos Vulnerability Discovery and Research from Cisco, discussing their work on "How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions." Cisco Talos has uncovered eight vulnerabilities in Microsoft applications for macOS that could allow attackers to exploit the system's permission model by injecting malicious libraries. By leveraging permissions already granted to these apps, attackers could gain access to sensitive resources like the microphone, camera, and screen recording without user consent. While Microsoft considers these issues low risk and has declined to fix them, the vulnerabilities pose a potential threat to user privacy and security. The research can be found here: How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions Learn more about your ad choices. Visit megaphone.fm/adchoices

International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users’ passwords in plaintext. Delaware’s public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant at GuidePoint Security discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." Having the wisdom to admit you just don’t know.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mark Lance, Vice President DFIR and Threat Intelligence at GuidePoint Security, discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story."  Selected Reading US-led operation disrupts crypto exchanges linked to Russian cybercrime (The Record) Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected (SecurityWeek) Criminal charges coming in alleged Iranian hack of Trump campaign emails: Sources (ABC News) Meta fined $101 million for storing hundreds of millions of passwords in plaintext (The Record) Hackers attack Delaware libraries, seek ransom. Here's what we know (Delaware Online) Tor Merges With Security-Focused OS Tails (SecurityWeek) Progress urges admins to patch critical WhatsUp Gold bugs ASAP (Bleeping Computer) VLC Player Vulnerability Let Attackers Execute Malicious Code, Update Now (Cyber Security News) Bigger AI chatbots more inclined to spew nonsense — and people don't always realize (Nature) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Salt Typhoon infiltrates US ISPs. Researchers hack the connected features in Kia vehicles.WiFi portals in UK train stations suffer Islamophobic graffiti. International partners release a joint guide for protecting Active Directory. A key house committee approves an AI vulnerability reporting bill. India’s largest health insurer sues Telegram over leaked data. HPE Aruba Networking patches three critical vulnerabilities in its Aruba Access Points. OpenAI plans to restructure into a for-profit business. CISA raises the red flag on Hurricane Helene scams. Our guest is Ashley Rose, Founder & CEO at Living Security, on the creation of Forrester’s newest cybersecurity category, Human Risk Management. The FTC says “Objection!” to the world’s first self-proclaimed robot lawyer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ashley Rose, Living Security’s Founder & CEO, talking about the creation of Forrester’s newest cybersecurity category, Human Risk Management. Read Ashley’s blog. Learn more on The Forrester Wave™: Human Risk Management Solutions, Q3 2024.   Selected Reading China-Backed Salt Typhoon Targets U.S. Internet Providers: Report (Security Boulevard) Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug (WIRED) Public Wi-Fi operator investigating cyberattack at UK's busiest train stations (The Rgister) ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises (CISA) House panel moves bill that adds AI systems to National Vulnerability Database (CyberScoop) India's Star Health sues Telegram after hacker uses app's chatbots to leak data (Reuters) HPE Aruba Networking fixes critical flaws impacting Access Points (Bleeping Computer) Exclusive: OpenAI to remove non-profit control and give Sam Altman equity (Reuters) OpenAI's technology chief Mira Murati, two other research executives to leave (Reuters) CISA Warns of Hurricane-Related Scams (CISA) DoNotPay must pay $193,000 to settle false claim charges from FTC. (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CrowdStrike’s Adam Meyers testifies before congress. The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity. Foreign adversaries claim ongoing access to presidential campaign documents. Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than ten minutes. Exploiting ChatGPT’s long-term memory. Politicians and staffers find personal data exposed on the dark web. A critical vulnerability in Ivanti’s Virtual Traffic Manager is being actively exploited. On our CertByte segment,  Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ Practice Test. Don’t click the PDiddy links. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ (PK0-005) Practice Test. This exam is targeted for candidates who have about 1-2 years of project management experience. This is not an actual test question, but an example of one that covers an objective for the 5th version of the exam, which came out in November 2022. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access (Infosecurity Magazine) Exclusive: State Department cyber bureau preps funding blitz aimed at boosting allies' defenses (The Record) Iranian-linked election interference operation shows signs of recent access (CyberScoop) FEC expands campaign spending rules to allow for physical, cybersecurity purchases (CyberScoop) Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities (SecurityWeek) New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 Minutes (Forbes) Hacker plants false memories in ChatGPT to steal user data in perpetuity (Ars Technica) Proton warns that data of thousands politicians leaked on the dark web (Beyond Machines) Third Recent Ivanti Vulnerability Exploited in the Wild (SecurityWeek) PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts (Hackread) Diddy Do It? Or Did Cybercriminals? How Hackers Are Turning Scandals Into Cyber Attacks (Veriti) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybersecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on  prevention, response, and recovery. In this week’s Threat Vector, host David Moulton is joined by Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, to explore the seismic shifts in cybersecurity brought about by AI technologies.  A lavish lifestyle exposes the duo behind a $230M crypto scam. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, explore the seismic shifts in cybersecurity brought about by AI technologies.  Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David and Daniel’s full discussion, check it out here.  Selected Reading Exclusive: House Homeland Security chair releases, pushes forth cyber workforce bill (CyberScoop) Google Announces New Gmail Security Move For Millions (Forbes) Telegram will now provide some user data to authorities (BBC) Microsoft CEO to Cyber Team: Don’t Tell Me How Great Everything Is (Bloomberg) Kansas Water Facility Switches to Manual Operations Following Cyberattack (SecurityWeek) MoneyGram says cyber incident causing network outages (The Record) Kaspersky Users in US Find Antivirus Software Automatically Replaced (Cyber Security News) Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report (The Record) Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organization (Infosecurity Magazine) Two men arrested one month after $230 million of cryptocurrency stolen from a single victim (Bitdefender)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US is set to propose a ban on Chinese software and hardware in connected cars. Dell investigates a breach of employee data. Unit 42 uncovers a North Korean PondRAT and a red team tool called Splinter. Marko Polo malware targets cryptocurrency influencers, gamers, and developers. An Iranian state-sponsored threat group targets Middle Eastern governments and telecommunications.The alleged Snowflake hacker remains active and at large. German officials quantify fallout from the CrowdStrike incident. Apple’s latest macOS update has led to widespread issues with cybersecurity software and network connectivity. Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Supercharging your graphing calculator.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Read their blog "Surging Hype: An Update on the Rising Abuse of GenAI" here.  Selected Reading Exclusive: US to propose ban on Chinese software, hardware in connected vehicles (Reuters) Dell investigates data breach claims after hacker leaks employee info (Bleeping Computer) North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages (Security Affairs) Global infostealer malware operation targets crypto users, gamers (Bleeping Computer) Iranian-Linked Group Facilitates APT Attacks on Middle East Networks (Security Boulevard) Hacker behind Snowflake customer data breaches remains active (CyberScoop) Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool (Palo Alto Networks) Organizations are changing cybersecurity providers in wake of Crowdstrike outage (Help Net Security) Cybersecurity Products Conking Out After macOS Sequoia Update (SecurityWeek) Secret calculator hack brings ChatGPT to the TI-84, enabling easy cheating (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Roselle Safran, the CEO and Founder of KeyCaliber and one of the original contributors to the N2K CyberWire Hash Table. She interviews Tia Hopkins, the eSentire Chief Cyber Resilience Officer, to make the business case for why resilience might be the most important cyber strategy. References: Black Women in Cyber Collective, 2024. Securing Our Future: Embracing The Resilience and Brilliance of Black Women in Cyber [Book]. Goodreads. Ken Underhill, Christophe Foulon, Tia Hopkins, Mari Galloway, 2022. Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career [Book]. Goodreads. Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid, 2021. SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach [Guidance]. CSRC. Roselle Safran, 2024. Who Does the CISO Work for? [Social Media Post]. LinkedIn. Staff, n.d. Empow(H)er Cyber Home [Website]. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode, where we are jjoined by Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” Learn more about your ad choices. Visit megaphone.fm/adchoices

Jonathan Tanner, Senior Security Researcher from Barracuda, discussing their work on "Stealthy phishing attack uses advanced infostealer for data exfiltration." The recent phishing attack, detailed by Barracuda, uses a sophisticated infostealer malware to exfiltrate a wide array of sensitive data. The attack begins with a phishing email containing an ISO file with an HTA payload, which downloads and executes obfuscated scripts to extract and transmit browser information, saved files, and credentials to remote servers. This advanced infostealer is notable for its extensive data collection capabilities and complex exfiltration methods, highlighting the increasing sophistication of cyber threats. The research can be found here: Stealthy phishing attack uses advanced infostealer for data exfiltration Learn more about your ad choices. Visit megaphone.fm/adchoices

An FTC report confirms online surveillance and privacy concerns. Ukraine bans Telegram for state and security officials. Sensitive customer data from India’s largest health insurer is leaked. German law enforcement shuts down multiple cryptocurrency exchange services. HZ RAT sets its sights on macOS systems. Stolen VPN passwords remain a growing threat. Law enforcement dismantles the iServer phishing-as-a-service platform. Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. CISA’s boss pushes for accountability.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” To listen to Brandon and Steve’s full conversation, check out our Special Edition series that will run over the next two Sundays in our CyberWire Daily podcast feed.  Selected Reading FTC Staff Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens (Federal Trade Commission) Ukraine bans Telegram on state and military devices (The Record) Hacker selling 7 TB of Star Health Insurance’s customer data using Telegram (CSO Online) German Government Shuts Down 47 Exchanges, Says They're Tied To ‘Illegal Activity’ (CoinDesk) New MacOS Malware Let Attackers Control The Device Remotely (Cyber Security News) More Than Two Million Stolen VPN Passwords Discovered (Security Boulevard) High-risk vulnerabilities in common enterprise technologies (Rapid7 Blog) Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones (SecurityWeek) Insecure software makers are the real cyber villains – CISA (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US government disrupts China’s Raptor Train botnet. A phishing campaign abuses GitHub repositories to distribute malware.Ransomware group Vanilla Tempest targets U.S. healthcare providers.Hackers demand $6 million for stolen airport data. The FCC opens applications for a $200 million cybersecurity grant program. GreyNoise Intelligence tracks mysterious online “Noise Storms”. Scammers threaten Walmart shoppers with arrest. CISA adds five critical items to its known exploited vulnerabilities list. Craigslist founder will donate $100 million to strengthen US cybersecurity. Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking about space security and stability. Cybercriminals fall prey to very infostealers they rely on. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking with N2K’s T-Minus Space Daily podcast host Maria Varmazis about space security and stability. For some additional detail about space sustainability, visit Secure World Foundation’s Space Sustainability 101.   Selected Reading US Disrupts 'Raptor Train' Botnet of Chinese APT Flax Typhoon (SecurityWeek) Clever 'GitHub Scanner' campaign abusing repos to push malware (Bleeping Computer) Microsoft warns of ransomware attacks on US healthcare (CSO Online) Sea-Tac refuses to pay 100-bitcoin ransom after August cyberattack (The Seattle Times) FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries (Infosecurity Magazine) GreyNoise Reveals New Internet Noise Storm: Secret Messages and the China Connection (GreyNoise) Walmart customers scammed via fake shopping lists, threatened with arrest (Malwarebytes) CISA Warns of Five Vulnerabilities Actively Exploited in the Wild (Cyber Security News) Craigslist Founder Pledges $100 Million to Boost U.S. Cybersecurity (Wall Street Journal) Criminals Keep Hacking Themselves, Letting Researchers Unmask Them (404 Media)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups’ disinformation campaigns. California’s Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work and the recently-published guide on maintaining security support at all levels of cyber maturity. You can check out their guide “Cyber Fundamentals: Critical baseline security practices for today’s threat landscape” here.  Selected Reading Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (The New York Times) Criminal-favored Ghost messaging app busted, owners arrested (Cybernews) Russians made videos falsely accusing Harris of hit-and-run, Microsoft says (The Washington Post) California governor signs laws to crack down on election deepfakes created by AI (Associated Press) Researcher chains multiple old macOS flaws to compromise iCloud with no user interaction (Beyond Machines) iPhone Users Warned As New Email Password-Stealing Attacks Reported (Forbes) Deterrence in cyberspace is possible — and ‘urgent’ — amid ‘alarming’ hybrid attacks, State cyber ambassador says (CyberScoop) New Chatbot ETF Promises to Mimic Warren Buffett, David Tepper (Bloomberg) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Service’s ability to meet the challenges of the upcoming election. Cisco’s second round of layoffs hit hard.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Tim Starks, Senior Reporter from CyberScoop, joining us to discuss his piece on "Election officials say U.S. Postal Service woes place election mail at risk."  Selected Reading DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military (SecurityWeek) US Ramps Up Sanctions on Spyware-Maker Intellexa (Infosecurity Magazine) All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them (Security Boulevard) Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers (Cyber Security News)  D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (Bleeping Computer) Breach-Weary Snowflake Moves to MFA, 14-Character Passwords (GovInfo Security) Owner of only US platinum mine confirms data breach after ransomware claims (The Record) Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software (Huntress) Cisco's second layoff of 2024 affects thousands of employees (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apple’s Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach.  SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up credentials. Brian Krebs reveals the threat of growing online “harm communities.” Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on prompt injection attacks. How theoretical is the Dead Internet Theory? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on their recent work "Agent Hijacking: the true impact of prompt injection attacks."  Selected Reading FBI tells public to ignore false claims of hacked voter data (Bleeping Computer) Russia’s RT news agency has ‘cyber operational capabilities,’ assists in military procurement, State Dept says (The Record) The Dark Nexus Between Harm Groups and ‘The Com’ (Krebs on Security) China suspected of hacking diplomatic body for Pacific islands region (The Record) Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works (WIRED) Apple seeks to drop its lawsuit against Israeli spyware pioneer NSO (Washington Post) 23andMe settles data breach lawsuit for $30 million (Reuters) SolarWinds Patches Critical Vulnerability in Access Rights Manager (SecurityWeek) Malware locks browser in kiosk mode to steal Google credentials (Bleeping Computer) Is anyone out there? (Prospect Magazine)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing. References: White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC. Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes [Law]. Library of Congress. Staff, n.d. National Council of ISACs [Website]. NCI. Staff, 2020. Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 [Guidance]. CISA. Staff, 2023. Information Sharing Best Practices [White paper]. Health-ISAC. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this encore of Carerr Notes, where the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An opportunity to be a teaching assistant turned out to be one of those sliding door scenarios that led Ben to where he is now, a lawyer in the academic and consulting worlds specializing in cybersecurity and digital privacy issues. Through his work, Ben hopes to elevate the course of the debate on these very important issues. And, we thank Ben for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Alex Delamotte, Threat Researcher from SentinelOne Labs, joins to share their work on "Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials." SentinelOne’s Labs team has uncovered new research on Xeon Sender, a cloud hacktool used to launch SMS spam attacks via legitimate APIs like Amazon SNS. First seen in 2022, this tool has been repurposed by multiple threat actors and distributed on underground forums, highlighting the ongoing trend of SMS spam through cloud services and SaaS. The research can be found here: Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet reveals a data breach. The feds sanction a Cambodian senator for forced labor scams. UK police arrest a teen linked to the Transport for London cyberattack. New Linux malware targets Oracle WebLogic. Citrix patches critical Workspace app flaws. Microsoft unveils updates to prevent outages like the CrowdStrike incident. U.S. Space Systems invests in secure communications. Illegal gun-conversion sites get taken down. Tim Starks of CyberScoop tracks Russian hackers mimicking spyware vendors. Cybersecurity hiring gaps persist. Hackers use eye-tracking to steal passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we welcome back Tim Starks, senior reporter from CyberScoop, to discuss “Google: apparent Russian hackers play copycat to commercial spyware vendors.” You can read the article Tim refers to here.  Selected Reading Fortinet Data Breach: What We Know So Far (SOCRadar) Cambodian senator sanctioned by US over cyber-scams (The Register) UK NCA arrested a teenager linked to the attack on Transport for London (Security Affairs) New 'Hadooken' Linux Malware Targets WebLogic Servers (SecurityWeek) Citrix Workspace App Vulnerabilities Allow Privilege Escalation Attacks (Cyber Security News) Microsoft Vows to Prevent Future CrowdStrike-Like Outages (Infosecurity Magazine) Space Systems Command Awards $188M Contract for meshONE-T Follow-on (Space Systems Command) Domains seized for allegedly importing Chinese gun switches (The Register) Why Breaking into Cybersecurity Isn’t as Easy as You Think (Security Boulevard) Apple Vision Pro’s Eye Tracking Exposed What People Type (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over WHOIS trust and security. Our guest is Jon France, CISO at ISC2, with insights on Communicating Cyber Risk of New Technology to the Board. And, could Pikachu be a double-agent for Western intelligence agencies? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Jon France, CISO at ISC2, sharing his take on "All on "Board" for AI – Communicating Cyber Risk of New Technology to the Board." This is a session Jon presented at Black Hat USA 2024. You can check out his session’s abstract. Also, N2K CyberWire is a partner of ISC2’s Security Congress 2024. Learn more about the in-person and virtual event here.  Selected Reading UK Recognizes Data Centers as Critical National Infrastructure (Infosecurity Magazine) Cisco Patches High-Severity Vulnerabilities in Network Operating System (SecurityWeek) BYOD Policies Fueling Security Risks (Security Boulevard) Healthcare Provider to Pay $65M Settlement Following Ransomware Attack (SecurityWeek) Google Unveils Air-gapped Backup Vaults to Protect Data from Ransomware Attacks (Cyber Security News) New Android Banking Malware TrickMo Attacking Users To Steal Login Credentials (Cyber Security News) GitLab Releases Critical Security Update, Urges Users to Patch Immediately (Cyber Security News) Rogue WHOIS server gives researcher superpowers no one should ever have (Ars Technica) Pokémon GO was an intelligence tool, claims Belarus military official (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential security leaders in the industry. Learn more about our network sponsorship opportunities and build your brand where industry leaders get their daily news. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2K’s Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test.  Hard Drive Heaven: How Iconic Music Sessions Are Disappearing.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s Microsoft Azure Fundamentals (AZ-900) Practice Test. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Reference: What is public cloud? (RedHat) Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Remembering 9/11 In today’s episode, we pause to honor and remember the lives lost on September 11, 2001. We pay tribute to the courageous first responders, the resilient survivors, and the families whose lives were forever altered by that tragic day. Amidst the profound loss, the spirit of unity and compassion shone brightly, reminding us of our shared humanity. Additionally, you can check out our special segment featuring personal remembrances from N2K CyberWire’s very own Rick Howard, who was in the Pentagon on that fateful day. His reflections provide a heartfelt perspective on the events and are well worth your time. Tune in to hear his poignant insights. Special Edition Podcast In today’s special edition of Solution Spotlight, we welcome Mary Haigh, Global CISO of BAE Systems, as she sits down with N2K’s Simone Petrella. Together, they discuss moving beyond the technical aspects of cybersecurity to build and lead a high-performing security team. Selected Reading Microsoft Fixes Four Actively Exploited Zero-Days (Infosecurity Magazine) Adobe releases september 2024 patches for flaws in multiple products, including critical (Beyond Machines) Chrome 128 Update Resolves High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA (SecurityWeek) Ivanti fixes maximum severity RCE bug in Endpoint Management software (Bleeping Computer) Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library (SecurityWeek) Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials (Federal Trade Commission) Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details (Bitdefender) Inside Iron Mountain: It’s Time to Talk About Hard Drives (Mixonline) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach top security leaders. Explore our network sponsorship opportunities and build your brand where industry leaders get their daily news. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

For the 20th anniversary of 9/11 in 2021, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center. Read Rick's related essay and check out his original notes of 9/11/01 written in the weeks following the attacks. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Solution Spotlight, guest Dr. Mary Haigh, Global CISO of BAE Systems, speaks with N2K President Simone Petrella about moving beyond the technical to build a cybersecurity team. Learn more about your ad choices. Visit megaphone.fm/adchoices

Crimson Palace targets Asian organizations on behalf of the PRC. Europe’s AI Convention has lofty goals and legal loopholes. The NoName ransomware gang may be working as a RansomHub affiliate. Wisconsin Physicians Service Insurance Corporation, SLIM CD, and Acadian Ambulance Service each suffer significant data breaches. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Researchers from Ben-Gurion University in Israel develop new techniques to exfiltrate data from air-gapped computers. In our latest Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Sextortion scammers have gone to the dogs.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Ryan delves into the practical applications of AI in tasks such as OSINT analysis, payload development, and evading endpoint detection systems. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network.  Selected Reading Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets (Dark Reading) The AI Convention: Lofty Goals, Legal Loopholes, and National Security Caveats (SecurityWeek) NoName ransomware gang deploying RansomHub malware in recent attacks (Bleeping Computer) Wisconsin Insurer Discloses Data Breach Impacting 950,000 Individuals (SecurityWeek) Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted (HACKREAD) Acadian Ambulance service is reporting data breach, exposing almost 3 Million people (Beyond Machines) CISA Warns of Three Vulnerabilities That Are Actively Exploited in the Wild (Cyber Security News) Researchers Detail Attacks on Air-Gapped Computers to Steal Data (Cyber Security News) Sextortion scams now use your "cheating" spouse’s name as a lure (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK’s National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and go seek -  the emergence of shadow data. A crypto leader resigns after being held at gunpoint.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and go seek, or the emergence of shadow data. Selected Reading Progress LoadMaster vulnerable to 10/10 severity RCE flaw (Bleeping Computer) New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW! (HACKREAD) Thousands of Avis car rental customers had personal data stolen in cyberattack (TechCrunch) UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,’ warns report (The Record) 2 Brothers Sentenced to More Than 17 Years in Prison in Sextortion Scheme (The New York Times) SpyAgent Android malware steals your crypto recovery phrases from images (Bleeping Computer) Highline schools closing Monday because of cyberattack (Seattle Times) Crypto Firm CEO Resigns Following Armed Robbery of Company Funds (Blockonomi) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, N2K's very own Brandon Karpf sits down with Kevin Lentz, Team Leader of the Cyber Pacific Project at the Global Disinformation Lab, and they discuss the recent threatcasting report "Cyber Competition in the Indo-Pacific Gray Zone 2035." This report, developed using the Threatcasting Method, examines how the U.S. and Indo-Pacific allies can coordinate their cyber defense efforts in response to future competition with China. It presents findings, trends, and recommendations based on twenty-five scenarios simulated by a cross-functional group of experts to anticipate and address emerging threats over the next decade. The research can be found here: Cyber Competition in the Indo-Pacific Gray Zone 2035 Learn more about your ad choices. Visit megaphone.fm/adchoices

Cadet Blizzard is part of Russia’s elite GRU Unit. Apache releases a security update for its open-source ERP system. SonicWall has issued an urgent advisory for a critical vulnerability. Researchers uncover a novel technique exploiting Linux’s Pluggable Authentication Modules. Google’s kCTF team has discloses a critical security vulnerability affecting the Linux kernel’s netfilter component. Predator spyware has resurfaced.  US health care firm Confidant Health exposes 5.3 terabytes of sensitive health information. Dealing with the National Public Data breach. On our Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, speaks with N2K's Simone Petrella about moving beyond the technical to build an effective cybersecurity team. An AI music streaming scheme strikes a sour note.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight segment, Mary Haigh, Global CISO of BAE Systems, speaks with N2K President Simone Petrella about moving beyond the technical to build a cybersecurity team. Selected Reading Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team (WIRED) Apache Makes Another Attempt at Patching Exploited RCE in OFBiz (SecurityWeek) SonicWall Access Control Vulnerability Exploited in the Wild (GB Hackers) Linux Pluggable Authentication Modules Abused to Create Backdoors (Cyber Security News) PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access (Cyber Security News) Predator spyware resurfaces with signs of activity, Recorded Future says (CyberScoop) Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database (WIRED) Frustration Trying to Opt-Out After the National Public Data Breach (Security Boulevard) Musician charged with $10M streaming royalties fraud using AI and bots (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ disrupts Russia’s Doppelganger. NSA boasts over 1,000 public and private partners. The FBI warns of North Korean operatives launching “complex and elaborate” social engineering attacks. Iran pays the ransom to sure up their banking system. Cisco has disclosed two critical vulnerabilities in its Smart Licensing Utility. A Nigerian man gets five years in prison for Business Email Compromise schemes. Planned Parenthood confirms a cyberattack. Our guests are Sara Siegle and Cam Potts from NSA, Co-Hosts of the new show, No Such Podcast. OnlyFans hackers get more than they bargained for.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guests are Sara Siegle, Chief, Strategic Communications and Cam Potts, Co-Host, from NSA sharing their new podcast, No Such Podcast. The NSA launched the first two episodes of their new weekly podcast today. You can catch their trailer here. Visit their show on Libsyn.  Selected Reading US Targets Russian Media and Hackers Over Election Meddling (BankInfoSecurity) NSA Eyes Global Partnerships to Combat Chinese Cyberthreats (BankInfoSecurity) North Korean scammers prep stealth attacks on crypto outfits (The Register) Iran pays millions in ransom to end massive cyberattack on banks, officials say (Politico) DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign (SecurityWeek) Critical Cisco Smart Licensing Vulnerabilities Let Attackers Take Over System (Cyber Security News) Nigerian man sentenced to 5 years for role in BEC operation (CyberScoop) Planned Parenthood confirms cyberattack as RansomHub claims breach (Bleeping Computer) Fake OnlyFans cybercrime tool infects hackers with malware (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is George Barnes, Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge, discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024. Selected Reading YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica) Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes) Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek) D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer) Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record) New FTC Data Shows Massive Increase in Losses to Bitcoin ATM Scams (FTC) Dutch DPA imposes a fine on Clearview because of illegal data collection for facial recognition | Autoriteit Persoonsgegevens (Autoriteit Persoonsgegevens) Red Teaming Tool Abused for Malware Deployment (Infosecurity Magazine) CISA moves away from trying to influence content moderation decisions on election disinformation (CyberScoop) How Navy chiefs conspired to get themselves illegal warship Wi-Fi (Navy Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Brazil blocks access to X/Twitter. Transport for London has been hit with a cyberattack. Threat actors have poisoned GlobalProtect VPN software to deliver WikiLoader. “Voldemort” is a significant international cyber-espionage campaign. Researchers uncover an SQL injection flaw with implications for airport security. Three men plead guilty to running an MFA bypass service. The FTC has filed a complaint against security camera firm Verkada. CBIZ Benefits & Insurance Services disclosed a data breach affecting nearly 36,000. The cybersecurity implications of a second Trump term. On our Industry Insights segment, guest Caroline Wong, Chief Strategy Officer at Cobalt, discusses application security and artificial intelligence.  A Washington startup claims to revolutionize political lobbying with AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Insights segment, guest Caroline Wong, Chief Strategy Officer at Cobalt, discusses application security and artificial intelligence. You can find out more from Cobalt’s The State of Pentesting Report 2024 here.  Selected Reading Brazil Suspends Access to Elon Musk's X, Including via VPNs (GovInfo Security) Cyberattack hits agency responsible for London’s transport network (The Record) Hacking Poisoning GlobalProtect VPN To Deliver WikiLoader Malware On Windows (Cyber Security News) Scores of Organizations Hit By Novel Voldemort Malware (Infosecurity Magazine) Researchers find SQL injection to bypass airport TSA security checks (Bleeping Computer) Three Plead Guilty to Running MFA Bypass Site (Infosecurity Magazine) Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking (SecurityWeek) Business services giant CBIZ discloses customer data breach (Bleeping Computer) Who would be the cyber pros in a second Trump term? (CyberScoop) Convicted fraudsters launch AI lobbying firm using fake names (Politico) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests today are Jason Aspiotis, Global Director, In-Space Data & Security at Axiom Space and Jay Naves, Sr. Solutions Architect at AWS Aerospace & Satellite Solutions. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this encore episode with Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't shy away from failure as failure is just another opportunity to learn. We thank Tom for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Danielle Ruderman, Senior Manager for Wordwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M, about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Learn more about your ad choices. Visit megaphone.fm/adchoices

Tim Peck, a Senior Threat Researcher at Securonix, is discussing their work on "Threat actors behind the DEV#POPPER campaign have retooled and are continuing to target software developers via social engineering." The DEV#POPPER campaign continues to evolve, now targeting developers with malware capable of operating on Linux, Windows, and macOS systems. The threat actors, believed to be North Korean, employ sophisticated social engineering tactics, such as fake job interviews, to deliver stealthy malware that gathers sensitive information, including browser credentials and system data. The research can be found here: Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering Learn more about your ad choices. Visit megaphone.fm/adchoices

AI regulations move forward in California. DDoS attacks are on the rise. CISA  releases a joint Cybersecurity Advisory on the RansomHub ransomware. A persistent malware campaign has been targeting Roblox developers. Two European men are indicted for orchestrating a widespread “swatting” campaign. Critical vulnerabilities in an enterprise network monitoring solution could lead to system compromise. An Ohio judge issues a restraining order against a cybersecurity expert following a ransomware attack. Our guest is Dr. Zulfikar Ramzan, Chief Scientist at Aura, sharing his take on AI's growing role with online criminals. Admiral Hopper's lost lecture is lost no more.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Dr. Zulfikar Ramzan, Chief Scientist at Aura, sharing his take on the RockYou2024 breach and AI's growing role with online criminals. Selected Reading California Advances Landmark Legislation to Regulate Large AI Models (SecurityWeek) Radware Report Surfaces Increasing Waves of DDoS Attacks (Security Boulevard) CISA and Partners Release Advisory on RansomHub Ransomware (CISA) Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers (HackRead) 2 Men From Europe Charged With 'Swatting' Plot Targeting Former US President and Members of Congress (SecurityWeek) Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise (SecurityWeek) Ahead of mandatory rules, CISA unveils new cyber incident reporting portal (Federal News Network) Franklin County judge grants city request to suppress cyber expert's efforts to warn public (The Columbus Dispatch) Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published (Schneier on Security) Capt. Grace Hopper on Future Possibilities: Data, Hardware, Software, and People (Part One, 1982) (YouTube) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

French authorities outline the allegations against Telegram’s CEO. Google finds familiar spyware in Mongolian government websites. The Mirai botnet leverages obsolete security cameras. Iran’s Peach Sandstorm targets the space industry. A federal appeals court says platforms may be liable to algorithmically recommended content. Scam cycles are getting shorter. McDonald’s officials are grimacing after hackers take over their Instagram account. Our guests today are Dave DeWalt, Founder and CEO of NightDragon, and Nicole Bucala, CEO and GM at DataBee, sharing their joint initiative which aims to propel future cybersecurity innovations. A would-be extortionist fails to cover his tracks. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guests today are Dave DeWalt, Founder and CEO of NightDragon, and Nicole Bucala, CEO and GM at DataBee, sharing their joint initiative to propel future cybersecurity innovations. Learn more.  Selected Reading French authorities charge Telegram's Durov in probe into organized crime on app (Reuters) Russian government hackers found using exploits made by spyware companies NSO and Intellexa (TechCrunch) Old CCTV cameras provide a fresh opportunity for a Mirai botnet variant (The Record) Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor (WIRED)  Appeals court revives TikTok ‘blackout challenge’ death suit (The Register) Online scam cycles are getting shorter and more effective, Chainalysis finds (CyberScoop) Cisco Patches Multiple NX-OS Software Vulnerabilities (SecurityWeek) Crypto scammers who hacked McDonald's Instagram account say they stole $700,000 (Bitdefender) IT Engineer Charged For Attempting to Extort Former Employer (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi  vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a cyberattack. The U.S. Marshals Service (USMS) responds to claims of data theft by the Hunters International ransomware gang. Park’N Fly reports a data breach affecting 1 million customers. Black Lotus Labs documents the active exploitation of a zero-day vulnerability in Versa Director servers. Federal law enforcement agencies warn that Iran-based cyber actors continue to exploit U.S. and foreign organizations. We kick off our new educational CertByte segment with hosts Chris Hare and George Monsalvatge. Precrime detectives root out election related misinformation before it happens.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s show, our guests are N2K's Chris Hare and George Monsalvatge introducing our new bi-weekly CertByte segments that kick off today on the CyberWire Daily podcast. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by George Monsalvatge to break down a question targeting the Project Management Professional (PMP)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Project Management Professional (PMP®) Practice Test. The PMP® is the global gold standard certification typically targeted for those who have about three to five years of project management experience. To learn more about this and other related topics under this objective, please refer to the following resource: Project Management Institute - Code of Ethics and Professional Conduct. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading  Malware Delivered via Malicious Pidgin Plugin, Signal Fork (SecurityWeek) BlackByte Hackers Exploiting VMware ESXi Auth Bypass Flaw to Deploy Ransomware (Cyber Security News) US Offering $2.5 Million Reward for Belarusian Malware Distributor (SecurityWeek) Services at Swiss manufacturer Schlatter disrupted in likely ransomware attack (SiliconANGLE) US Marshals say data posted by ransomware gang not from 'new or undisclosed incident' (The Record) Park’N Fly notifies 1 million customers of data breach (Bleeping Computer) Taking the Crossroads: The Versa Director Zero-Day Exploitation (Lumen) Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations (CISA) Hundreds of 'PreCrime' Election-Related Fraud Sites Spotted (Metacurity) Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivists respond to the arrest of Telegram’s CEO in France. Stealthy Linux malware stayed undetected for two years. Versa Networks patches a zero-day vulnerability. Google has patched its tenth zero-day vulnerability of 2024. Researchers at Arkose labs document Greasy Opal. A flaw in Microsoft 365 Copilot allowed attackers to exfiltrate sensitive user data. Gafgyt targets crypto mining in cloud native environments. Microsoft investigates an Exchange Online message quarantine issue. Our guest is Bar Kaduri, research team leader at Orca Security talking about AI Goat, the first open source AI security learning environment based on the OWASP top 10 ML risks. Kentucky Prisoners Trick Tablets to Generate Fake Money.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Bar Kaduri, research team leader at Orca Security talking about AI Goat, the first open source AI security learning environment based on the OWASP top 10 ML risks. Available on GitHub, AI Goat is an intentionally vulnerable AI environment built in Terraform that includes numerous threats and vulnerabilities for testing and learning purposes. Learn more.  Selected Reading Arrest of Telegram CEO sparks cyberattacks against French websites (SC Media) Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules (AON) Stealthy 'sedexp' Linux malware evaded detection for two years (Bleeping Computer) Google tags a tenth Chrome zero-day as exploited this year (Bleeping Computer) Versa fixes Director zero-day vulnerability exploited in attacks (Bleeping Computer) Greasy Opal: Greasing the Skids for Cybercrime (Arkose Labs) Microsoft Copilot Prompt Injection Vulnerability Let Hackers Exfiltrate Personal Data (Cyber Security News) Gafgyt Botnet: Weak SSH Passwords Targeted For GPU Mining (Security Boulevard) Microsoft: Exchange Online mistakenly tags emails as malware (Bleeping Computer) Kentucky prisoners hack state-issued computer tablets to digitally create $1M. How’d they do it? (Union Bulletin) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Telegram’s CEO is arrested by French police, presumably over moderation failures. A cyberattack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle. SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or a firewall crash. Dutch and French regulators fined Uber €290 million for failing to protect the privacy of EU drivers. Microsoft will host a cybersecurity conference next month in response to the disastrous CrowdStrike software update. Radio Free Europe/Radio Liberty looks at Iran’s active attempts to interfere in the upcoming U.S. presidential election. Our guests are Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M. They spoke with N2K’s Brandon Karpf about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Pig Butchering devastates a small town bank.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guests are Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M. They spoke with N2K’s Brandon Karpf about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Brandon spoke with Danielle and Adam at AWS’ re:Inforce 2024.  Selected Reading Telegram CEO Pavel Durov arrested at French airport (BBC) Is Telegram really an encrypted messaging app? – A Few Thoughts on Cryptographic Engineering (Cryptography Engineering) The Port of Seattle and Sea-Tac Airport say they’ve been hit by ‘possible cyberattack’ (TechCrunch) Nearly 32 Million Documents, Invoices, Contracts, and Agreements Exposed Online by Global Field Service Management Provider (Website Planet) SonicWall Patches Critical SonicOS Vulnerability (SecurityWeek) Uber fined €290 million for sending drivers’ data outside Europe (Politico) Microsoft plans September cybersecurity event to discuss changes after CrowdStrike outage (CNBC) Iran Tries To 'Storm' U.S. Election With Russian-Style Disinformation Campaign (Radio Free Europe/Radio Liberty) Audit finds notable security gaps in FBI's storage media management (Bleeping Computer) Cryptocurrency 'pig butchering' scam wrecks Kansas bank, sends ex-CEO to prison for 24 years (CNBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode, where we are joined by Vice President of Global Systems Engineering Ellen Sundra and she shares her career path from life as a college grad who found her niche by creating a training program to a leader in cybersecurity. She realized that training and educating people was her passion. Ellen sees her value in providing soft skills as a natural balance to her technical team at Forescout Technologies. Being a woman in a male-dominated world proved to be a challenge and gaining her confidence to share her unique point of view helped her excel in it. Ellen recommends keeping your eyes open for how your skill set fits into cybersecurity. Find your perspective and really embrace it! We thank Ellen for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Dustin Moody, mathematician at NIST, about their first 3 recently finalized post-quantum encryption standards. NIST finalized a key set of encryption algorithms designed to protect against future cyberattacks from quantum computers, which operate in fundamentally different ways from traditional computers. Listen as Brandon and Dustin discuss these algorithms and how quantum computing will change the way we view encryption and cyber attacks in the future. Resources: NIST Releases First 3 Finalized Post-Quantum Encryption Standards (NIST) FIPS 203 FIPS 204 FIPS 205 What is Post Quantum Cryptography? (NIST) National Cybersecurity Center of Excellence (NCCoE) Post-Quantum Cryptography Standardization Project (NIST) Need to know: NIST finalizes post-quantum encryption standards essential for cybersecurity. (N2K CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices

Robert Duncan, VP of Product Strategy from Netcraft, is discussing their work on "Mule-as-a-Service Infrastructure Exposed." Netcraft's new threat intelligence reveals the intricate connections within global fraud networks, showing how criminals use specialized services like Mule-as-a-Service (MaaS) to launder scam proceeds. By mapping the cyber and financial infrastructure, including bank accounts, crypto wallets, and phone numbers, Netcraft exposes how different scams are interconnected and identifies weak points that can be targeted to disrupt these operations. This insight provides an opportunity to prevent fraud and protect against financial crimes like pig butchering, investment scams, and romance fraud. The research can be found here: Mule-as-a-Service Infrastructure Exposed Learn more about your ad choices. Visit megaphone.fm/adchoices

The exploitation of the LiteSpeed Cache Wordpress plugin has begun. Halliburton confirms a cyberattack. Velvet Ant targets Cisco Switch appliances. The Qilin ransomware group harvests credentials stored in Google Chrome. Ham radio enthusiasts pay a million dollar ransom. SolarWinds releases a hotfix to fix a hotfix. A telecom company will pay a million dollar fine over President Biden deepfakes. The Justice Department is suing the Georgia Institute of Technology and an affiliated company for allegedly failing to meet required cybersecurity standards for Pentagon contracts. Today’s guest is Dustin Moody, mathematician at NIST, speaking with N2K's Brandon Karpf about post-quantum encryption standards.  When it comes to phishing simulations, sometimes the cure is scarier than the disease. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest Dustin Moody, mathematician at NIST, talks with N2K's Brandon Karpf about their first 3 finalized post-quantum encryption standards. You can hear more of Brandon and Dustin’s conversation as they go into more detail on the individual standards on Sunday in our Special Edition podcast. Stay tuned.  You can read more on the newly-released standards here. Want to learn more about what post-quantum cryptography is? Check out this resource from NICE.  Selected Reading Hackers are exploiting critical bug in LiteSpeed Cache plugin (Bleeping Computer) Oil industry giant Halliburton confirms 'issue' following reported cyberattack (The Record) China-Nexus Threat Group ‘Velvet Ant’ Exploits Zero-Day on Cisco Nexus Switches (Sygnia) Qilin ransomware now steals credentials from Chrome browsers (Bleeping Computer) ARRL IT Security Incident - Report to Members (ARRL: The National Association for Amateur Radio) SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw (SecurityWeek) Telecom company hit with $1 million penalty over AI-generated fake Biden robocalls (The Record) DOJ sues Georgia Tech over allegedly failing to meet cyber requirements for DOD contracts (CyberScoop) Uni phishing test based on fake Ebola scare prompts apology (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart cards could be easily backdoored. The FAA proposes new cybersecurity rules for airplanes, engines, and propellers. A member of the Russian Karakurt ransomware group faces charges in the U.S. The Five Eyes release a guide on Best Practices for Event Logging and Threat Detection. The Kremlin claims widespread online outages are due to DDoS, but experts think otherwise. In our Threat Vector segment, guest host Michael Sikorski speaks with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. A deadbeat dad dodges debt through death.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this Threat Vector segment, guest host Michael Sikorski, CTO of Unit 42, engages in a thought-provoking conversation about the historical challenges and advances in cyber conflict with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network.  Selected Reading Critical Privilege Escalation in LiteSpeed Cache Plugin (Patchstack) Google fixes ninth Chrome zero-day exploited in attacks this year (The Register) Cisco Patches High-Severity Vulnerability Reported by NSA (SecurityWeek) Slack AI can leak private data via prompt injection (The Register) Major Backdoor in Millions of RFID Cards Allows Instant Cloning (SecurityWeek) FAA proposes new cybersecurity rules for airplanes (The Record) U.S. charges Karakurt extortion gang’s “cold case” negotiator (Bleeping Computer) ASD’s ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat Detection (CISA) Kremlin blames widespread website disruptions on DDoS attack; digital experts disagree (The Record) Deadbeat dad faked his own death by hacking government sites (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A major American chipmaker discloses a cyberattack. Cybercriminals exploit Progressive Web Applications (PWAs) to bypass iOS and Android defenses. Mandiant uncovers a privilege escalation vulnerability in Microsoft Azure Kubernetes Services. ALBeast hits ALB. Microsoft’s latest security update has caused significant issues for dual-boot systems. The DOE’s new SolarSnitch program aims to sure up solar panel security. Researchers uncover LLM poisoning techniques. An Iranian-linked group uses a fake podcast to lure a target. Our guest is Parya Lotfi, CEO of DuckDuckGoose, discussing the increasing problem of deepfakes in the cybersecurity landscape. Return to sender - AirTag edition.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Parya Lotfi, CEO of DuckDuckGoose, discusses the increasing relevance of deepfakes in the cybersecurity landscape. Selected Reading Microchip Technology discloses cyberattack impacting operations (Bleeping Computer) Android and iOS users targeted with novel banking app phishing campaign (Cybernews) Azure Kubernetes Services Vulnerability Exposed Sensitive Information (SecurityWeek) ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk (HACKREAD) Microsoft’s latest security update has ruined dual-boot Windows and Linux PCs (The Verge) DOE debuts SolarSnitch technology to boost cybersecurity in solar energy systems (Industrial Cyber) Researchers Highlight How Poisoned LLMs Can Suggest Vulnerable Code (Dark Reading) Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset | Proofpoint US (Proofpoint) Serial mail thieves thwarted when victim sends herself an AirTag (Apple Insider)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Dem’s 2024 party platform touches on cybersecurity goals. The feds warn of increased Iranian influence operations. A severe security flaw has been discovered in a popular WordPress donation plugin. The Lazarus Group exploits a Windows zero-day to install a rootkit. Krebs on Security takes a closer look at the significant data breach at National Public Data. Toyota confirms a data breach after their data shows up on a hacking forum. A critical Jenkins vulnerability is added to CISA’s Known Exploited Vulnerabilities catalog. Cybercriminals steal credit card info from the Oregon Zoo. Guest CJ Moses, CISO at Amazon, discussing partnership and being a good custodian of the community in threat intel and information sharing. CISA gets new digs.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest CJ Moses, CISO at Amazon, speaks with N2K’s Brandon Karpf about partnership and being a good custodian of the community in threat intel and information sharing at re:Inforce 2024. Selected Reading Democratic Party Platform Contains Three Cyber Goals (Metacurity) US warns of Iranian hackers escalating influence operations (Bleeping Computer) Critical WordPress Plugin RCE Vulnerability Impacts 100k+ Sites (Cyber Security News) Windows driver zero-day exploited by Lazarus hackers to install rootkit (Bleeping Computer) National Public Data Published Its Own Passwords (Krebs on Security) Toyota confirms breach after stolen data leaks on hacking forum (Bleeping Computer) Critical Jenkins vulnerability added to CISA’s known vulnerabilities catalog (SC Media) Cybercriminals siphon credit card numbers from Oregon Zoo website (The Record) CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco Talos discovers vulnerabilities in Microsoft applications for macOS. OpenAI disrupts an Iranian influence campaign. Jewish Home Lifecare discloses a data breach affecting over 100,000. Google tests an auto-redaction feature in Chrome for Android. Unicoin informs the SEC that it was locked out of G-Suite for four days. House lawmakers raise concerns over China-made WiFi routers. Moody’s likens the switch to post-quantum cryptography to the Y2K bug. Diversity focused tech nonprofits grapple with flagging support. Tim Starks of CyberScoop is back to discuss his investigation of a Russian hacking group targeting human rights groups. Smart phones get some street smarts. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome Tim Starks of CyberScoop back to discuss his story "Russian hacking campaign targets rights groups, media, former US ambassador." Selected Reading Vulnerabilities in Microsoft’s macOS apps could help hackers access microphones and cameras (The Record) OpenAI Disrupts Iranian Misinformation Campaign (The New York Times) 100,000 Impacted by Jewish Home Lifecare Data Breach (SecurityWeek) Chrome will redact credit cards, passwords when you share Android screen (Bleeping Computer) Crypto firm says hacker locked all employees out of Google products for four days (The Record) House lawmakers push Commerce Department to probe Chinese Wi-Fi router company (CyberScoop) Moody's sounds alarm on quantum computing risk, as transition to PQC ‘will be long and costly’ (Industrial Cyber) The movement to diversify Silicon Valley is crumbling amid attacks on DEI (Washington Post) Google’s Stunning New Android AI Feature Instantly Locks Phone Thieves Out (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore with CEO and co-founder of Dragos Robert Lee, as he talks about how he came to cybersecurity through industrial control systems. Growing up with parents in the Air Force, Robert's father tried to steer him away from military service. Still Rob chose to attend the Air Force Academy where he had greater exposure to computers through ICS. Robert finds his interest lies in things that impact the physical world around us. In his work, Dragos focuses on identifying what people are doing bad and helping people understand how to defend against that. Rob describes the possibility of making a jump to control system security from another area recommending you bring something to the table. Rob talks about the world he would like to leave to his son and his hopes for the future. We thank Rob for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Snir Ben Shimol from ZEST Security on their work, "How we hacked a cloud production environment by exploiting Terraform providers." In this blog, ZEST discusses the security risks associated with Terraform providers, particularly those from community sources. The research highlights the importance of carefully vetting providers, regular scanning, and following best practices like version pinning to mitigate potential vulnerabilities in cloud infrastructure management. The research can be found here: The hidden risks of Terraform providers Learn more about your ad choices. Visit megaphone.fm/adchoices

Google and iVerify clash over the security implications of an Android app. CISA has issued a warning about a critical vulnerability in SolarWinds Web Help Desk. Ransomware attacks targeting industrial sectors surge. Microsoft is rolling out mandatory MFA for Azure. Banshee Stealer is a new macOS-targeted malware developed by Russian threat actors. A popular flight tracking website exposes users’ personal and professional information. San Francisco goes after websites generating deepfake nudes. Daniel Blackford, Director of Threat Research at Proofpoint, joins us to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states.  Scammers Use Google to Scam Google. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Daniel Blackford, Director of Threat Research at Proofpoint, joined us while he was out at Black Hat to discuss emerging tactics used by threat actors and trends in e-crime tied to nation states.  Selected Reading Google to remove app from Pixel devices following claims that it made phones vulnerable (The Record) Nearly All Google Pixel Phones Exposed by Unpatched Flaw in Hidden Android App (WIRED) SolarWinds Web Help Desk Vulnerability Possibly Exploited as Zero-Day (SecurityWeek) Microsoft Mandates MFA for All Azure Sign-Ins (Infosecurity Magazine) New Banshee Stealer macOS Malware Priced at $3,000 Per Month (SecurityWeek) Dragos reports resurgence of ransomware attacks on industrial sectors, raising likelihood of targeting OT networks (Industrial Cyber) CISA Releases Eleven Industrial Control Systems Advisories (CISA) FlightAware Exposed Pilots’ and Users’ Info (404 Media) AI-powered ‘undressing’ websites are getting sued (The Verge) Dozens of Google products targeted by scammers via malicious search ads (Malwarebytes)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft urges users to patch a critical TCP/IP remote code execution vulnerability. Texas sues GM over the privacy of location and driving data. Google says Iran’s APT42 is responsible for recent phishing attacks targeting presidential campaigns. Doppelgänger struggles to sustain its operations. Sophos X-Ops examines the Mad Liberator extortion gang. Fortra researchers document a potential Blue Screen of Death vulnerability on Windows. China’s Green Cicada Network creates over 5,000 AI-controlled inauthentic X(Twitter) accounts. Kim Dotcom is being extradited to the United States. Our guest is Rui Ribeiro, CEO at JScrambler, to discuss how the extensive use of first and third-party JavaScript is a blessing and a curse. Wireless shifting can really grind your gears.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest Rui Ribeiro, JScrambler's CEO, joins us to discuss how the extensive use of first and third-party JavaScript is both a blessing and a curse. Selected Reading Zero-click Windows TCP/IP RCE impacts all systems with IPv6 enabled, patch now (Bleeping Computer) Texas sues General Motors over car data tracking (POLITICO) Google: Iranian Group APT42 Behind Trump, Biden Hack Attempts (Security Boulevard) Doppelgänger operation rushes to secure itself amid ongoing detections, German agency says (The Record) Palo Alto Networks Patches Unauthenticated Command Execution Flaw in Cortex XSOAR (SecurityWeek) A new extortion crew, Mad Liberator, emerges on the scene (The Register) Beware, Windows users. Newly-spotted CVE-2024-6768 vulnerability can cause blue screen (MSPoweruser) CyberCX Unmasks China-linked AI Disinformation Capability on X (Cyber CX) Kim Dotcom is being Megauploaded to the US for trial (The Verge) Want to Win a Bike Race? Hack Your Rival’s Wireless Shifters (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers at Tenable uncovered severe vulnerabilities in Microsoft’s Azure Health Bot Service. Scammers use deepfakes on Facebook and Instagram. Foreign influence operations target the Harris presidential campaign. An Idaho not-for-profit healthcare provider discloses a data breach. Research reveals a troubling trend of delayed and non-disclosure of ransomware attacks by organizations. Patch Tuesday roundup. Palo Alto Networks’ Unit 42 revealed a significant security risk in open-source GitHub projects. Enzo Biochem will pay $4.5 million to settle charges of inadequate security protocols. Our guest is Stephanie Schneider, Cyber Threat Intelligence Analyst at LastPass, joins us to discuss the ongoing Snowflake account attacks driven by exposed legitimate credentials.  Mining for profits on Airbnb.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Stephanie Schneider, Cyber Threat Intelligence Analyst at LastPass, joins us to discuss the ongoing Snowflake account attacks driven by exposed legitimate credentials and how enterprises can boost their defenses against these types of attacks. Selected Reading Critical Vulnerability Found in Microsoft’s AI Healthcare Chatbot (Infosecurity Magazine) UK Prime Minister Keir Starmer and Prince William deepfaked in investment scam campaign (Bitdefender) FBI told Harris campaign it was target of 'foreign actor influence operation,' official says (Reuters) 3AM ransomware stole data of 464,000 Kootenai Health patients (Bleeping Computer) Report reveals lag in disclosure of ransomware attacks in 2023 (Security Brief) Fortinet, Zoom Patch Multiple Vulnerabilities (SecurityWeek) Chipmaker Patch Tuesday: Intel, AMD Address Over 110 Vulnerabilities  Adobe Patches 72 Security Vulnerabilities Across Multiple Products (Cyber Security News) Microsoft Fixes Nine Zero-Days on Patch Tuesday (Infosecurity Magazine) ICS Patch Tuesday: Advisories Released by Siemens, Schneider, Rockwell, Aveva (SecurityWeek) Are your GitHub Action artifacts leaking tokens? (SC Magazine) Enzo Biochem to pay $4.5 mln over cyberattack, NY attorney general says (Reuters) Airbnb host adds ‘no crypto mining’ rule after tenant installs 10 rigs (Protos)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI is the repossessor of Dispossessor. The NCA collars and extradites a notorious cybercriminal. A German company loses sixty million dollars to business email compromise. DeathGrip is a new Ransomware-as-a-Service (RaaS) platform. Russia blocks access to Signal. NIST publishes post-quantum cryptography standards. DARPA awards $14 million to teams competing in the AI Cyber Challenge. On our Solution Spotlight, N2K President Simone Petrella talks with Lee Parrish, CISO of Newell Brands, about his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security". AI generates impossible code - for knitters and crocheters. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with Lee Parrish, CISO of Newell Brands, about his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security" and security relationship management. Coming tomorrow, stay tuned for a special edition with Simone and Lee’s full conversation.  Selected Reading FBI strikes down rumored LockBit reboot (CSO Online) Suspected head of prolific cybercrime groups arrested and extradited (National Crime Agency) Orion SA says scammers conned company out of $60 million (The Register) DeathGrip Ransomware Expanding Services Using RaaS Service (GB Hackers) Swiss manufacturer investigating ransomware attack that shut down IT network (The Record) Russia Blocks Signal Messaging App as Authorities Tighten Control Over Information (SecurityWeek) Post-Quantum Cryptography Standards Officially Announced by NIST – a History and Explanation (SecurityWeek) Need to know: NIST finalizes post-quantum encryption standards essential for cybersecurity (N2K CyberWire) NIST Releases First 3 Finalized Post-Quantum Encryption Standards (NIST)   DARPA Awards $14m to Seven Teams in AI Cyber Challenge (Infosecurity Magazine) The AI scams infiltrating the knitting and crochet world - and why it matters for everyone (ZDNET) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Solution Spotlight, guest Lee Parrish, author and CISO at Newell Brands, joins N2K President Simone Petrella to discuss his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security" and security relationship management. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Trump campaign claims its email systems were breached by Iranian hackers. A Nashville man is arrested as part of an alleged North Korean IT worker hiring scam. At Defcon, researchers reveal significant vulnerabilities in Google’s Quick Share. Ransomware attacks hit an Australian gold mining company as well as multiple U.S. local governments. GPS spoofing is a matter of time. Cisco readies another round of layoffs. Nearly 2.7 billion records of personal information for people in the United States have been shared on a hacking forum. Our own Rick Howard speaks with Mark Ryland, Director of Amazon Security, about formal verification.  A hacker hacks the hackers. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s guest slot, N2K’s CSO Rick Howard speaks with Mark Ryland, Director of Amazon Security at AWS, about formal verification, which is logical proofs about correctness of systems, at AWS re:Inforce. Rick and Mark caught up at AWS re:Inforce 2024.  Selected Reading Experts warn of election disruptions after Trump says campaign was hacked (Washington Post) Nashville man arrested for running “laptop farm” to get jobs for North Koreans (Ars Technica) Google Patches Critical Vulnerabilities in Quick Share After Researchers' Warning (Hackread) Australian gold mining company Evolution Mining announces ransomware attack (The Record) GPS spoofers 'hack time' on commercial airlines, researchers say (Reuters) Exclusive: Cisco to lay off thousands more in second job cut this year (Reuters) Hackers leak 2.7 billion data records with Social Security numbers (Bleeping Computer) Local gov’ts in Texas, Florida hit with ransomware as cyber leaders question best path forward (The Record) Simple Coding Errors Lead to Major Ransomware Takedown (Cybersecurity News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the meaning of cybersecurity materiality. References: Amy Howe, 2024. Supreme Court strikes down Chevron, curtailing power of federal agencies [Blog] Cydney Posner, 2023. SEC Adopts Final Rules on Cybersecurity Disclosure [Explainer]. The Harvard Law School Forum on Corporate Governance. Cynthia Brumfield, 2022. 5 years after NotPetya: Lessons learned Analysis]. CSO Online. Eleanor Dallaway, 2023. Closed for Business: The Organisations That Suffered Fatal Cyber Attacks that Shut Their Doors For Good [News]. Assured. Gary Cohen, 2021. Throwback Attack: Chinese hackers steal plans for the F-35 fighter in a supply chain heist [Explainer]. Industrial Cybersecurity Pulse. James Pearson, 2022. Russia downed satellite internet in Ukraine [News]. Reuters. Katz, D., 2021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance. Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Cybersecurity Canon Hall of Fame Book]. Goodreads. Lizárraga, C.J., 2023. Improving the Quality of Cybersecurity Risk Management Disclosures [Essay]. U.S. Securities and Exchange Commission. MATTHEW DALY, 2024. Supreme Court Chevron decision: What it means for federal regulations [WWW Document]. AP News. Rick Howard. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Book Review]. Cybersecurity Canon Project. Rick Howard, 2021. Using cyber sand tables to study the DNC hack of 2016. [Podcast]. The CyberWire. Rick Howard, 2022. Cyber sand table series: OPM. [Podcast and Essay]. The CyberWire. Staff, 2020. Qasem Soleimani: US strike on Iran general was unlawful, UN expert says [Explainer]. BBC News. Staff, 2023. Final Rule: Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure [Government Guidance]. U.S. Securities and Exchange Commission. Staff, 2024. Number of Public Companies v. Private: U.S. [Website]. Advisorpedia. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode: Computational Social Scientist Andrea Little Limbago shares her journey as a social scientist in cybersecurity. Andrea laments that she wishes she'd known there is no straight line between what you think you want to do and then where you end up going. Beginning her career in international relations and courted by the Department of Defense's Joint Warfare Analysis Center while teaching at New York University, Andrea began her work in cybersecurity. Her team was one of the first to start thinking about the intersection of cybersecurity and geopolitics and quantitative modeling. Andrea reminds us there are many paths and skills needed in cybersecurity and hopes she's opened some doors for others. We thank Andrea for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Shachar Menashe, Senior Director of Security Research at JFrog, is talking about "When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI." A security vulnerability in the Vanna.AI tool, called CVE-2024-5565, allows hackers to exploit large language models (LLMs) by manipulating user input to execute malicious code, a method known as prompt injection. This poses a significant risk when LLMs are connected to critical functions, highlighting the need for stronger security measures. The research can be found here: When Prompts Go Rogue: Analyzing a Prompt Injection Code Execution in Vanna.AI Learn more about your ad choices. Visit megaphone.fm/adchoices

Deep firmware vulnerabilities affect chips from AMD. CISA warns of actively exploited Cisco devices. Solar inverters are found vulnerable to disruption. Iran steps up efforts to interfere with U.S. elections. The UN passes its first global cybercrime treaty. ADT confirms a data breach. A longstanding browser flaw is finally fixed. Crash reports help unlock the truth. Rob Boyce of Accenture shares his thoughts live from Las Vegas at the Black Hat conference. These scammers messed with the wrong guy.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by podcast partner Rob Boyce of Accenture sharing his thoughts as our man on the street from the Black Hat USA 2024. Selected Reading ‘Sinkclose’ Flaw in Hundreds of Millions of AMD Chips Allows Deep, Virtually Unfixable Infections (WIRED) Warnings Issued Over Cisco Device Hacking, Unpatched Vulnerabilities (SecurityWeek) Series Of Solar Power System Vulnerabilities Impacts Millions Of Installations (Cyber Security News) Microsoft: Iran makes late play to meddle in U.S. elections (CyberScoop) UN cybercrime treaty passes in unanimous vote (The Record) ADT confirms data breach after customer info leaked on hacking forum (Bleeping Computer) It's 2024 and we're just getting round to stopping browsers insecurely accessing 0.0.0.0 (The Register) Computer Crash Reports Are an Untapped Hacker Gold Mine (WIRED) USPS Text Scammers Duped His Wife, So He Hacked Their Operation (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Black Hat kicks off with reassurances from global cyber allies. Researchers highlight vulnerabilities in car head units, AWS and 5G basebands. Alleged dark web forum leaders are charged in federal court. Tens of thousands of ICS devices are vulnerable to weak automation protocols. Kimsuky targets universities for espionage. Ransomware claims the life of a calf and its mother. A look at job risk in the face of AI. In our Threat Vector segment, host David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. An alleged cybercrime rapper sees his Benjamins seized. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this Threat Vector segment, host David Moulton, Unit 42 Director of Thought Leadership, converses with Nir Zuk, Founder and CTO of Palo Alto Networks, about the future of cybersecurity. They discuss the pressing challenges organizations face today and the pivotal shift from traditional defense strategies to a mindset that assumes breaches. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network.  Selected Reading US elections have never been more secure, says CISA chief (The Register) Black Hat USA 2024: vehicle head unit can spy on you, researchers reveal (Cybernews) AWS Patches Vulnerabilities Potentially Allowing Account Takeovers (SecurityWeek) Hackers could spy on cell phone users by abusing 5G baseband flaws, researchers say (TechCrunch) Exclusive: Massive Criminal Online Platform Disrupted (Court Watch) Web-Connected Industrial Control Systems Vulnerable to Attack (Security Boulevard) North Korea Kimsuky Launch Phishing Attacks on Universities (Infosecurity Magazine) Swiss cow and calf dead after ransomware attack on milking robot (Cybernews) AI Will Displace American Workers—When, How, and To What Extent Is Less Certain (Lawfare) Cybercrime Rapper Sues Bank over Fraud Investigation (Krebs on Security)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Crowdstrike releases a postmortem. LoanDepot puts a multimillion dollar price tag on their ransomware incident. RHADAMANTHYS info stealer targets Israelis. Zola ransomware is an advanced evolution of the Proton family. Firefox fixes several high-severity vulnerabilities. Researchers at Certitude uncover a vulnerability in Microsoft 365’s anti-phishing measures. Threat actors exploit legitimate anti-virus software for malicious purposes. Samsung’s new bug bounty program offers rewards up to a million dollars. Guest Adam Marré, CISO at Arctic Wolf, joining us to share his observations on the ground at Black Hat USA 2024. Ransomware gangs turn the screws and keep up with the times.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Adam Marré, CISO at Arctic Wolf, joining us to share his observations as our man on the street from Black Hat USA 2024. Selected Reading CrowdStrike Publishes Technical Root Cause Analysis of Faulty Falcon Update (Cyber Security News) Ransomware Attack Cost LoanDepot $27 Million (SecurityWeek) RHADAMANTHYS Stealer Weaponizing RAR Archive To Steal Login Credentials (Cyber Security News) New Zola Ransomware Using Multiple Tools to Disable Windows Defender (GB Hackers) Firefox Patches Multiple High Severity Vulnerabilities (Cyber Security News) Exploring Anti-Phishing Measures in Microsoft 365 (Certitude Blog) Hackers Hijack Anti-Virus Software Using SbaProxy Hacking Tool (Cyber Security News) Samsung to pay $1,000,000 for RCEs on Galaxy’s secure vault (Bleeping Computer) Turning the screws: The pressure tactics of ransomware gangs (Sophos News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Thousands of education sector devices have been maliciously wiped after an attack on a UK MDM firm. A perceived design flaw in Microsoft Authenticator leaves users locked out of accounts. SharpRino charges ahead to deploy ransomware. North Korea’s Stressed Pungsan provides initial access points for malware distribution. Magniber ransomware targets home users and SMBs. Google patches an Android zero-day. A new Senate bill aims to treat ransomware as terrorism. Microsoft ties security to employee compensation. Guest Kim Kischel, Director of Cybersecurity Product Marketing at Microsoft, discusses how AI is impacting the unified security operations center. A victim of business email compromise gets some good news.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Kim Kischel, Director of Cybersecurity Product Marketing at Microsoft, discusses how AI is impacting the unified security operations center and how it's changing the way defenders defend. Selected Reading Over 13,000 phones wiped clean as cyberattack cripples Mobile Guardian (CSO Online) Design Flaw Has Microsoft Authenticator Overwriting MFA Accounts, Locking Users Out (Slashdot) Network Admins Beware! SharpRhino Ransomware Attacking Mimic as Angry IP Scanner (Cyber Security News) North Korean Hackers Attacking Windows Users With Weaponized npm Files (Cyber Security News) Surge in Magniber ransomware attacks impact home users worldwide (Bleeping Computer) Google Patches Android Zero-Day Exploited in Targeted Attacks (SecurityWeek) Intelligence bill would elevate ransomware to a terrorist threat (CyberScoop) Microsoft is binding employee bonuses and promotions to security performance (TechSpot) Police Recover Over $40m Headed to BEC Scammers (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The justice department sues TikTok over alleged violations of children’s online privacy laws. Bad blood between Crowdstrike and Delta Airlines. The UK once again delays upgrades to their cybercrime reporting center. Apache OFBiz users are urged to patch a critical vulnerability. SLUBStick is a newly discovered Linux Kernel attack. CISA releases a handy guide to help software suppliers manage security risk. StormBamboo poisons DNS queries to deliver targeted malware. The White House looks to help close the cybersecurity skills gap with $15 million in scholarships. Our guest US Congressional candidate from Oklahoma, Madison Horn, speaking with my Caveat co host Ben Yelin about national security and cyberwarfare. Chewing on rumors of Olympic sabotage.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest US Congressional candidate from Oklahoma, Madison Horn, speaks with Caveat co host Ben Yelin about national security and cyberwarfare. You can hear the full interview on our latest episode of Caveat here. CSO Perspectives This week on N2K Pro’s CSO Perspectives podcast, host and N2K CSO Rick Howard focuses on “Cybersecurity is radically asymmetrically distributed.” Rick and Dave do a preview. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here.    Selected Reading Justice Department Sues TikTok, Accusing the Company of Illegally Collecting Children's Data (SecurityWeek) CrowdStrike says it’s not to blame for Delta’s days-long outage (The Verge) Replacement for Action Fraud, UK’s cybercrime reporting service, delayed again until 2025 (The Record) Apache OFBiz Users Warned of New and Exploited Vulnerabilities (SecurityWeek) Linux kernel impacted by new SLUBStick cross-cache attack (Bleeping Computer) CISA says suppliers bear responsibility for insecure software in Fed procurement guide (The Stack) Chinese hackers compromised an ISP to deliver malicious software updates (Help Net Security) White House and EC-Council Launch $15m Cybersecurity Scholarship Program (Infosecurity Magazine) 2024 Paris Olympics: a snoop was at the origin of suspicions of sabotage in the fan zone of the Chateau de Vincennes (FranceInfo) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the idea that Cybersecurity is radically asymmetrically distributed. It means that cybersecurity risk is not the same for all verticals and knowing that may impact the first principle strategies you choose to protect your enterprise. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. References: André Munro, 2024. Liberal democracy [Explainer]. Encyclopedia Britannica. David Weedmark, 2017. Why do some states require emissions testing? [Explainer]. Autoblog. Kara Rogers, 2020. What Is a Superspreader Event? [Explainer]. Encyclopedia Britannica. Lara Salahi, 2021. 1 Year Later: The ‘Superspreader’ Conference That Sparked Boston’s COVID Outbreak [News]. NBC10 Boston. Malcolm Gladwell, 2002. The Tipping Point: How Little Things Can Make a Big Difference [Book]. Goodreads. Malcolm Gladwell, 2005. Blink: The Power of Thinking Without Thinking [Book]. Goodreads. Malcolm Gladwell, 2008. Outliers: The Story of Success [Book]. Goodreads. Malcolm Gladwell, 2019. Talking to Strangers: What We Should Know About the People We Don’t Know [Book]. Goodreads. Malcolm Gladwell, 2021. The Bomber Mafia: A Dream, a Temptation, and the Longest Night of the Second World War [Book]. Goodreads.  Malcom Gladwell, 2024. Medal of Honor: Stories of Courage [Podcast]. Pushkin Industries. Malcolm Gladwell. Revisionist History [Podcast]. Pushkin Industries. Michael Lewis, 2003. Moneyball: The Art of Winning an Unfair Game [Book]. Goodreads. Michael Lewis. Against the Rules [Podcast]. Pushkin Industries. Nassim Nicholas Taleb, 2007. The Black Swan: The Impact of the Highly Improbable [Book]. Goodreads. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2023. Cybersecurity First Principles Book Appendix  [Diagram]. N2K CyberWire. Rick Howard, 2023. Cybersecurity moneyball: First principles applied to the workforce gap. [Podcast]. The CyberWire. Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. Robert Soucy, 2024. Fascism [Explainer]. Encyclopedia Britannica. Staff, 2022. Information Risk Insights Study: A Clearer Vision for Assessing the Risk of Cyber Incidents [Report]. Cyentia Institute. Staff. Congressional Medal of Honor Recipients [Website]. Congressional Medal of Honor Society. Staff. North American Industry Classification System (NAICS)  [Website]. U.S. Census Bureau. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Jason Baker, Senior Threat Consultant at GuidePoint Security, and he is discussing their work on "Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider." In early 2024, a current RansomHub RaaS affiliate was identified as a former Alphv/Black Cat affiliate and is believed to be linked to the Scattered Spider group, known for using overlapping tools, tactics, and victims. The high-confidence assessment by GuidePoint’s DFIR and GRIT teams is supported by the consistent use of tools like ngrok and Tailscale, social engineering tactics, and systematic playbooks in intrusions. The research can be found here: Worldwide Web: An Analysis of Tactics and Techniques Attributed to Scattered Spider Learn more about your ad choices. Visit megaphone.fm/adchoices

Director of Cyber Security Insights at Verve Industrial aka self-proclaimed industrial cybersecurity geek Ron Brash shares his journey through the industrial cybersecurity space. From taking his parents 286s and 386s to task to working for the "OG of industrial cybersecurity," Ron has pushed limits. Starting off in technical testing, racing through university at 2x speed, and taking a detour through neuroscience with machine learning, Ron decided to return to critical infrastructure working with devices that keep the lights on and the water flowing. Ron hopes his work makes an impact and his life is memorable for those he cares about. We thank Ron for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Notorious Russian cybercriminals head home after an historic prisoner exchange. An Israeli hacktivist group claims responsibility for a cyberattack that disrupted internet access in Iran. The U.S. Copyright Office calls for federal legislation to combat deep fakes. Cybercriminals are using a Cloudflare testing service for malware campaigns. The GAO instructs the EPA to address rising cyber threats to water and wastewater systems. Claroty reports a vulnerability in Rockwell Automation’s ControlLogix devices. Apple has open-sourced its homomorphic encryption (HE) library. CISA warns of a high severity vulnerability in Avtech Security cameras, and the agency appoints its first Chief AI Officer.  We welcome Tim Starks of CyberScoop back to the show today to discuss President Biden's cybersecurity legacy. Can an AI chatbot recognize its own reflection? Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Welcoming Tim Starks of CyberScoop back to the show today to discuss Biden's cybersecurity legacy. For more information, you can check out Tim’s article “Biden’s cybersecurity legacy: ‘a big shift’ to private sector responsibility.” The National Cybersecurity Strategy can be found here.  Dave also sits down with Errol Weiss, CSO of Health-ISAC, sharing their reaction to the ransomware attacks against healthcare. Health-ISAC and the American Hospital Association (AHA) have issued an advisory to raise awareness of the potential cascading impacts of cyberattacks on healthcare suppliers and the importance of mitigating single points of failure in supply chains. Recent ransomware attacks on OneBlood, Synnovis, and Octapharma by Russian cybercrime gangs have caused significant disruptions to patient care, emphasizing the need for healthcare organizations to incorporate mission-critical third-party suppliers into their risk and emergency management plans. Selected Reading Jailed cybercriminals returned to Russia in historic prisoner swap (CyberScoop) American Hospital Association and Health-ISAC Joint Threat Bulletin - TLP White  (American Hospital Association and Health-ISAC)  Iranian Internet Attacked by Israeli Hacktivist Group: Reports (Security Boulevard) Copyright and Artificial Intelligence, Part 1 Digital Replicas Report (US Copyright Office) Hackers abuse free TryCloudflare to deliver remote access malware (Bleeping Computer) EPA Told to Address Cyber Risks to Water Systems (Infosecurity Magazine) Security Bypass Vulnerability Found in Rockwell Automation Logix Controllers (SecurityWeek) Apple open-sources its Homomorphic Encryption library (The Stack) CISA Warns of Avtech Camera Vulnerability Exploited in Wild (SecurityWeek) Lisa Einstein Appointed as CISA’s First Chief AI Officer (Homeland Security Today) Can a Large Language Model Recognize Itself? (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The U.S. blood supply is under pressure from a ransomware attack. CrowdStrike shareholders sue the company. There’s a critical vulnerability in Bitdefender’s GravityZone Update Server. BingoMod RAT targets Android users. Hackers use Google Ads to trick users into a fake Google Authenticator app. Western Sydney University confirms a major data breach. Marylands leads the way in gift card scam prevention. NSA is all-in on AI. My guest is David Moulton, host of Palo Alto Networks' podcast Threat Vector. Attention marketers: AI isn’t the buzzword you think it is.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest David Moulton, host of Palo Alto Networks' podcast Threat Vector and Director of Thought Leadership, discussing the evolution of his show and what we can expect to see coming next. You can catch the latest episode of Threat Vector where David welcomes Palo Alto Networks Founder and CTO Nir Zuk here. Selected Reading Ransomware attack on major US blood center prompts hundreds of hospitals to implement shortage protocols (The Record) CrowdStrike sued by shareholders over global outage (BBC) Bitdefender Flaw Let Attackers Trigger Server-Side Request Forgery Attacks (GB Hackers) BingoMod Android RAT Wipes Devices After Stealing Money (SecurityWeek) Google being impersonated on Google Ads by scammers peddling fake Authenticator (Cybernews) Western Sydney University reveals full scope of January data breach (Cyber Daily) Maryland becomes first state to pass law against gift card draining (CBS News) More than 7,000 NSA analysts are using generative AI tools, director says (Defense One) Study Finds Consumers Are Actively Turned Off by Products That Use AI (Futurism) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A global Microsoft outage takes down Outlook and Minecraft. The US Senate passes The Kids Online Safety and Privacy Act. Lame Duck domain names are targets for takeovers. A GeoServer vulnerability exposes thousands to remote code execution. China proposes a national internet ID. Email attacks surge dramatically in 2024. Columbus Ohio thwarts a ransomware attack. When it comes to invading your privacy, the Paris 2024 Olympics app goes for the gold. Our guest is Rakesh Nair, Senior Vice President of Engineering and Product at Devo, discussing the issues that security teams face when dealing with data control and data orchestration. Was it really Windows 3.1 that saved Southwest Airlines? Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Rakesh Nair, Senior Vice President of Engineering and Product at Devo, discussing the issues that security teams face when dealing with data control and data orchestration. You can read more here.  Selected Reading Microsoft apologises after thousands report new outage (BBC News) Microsoft: Ransomware gangs exploit VMware ESXi auth bypass in attacks (Bleeping Computer) Senate Passes Bill to Protect Kids Online and Make Tech Companies Accountable for Harmful Content (SecurityWeek) Don’t Let Your Domain Name Become a “Sitting Duck” (Krebs on Security) Hackers Actively Exploiting GeoServer RCE Flaw, 6635 Servers Vulnerable (Cyber Security News) China Wants to Start a National Internet ID System (The New York Times) Email Attacks Surge, Ransomware Threat Remains Elevated (Security Boulevard) Columbus says it thwarted overseas ransomware attack that caused tech shutdown (Dispatch) Gold rush for data: Paris 2024 Olympic apps are eavesdropping on users (Cyber News) No, Southwest Airlines is not still using Windows 3.1 (OSnews)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

ZScaler uncovers the largest ransomware payment to date. IBM says the average cost of a breach is closing in on five million dollars. Hackers exploited Proofpoint's email protection platform to send millions of phishing emails. NIST launches Dioptra to test ML models. AcidPour targets Linux data storage devices for wiping. WhatsApp for Windows allows Python to run wild. The White House releases the National Standards Strategy for Critical and Emerging Technology (USG NSSCET) Implementation Roadmap. A bipartisan Senate bill aims to fund cybersecurity apprenticeships. CISA adds three exploits to its vulnerability catalog. Ben Yelin joins us today to discuss a U.S. District Court judge’s recent dismissal of charges against SolarWinds. Loose lips sink ships, but leaky HDMI cables flood the airwaves with digital data.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, co-host of our Caveat podcast and Program Director, Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security, joins us today to discuss the U.S. District Court judge dismissing most charges against SolarWinds. For more detail on the SolarWinds decision, check out this article.  Selected Reading Zscaler just uncovered what could be the largest ransomware payment of all time (ITPro) Hackers exploit Proofpoint to send millions of phishing emails (Tech Monitor) Average data breach cost jumps to $4.88 million, collateral damage increased (Help Net Security) NIST releases open-source platform for AI safety testing (SC Media) AcidPour Malware Attacking Linux Data Storage Devices To Wipe Out Data (GB Hackers) WhatsApp for Windows lets Python, PHP scripts execute with no warning (Bleeping Computer) US government debuts Implementation Roadmap for national standards strategy on critical and emerging technologies (Industrial Cyber) Bipartisan Senate bill would promote cybersecurity apprenticeship programs (CyberScoop) CISA warns of three new critical exploited vulnerabilities (The Stack) AI can reveal what’s on your screen via signals leaking from cables (New Scientist) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

South Korea investigates a substantial leak of military intelligence to the north. Google fixes a Workspace authentication weakness. Wiz identifies an API authentication vulnerability in Selenium Grid. The UK’s Science Secretary warns Britain is highly vulnerable to cyber threats. Global shipping faces a surge in cyber attacks. Apple has resolved the iCloud Private Relay outage. Google Chrome offers to scan encrypted archives for malware. Barath Raghavan and Bruce Schneier examine the brittleness of modern IT infrastructure. Guest Brian Gumbel, President and COO at Dataminr, joins us to discuss the convergence of cyber-physical realms. Rick Howard previews his latest CSO Perspectives episode on the state of Zero Trust. Teaching AI crawlers some manners. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Brian Gumbel, President and COO at Dataminr, joins us to discuss the convergence of cyber-physical realms. Cybersecurity is no longer just a matter of protecting data on servers or computers, a cyber-attack can have tangible, real-world consequences. CSO Perspectives This week on N2K Pro’s CSO Perspectives podcast, host and N2K CSO Rick Howard focuses on “The current state of zero trust.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here.  Selected Reading South Korea Reports Leak From Its Military Intelligence Command (New York Times) Crooks Bypassed Google’s Email Verification to Create Workspace Accounts, Access 3rd-Party Services (Krebs on Security) Selenium Grid Instances Exploited for Cryptomining (SecurityWeek) UK ‘desperately exposed’ to cyber-threats and pandemics, says minister | UK security and counter-terrorism (The Guardian) Cyber attacks on shipping rise amid geopolitical tensions (Financial Times) Apple Fixes iCloud Private Relay After Extended Outage (MacRumors) Chrome now asking for ZIP archive passwords to help detect malicious files (Cybernews) The CrowdStrike Outage and Market-Driven Brittleness (Lawfare) AI crawlers need to be more respectful (Read the Docs) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses the current state of zero trust with CyberWire Hash Table guest John Kindervag, the originator of the zero trust idea. References: Jonathan Jones, 2011. “Six Honest Serving Men” by Rudyard Kipling [Video]. YouTube. Dave Bittner, Rick Howard, John Kindervag, Kapil Raina, 2021. Zeroing in on zero trust. [Podcast]. CyberWire-X Podcast - N2K Cyberwire. Dawn Cappelli, Andrew Moore, Randall Trzeciak, 2012. The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes (Theft, Sabotage, Fraud)  [Book]. SEI Series in Software Engineering). Goodreads.  Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity attorney Camille Stewart shares how her childhood affinity for making contracts pointed to her eventual career as an attorney. Having a computer scientist father contributed to Camille's technical acumen and desire to include technology in her life's work. Camille has worked various facets of cybersecurity law from the private sector, federal government, on the Hill and in the Executive Branch, and now as part of Big Tech as Head of Security Policy and Election Integrity for Google Play and Android where she creates policy geared towards making sure users are safe on their platform and equipped to make informed decisions.. We thank Camille for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about the US Navy streamlining the innovation process. For some background, you can refer to this article.  Additional resources:  PEO Digital Innovation Adoption Kit  Atlantic Council’s Commission on Defense Innovation Adoption For industry looking to engage with PEO Digital: Industry Engagement Learn more about your ad choices. Visit megaphone.fm/adchoices

Dick O'Brien from Symantec Threat Hunter team is talking about their work on "Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day." Also going to provide some background/history on Black Basta. CVE-2024-26169 in the Windows Error Reporting Service, patched on March 12, 2024, allowed privilege escalation. Despite initial claims of no active exploitation, recent analysis indicates it may have been exploited as a zero-day before the patch. The research can be found here: Ransomware Attackers May Have Used Privilege Escalation Vulnerability as Zero-day Learn more about your ad choices. Visit megaphone.fm/adchoices

A North Korean hacker is indicted for major cyberattacks. CrowdStrike’s in recovery mode. Phishing thrives in the wake of BSOD chaos. Wiz spells out no to Alphabet's $23bn offer. France goes full clean-up. Israel's secret shield in spyware saga. KOSA and COPPA 2.0 promise safer surfing for kids. N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. And last but not least, hacking can happen to anyone. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s guest slot, N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. They touch upon the SEC reporting requirements and how testing is never done. Rick and Steve caught up at AWS re:Inforce 2024.  Selected Reading US indicts alleged North Korean state hacker for ransomware attacks on hospitals (The Record)  North Korean Military Hacker Indicted for String of US Attacks (Metacurity) CrowdStrike says over 97% of Windows sensors back online (Reuters) Threat Actors leveraging the recent CrowdStrike update outage (FortiGuard Labs)  Cyber-security firm rejects $23bn Google takeover (BBC) ECB's cyber security test shows 'room for improvement' for banks (Reuters)   France launches large-scale operation to fight cyber spying ahead of Olympics (The Record)  Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit (Forbidden Stories)   KOSA, COPPA 2.0 Likely to Pass U.S. Senate (Inside Privacy)  A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them (WIRED)  North Korean Fake IT Worker FAQ (KnowBe4)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A North Korean hacking group targets healthcare, energy and finance. Leaked Leidos documents surface on the dark web. A Middle Eastern financial institution suffered a record-breaking DDoS attack. The latest tally on the fallout from the Crowdstrike outage. A cybersecurity audit of HHS reveals significant cloud security gaps. Docker patches a critical vulnerability for the second time. Google announced enhanced protections for Chrome users. In our latest Threat Vector segment, David Moulton speaks with Sama Manchanda, a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks. If you’re heading to Paris for the Summer Olympics, smile for the AI cameras.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, engages with Sama Manchanda, a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks, particularly focusing on vishing and smishing.  As election season heats up, these threats are becoming more sophisticated, exploiting our reliance on mobile devices and psychological tactics. Sama provides expert insights into the latest trends, the psychological manipulations used in these attacks, and the specific challenges they pose to individuals and the democratic process. You can listen to Threat Vector every Thursday starting next week on the N2K CyberWire network. Check out the full episode with David and Sama here.  Selected Reading Mandiant: North Korean Hackers Targeting Healthcare, Energy (BankInfo Security) Data pilfered from Pentagon IT supplier Leidos (The Register) DDoS Attack Lasted for 6 Days, Record created for the duration of the Cyberattack (Cyber Security News) Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure (CrowdStrike) Fortune 500 stands to lost $5bn plus from CrowdStrike incident (Computer Weekly) HHS audit finds serious gaps in cloud security at agency office (SC Media) Docker re-fixes a critical authorization bypass vulnerability (CSO Online) Google Boosts Chrome Protections Against Malicious Files (SecurityWeek) At The 2024 Summer Olympics, AI Is Watching You (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Stargazer Goblin hosts malicious code repositories on GitHub. Crowdstrike blames buggy validations checks for last week’s major incident. The Breachforums database reveals threat actor OPSEC. Windows Hello for Business (WHfB) was found vulnerable to downgrade attacks. A medical center in the U.S. Virgin Islands is hit with ransomware. Interisle analyzes the phishing landscape. The FTC orders eight companies to explain algorithmic pricing. Meta cracks down on the Nigerian Yahoo Boys. A fake IT worker gets caught in the act. My conversation with Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast.” Researchers wonder if proving you’re human proves profitable for Google.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast," talking about what to expect on Bluehat on the N2K media network. You can catch the podcast every other Wednesday. Their latest episode launching today can be found here.  Selected Reading A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub (WIRED) CrowdStrike blames test software for taking down 8.5 million Windows machines (The Verge) BreachForums v1 database leak is an OPSEC test for hackers (Bleeping Computer) Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication (Dark Reading) Schneider Regional Medical Center hit by ransomware attack (Beyond Machines) New phishing report names and shames TLDs, registrars (The Verge) FTC Issues Orders to Eight Companies Seeking Information on Surveillance Pricing (FTC) Meta bans 63,000 accounts belonging to Nigeria’s sextortionist Yahoo Boys (The Record) How a North Korean Fake IT Worker Tried to Infiltrate Us (KnowBe4) Forget security – Google's reCAPTCHA v2 is exploiting users for profit (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

UK law enforcement relieves DigitalStress. Congress summons Crowdstrike’s CEO to testify. FrostyGoop malware turned off the heat in Ukraine. EvilVideo is a zero-day exploit for Telegram. Daggerfly targets Hong Kong pro-democracy activists. Google has abandoned its plan to eliminate third-party cookies. The FCC settles with Tracfone Wireless over privacy and cybersecurity lapses. Wiz says no to Google and heads toward an IPO. N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about streamlining the fleet’s innovation process. Target’s in-store AI misses the mark.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about the US Navy streamlining the innovation process. For some background, you can refer to this article.  Additional resources:  PEO Digital Innovation Adoption Kit  Atlantic Council’s Commission on Defense Innovation Adoption For industry looking to engage with PEO Digital: Industry Engagement Selected Reading Prolific DDoS Marketplace Shut Down by UK Law Enforcement (Infosecurity Magazine) Congress Calls for Tech Outage Hearing to Grill CrowdStrike C.E.O. (The New York Times) How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter (WIRED) Telegram zero-day for Android allowed malicious files to masquerade as videos (The Record) Chinese Cyberespionage Group Expands Malware Arsenal (GovInfo Security) Google rolls back decision to kill third-party cookies in Chrome (Bleeping Computer) FCC, Tracfone Wireless reach $16M cyber and privacy settlement (CyberScoop) Wiz rejects Google’s $23 billion takeover in favor of IPO (The Verge) Target Employees Hate Its New AI Chatbot (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks.  Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics. Rick Howard looks at Cyber Threat Intelligence. Appreciating the value of internships. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest The 2024 Summer Olympics start later this week in Paris. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, discusses how, in addition to consumer issues, the actual events, games and facilities at the Olympics could be at risk of an attack.  This week on CSO Perspectives This week on N2K Pro’s CSO Perspectives podcast, host and N2K CSO Rick Howard focus on “The current state of Cyber Threat Intelligence.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here.  Selected Reading Special Report: IT Disruptions Continue as CrowdStrike Sees Crisis Receding (Metacurity) Suspected Scattered Spider Member Arrested in UK (SecurityWeek) DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (The Record) SocGholish malware used to spread AsyncRAT malware (Security Affairs) California Officials Say Largest Trial Court in US Victim of Ransomware Attack (SecurityWeek) Finance: Secret Bank Ratings Show US Regulator’s Concern on Handling Risk (Bloomberg) U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Australian police seize devices used to send over 318 million phishing texts - Security - Telco/ISP (iTnews) Internships can be a gold mine for cybersecurity hiring (CSO Online) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant’s Chief Analyst. References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate. Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire. Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant. Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal. Learn more about your ad choices. Visit megaphone.fm/adchoices

Founder and CEO of Immersive Labs James Hadley takes us through his career path from university to cybersecurity startup. James tells us about his first computer and how he liked to push it to its limits and then some. He joined GCHQ after college and consulted across government departments. Teaching in GCHQ's cyber summer school was where James felt a shift in his career. As a company founder, he shares that he is very driven, very fast and also very caring. James offers advice to those looking to get into the industry recommending they chase what interests them rather than certifications. We thank James for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Selena Larson, Staff Threat Researcher, Lead Intelligence Analysis and Strategy at Proofpoint, as well as host of the "Only Malware in the Building" podcast, as she is discussing their research on "Scammers Create Fraudulent Olympics Ticketing Websites." Proofpoint recently identified a fraudulent website selling fake tickets to the Paris 2024 Summer Olympics and quickly suspended the domain. This site was among many identified by the French Gendarmerie Nationale and Olympics partners, who have shut down 51 of 338 fraudulent websites, with 140 receiving formal notices from law enforcement. The research can be found here: Security Brief: Scammers Create Fraudulent Olympics Ticketing Websites Learn more about your ad choices. Visit megaphone.fm/adchoices

A Crowdstrike update takes down IT systems worldwide. A U.S. District Court judge dismissed most charges against SolarWinds. Sophos examines the ransomware threat to the energy sector. European web hosting companies suspend Doppelgänger propaganda. An Australian digital prescription services provider confirms a ransomware attack affecting nearly 13 million. A pair of Lockbit operators plead guilty. N2K’s CSO Rick Howard speaks with AWS’ CISO Chris Betz about strong security cultures and AI. A look inside the world’s largest live-fire cyber-defense exercise.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Dave is joined by Andy Ellis, to discuss today’s top story on the CrowdStrike-induced Microsoft outage. N2K’s CSO Rick Howard recently caught up with AWS’ CISO Chris Betz at the AWS re:Inforce 2024 event. They  discuss strong security cultures and AI. You can watch Chris’ keynote from the event here. Read Chris’ blog post, “How the unique culture of security at AWS makes a difference.” Selected Reading Huge Microsoft Outage Linked to CrowdStrike Takes Down Computers Around the World (WIRED) Counting the Costs of the Microsoft-CrowdStrike Outage (The New York Times) Major Microsoft 365 outage caused by Azure configuration change (Bleeping Computer) Most of SolarWinds hacking suit filed by SEC dismissed (SC Magazine) Ransomware Remains a Major Threat to Energy (BankInfoSecurity) Investigation prompts European hosting companies to suspend accounts linked to Russian disinfo (The Record) MediSecure Data Breach Impacts 12.9 Million Individuals (SecurityWeek) Russians plead guilty to involvement in LockBit ransomware attacks (Bleeping Computer) Inside the world’s largest ‘live-fire’ cyber-defense exercise (CSO Online) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco has identified a critical security flaw in its SSM On-prem. The world's largest recreational boat and yacht retailer reports a data breach. The UK’s NHS warns of critically low blood stocks after a ransomware attack. Port Shadow enables VPN person in the middle attacks. Ivanti patches several high-severity vulnerabilities. FIN7 is advertising a security evasion tool on underground forums. Indian crypto exchange WazirX sees $230 million in assets suspiciously transferred. Wiz documents vulnerabilities in SAP AI Core. DDoS for hire team faces jail time. Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software." Playing red-light green-light with traffic light controllers.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Tomislav Pericin, Founder and Chief Software Architect of ReversingLabs, joins us to discuss their "Free Resource to Conduct Risk Assessments on Open-Source Software."  Selected Reading Cisco discloses a 10.0 CVSS rating vulnerability in SSM On-Prem (Stack Diary) Yacht giant MarineMax data breach impacts over 123,000 people (Bleeping Computer) UK national blood stocks in 'very fragile' state following ransomware attack (The Record) Port Shadow Attack Allows VPN Traffic Interception, Redirection (SecurityWeek) Ivanti Issues Hotfix for High-Severity Endpoint Manager Vulnerability (SecurityWeek) Cybercrime group FIN7 advertises new EDR bypass tool on hacking forums (Security Affairs) WazirX reports security breach at crypto exchange following $230 million 'suspicious transfer' (TechCrunch) SAPwned: SAP AI vulnerabilities expose customers’ cloud environments and private AI artifacts (Wiz Blog) Jail time for operators of DDoS service used to crash thousands of devices (Cybernews) Hackers could create traffic jams thanks to flaw in traffic light controller, researcher says (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Interpol pursues West African cybercrime groups. Bassett Furniture shuts down manufacturing following a ransomware attack. A gastroenterologist group notifies patients of a data breach. An Apache HugeGraph flaw is being actively exploited. Octo Tempest updates its toolkit. Satori uncovers evil twin campaigns on Google Play. The cost of the Change Healthcare breach crosses the two billion dollar mark. Cybersecurity venture funding saw a surge last quarter. Cyber regulatory agencies face legal challenges. On our Industry Insights segment, Trevor Hilligoss, Vice President of SpyCloud Labs at SpyCloud, joins us to talk about exploring the intricate world of cybercrime enablement services. Fighting disinformation is easier said than done.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Insights segment, Trevor Hilligoss, Vice President of SpyCloud Labs at SpyCloud, joins Dave to talk about exploring the intricate world of cybercrime enablement services. You can find out more about SpyCloud’s “How the Threat Actors at SpaxMedia Distribute Malware Globally” here.   Selected Reading Global Police Swoop on Black Axe Cybercrime Syndicate (Infosecurity Magazine) Furniture giant shuts down manufacturing facilities after ransomware attack (The Record) MNGI Digestive Health Data Breach Impacts 765,000 Individuals (SecurityWeek) Apache HugeGraph Vulnerability Exploited in Wild (SecurityWeek) Octo Tempest group adds RansomHub and Qilin ransomware to its arsenal (Security Affairs) Report Identifies More Than 250 Evil Twin Mobile Applications (Security Boulevard) Change Healthcare's Breach Costs Could Reach $2.5 Billion (GovInfo Security) Cybersecurity Funding Jumps 144% In Q2 (Crunchbase) The US Supreme Court Kneecapped US Cyber Strategy (WIRED) Even the Best Tools to Fight Disinformation Are Not Enough (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Some Squarespace users see their domains hijacked. Kaspersky Lab is shutting down US operations. BackPack APKs break malware analysis tools. Hackers use 7zip files to deliver Poco RAT malware. CISA’s red-teaming reveals security failings at an unnamed federal agency. Microsoft fixes an Outlook bug triggering false security alerts. Switzerland mandates open source software in the public sector. On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark.  Bellingcat sleuths pinpoint an alleged cartel member.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, N2K’s Rick Howard speaks with Alex Lawrence and Matt Stamper from Sysdig about their 555 Cloud Security Benchmark. Learn more about the /555 benchmark. Selected Reading Researchers: Weak Security Defaults Enabled Squarespace Domains Hijacks (Krebs on Security) Kaspersky Lab Closing U.S. Division; Laying Off Workers (Zero Day) Beware of BadPack: One Weird Trick Being Used Against Android Devices (Palo Alto Networks Unit 42) New Poco RAT Weaponizing 7zip Files Using Google Drive (GB Hackers) CISA broke into a US federal agency, and no one noticed for a full 5 months (The Register) Organizations Warned of Exploited GeoServer Vulnerability (Security Week) Microsoft finally fixes Outlook alerts bug caused by December updates (Bleeping Computer) New Open Source law in Switzerland (Joinup) Exploring the Skyline: How we Located an Alleged Cartel Member in Dubai (Bellingcat) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The assassination attempt on former President Trump sparks online disinformation. AT&T pays to have stolen data deleted. Rite Aid recovers from ransomware. A hacktivist group claims to have breached Disney’s Slack. Checkmarx researchers uncover Python packages exfiltrating user data. HardBit ransomware gets upgraded with enhanced obfuscation. Threat actors can weaponize proof-of-concept (PoC) exploits in as little as 22 minutes. Google may be in the market for Wiz. Rick Howard previews his analysis of the MITRE ATT&CK framework. Blockchain sleuths follow the money.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. This Week on CSO Perspectives Dave chats with Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, about his latest episode of CSO Perspectives which focuses on the current state of MITRE ATT&CK. If you are a N2K Pro subscriber, you can find this installment of CSO Perspectives here. The accompanying essay is available here. If you’re not a subscriber and want to check out a sample of the discussion Rick has with his Hash Table members about MITRE ATT&CK, you can find it here.  Selected Reading Conspiracy theories spread swiftly in hours after Trump rally shooting (The Washington Post) AT&T Paid a Hacker $370,000 to Delete Stolen Phone Records (WIRED) Pharmacy Giant Rite Aid Hit By Ransomware (Infosecurity Magazine) Disney's Internal Slack Breached? NullBulge Leaks 1.1 TiB of Data (HackRead) Malicious Python packages found exfiltrating user data to Telegram bot (Computing) HardBit ransomware version 4.0 supports new obfuscation techniques (Security Affairs) Hackers use PoC exploits in attacks 22 minutes after release (Bleeping Computer) Google is reportedly planning its biggest startup acquisition ever (The Verge) Automotive SaaS provider CDK paid $25 million ransom to hackers (BeyondMachines.net) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of MITRE ATT&CK with CyberWire Hash Table guests Frank Duff, Tidal Cyber’s Chief Innovation Officer, Amy Robertson, MITRE Threat Intelligence Engineer and ATT&CK Engagement lead, and Rick Doten, Centene’s VP of Information Security. References: Amy L. Robertson, 2024. ATT&CK 2024 Roadmap  [Essay]. Medium. Blake E. Strom, Andy Applebaum, Doug P. Miller, Kathryn C. Nickels, Adam G. Pennington, Cody B. Thomas, 2018. MITRE ATT&CK: Design and Philosophy [Historical Paper]. MITRE. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010. Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Historic Paper]. Lockheed Martin Corporation. Nick Selby, 2014. One Year Later: The APT1 Report [Essay]. Dark Reading. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2020. Intrusion kill chains: a first principle of cybersecurity.  [Podcast]. The CyberWire. Rick Howard, 2022. Kill chain trifecta: Lockheed Martin, ATT&CK, and Diamond. [Podcast]. The CyberWire. Rick Howard, 2020. cyber threat intelligence (CTI) (noun) [Podcast]. Word Notes: The CyberWire. Kevin Mandia, 2014. State of the Hack: One Year after the APT1 Report [RSA Conference Presentation]. YouTube. SAHIL BLOOM, 2023. The Blind Men & the Elephant [Website]. The Curiosity Chronicle. Sergio Caltagirone, Andrew Pendergast, and Christopher Betz. 05 July 2011. The Diamond Model of Intrusion Analysis. Center for Cyber Threat Intelligence and Threat Research.[Historical Paper] Staff, n.d. Home Page [Website]. Tidal Cyber. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors. Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance. The research can be found here: Operation Celestial Force employs mobile and desktop malware to target Indian entities Learn more about your ad choices. Visit megaphone.fm/adchoices

Americas Security R&D Lead for Accenture Malek Ben Salem shares how she pivoted from her love of math and background in electrical engineering to a career in cybersecurity R&D. Malek talks about her interest in astrophysics as a young girl, and how her affinity for math and taking on challenges lead her to a degree in electrical engineering. She grew her career using math for data mining and forecasting eventually pursuing a masters and PhD in computer science where she shifted her focus to cybersecurity. Malek now develops and applies new AI techniques to solve security problems at Accenture. We thank Malek for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

AT&T wireless announces a massive data breach. NATO will build a cyber defense center in Belgium. The White House outlines cybersecurity budget priorities.A popular phone spyware app suffers a major data breach.Some Linksys routers are sending user credentials in the clear. Sysdig describes Crystalray malware. A massive phishing campaign is exploiting Microsoft SharePoint servers. Germany strips Huawei and ZTE from 5G infrastructure. Our guest is Brigid Johnson, Director of AWS Identity, on the importance of identity management. The EU tells X-Twitter to clean up its act or pay the price. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest At the recent AWS re:Inforce 2024 conference, N2K’s Brandon Karpf spoke with Brigid Johnson, Director of AWS Identity, about the importance of identity and where we need to go. You can watch a replay of Brigid’s session at the event, IAM policy power hour, here.  Selected Reading AT&T Details Massive Breach of Customers' Call and Text Logs (Data Breach Today) NATO Set to Build New Cyber Defense Center (Infosecurity Magazine) New Presidential memorandum sets cybersecurity priorities for FY 2026, tasking OMB and ONCD to evaluate submissions (Industrial Cyber) mSpy Data Breach: Millions of Customers’ Data Exposed (GB Hackers) Advance Auto Parts’ Snowflake Breach Hits 2.3 Million People (Infosecurity Magazine) These Linksys routers are likely transmitting cleartext passwords (TechSpot) Known SSH-Snake bites more victims with multiple OSS exploitation (CSO Online) Beware of Phishing Attack that Abuses SharePoint Servers (Cyber Security News) Germany to Strip Huawei From Its 5G Networks (The New York Times) EU threatens Musk’s X with a fine of up to 6% of global turnover (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A major Pig Butchering marketplace has ties to the Cambodian ruling family. Lulu Hypermarket suffers a data breach. GitLab patches critical flaws. Palo Alto Networks addresses BlastRadius. ViperSoftX malware variants grow ever more stealthy. A New Mexico man gets seven years for SWATting. State and local government employees are increasingly lured in by phishing attacks. Hackers impersonate live chat agents from Etsy and Upwork. The GOP’s official platform looks to roll back AI regulation. On today’s Threat Vector, David Moulton from Palo Alto Networks Unit 42 discusses the evolving threats of AI-generated malware with experts Rem Dudas and Bar Matalon. NATO brings the social media influencers to Washington. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, hosted by David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, he explores the evolving world of AI-generated malware with guests, Rem Dudas, Senior Threat Intelligence Analyst, and Bar Matalon, Threat Intelligence Team Lead. From exploring the vulnerabilities in AI models to discussing the potential implications for cybersecurity, this episode offers a deep dive into the challenges and opportunities posed by this emerging threat. You can listen to the full episode here.  Selected Reading The $11 Billion Marketplace Enabling the Crypto Scam Economy (WIRED) Hackers steal data of 200k Lulu customers in an alleged breach (CSO Online) GitLab update addresses pipeline execution vulnerability (Developer Tech News) Palo Alto Networks Addresses BlastRADIUS Vulnerability, Fixes Critical Bug in Expedition Tool (SecurityWeek) ViperSoftX malware covertly runs PowerShell using AutoIT scripting (Bleeping Computer) Man sentenced to 7 years for Westfield High School threat hoax (Current Publishing) State, local governments facing deluge of phishing attacks (SC Media) Hackers impersonate live chat support agents in new phishing scam (Cybernews) 2024 GOP platform would roll back tech regulations on AI, crypto (The Washington Post) NATO's newest weapon is online content creators (The Washington Post)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Blast-RADIUS targets a network authentication protocol. The US disrupts a Russian disinformation campaign. Anonymous messaging app NGL is slapped with fines and user restrictions. The NEA addresses AI use in classrooms. Gay Furry Hackers release data from a conservative think tank. Microsoft and Apple change course on OpenAI board seats. Australia initiates a nationwide technology security review. A Patch Tuesday rundown. Guest Jack Cable, Senior Technical Advisor at CISA, with the latest from CISA's Secure by Design Alert series. Our friend Graham Cluley ties the knot.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Jack Cable, Senior Technical Advisor at CISA, joins us to share an update on CISA's Secure by Design Alert series. For some background, you can find CISA’s Secure by Design whitepaper here. Details on today’s update can be found here.  Selected Reading New Blast-RADIUS attack breaks 30-year-old protocol used in networks everywhere (Ars Technica) US Disrupts AI-Powered Russian Bot Farm on X (SecurityWeek) FTC says anonymous messaging app failed to stop ‘rampant cyberbullying’ (The Verge) NEA Approves AI Guidance, But It’s Vital for Educators to Tread Carefully (EducationWeek) Hackvists release two gigabytes of Heritage Foundation data (CyberScoop) Microsoft and Apple ditch OpenAI board seats amid regulatory scrutiny (The Verge) Australia instructs government entities to check for tech exposed to foreign control (The Record) Microsoft July 2024 Patch Tuesday fixes 142 flaws, 4 zero-days (BleepingComputer) Graham Cluley ties the knot (Mastodon)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK’s NCSC highlights evolving cyberattack techniques used by Chinese state-sponsored actors.A severe cyberattack targets Frankfurt University of Applied Sciences. Russian government agencies fall under the spell of CloudSorcerer. CISA looks to Hipcheck Open Source security vulnerabilities. Avast decrypts DoNex ransomware. Neiman Marcus data breach exposes over 31 million customers. Lookout spots GuardZoo spyware. Cybersecurity funding surges. Our guest is Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. Scalpers Outsmart Ticketmaster’s Rotating Barcodes. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Dave Bittner is joined by Caroline Wong, Chief Strategy Officer at Cobalt, to discuss the state of pentesting and adapting to the impact of AI in cybersecurity. You can learn more about the state of pentesting from Cobalt’s State of Pentesting 2024 report here.  Selected Reading The NCSC and partners issue alert about evolving techniques used by China state-sponsored cyber attacks (NCSC) ‘Serious hacker attack’ forces Frankfurt university to shut down IT systems (The Record) New group exploits public cloud services to spy on Russian agencies, Kaspersky says (The Record) Continued Progress Towards a Secure Open Source Ecosystem (CISA) Decrypted: DoNex Ransomware and its Predecessors (Avast Threat Labs) Neiman Marcus data breach: 31 million email addresses found exposed (Bleeping Computer) GuardZoo spyware used by Houthis to target military personnel (Help Net Security) Cybersecurity Funding Surges in Q2 2024: Pinpoint Search Group Report Highlights Year-Over-Year Growth (Pinpoint Search Group) Scalpers Work With Hackers to Liberate Ticketmaster's ‘Non-Transferable’ Tickets (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft is phasing out Android use for employees in China. Mastodon patches a security flaw exposing private posts. OpenAI kept a previous breach close to the vest. Nearly 10 billion passwords are leaked online. A Republican senator presses CISA for more information about a January hack. A breach of the Egyptian Health Department impacts 122,000 individuals. South Africa's National Health Laboratory Service (NHLS) suffers a ransomware attack. Eldorado is a new ransomware-as-a-service offering. CISA adds a Cisco command injection vulnerability to its Known Exploited Vulnerabilities catalog. N2K’s CSO Rick Howard catches up with AWS’ Vice President of Global Services Security Hart Rossman to discuss extending your security around genAI.  Ransomware scrambles your peace of mind. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Recently N2K’s CSO Rick Howard caught up with AWS’ Vice President of Global Services Security Hart Rossman at the AWS re:Inforce event. They discussed extending your security around genAI. Watch Hart’s presentation from AWS re:Inforce 2024 - Securely accelerating generative AI innovation. Selected Reading Microsoft Orders China Staff to Switch From Android Phones to iPhones for Work (Bloomberg) Mastodon: Security flaw allows unauthorized access to posts (Stack Diary) A Hacker Stole OpenAI Secrets, Raising Fears That China Could, Too (The New York Times) “A treasure trove for adversaries”: 10 billion stolen passwords have been shared online in the biggest data leak of all time (ITPro) Senate leader demands answers from CISA on Ivanti-enabled hack of sensitive systems (The Record) Egyptian Health Department Data Breach: 120,000 Users' Data Exposed (GB Hackers) South African pathology labs down after ransomware attack (The Cape Independent) New Eldorado ransomware targets Windows, VMware ESXi VMs (Bleeping Computer) CISA adds Cisco NX-OS Command Injection bug to its Known Exploited Vulnerabilities catalog (Security Affairs) New RUSI Report Exposes Psychological Toll of Ransomware, Urges Action (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CEO and consultant Richard Clarke took his inspiration from President John F Kennedy and turned it into the first cybersecurity position in federal government. Determined to help change the mindset of war, Richard went to work for the Department of Defense at the Pentagon following college during the Vietnam War. From Assistant Secretary of the State Department, he moved to the White House to work for President George W. Bush's administration where he kept an eye on Al-Qaeda and was tasked to take on cybersecurity. Lacking any books or courses to give him a basic understanding of cybersecurity, Richard made it his mission to raise the level of cybersecurity knowledge. Currently as Chairman and CEO at Good Harbor Security Risk Management, Richard advises CISOs. We thank Richard for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Joshua Miller from Proofpoint joins Dave to discuss findings on "Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware." In mid May, TA453, also known as Charming Kitten, APT42, Mint Sandstorm, and Yellow Garuda, was found sending a benign conversation lure masquerading as a senior fellow with the Royal United Services Institute (RUSI) to the public media contact for a nuclear security expert at a US-based think tank focused on foreign affairs. The research states that "the email solicited feedback on a project called “Iran in the Global Security Context” and requested permission to send a draft for review." Proofpoint shares it's findings and what you can expect from the threat group. The research can be found here: Welcome to New York: Exploring TA453's Foray into LNKs and Mac Malware Learn more about your ad choices. Visit megaphone.fm/adchoices

As our team is offline taking an extended break for the July 4th Independence Day holiday in the US, we thought you'd enjoy an episode from one of N2K Network shows, Threat Vector. This episode of Threat Vector outlines a conversation between host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report. They provide insights into key cyber threats and trends, including preferred attack vectors, the escalating use of AI by threat actors, software vulnerabilities, the concept of 'living off the land' attacks, and the importance of robust incident response strategies. They also address the rising trend of business disruption supply chain attacks and share recommendations for mitigating these cyber threats. Resources: Read the 2024 Unit 42 Incident Response report. Listen to Beyond the Breach: Strategies Against Ivanti Vulnerabilities. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome in! You’ve entered, Only Malware in the Building. Join us each month to sip tea and solve mysteries about today’s most interesting threats. Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks.  Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, we talk about "The curious case of the missing IcedID." IcedID is a malware originally classified as a banking trojan and was first observed in 2017. It also acts as a loader for other malware, including ransomware, and was a favored payload used by multiple cybercriminal threat actors until fall 2023. Then, it all but disappeared. In its place, a new threat crawled: Latrodectus. Named after a spider, this new malware, created by the same people as IcedID, is now poised to take over where IcedID melted off. Today we look back at what happened to the once prominent payload, and what its successor’s spinning web of activity means for the overall landscape. And be sure to check out the latest episode of Only Malware in the Building here. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Supreme Court overturning Chevron deference brings uncertainty to cyber regulations. Stolen credentials unmask online sex abusers. CISA updates online maritime resilience tools. Patelco Credit Union suffers a ransomware attack. Spanish and Portuguese police arrested 54 individuals involved in a vishing fraud scheme. Splunk patches critical vulnerabilities in their enterprise offerings. HHS fines a Pennsylvania-based Health System $950,000 for potential HIPAA violations related to NotPetya. CISOs look to mitigate personal risks. On the Learning Layer we reveal the long-awaited results of Joe Carrigan’s CISSP certification journey. Avoiding an Independence Day grill-security flare-up.  Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On today's Learning Layer segment, we share the results of Joe Carrigan's CISSP exam attempt! Hint: the test ended at 100 questions...Tune in to hear host Sam Meisenberg and Joe reflect on his test day experience and what advice he has for others who are in the homestretch of their studies. Note, Joe's ISC2 CISSP certification journey used N2K’s comprehensive CISSP training course. Selected Reading US Supreme Court ruling will likely cause cyber regulation chaos (CSO Online) Stolen credentials could unmask thousands of darknet child abuse website users (The Record) CISA updates MTS Guide with enhanced tools for resilience assessment in maritime infrastructure (Industrial Cyber) American Patelco Credit Union suffered a ransomware attack (Security Affairs) Dozens of Arrests Disrupt €2.5m Vishing Gang (Infosecurity Magazine) Splunk Patches High-Severity Vulnerabilities in Enterprise Product (SecurityWeek) Feds Hit Health Entity With $950K Fine in Ransomware Attack (GovInfo Security) How CISOs can protect their personal liability (CSO Online) Traeger Grill D2 Wi-Fi Controller, Version 2.02.04 (Bishop Fox) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A new OpenSSH vulnerability affects Linux systems. The Supreme Court sends social media censorship cases back to the lower courts. Chinese hackers exploit a new Cisco zero-day. HubSpot investigates unauthorized access to customer accounts. Japanese media giant Kadokawa confirmed data leaks from a ransomware attack. FakeBat is a popular malware loader. Volcano Demon is a hot new ransomware group. Google launches a KVM hypervisor bug bounty program.  Johannes Ullrich from SANS Technology Institute discusses defending against API attacks. Goodnight, Sleep Tight, Don’t Let the Hackers Byte! Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Johannes Ullrich from SANS Technology Institute talking about defending against attacks affecting APIs and dangerous new attack techniques you need to know about. This conversation is based on Johannes’ presentations at the 2024 RSA Conference. You can learn more about them here:  Attack and Defend: How to Defend Against Three Attacks Affecting APIs The Five Most Dangerous New Attack Techniques You Need to Know About Selected Reading New regreSSHion OpenSSH RCE bug gives root on Linux servers (Bleeping Computer) US Supreme Court sidesteps dispute on state laws regulating social media (Reuters) China’s ‘Velvet Ant’ hackers caught exploiting new zero-day in Cisco devices (The Record) HubSpot accounts breach under investigation (SC Media) Japanese anime and gaming giant admits data leak following ransomware attack (The Record) Exposing FakeBat loader: distribution methods and adversary infrastructure (Sekoia.io blog) Halcyon Identifies New Ransomware Operator Volcano Demon Serving Up LukaLocker (Halcyon) Google launches Bug Bounty Program for KVM Hypervisor (Stack Diary) How to Get Root Access to Your Sleep Number Bed (Dillan Mills) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Juniper issues an emergency patch for its routers. A compromised helpdesk portal sends out phishing emails. Prudential updates the victim count in their February data breach. Rapid7 finds trojanized software installers in apps from a popular developer in India. Australian authorities arrest a man for running a fake mile-high WiFi network. Florida Man's Violent Bid for Bitcoin Ends Behind Bars. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM). A scholarship scammer gets a one-way ticket home. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CSO Perspectives preview N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of Identity and Access Management (IAM): A Rick-the-Toolman episode. N2K CyberWire Pro members can find the full episode here. Rick’s accompanying essay can be found here. If you are not yet an N2K CyberWire Pro member, you can get a preview of the episode here.  Selected Reading Juniper Networks Warns of Critical Authentication Bypass Vulnerability (SecurityWeek) Router maker's support portal hacked, replies with MetaMask phishing (Bleeping Computer) Prudential Financial Data Breach Impacts 2.5 Million (SecurityWeek) Supply Chain Compromise Leads to Trojanized Installers for Notezilla, RecentX, Copywhiz (Rapid7 Blog) Police allege ‘evil twin’ in-flight Wi-Fi used to steal info (The Register) Inside a violent gang’s ruthless crypto-stealing home invasion spree (ARS Technica) Cyber insurance costs finally stabilising, says Howden (Tech Monitor) AI Transcript, Fake School Website: Student’s US Scholarship Scam Exposed on Reddit (Hackread) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K CyberWire, discusses the current state of Identity and Access Management (IAM) with CyberWire Hash Table guests Ted Wagner, SAP National Security Services, and Cassio Sampaio Chief Product Officer for Customer Identity, at Okta. References: John Kindervag, 2010. No More Chewy Centers: Introducing The Zero Trust Model Of Information Security [White Paper]. Palo Alto Networks. Kim Key, 2024. Passkeys: What They Are and Why You Need Them ASAP [Explainer]. PCMag. Lance Whitney, 2023. No More Passwords: How to Set Up Apple’s Passkeys for Easy Sign-ins [Explainer]. PCMag. Rick Howard, 2022. Two-factor authentication: A Rick the Toolman episode [Podcast]. CSO Perspectives Podcast - The CyberWire. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard, 2023. Cybersecurity First Principles Appendix [Book Page]. N2K CyberWire. Rick Howard, 2023. passkey (noun) [Podcast]. Word Notes Podcast - The CyberWire. Staff, 2023. 2023 Gartner® Magic QuadrantTM for Access Management [Report]. Okta. Learn more about your ad choices. Visit megaphone.fm/adchoices

Communications consultant and podcaster Carole Theriault always loved radio and through her career dabbled in many areas .She landed in a communications and podcasting role where she helps technical firms create audio and digital content. In fact, Carole is the CyberWire's UK Correspondent. She says cybersecurity is good place to go because of the many different avenues available and "you don't even have to be a tech head" (though Carole has quite a technical pedigree). Our thanks to Carole for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Ismael Valenzuela, Vice President Threat Research & Intelligence, from Blackberry Threat Research and Intelligence team is discussing their work on "Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages." BlackBerry has identified Transparent Tribe (APT36), a Pakistani-based advanced persistent threat group, targeting India's government, defense, and aerospace sectors from late 2023 to April 2024, using evolving toolkits and exploiting web services like Telegram and Google Drive. Evidence such as time zone settings and spear-phishing emails with Pakistani IP addresses supports their attribution, suggesting alignment with Pakistan's interests. The research can be found here: Transparent Tribe Targets Indian Government, Defense, and Aerospace Sectors Leveraging Cross-Platform Programming Languages Learn more about your ad choices. Visit megaphone.fm/adchoices

TeamViewer tackles APT29 intrusion. Microsoft widens email breach alerts. Uncovering a malware epidemic. Google's distrust on Entrust. Safeguarding critical systems. FTC vs. MGM. Don’t forget to backup your data. Polyfill's accidental exposé. Our guest is Caitlyn Shim, Director of AWS Cloud Governance, and she recently joined N2K’s Rick Howard at AWS re:Inforce event. They're discussing  cloud governance, the growth and development of AWS, and diversity. And a telecom titan becomes telecom terror. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Caitlyn Shim, Director of AWS Cloud Governance, joined N2K’s Rick Howard at AWS re:Inforce event recently in Philadelphia, PA. They spoke about cloud governance, the growth and development of AWS, and diversity. Caitlyn was part of the Women of Amazon Security Panel at the event. You can read more about Caitlyn and her colleagues as they discuss their diverse paths into security and offer advice for those looking to enter the field  here.  Selected Reading TeamViewer investigating intrusion of corporate IT environment (The Record) Microsoft reveals further emails compromised by Russian hack (Engadget) Chicago Children's Hospital Says 791,000 Impacted by Ransomware Attack (SecurityWeek) Unfurling Hemlock: New threat group uses cluster bomb campaign to distribute malware (Outpost 24) Google to block sites using Entrust certificates in bombshell move (The Stack)  US House Subcommittee examines critical infrastructure vulnerabilities, role of cyber insurance in resilience efforts (Industrial Cyber)  FTC Defends Investigation Into Cyberattack on MGM as Casino Giant Seeks to Block Probe (The National Law Journal) This is why you need backups: A cyber attack on an Indonesian data center caused havoc for public services – and its forcing a national rethink on data security (ITPro) Polyfill.io, BootCDN, Bootcss, Staticfile attack traced to 1 operator (Bleeping Computer)  ISP Sends Malware to Thousands of Customers to Stop Using File-Sharing Services (Cybersecurity News)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Arkansas sues Temu over privacy issues. Polyfil returns and says they were wronged. An NYPD database was found vulnerable to manipulation. Google slays the DRAGONBRIDGE. Malwarebytes flags a new Mac stealer campaign. Patch your gas chromatographs. Microsoft warns of an AI jailbreak called Skeleton Key.  CISA tracks exploited vulnerabilities in GeoServer, the Linux kernel, and Roundcube Webmail.  In our  'Threat Vector' segment, host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. Metallica is not hawking metal crypto.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Palo Alto Networks podcast 'Threat Vector,' host David Moulton speaks with Jim Foote, CEO of First Ascent Biomedical, about his transition from Chief Information Security Officer (CISO) to leading a biotech company utilizing AI to personalize cancer treatments. They discuss how Foote's personal experience with his son's cancer diagnosis drove him to apply cybersecurity principles in developing an innovative approach, called Functional Precision Medicine, which tailors cancer treatment to individual patients. The conversation also covers the role of mentorship, the importance of interdisciplinary skills, and the transformative potential of AI in both cybersecurity and medical fields. You can listen to the full episode here.  Selected Reading Arkansas AG lawsuit claims Temu’s shopping app is ‘dangerous malware’ (The Verge) Polyfill claims it has been 'defamed', returns after domain shut down (Bleeping Computer) NYPD officer database had security flaws that could have let hackers covertly modify officer data (City & State New York) Google TAG: New efforts to disrupt DRAGONBRIDGE spam activity (Google) ‘Poseidon’ Mac stealer distributed via Google ads (Malwarebytes) Gas Chromatograph Hacking Could Have Serious Impact: Security Firm (SecurityWeek) Microsoft warns of novel jailbreak affecting many generative AI models (CSO Online) CISA Warns of Exploited GeoServer, Linux Kernel, and Roundcube Vulnerabilities (SecurityWeek) Metallica’s X account hacked to promote crypto token (Cointelegraph) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Maria Varmazis, N2K host of T-Minus Space Daily, talks with WiCyS Executive Director Lynn Dohm and N2K's Simone Petrella, Dr. Heather Monthie, and Jeff Welgan about the 2024 Cyber Talent Study. N2K and WiCyS have come together under a common mission to attract, retain, and advance more women in cybersecurity. Together, we strive to support women throughout their career journey, and secure the future of our industry.   This groundbreaking report leverages skills data from the professional members of Women in CyberSecurity (WiCyS), and offers valuable insights into cybersecurity competencies within the industry. The Cyber Talent Study establishes a new benchmark for understanding the capabilities and potential of women in cybersecurity, and can be used to inform both individual training needs and organizational strategies for career advancement and skills enhancement.  Resources: Landing page: WiCyS Partners with N2K to deepen understanding of cyber competencies within the industry. Study Launch article: WiCyS Partners with N2K Networks for Pioneering Cyber Talent Study. Key Takeaways: Outstanding Performance: WiCyS members have demonstrated exceptional performance across several key areas of the NICE Framework, underscoring the importance of WiCyS’s training and development programs. Strategic Insights: Analysis revealed remarkable strengths and areas for development, providing WiCyS with actionable data to tailor future programs and initiatives and ensure its members remain at the forefront of cybersecurity excellence. Actionable Insights for Cybersecurity Workforce Development: The study revealed critical areas for targeted development to enhance cybersecurity workforce readiness. This insight empowers WiCyS to tailor its programs specifically to meet the diverse needs of its members, ensuring all participants are prepared to take on significant roles and lead in the cybersecurity industry. Leadership Readiness Among WiCyS Members: The study highlights that WiCyS members are highly skilled and uniquely prepared for leadership roles within the cybersecurity industry. Proven Expertise in Critical Cybersecurity Domains: The data show the outstanding capabilities of WiCyS members within the cybersecurity landscape. Excelling in nearly every N2K Functional Area mapped to the NICE Framework, WiCyS members have shown they not only meet but exceed the standards in key domains. You can access the final report of the 2024 Cyber Talent Study here. Learn more about your ad choices. Visit megaphone.fm/adchoices

LockBit drops files that may or may not be from the Federal Reserve. Progress Software patches additional flaws in MOVEit file transfer software. A popular polyfil open source library has been compromised. DHS starts staffing up its AI Corps. Legislation has been introduced to evaluate the manual operations of critical infrastructure during cyber attacks. Researchers discover a new e-skimmer targeting CMS platforms. A breach at Neiman Marchus affects nearly 65,000 people. South African health services grapple with ransomware amidst a monkeypox outbreak.  Medusa is back. On the Learning Layer, Sam and Joe discuss the CISSP's CAT format and how to walk into test day with confidence. The VA works to clear the backlog caused by the ransomware attack onChange Healthcare. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, which includes a simulated Computer Adaptive Test (CAT) final exam. Sam and Joe discuss the CISSP's CAT format and how to walk into test day with confidence. Good luck Joe! Selected Reading Lockbit Leaks Files for Evolve Bank & Trust in Its Alleged ‘Federal Reserve’ Data Dump (Metacurity) Progress Software warns of new vulnerabilities in MOVEit Transfer and MOVEit Gateway (Cyber Daily) Polyfill supply chain attack hits 100K+ sites (Sansec) Exclusive: DHS hires first 10 AI Corps members (Axios) US House bill seeks to assess manual operations of critical infrastructure during cyber attacks (Industrial Cyber) Caesar Cipher Skimmer targets popular CMS used by e-stores (Security Affairs) Neiman Marcus confirms breach. Is the customer data already for sale? (Malwarebytes) South Africa’s national health lab hit with ransomware attack amid mpox outbreak (The Record) New Medusa malware variants target Android users in seven countries (Bleeping Computer) After Crippling Ransomware Attack, VA Is Still Dealing with Fallout, Trying to Pay Providers (Military.com) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US scrutinizes Chinese telecoms. Indonesia’s national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levi’s. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation.  Selected Reading Exclusive: US probing China Telecom, China Mobile over internet, cloud risks (Reuters)  Indonesian government datacenter locked down in $8M ransomware rumble (The Register) Taiwanese tech firms, universities, religious groups among targets in cyber-espionage campaign (The Record) New security loophole allows spying on internet users' online activity (HelpNet Security) P2PInfect botnet targets REdis servers with new ransomware module (Bleeping Computer) Credential Stuffing Attack Hits 72,000 Levi’s Accounts (Infosecurity Magazine) CHERI Backers Form Alliance to Promote Memory Safety Chip (GovInfo Security) Julian Assange, WikiLeaks Founder, Agrees to Plead Guilty in Deal With U.S. (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

LockBit claims to have hit the Federal Reserve. CDK Global negotiates with BlackSuit to unlock car dealerships across the U.S. Treasury proposes a rule to restrict tech investments in China. An LA school district confirms a Snowflake related data breach. Rafel RAT hits outdated Android devices. The UK’s largest plutonium stockpiler pleads guilty to criminal charges of inadequate cybersecurity. Clearview AI settles privacy violations in a deal that could exceed fifty million dollars. North Korean hackers target aerospace and defense firms. Rick Howard previews CSOP Live. Our guest is Christie Terrill, CISO at Bishop Fox, discussing how organizations can best leverage offensive security tactics. Bug hunting gets a little too real. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Christie Terrill, CISO at Bishop Fox, joins to discuss how organizations can leverage offensive security tactics not just as strategies to prevent cyber incidents, but as a critical component of a cyberattack recovery process.  Rick Howard sits down with Dave to share a preview of what’s to come at our upcoming CSOP Live event this Thursday, going beyond the headlines with our panel of Hash Table experts for an insightful discussion on emerging industry trends, recent threats and events, and the evolving role of executives in our field.   Selected Reading LockBit claims the hack of the US Federal Reserve (securityaffairs) Why are threat actors faking data breaches? (Help Net Security) CDK Global outage caused by BlackSuit ransomware attack (bleepingcomputer) US proposes rules to stop Americans from investing in Chinese technology with military uses (AP News) Los Angeles Unified confirms student data stolen in Snowflake account hack (bleepingcomputer) Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer) Sellafield Pleads Guilty to Historic Cybersecurity Offenses (Infosecurity Magazine) Sellafield nuclear waste site pleads guilty to IT security breaches (Financial Times) Facial Recognition Startup Clearview AI Settles Privacy Suit (SecurityWeek) New North Korean Hackers Attack Aerospace and Defense Companies (cybersecuritynews) Spatial Computing Hack (Ryan Pickren) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Associate Professor of Computer Information Systems at the University of Tulsa Sal Aurigemma shares how his interest in how things worked shaped his career path in nuclear power and computers, Being introduced to computers in high school and learning about the Chernobyl event led Sal to study nuclear engineering followed by time in the Navy as a submarine officer. On the submarine, Sal had to understand how systems worked from soup to nuts and that let him back to IT. As a computer engineer, Sal spent a lot of time on network troubleshooting and was eventually introduced to cybersecurity. Following 9/11, cybersecurity took on greater importance. Sal's research focuses on behavioral cybersecurity. To newcomers, he suggests heading into things with an open mind and doesn't recommend giving users 24-character passwords that have two upper, two lower, and two special characters that cannot be written down. We thank Sal for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Kerri Shafer-Page from Arctic Wolf joins us to discuss their work on "Lost in the Fog: A New Ransomware Threat." Starting in early May, Arctic Wolf's Incident Response team investigated Fog ransomware attacks on US education and recreation sectors, where attackers exploited compromised VPN credentials to access systems, disable Windows Defender, encrypt files, and delete backups. Despite the uniformity in ransomware payloads and ransom notes, the organizational structure of the responsible groups remains unknown. The research can be found here: Lost in the Fog: A New Ransomware Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

Biden bans Kaspersky over security concerns. Accenture says reports of them being breached are greatly exaggerated. SneakyChef targets diplomats in Africa, the Middle East, Europe and Asia. A serious firmware flaw affects Intel CPUs. More headaches for car dealerships relying on CDK Global. CISA Alerts Over 100,000 Individuals of Potential Data Breach in Chemical Security Tool Hack. SquidLoader targets Chinese organizations through phishing. A new nonprofit aims to establish certification standards in maritime cybersecurity. A sneak peek of our latest podcast, Only Malware in the Building. Using the court system for customer support. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Selena Larson, joined by Dave Bittner and Rick Howard, hosts the new podcast "Only Malware in the Building." This monthly collaboration between N2K CyberWire and Proofpoint delves into the most impactful and intriguing malware stories. Selena makes complex cybersecurity info fun and digestible, offering tech professionals clear, actionable insights.  Selected Reading Biden bans US sales of Kaspersky software over Russia ties (Reuters) Exclusive: Accenture says data leak claims false, only 3 affected (Cyber Daily) Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find (CyberScoop) Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) (Help Net Security) CDK warns: threat actors are calling customers, posing as support (bleepingcomputer) Personal and Chemical Facility Information Potentially Accessed in CISA Hack (SecurityWeek) New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document (gbhackers) New body IMCSO to elevate standards and streamline provisioning of cybersecurity services in Maritime (itsecurityguru) US DHS partners with Indonesia to strengthen maritime cybersecurity in Indo-Pacific region (Industrial Cyber) How small claims court became Meta's customer service hotline (engadget). The curious case of the missing IcedID (Only Malware in the Building) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Over 15,000 car dealerships hit the brakes after a software supplier cyber incident. The EU’s Chat Control gets put on hold. A hacker leaks contact details of over 33,000 Accenture employees. A major forklift manufacturer shuts down operations in the wake of a ransomware attack. IntelBroker claims to have leaked source code from Apple. An investigation questions the ethics of AI firm Perplexity. A radiology practice notifies over half a million people of a data breach. Federal contractors pay millions in fines for inadequate cyber security during the COVID-19 pandemic. Stolen files from the Kansas City Police department are posted online. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. Remembering the work of MIT’s Arvind.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. With all eight domains wrapped up, Sam and Joe pivot to the homestretch of Joe's studies. With the test about two weeks away, Joe discusses his approach to retaining the information and filling any remaining knowledge gaps.  Selected Reading Car Dealerships Across US Halt Services After Cyberattack (Bloomberg) Car Dealers Are Idle Across the US After Second Cyberattack  (Bloomberg) EU Council has withdrawn the vote on Chat Control (Stack Diary) Hacker Leaks Data of 33,000 Accenture Employees in Third-Party Breach (HackRead) Crown Equipment confirms a cyberattack disrupted manufacturing (Bleeping Computer) Threat actor claims to have breached Apple, allegedly stealing source code of several internal tools (9to5Mac) Perplexity Is a Bullshit Machine (WIRED) Radiology Practice Hack Affects Sensitive Data of 512,000 (GovInfo Security) Federal contractors pay multimillion-dollar settlements over cybersecurity lapses (The Record) BlackSuit ransomware publishes Kansas City, Kansas, police files (StateScoop) Arvind, longtime MIT professor and prolific computer scientist, dies at 77 (MIT)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this bonus episode from our T-Minus Space Daily team. The N2K CyberWire team is observing the Juneteenth holiday here in the US. Welcome to the T-Minus Overview Radio Show. In this program we’ll feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Our guests are Science Writer and Author Rebecca Boyle, and CEO and Founder, Chair and CEO of Lonestar Space Holdings, Chris Stott.  T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Europol and partners shut down 13 terrorist websites.  A data breach at the LA County Department of Public Health affects over two hundred thousand. The Take It Down act targets deepfake porn. The Five Eyes alliance update their strategies to protect critical infrastructure. VMware has disclosed two critical-rated vulnerabilities in vCenter Server. The alleged heads of the "Empire Market" dark web marketplace are charged in Chicago federal court. A new malware campaign tricks users into running malicious PowerShell “fixes.”Researchers thwart Memory Tagging Extensions in Arm chips. A major e-learning platform discloses a breach. On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Clearview AI offers plaintiffs a piece of the pie.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Selected Reading Europol Taken Down 13 Websites Linked to Terrorist Operations (GB Hackers) Los Angeles Public Health Department Discloses Large Data Breach (Infosecurity Magazine) New AI deepfake porn bill would require big tech to police and remove images (CNBC) Five Eyes' Critical 5 nations focus on adapting to evolving cyber threats to boost critical infrastructure security, resilience (Industrial Cyber) VMware by Broadcom warns of critical vCenter flaws (The Register) Empire Market owners charged for enabling $430M in dark web transactions (Bleeping Computer) From Clipboard to Compromise: A PowerShell Self-Pwn (Proofpoint US) Arm Memory Tag Extensions broken by speculative execution (The Register) Star ed-tech company discloses data breach (Cybernews) Clearview AI Is So Broke It’s Now Offering Lawsuits Plaintiffs A Cut Of Its Extremely Dubious Future Fortunes (Techdirt) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Spanish authorities snag a top Scattered Spider hacker. HC3 issues an alert about PHP. WIRED chats with ShinyHunters about the breach affecting Snowflake customers. Meta delays LLM training over European privacy concerns. D-Link urges customers to upgrade routers against a factory installed backdoor. A new Linux malware uses emojis for command and control. Vermont’s Governor vetoes a groundbreaking privacy bill. California fines Blackbaud millions over a 2020 data breach. Guest Patrick Joyce, Proofpoint's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of XDR: A Rick-the-Toolman episode.  Be sure to change those virtual locks.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Patrick Joyce, Proofpoint's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. You can learn more from their 2024 Voice of the CISO report.  CSO Perspectives  Dave is joined by N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of XDR: A Rick-the-Toolman episode. You can find the accompanying essay here. If you are not an N2K CyberWire Pro subscriber, you can catch the first half of the episode as a preview here.  Selected Reading Alleged Scattered Spider ringleader taken down in Spain after law enforcement crackdown (ITPro) US HC3 issues alert on critical PHP vulnerability impacting healthcare sector (Industrial Cyber) Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake (WIRED) Meta Pauses European GenAI Development Over Privacy Concerns (Infosecurity Magazine) Hidden Backdoor in D-Link Routers Let Attacker Login as Admin (GB Hackers) New Linux malware is controlled through emojis sent from Discord (Bleeping Computer) Vermont governor rejects state’s tough data privacy bill (The Record) Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (The Record) Former IT employee gets 2.5 years for wiping 180 virtual servers (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of “eXtended Detection and Response” (XDR) with CyberWire Hash Table guests Rick Doten, Centene’s VP of Security, and Milad Aslaner, Sentinel One’s XDR Product Manager. References: Alexandra Aguiar, 2023. Key Trends from the 2023 Hype Cycle for Security Operations [Gartner Hype Cycle Chart]. Noetic Cyber. Daniel Suarez, 2006. Daemon [Book]. Goodreads. Dave Crocker, 2020. Who Invented Email, Email History, How Email Was Invented [Websote]. LivingInternet. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Paper] Lockheed Martin Corporation. Jon Ramsey, Mark Ryland, 2022. AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) project [Press Release]. Amazon Web Services. Nir Zuk, 2018. Palo Alto Networks Ignite USA ’18 Keynote [Presentation]. YouTube. Raffael Marty, 2021. A Log Management History Lesson – From syslogd(8) to XDR [Youtube Video]. YouTube. Raffael Marty, 2021. A history lesson on security logging, from syslogd to XDR [Essay]. VentureBeat. Rick Howard, 2020. Daemon [Podcast]. Word Notes. Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. CSO Perspectives, The CyberWire. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Staff, n.d. Open Cybersecurity Schema Framework [Standard]. GitHub. Staff, 2019. What is EDR? Endpoint Detection & Response Defined [Explainer]. CrowdStrike. Staff, 2020. Log Formats – a (Mostly) Complete Guide [Explainer]. Graylog. Stephen Watts, 2023. Common Event Format (CEF): An Introduction [Explainer]. Splunk. Thomas Lintemuth, Peter Firstbrook, Ayelet Heyman, Craig Lawson, Jeremy D’Hoinne, 2023. Market Guide for Extended Detection and Response [Essay]. Gartner. Learn more about your ad choices. Visit megaphone.fm/adchoices

Senior VP of Cyber Operations at KnowBe4, Rosa Smothers, talks about her career as an early cybersecurity professional in what she describes as the Wild, Wild West to her path through government intelligence work. Rosa shares how she always knew she wanted to be involved with computers and how being a big Star Trek nerd and fan particularly of Spock and Uhura helped shape her direction. Following 9/11, Rosa wanted to work for the government and pursue the bad guys and she did just that completing her bachelor's degree and starting in the Defense Intelligence Agency as a cyber threat analyst focusing on extremist groups. She joined the CIA and worked on things you see in the movies, things that are science fictionesque. Rosa recommends talking with people to get your feet wet to find your passion. We thank Rosa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by a Security Researcher from SpyCloud Labs, James, who is discussing their work on "Unpacking Infostealer Malware: What we’ve learned from reverse engineering LummaC2 and Atomic macOS Stealer." Infostealer malware has become highly prevalent, with SpyCloud tracking over 50 families and finding that 1 in 5 digital identities are at risk. This research analyzes the workings and intentions behind infostealers like LummaC2 and Atomic macOS Stealer, focusing on the types of data extracted and the broader security implications. The research can be found here: Reversing LummaC2 4.0: Updates, Bug Fixes Reversing Atomic macOS Stealer: Binaries, Backdoors & Browser Theft How the Threat Actors at SpaxMedia Distribute Malware Globally Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft’s President admits security failures in congressional testimony. Paul Nakasone joins OpenAI’s board. The feds hold their first AI tabletop exercise. CISA reports on the integration of space-based infrastructure. Cleveland city hall remains closed after a cyber attack. Truist commercial bank confirms a data breach. Rockwell Automation patches three high-severity vulnerabilities. University of Illinois researchers develop autonomous AI hacking agents. Arynn Crow, Sr Manager of AWS User Authentication Products, talks with N2K’s Brandon Karpf about security through MFA and FIDO Alliance passkeys, and her work on the Digital Identity Advancement Foundation. Can an AI run for mayor? Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In the first of our interviews captured during the AWS re:Inforce event this past week, guest Arynn Crow, Senior Manager of AWS User Authentication Products, talks with N2K’s Brandon Karpf about security through MFA and FIDO Alliance passkeys, and her work on the Digital Identity Advancement Foundation. Selected Reading Microsoft Admits Security Failings Allowed China's US Government Hack (Infosecurity Magazine) OpenAI adds Trump-appointed former NSA director Paul M. Nakasone to its board (The Washington Post) CISA leads first tabletop exercise for AI cybersecurity (CyberScoop) New CISA report addresses zero trust in space, boosting security for satellites and ground infrastructure (Industrial Cyber)  CISA adds Android Pixel, Microsoft Windows, Progress Telerik Report Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Insurance giant Globe Life investigating web portal breach (Bleeping Computer) Cleveland remains paralyzed by cyberattack (News 5 Cleveland) Truist Bank confirms breach after stolen data shows up on hacking forum (Bleeping Computer) Rockwell Automation Patches High-Severity Vulnerabilities in FactoryTalk View SE (SecurityWeek) Researchers at the University of Illinois have developed AI Agents that can Autonomously Hack Websites and Find Zero-Day Vulnerabilities (MarkTechPost) Wyoming mayoral candidate wants to govern by AI bot (Ars Technica)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A whistleblower claims that Microsoft prioritized profit over security. U.S. warnings of global election interference continue to rise. Cyber insurance claims hit record levels. Location tracking firm Tile suffers a data breach. A new phishing kit creates Progressive Web Apps. Questioning the government’s cyber silence. On today’s Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, is joined by Data Privacy Attorney Daniel Rosenzweig. Together, they unravel the complexities of aligning data privacy and cybersecurity laws with technological advancements. AI powered cheating lands one student in hot water.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, is joined by Data Privacy Attorney Daniel Rosenzweig. Together, they unravel the complexities of aligning data privacy and cybersecurity laws with technological advancements. Daniel shares his insights on the critical partnership between legal and tech teams.  To hear David and Daniel’s full conversation and learn how a deep understanding of both legal and tech realms can empower businesses to navigate evolving legal frameworks, particularly in light of emerging AI technologies, listen here. Check out Threat Vector every other Thursday in your favorite podcast app.  The information provided on this segment is not intended to constitute legal advice. All information presented is for general informational purposes only. The information contained may not constitute the most update, legal or interpretative compliance guidance. Contact your own attorney to obtain advice with respect to any particular legal matter. Selected Reading Microsoft Chose Profit Over Security and Left U.S. Government Vulnerable to Russian Hack, Whistleblower Says (ProPublica) Microsoft president to testify about security lapses (IT News) Spy agencies’ foreign influence hub says it is issuing more private warnings (The Record) Cyber Insurance Claims Hit Record High in North America (Infosecurity Magazine) Hacker Accesses Internal ‘Tile’ Tool That Provides Location Data to Cops (404 Media) New phishing toolkit uses PWAs to steal login credentials (Bleeping Computer) Microsoft’s Recall puts the Biden administration’s cyber credibility on the line (CyberScoop) Turkish student creates custom AI device for cheating university exam, gets arrested (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dutch military intelligence warns of the Chinese Coathanger RAT. Pure Storage joins the growing list of Snowflake victims. JetBrains patches a GitHub IDE vulnerability. A data broker hits the brakes on selling driver location data. Flaws in VLC Media player allow remote code execution. Patch Tuesday updates. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, taking on Domain 8, Software Development Security. Farewell, computer engineering legend Lynn Conway.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe take on Domain 8, Software Development Security, and tackle the following question: At which step of the SDLC should security considerations be first integrated? Functional requirements defining Project initiation and planning Testing and evaluation control System design specification Selected Reading Dutch intelligence says Chinese hacking campaign ‘more extensive’ than previously known (The Record) Pure Storage confirms data breach after Snowflake account hack (Bleeping Computer) Users of JetBrains IDEs at risk of GitHub access token compromise (CVE-2024-37051) (Help Net Security) GitHub phishing campaign wipes repos, extorts victims (SC Magazine) Data broker shuts down product related to driver behavior patterns (The Record) VLC Media Player Vulnerabilities Allow Remote Code Execution (Cyber Security News) Microsoft June 2024 Patch Tuesday fixes 51 flaws, 18 RCEs (Bleeping Computer) ICS Patch Tuesday: Advisories Published by Siemens, Schneider Electric, Aveva, CISA (SecurityWeek) Column: Lynn Conway, leading computer scientist and transgender pioneer, dies at 85 (LA Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

23andMe’s looming bankruptcy could pause class-action privacy lawsuits. The FCC focuses on BGP. The White House looks to big tech to help secure rural hospitals. Cylance confirms a data breach. Arm warns of GPU kernel driver vulnerabilities. The world's largest law firm faces class action over the MOVEit hack. SAP releases high priority patches. Apple redefines AI - literally - and offers up Private Cloud Compute at their developer’s conference. Guest Chris Novak, Senior Director of Cyber Security Consulting at Verizon, shares highlights and key takeaways of their recently published 2024 Data Breach Investigations Report (DBIR). Share your love — but not your passwords. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Chris Novak, Senior Director of Cyber Security Consulting at Verizon, shares highlights and key takeaways of their recently published 2024 Data Breach Investigations Report (DBIR). Selected Reading UK and Canada Launch Joint Probe Into 23andMe Breach While District Judge Says Bankruptcy Is Imminent (Metacurity) FCC Advances BGP Security Rules for Broadband Providers (bankinfosecurity) White House enlists Microsoft, Google for rural hospital cyberdefense (Beckers Health IT) Cylance confirms data breach linked to 'third-party' platform (bleepingcomputer) Arm warns of actively exploited flaw in Mali GPU kernel drivers (bleepingcomputer) Law firm Kirkland sued in class action over MOVEit data breach (Reuters) SAP Patches High-Severity Vulnerabilities in Financial Consolidation, NetWeaver (SecurityWeek) Here's how Apple's keeping your cloud-processed AI data safe (and why it matters) (ZDNET) When things go wrong: A digital sharing warning for couples (Malwarebytes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft makes Recall opt-in. The Senate holds hearings on federal cybersecurity standards. Snowflake’s scrutiny snowballs. New York Times source code is leaked online. Ransomware leads to British hospitals' desperate need for blood donors. Cisco Talos finds 15 serious vulnerabilities in PLCs. Sticky Werewolf targets Russia and Belarus. Frontier Communications warns 750,000 customers of a data breach. Chinese nationals get prison time in Zambia for cybercrimes. N2K’s CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night. DIY cell towers can land you in hot water.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s CSO Rick Howard speaks with Danielle Ruderman, Security GTM Leader, AWS about what keeps CISOs up at night and learnings from AWS CISO Circles. Today, our team is at the AWS re:Inforce this week. Stay tuned for our coverage. Selected Reading Windows won’t take screenshots of everything you do after all — unless you opt in (The Verge)  US Senate Committee holds hearing on harmonizing federal cybersecurity standards to address business challenges (Industrial Cyber) What Snowflake isn't saying about its customer data breaches (TechCrunch) New York Times source code stolen using exposed GitHub token (Bleeping Computer) London Hospitals Seek Biologics Backup After Ransomware Hit (GovInfo Security) Cisco Finds 15 Vulnerabilities in AutomationDirect PLCs (SecurityWeek) Sticky Werewolf targets the aviation industry in Russia and Belarus (Security Affairs) Frontier warns 750,000 of a data breach after extortion threats (Bleeping Computer) 22 Chinese Nationals Sentenced to Long Prison Terms in Zambia for Multinational Cybercrimes (SecurityWeek) Two arrested in UK over fake cell tower smishing campaign (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Investigative journalist and author Geoff White talks about tracing a line through the dots of his career covering technology. Geoff shares that he has always been "quite geeky," but came to covering technology after several roles in the journalism industry. Newspapers, magazines and television were all media Geoff worked in before covering technology. Geoff got into journalism not due to the glamour sometimes associated with it, but because he wanted to fight for the public to cover stories that helped those who didn't have massive amounts of money, power or a huge lobbying campaign in political circles. When writing his book, Crime Dot Com, Geoff reflected on the cybercrime and cybersecurity stories he's covered and saw how things started falling into place. Our thanks to Geoff for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Jérôme Segura, Senior Director of Threat Intelligence at Malwarebytes, is discussing their work on "Threat actors ride the hype for newly released Arc browser." The Arc browser, newly released for Windows, has quickly garnered positive reviews but has also attracted cybercriminals who are using deceptive Google search ads to distribute malware disguised as the browser. These malicious campaigns exploit the hype around Arc, using techniques like embedding malware in image files and utilizing the MEGA cloud platform for command and control, highlighting the need for caution with sponsored search results and the effectiveness of Endpoint Detection and Response (EDR) systems. The research can be found here: Threat actors ride the hype for newly released Arc browser Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft's recall raises red flags. Ukraine's CERT sounds alarm. Russian hacktivists cause trouble in EU elections. DEVCORE uncovers critical code execution flaw. LastPass leaves users locked out. Apple commits to five years of iPhone security. An AI mail fail. Inside the FCC's plan to strengthen BGP protocol. Dave sits down with our guest Camille Stewart Gloster, Former Deputy National Cyber Director at the White House, as she shares a retrospective of her public service career. And let’s all Cheers to cybersecurity. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Camille Stewart Gloster, Former Deputy National Cyber Director at the White House, shares a retrospective of her public service career. Camille’s full conversation with Dave can be found on our weekly cybersecurity law, policy and privacy podcast, Caveat. You can listen to it here.  Selected Reading Microsoft’s Recall Feature Is Even More Hackable Than You Thought (WIRED) Microsoft Research scientist gives non-answer when asked about Windows Recall privacy concerns (TechSpot)  TotalRecall: A New Tool that Extracts Data From Windows 11 Recall Feature (Cyber Security News) Exclusive: Senators express "serious concern" with Pentagon's Microsoft plan (Axios) UAC-0020 used SPECTR Malware to target Ukraine defense forces (Security Affairs)  Russian hacktivists vow mass attacks against EU elections (The Register) Ransomware Actor Exploited CoinMiner Attacker's Proxy Server (Cyber Security News) Critical PHP Remote Code Execution Flaw let Attackers Inject Malicious Scripts (Cyber Security News) Users furious after LastPass down for hours (Cybernews) Apple Says iPhones Will Get Security Updates for at Least 5 Years (SecurityWeek)  EmailGPT Exposed to Prompt Injection Attacks (Infosecurity Magazine) FCC Proposes BGP Security Reporting for Broadband Providers (SecurityWeek) Unpacking the SEC 10-K cyber disclosures (PwC)  Apple set to launch Passwords app, taking on LastPass and 1Password (TechSpot) Wineloader Mimic As Ambassador Of India To Start The Infection Chain (Cyber Security News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CSAC recommends key changes to the  Joint Cyber Defense Collaborative. Cloud vendor Snowflake says single-factor authentication is to blame in their recent breach. Publishers sue Google over pirated ebooks. The FBI shares LockBit decryption keys. V3B is a phishing as a service campaign targeting banking customers. Commando Cat targets Docker servers to deploy crypto miners. Our guest is Danny Allan, Snyk's CTO, discussing how in the rush to implement GenAI, some companies are bypassing best practices and security policies. Club Penguin fans stumble upon a cache of secrets in the house of mouse. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Danny Allan, Snyk's CTO, discussing how in the rush to implement GenAI, companies bypass best practices and security policies. This highlights a clear gap between those in leadership looking to adopt AI tools and the teams who are utilizing them. Learn more in Snyk Organizational AI Readiness Report.  Selected Reading CISA advisors urge changes to JCDC's goals, operations, membership criteria (The Record) CISA says 'patch now' to 7-year-old Oracle WebLogic bug (The Register) Snowflake says users with single-factor authentication targeted in attack (SC Media) Advance Auto Parts stolen data for sale after Snowflake attack (Bleeping Computer) Major Publishers Sue Google Over Ads for Pirated Ebooks (Publishing Perspectives) FBI unveils 7,000 decryption keys to aid LockBit victims (Silicon Republic)  Hackers Attacking Banking Customers Using Phishing-As-A-Service V3B Toolkit (GB Hackers) Commando Cat: A Novel Cryptojacking Attack Abusing Docker Remote API Servers (Trend Micro) Club Penguin fans breached Disney Confluence server, stole 2.5GB of data (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

OpenAI insiders describe a culture of recklessness and secrecy. Concerns over Uganda’s biometric ID system. Sophos uncovers a Chinese cyberespionage operation called Crimson Palace. Poland aims to sure up cyber defenses against Russia. Zyxel warns of critical vulnerabilities in legacy NAS products. Arctic Wolf tracks an amateurish ransomware variant named Fog. A TikTok zero-day targets high profile accounts. Cisco patches a Webex vulnerability that exposed German government meetings. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 7, Security Operations. A Canadian data breach leads to a class action payday.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe dive into Domain 7, Security Operations, and tackle the following question: Which of the following is the MOST important goal of Disaster Recovery Planning? Business continuity Critical infrastructure restoration Human Safety Regulatory compliance Selected Reading OpenAI Whistle-Blowers Describe Reckless and Secretive Culture (The New York Times) Uganda: Yoweri Museveni's Critics Targeted Via Biometric ID System (Bloomberg) Chinese South China Sea Cyberespionage Campaign Unearthed (GovInfo Security) Palau confirms 'major' cyberattack, points to China (Digital Journal) Poland to invest $760 million in cyberdefense as Russian pressure mounts (The Record) 'NsaRescueAngel' Backdoor Account Again Discovered in Zyxel Products (SecurityWeek) Arctic Wolf sniffs out new ransomware variant (CSO Online) CNN, Paris Hilton, and Sony TikTok accounts hacked via DMs (Security Affairs) Cisco Patches Webex Bugs Following Exposure of German Government Meetings (SecurityWeek) ICBC must pay $15K to all who had data breached before JIBC attacks (Vancouver Sun)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ransomware disrupts London hospitals. Researchers discover serious vulnerabilities in Progress' Telerik Report Server and Atlassian Confluence Data Center and Server. Over three million people are affected by a breach at a debt collection agency. A report finds Rural hospitals vulnerable to ransomware. An Australian mining firm finds some of its data on the Dark Web. Google patches 37 Android vulnerabilities. Russian threat actors target the Summer Olympics in Paris. On our Industry Voices segment, we are joined by Sandy Bird, CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. The Amazon rainforest goes online. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Sandy Bird, CTO at Sonrai. Sandy discusses the risks of unused identity infrastructure. You can learn more about Sonrai’s work in this area by reviewing their Quantifying Cloud Access Risk: Overprivileged Identities and Zombie Identities report. Selected Reading Critical incident declared as ransomware attack disrupts multiple London hospitals (The Record) CVE-2024-4358, CVE-2024-1800: Exploit Code Available for Critical Exploit Chain in Progress Telerik Report Server (Tenable) Atlassian’s Confluence hit with critical remote code execution bugs (CSO Online) Debt collection agency FBCS leaks information of 3 million US citizens (Malwarebytes) Rural hospitals are particularly vulnerable to ransomware, report finds (CyberScoop) Australian rare earths miner hit by cybersecurity breach (Mining Weekly) 37 Vulnerabilities Patched in Android (SecurityWeek) Russia used fake AI Tom Cruise in Olympic disinformation campaign (Computer Weekly) The Internet's Final Frontier: Remote Amazon Tribes (New York Times) Listen to our newest podcast, “Only Malware in the Building.” N2K and Proofpoint have teamed up to launch “Only Malware in the Building,” the newest podcast on the N2K CyberWire network. Each month our hosts Selena Larson, Proofpoint’s staff threat researcher, and N2K’s Rick Howard and Dave Bittner, explore the mysteries around today’s most intriguing cyber threats. Listen to the first episode and subscribe now. Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Signs point to a major cybersecurity event at cloud provider Snowflake. Hugging Face discloses "unauthorized access" to its Spaces platform. Australian legislation seeks jail time for deepfake porn. CISA adds two vulnerabilities to the KEV catalog. Spanish police investigate a potential breach of drivers license info. NSA shares mobile device best practices. Everbridge crisis management software company reports a data breach. N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard joins us to preview CSO Perspectives Season 14 which launches today! Google tries to explain those weird AI search results.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard joins Dave to preview CSO Perspectives Season 14 which launches today! The first episode explores SolarWinds and the SEC. This episode of CSO Perspectives has a companion essay. You can find it here. Not an N2K Pro subscriber? You can catch the first half of the episode here.  Selected Reading The Ticketmaster Data Breach May Be Just the Beginning (WIRED) Hugging Face says it detected 'unauthorized access' to its AI model hosting platform (TechCrunch) Jail time for those caught distributing deepfake porn under new Australian laws (The Guardian) CISA warns of actively exploited Linux privilege elevation flaw (Bleeping Computer) Spanish police investigate whether hackers stole millions of drivers' data (Reuters) The NSA advises you to turn your phone off and back on once a week - here's why (ZDNET) Everbridge warns of corporate systems breach exposing business data (Bleeping Computer) Google’s AI Overview is flawed by design, and a new company blog post hints at why (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, presents the argument for why the SEC was misguided when it charged the SolarWinds CISO, Tim Brown, with fraud the after the Russian SVR compromised the SolarWinds flagship product, Orion. Our guests are, Steve Winterfeld, Akamai’s Advisory CISO, and Ted Wagner, SAP National Security Services CISO. References: Andrew Goldstein, Josef Ansorge, Matt Nguyen, Robert Deniston, 2024. Fatal Flaws in SEC’s Amended Complaint Against SolarWinds [Analysis]. Crime & Corruption. Anna-Louise Jackson, 2023. Earnings Reports: What Do Quarterly Earnings Tell You? [Explainer]. Forbes. Brian Koppelman, David Levien, Andrew Ross Sorkin, 2016 - 2023. Billions [TV Show]. IMDb. Dan Goodin, 2024. Financial institutions have 30 days to disclose breaches under new rules [News]. Ars Technica. David Katz, 021. Corporate Governance Update: “Materiality” in America and Abroad [Essay]. The Harvard Law School Forum on Corporate Governance. Jessica Corso, 2024. SEC Zeroes In On SolarWinds Exec In Revised Complaint [Analysis]. Law360. Johnathan Rudy, 2024. SEC files Amended complaint against SolarWinds and CISO [Civil Action]. LinkedIn. Joseph Menn, 2023. Former Uber security chief Sullivan avoids prison in data breach case [WWW DocumentNews]. The Washington Post. Kim Zetter, 2014. Countdown to Zero Day: Stuxnet and the Launch of the World’s First Digital Weapon [Book]. Goodreads. Kim Zetter, 2023. SEC Targets SolarWinds’ CISO for Rare Legal Action Over Russian Hack [WWW Document]. ZERO DAY. Kim Zetter, 2023. SolarWinds: The Untold Story of the Boldest Supply-Chain Hack [Essay]. WIRED. Rick Howard, 2022. Cyber sand table series: OPM [Podcast]. The CyberWire - CSO Perspectives Podcast. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Pam Baker, 2021. The SolarWinds hack timeline: Who knew what, and when? [Timeline]. CSO Online. Staff, 2009. Generally Accepted Accounting Principles (Topic 105) [Standard]. PWC. Staff. 30 October 2023. SEC Charges SolarWinds and Chief Information Security Officer with Fraud, Internal Control Failures [Website]. The U.S. Securities and Exchange Commision. Staff, 31 October 2023. Securities and Exchange Commission v. SolarWinds Corporation and Timothy G. Brown, No. 23-civ-9518 (SDNY) [Case]. The Securities and Exchange Commission. Staff, 29 March 2024. Cooley, Cybersecurity Leaders File Brief Opposing SEC’s SolarWinds Cyberattack Case [Press Release]. Cooley. Stephanie Pell, Jennifer Lee , Shoba Pillay, Jen Patja Howell, 2024. The SEC SolarWinds Enforcement Action [Podcast]. The Lawfare Podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices

As part of our series on the 2024 NICE Conference, we turn our focus to the one of the keynote speakers of the conference. This year’s conference theme “Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap” highlights the collective effort to strengthen the cybersecurity landscape. By joining forces with key partners, we can foster a more robust cybersecurity ecosystem to bridge the workforce gap.  In her keynote coming up on Tuesday, June 4th, Deneen DeFiore, Chief Information Security Officer of United Airlines, will discuss "A Journey with No Destination: A CISO’s Pathway to a Cybersecurity Career." Prior to the conference, Simone Petrella, N2K President, caught up with Deneen DeFiore. They discussed Deneen's history with NICE, the importance of prioritizing cyber talent and workforce issues, what stakeholders need to more effectively tackle the cyber skills and experience gap across the profession, and more. Find out more about the The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1). Listen to our podcast about the update. Stay tuned for our coverage of the 2024 NICE Conference. Learn more about your ad choices. Visit megaphone.fm/adchoices

As part of our series on the 2024 NICE Conference, we turn our focus to the Business Roundtable. This year’s conference theme “Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap” highlights the collective effort to strengthen the cybersecurity landscape. By joining forces with key partners, we can foster a more robust cybersecurity ecosystem to bridge the workforce gap. Business Roundtable is an association of chief executive officers of America’s leading companies working to promote a thriving U.S. economy and expanded opportunity for all Americans through sound public policy. The Business Roundtable launched its Cybersecurity Workforce Corporate Initiative in December of 2022. In coordination with its members and inputs from experts at Department of Commerce’s National Initiative for Cybersecurity Education (NICE), it recently released a Cybersecurity Workforce Playbook to help employers create entry points to cybersecurity careers and strengthen cybersecurity talent pipelines across various industries and sectors. Simone Petrella, N2K President, speaks with Erin White, Business Roundtable's Senior Director, Corporate Initiatives, about the Cybersecurity Workforce Corporate Initiative, the recently released Cybersecurity Workforce Playbook, key takeaways for the private sector, and how the Business Roundtable and NICE are working together to support these initiatives. Find out more about the The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1). Stay tuned for our coverage of the 2024 NICE Conference. Learn more about your ad choices. Visit megaphone.fm/adchoices

Commandant for the National Security Agency's National Cryptologic School Diane M. Janosek shares the story of her career going global Diane explains how she's always been drawn to doing things that could help and raise the nation. From a position as a law clerk during law school, to the role of a judicial clerk, and joining the White House Counsel's office, Diane was exposed to many things and felt she experienced the full circle. Moving on to the Pentagon and finally, the NSA, Diane transitioned into her current role where she orchestrates the educational environment for military and civilian cyber and cryptologists worldwide for the nation. Diane encourages those who love to learn to join the multidisciplinary cybersecurity field. Our thanks to Diane for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Amit Malik, Director of Threat Research at Uptycs, is sharing their work on "New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware." The Uptycs Threat Research Team has discovered a large-scale Log4j campaign involving over 1700 IPs, aiming to deploy XMRig cryptominer malware. This ongoing operation was initially detected through the team's honeypot collection, prompting an in-depth analysis of the campaign. The research says "The JNDI plugin is particularly useful to attackers because it allows them not only to fetch the values of environment variables in the target system but also to freely define the URL and protocol resource for the JNDI network connection." The research can be found here: New Threat Detected: Inside Our Discovery of the Log4j Campaign and Its XMRig Malware Learn more about your ad choices. Visit megaphone.fm/adchoices

Draft legislation looks to streamline federal cybersecurity regulations. Clarity.fm exposed personal information of business leaders and celebrities. Researchers find european politicians’ personal info for sale on the dark web. The BBC’s pension scheme suffers a breach. OpenAI disrupts covert influence operations making use of their platform. Hackers brick over 600,000 routers. Cracked copies of Microsoft office deliver a malware mix. A senator calls for accountability in the Change Healthcare ransomware attack. On our Industry Voices segment, we hear from SpyCloud’s Chip Witt, on navigating the threat of digital identity exposure. Florida man becomes Moscow’s fake-news puppet. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we hear from Chip Witt, SpyCloud's SVP, Product Management, discussing navigating the threat of digital identity exposure. To learn more, check out SpyCloud’s Annual Identity Exposure Report 2024.  Selected Reading Senate chairman wants new White House-led panel to streamline federal cyber rules (The Record) Data Leak Exposes Business Leaders and Top Celebrity Data (Hackread) Information of Hundreds of European Politicians Found on Dark Web (SecurityWeek) BBC Pension Scheme Breached, Exposing Employee Data (Infosecurity Magazine) OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops (CSO Online) Mystery malware destroys 600,000 routers from a single ISP during 72-hour span (Ars Technica) Pirated Microsoft Office delivers malware cocktail on systems (Bleeping Computer) UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says (The Record) Once a Sheriff’s Deputy in Florida, Now a Source of Disinformation From Russia (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Operation Endgame takes down malware operations around the globe. A major botnet operator is arrested. Ticketmaster’s massive data breach is confirmed, and so is Google’s SEO algorithm leak. Journalists and activists in Europe were targeted with Pegasus spyware. Okta warns users of credential stuffing attacks. NIST hopes to clear out the NVD backlog. On our Threat Vector segment, host David Moulton speaks with Greg Jones, Chief Information Security Officer at Xavier University of Louisiana. Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, joins us to discuss software security. LightSpy surveillance malware comes to macOS. ChatGPT briefly gets a god mode. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, joins us to discuss software security. Threat Vector In this Threat Vector segment, host David Moulton speaks with Greg Jones, Chief Information Security Officer at Xavier University of Louisiana. Greg brings a wealth of knowledge from his military background and applies a disciplined, adaptive approach to securing one of America's most vibrant educational institutions. You can listen to David and Greg’s full discussion here.  Selected Reading Police seize malware loader servers, arrest four cybercriminals (Bleeping Computer) Is Your Computer Part of ‘The Largest Botnet Ever?’ (Krebs on Security) Ticketmaster hacked. Breach affects more than half a billion users. (Mashable) Google confirms the leaked Search documents are real (The Verge) Phones of journalists and activists in Europe targeted with Pegasus (CyberScoop) Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication (SecurityWeek) NIST says NVD will be back on track by September 2024 (Help Net Security) macOS version of elusive 'LightSpy' spyware tool discovered (Bleeping Computer) Hacker Releases Jailbroken "Godmode" Version of ChatGPT (Futurism)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

An alleged leak of Google’s search algorithm contradicts the company’s public statements.  German researchers discover a critical vulnerability in a TP-Link router. Breachforums is back…maybe. The Seattle Public Library suffers a ransomware attack. A Georgia man gets ten years for money laundering and romance scams, and the Treasury department sanctions a group of botnet operators. 44,000 individuals are affected by the breach of a major U.S. title insurance company. Microsoft describes North Korea’s Moonstone Sleet. Advocating for a more architectural approach to cybersecurity. Maria Varmazis speaks with WiCyS Executive Director Lynn Dohm and a panel of N2K experts about the 2024 Cyber Talent Study. A cracked password results in a multimillion dollar windfall.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe dive into Domain 6: Security Assessment and Testing and tackle the following question together: You are hiring a vendor to perform a penetration test that would simulate a breach from an insider threat. What type of test would be BEST to perform?  Blue Box Black Box White-hat hack White box CyberWire Guest Maria Varmazis, N2K host of T-Minus Space Daily, talks with WiCyS Executive Director Lynn Dohm and N2K's Simone Petrella, Dr. Heather Monthie, and Jeff Welgan about the 2024 Cyber Talent Study. You can find out more about the study here.  Selected Reading Google won’t comment on a potentially massive leak of its search algorithm documentation (The Verge) Update TP-Link's Archer C5400X router now to fix remote takeover vulnerability (TechSpot) Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? (Malwarebytes) Ransomware attack on Seattle Public Library knocks out online systems (The Record) Man Sentenced for Laundering Over $4.5M Obtained from Business Email Compromise and Romance Fraud Schemes (United States Department of Justice) Treasury Sanctions a Cybercrime Network Associated with the 911 S5 Botnet (United States Department of Treasury) First American December data breach impacts 44,000 people (Bleeping Computer) Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks (Microsoft Security Blog) Cybersecurity at a crossroads: Time to shift to an architectural approach (CSO Online) How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI untangles Scattered Spider. The RansomHub group puts a deadline on Christie’s. Prescription services warn customers of data breaches. Personal data from public sector workers in India is leaked online. Check Point says check your VPNs. The Internet Archive suffers DDoS attacks. A Minesweeper clone installs malicious scripts. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space. If you can’t beat ‘em, troll ‘em.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space. Selected Reading Potent youth cybercrime ring made up of 1,000 people, FBI official says (CyberScoop) Christie’s given Friday ransom deadline after threat group claims responsibility for cyber attack (ITPro) Data Stolen From MediSecure for Sale on Dark Web (SecurityWeek) 2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx (SecurityWeek) Data leak exposes personal data of Indian military and police (CSO Online) Check Point warns of threat actors targeting its VPNs (TechMonitor) Internet Archive Hit With DDoS Attack (PCMag) Hackers phish finance orgs using trojanized Minesweeper clone (bleepingcomputer) Cops Are Just Trolling Cybercriminals Now (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst, CSO, and Senior Fellow, commemorates Memorial Day. References: Abraham Lincoln, 1863. The Gettysburg Address [Speech]. Abraham Lincoln Online. Amanda Onion, Original 2009, Updated 2023. Memorial Day 2022: Facts, Meaning & Traditions [Essay]. HISTORY. Brent Hugh, 2021. A Brief History of “John Brown’s Body” [Essay]. Digital History. Bob Zeller, 2022. How Many Died in the American Civil War? [Essay]. HISTORY. General George Marshall, 2014. President Lincoln’s Letter to Mrs Bixby [Movie Clip - Saving Private Ryan]. YouTube. JOHN LOGAN, 1868. Logan’s Order Mandating Memorial Day [Order]. John A. Logan College. John Williams, Chicago Symphony Orchestra, 2012. The People’s House: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music. John Williams, Chicago Symphony Orchestra, 2012. The Blue and the Grey: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music - Web Playe. Livia Albeck-Ripka, 2023. A Brief History of Memorial Day [Essay]. The New York Times. Paul Robeson, 2021. John Brown’s Body [Song]. YouTube. Robert Rodat (Writer), Steven Spielberg (Director), Harve Presnell (Actor), 1998. Saving Private Ryan [Movie]. IMDb. Staff, 2020. A Brief Biography of General John A. Logan [Biography]. John A. Logan College. Staff, 2024. Civil War Timeline [WWW Document], American Battlefield Trust. Thomas Jefferson, 1776. Declaration of Independence: [Transcription]. National Archives. Winston Churchil, 1940. Never was so much owed by so many to so few - Winston Churchill Speeches [Speech]. YouTube. Learn more about your ad choices. Visit megaphone.fm/adchoices

Director of security operations at Syntax Richard Torres talks about his path leading him working in juvenile justice to becoming a private investigator to physical security at a nuclear power plant to cybersecurity presently. Always a fan of police shows, Richard became a member of the Air Force Junior ROTC in high school and began his path there. Richard shares the challenges of working in several facets of the security industry including his transition from SWAT team member to cybersecurity. He notes the role that diplomacy plays when you're trying to get honesty and be steered in the right direction. Our thanks to Richard for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Jon DiMaggio, a Chief Security Strategist at Analyst1, is sharing his work on "Ransomware Diaries Volume 5: Unmasking LockBit." On February 19, 2024, the National Crime Agency (NCA), a UK sovereign law enforcement agency, in collaboration with the FBI, Europol, and nine other countries under "Operation Cronos," disrupted the LockBit ransomware gang’s data leak site used for shaming, extorting, and leaking victim data. The NCA greeted visitors to LockBit’s dark web leak site with a seizure banner, revealing they had been controlling LockBit’s infrastructure for some time, collecting information, acquiring victim decryption keys, and even compromising the new ransomware payload intended for LockBit 4.0. The research can be found here: Ransomware Diaries Volume 5: Unmasking LockBit Learn more about your ad choices. Visit megaphone.fm/adchoices

LockBit drops 300 gigabytes of data from London Drugs. Video software used in courtrooms worldwide contains a backdoor. Google patches another Chrome zero-day. The EU seeks collaboration between research universities and intelligence agencies. Atlas Lion targets retailers with gift card scams. Researchers explore an Apple reappearing photo bug. Hackers access a Japanese solar power grid. Congress floats a bill to enhance cyber workforce diversity. Ben Yelin joins us with a groundbreaking legal case involving AI generated CSAM. Whistling past the expired domain graveyard.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, co host of our Caveat podcast and Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security, discusses "FBI Arrests Man For Generating AI Child Sexual Abuse Imagery." Selected Reading Hackers release corporate data stolen from London Drugs, company says (The Star) Crooks plant backdoor in software used by courtrooms around the world (Ars Technica) Google fixes eighth actively exploited Chrome zero-day this year (Bleeping Computer) EU wants universities to work with intelligence agencies to protect their research (The Record) US retailers under attack by gift card-thieving cyber gang (Help Net Security) Apple wasn’t storing deleted iOS photos in iCloud after all (Bleeping Computer) Hijack of monitoring devices highlights cyber threat to solar power infrastructure (CSO Online) New Diverse Cybersecurity Workforce bill to promote inclusivity, provide CISA with millions for outreach (Industrial Cyber) When privacy expires: how I got access to tons of sensitive citizen data after buying cheap domains (INTI) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Spyware is discovered on U.S. hotel check in systems. A Microsoft outage affects multiple services. Bitdefender uncovers Unfading Sea Haze. University of Maryland researchers find flaws in Apple’s Wi-Fi positioning system. Scotland’s NRS reveals a sensitive data leak. Rapid7 tracks the rise in zero-day exploits and mass compromise events. The SEC hits the operator of the New York Stock Exchange with a ten million dollar fine. Operation Diplomatic Specter targets political entities in the Middle East, Africa, and Asia. The FCC considers AI disclosure rules for political ads. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on Legal Perspectives on Cyberattacks Targeting Space Systems. Tone-blasting underwater data centers.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on their paper: Law in Orbit: International Legal Perspectives on Cyberattacks Targeting Space Systems. You can learn more about their work in this post. Check out T-Minus Space Daily for your daily space intelligence.  Selected Reading Spyware found on US hotel check-in computers ( TechCrunch) Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search (Bleeping Computer) Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea (Bitdefender)  Apple’s Wi-Fi Positioning Can Be System Abused To Track Users (GB Hackers)  National Records of Scotland Data Breached in NHS Cyber-Attack (Infosecurity Magazine) Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report (SecurityWeek) NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack (SecurityWeek) Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia (Palo Alto Networks Unit 42 Intel) FCC chair proposes requirement for political ads to disclose when AI content is used (The Record) Acoustic attacks could be a serious threat to the future of underwater data centers (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Some say Microsoft’s Recall should be. A breach of a Texas healthcare provided affects over four hundred thousand. Police in the Philippines shut down services following a breach. Ivanti patches multiple products. GitHub fixes a critical authentication bypass vulnerability. Researchers discover critical vulnerabilities in Honeywell’s ControlEdge Unit Operations Controller. The DoD releases their Cybersecurity Reciprocity Playbook. Hackers leak a database with millions of Americans’ criminal records. Mastercard speeds fraud detection with AI. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey, diving into Domain 5: Identity and Access Management. Remembering a computing visionary.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Joe and Sam dive into Domain 5: Identity and Access Management (IAM) and tackle a question together about biometric configuration. Try the question yourself before listening to the discussion! You are configuring a biometric hand scanner to secure your data center. Which of the following practices is BEST to follow? Decrease the reader sensitivity Increase the FAR Decrease the FRR Increase the reader sensitivity Selected Reading UK watchdog looking into Microsoft AI taking screenshots (BBC) How the new Microsoft Recall feature fundamentally undermines Windows security (DoublePulsar) CentroMed Confirms Data Breach Affecting an Estimated 400k | Console and Associates, P.C. (JDSupra) PNP suspends online services amid data breach probe (Philippine News Agency) Ivanti Patches Critical Code Execution Vulnerabilities in Endpoint Manager (SecurityWeek) Critical SAML Auth Bypass Vulnerability Found in GitHub Enterprise Server (Heimdal Security) Critical Vulnerability in Honeywell Virtual Controller Allows Remote Code Execution (SecurityWeek) DoD CIO debuts cybersecurity reciprocity playbook to streamline system authorizations, boost cybersecurity efficiency (Industrial Cyber) Criminal record database of millions of Americans dumped online (Malwarebytes) Mastercard Doubles Speed of Fraud Detection with Generative AI (Infosecurity Magazine) Gordon Bell, Legendary Designer of Computers, Dies at 89 (Gizmodo)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The alleged operator of Incognito Market is collared at JFK. The UK plans new ransomware reporting regulations. Time to update your JavaScript PDF library. CISA adds a healthcare interface engine to its Known Exploited Vulnerabilities (KEV) catalog. HHS launches a fifty million dollar program to help secure hospitals. A Fluent Bit vulnerability impacts major cloud platforms. The EPA issues a cybersecurity alert for drinking water systems. BiBi Wiper grows more aggressive. Siren is a new threat intelligence platform for open source software. On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K’s Rick Howard to discuss “Innovation: balancing the good with the bad.” And is it just me, or does that AI assistant sound awfully familiar? Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K’s Rick Howard to discuss “Innovation: balancing the good with the bad.” Rick caught up with Amit at the recent RSA Conference in San Francisco.  Selected Reading “Incognito Market” Owner Arrested for Operating One of the Largest Illegal Narcotics Marketplaces on the Internet (United States Department of Justice) Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) CVE-2024-4367 in PDF.js Allows JavaScript Execution, Potentially Affecting Millions of Websites: Update Now (SOCRadar) CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw (SecurityWeek) Fluent Bit flaw discovered that impacts every major cloud provider (Tech Monitor) EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems (SecurityWeek) New BiBi Wiper version also destroys the disk partition table (Bleeping Computer) Enhancing Open Source Security: Introducing Siren by OpenSSF (OpenSSF) HHS offering $50 million for proposals to improve hospital cybersecurity (The Record) Scarlett Johansson Said No, but OpenAI’s Virtual Assistant Sounds Just Like Her (The New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Germany’s BSI sues Microsoft for more information on recent security incidents. Julian Assange can appeal his U.S. extradition. AI chatbots may have itchy trigger fingers. CISA warns of vulnerabilities affecting Google Chrome and D-Link routers. Ham Radio’s association suffers a data breach. New underground marketplaces pop up to replace BreachForums. An updated banking trojan targets users in Central and South America. Cybercom’s founders share its origin story.  Examining gender bias in open source software contributors. For our Industry Voices segment, guest Chris Pierson, CEO at BlackCloak, met up with N2K’s Brandon Karpf at the 2024 RSA Conference to discuss personal cybersecurity risks for executives. College students unlock free laundering — no money required.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Chris Pierson, CEO at BlackCloak, met up with N2K’s Brandon Karpf at the 2024 RSA Conference. Chris and Brandon discussed personal cybersecurity risks for executives. Selected Reading BSI sues Microsoft for disclosure of information on security disaster (Ground News) Assange Can Appeal U.S. Extradition, English Court Rules (The New York Times) ChatGPT likes to fight. For military AI researchers, that’s a problem (Tech Brew) CISA warns of hackers exploiting Chrome, EoL D-Link bugs (Bleeping Computer) American Radio Relay League Hit by Cyberattack (SecurityWeek) FBI seizes BreachForums infrastructure — but successor sites are already popping up (ITPro) Grandoreiro Banking Trojan is Back With Major Updates (Infosecurity Magazine) (PDF) Gender bias in open source: Pull request acceptance of women versus men (ResearchGate) The inside story of Cyber Command’s creation (CSO Online) Two Santa Cruz students uncover security bug that could let millions do their laundry for free (TechCrunch)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity. Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Hosein Yavarzadeh from the University of California San Diego, as he is discussing his work on "Pathfinder: High-Resolution Control-Flow Attacks Exploiting the Conditional Branch Predictor" This paper introduces new methods that let attackers read from and write to specific parts of high-performance CPUs, such as the path history register (PHR) and prediction history tables (PHTs). These methods allow two main types of attacks. One can reveal a program's control flow history, as shown by recovering a secret image through the libjpeg routines. The other enables detailed transient attacks, demonstrated by extracting an AES encryption key, highlighting significant security risks for these systems. The research can be found here: Graph: Growing number of threats leveraging Microsoft API Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Special Edition podcast, Dave Bittner speaks with guest Dave Hickton, Founding Director, Institute for Cyber Law, Policy, and Security at the University of Pittsburgh, and former US Attorney, on this 10th Anniversary of the first indictment of Chinese PLA actors. Hear directly from Mr. Hickton what lead to the indictment, the emotions that went along with this unprecedented action, and the legacy of the event. On May 19, 2014, a grand jury in the Western District of Pennsylvania (WDPA) indicted five Chinese military hackers for computer hacking, economic espionage and other offenses directed at six American victims in the U.S. nuclear power, metals and solar products industries.  The indictment alleges that the defendants conspired to hack into American entities, to maintain unauthorized access to their computers and to steal information from those entities that would be useful to their competitors in China, including state-owned enterprises (SOEs). In some cases, it alleges, the conspirators stole trade secrets that would have been particularly beneficial to Chinese companies at the time they were stolen. In other cases, it alleges, the conspirators also stole sensitive, internal communications that would provide a competitor, or an adversary in litigation, with insight into the strategy and vulnerabilities of the American entity. US Attorney Dave Hickton represented the Western District of Pennsylvania and was the signatory on the indictment. His team worked with the FBI Cyber Team in Pittsburgh, PA to bring about this historic action. Resources: Press Release: U.S. Charges Five Chinese Military Hackers for Cyber Espionage Against U.S. Corporations and a Labor Organization for Commercial Advantage Indictment Learn more about your ad choices. Visit megaphone.fm/adchoices

Australia warns of a large-scale ransomware data breach. The justice department charges five with helping North Korean IT workers evade sanctions. The FCC wants to beef up BGP. Antidot is a new Android banking trojan. The SEC enhances disclosure obligations. Researchers uncover vulnerabilities in GE ultrasound devices. A Baltimore neo-nazi pleads guilty to conspiring to take down an electrical grid. On our Solution Spotlight: N2K’s Simone Petrella speaks with Alicja Cade, Director in Google Cloud's Office of the CISO, about the CISO role, board communication, and cyber workforce development. “Tanks” for the warm water, but you can keep the vulnerabilities. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight: N2K’s Simone Petrella speaks with Alicja Cade, Director in Google Cloud's Office of the CISO, about the CISO role, board communication, and cyber workforce development. Simone and Alicja spoke at the 2024 RSA Conference.  Selected Reading Australian government warns of 'large-scale ransomware data breach' (The Record) US exposes scheme enabling North Korean IT workers to bypass sanctions (Help Net Security) FCC proposes BGP security measures (Network World) BGP: What is border gateway protocol, and how does it work? (Network World) New 'Antidot' Android Trojan Allows Cybercriminals to Hack Devices, Steal Data (SecurityWeek) SEC beefs up data privacy rules (Investment Executive) GE Ultrasound Gear Riddled With Bugs, Open to Ransomware & Data Theft (DarkReading) Baltimore County woman pleads guilty to conspiring with neo-Nazi leader to attack energy grid (The Baltimore banner) How I upgraded my water heater and discovered how bad smart home security can be (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI seizes BreachForums. NCSC rolls out a 'Share and Defend' initiative. ESports gaming gets a level up in their security. The spammer becomes the scammer. Bitdefender is sounding the alarm. The city of Wichita gets a wake-up call. In our Threat Vector segment, host David Moulton discusses the challenges and opportunities of AI adoption with guest Mike Spisak, the Managing Director of Proactive Security at Unit 42. And no one likes a cyber budgeting blunder. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, discusses the challenges and opportunities of AI adoption with guest Mike Spisak, Managing Director of Proactive Security at Unit 42. They emphasize the importance of early security involvement in the AI development lifecycle and the crucial role of inventorying AI usage to tailor protection measures. You can listen to the full episode here.  Selected Reading FBI seize BreachForums hacking forum used to leak stolen data (Bleeping Computer)  New UK system will see ISPs benefit from same protections as government networks (The Record) Riot Games, Cisco to Connect and Protect League of Legends Esports Through Expanded Global Partnership (Cisco)  To the Moon and back(doors): Lunar landing in diplomatic missions (WeLiveSecurity) New Black Basta Social Engineering Scheme (ReliaQuest) IoT Cameras Exposed by Chainable Exploits, Millions Affected (HackRead) Kimsuky APT Using Newly Discovered Gomir Linux Backdoor (Decipher) Law enforcement data stolen in Wichita ransomware attack (The Record)  Nigeria Halts Cybersecurity Tax After Public Outrage (Dark Reading)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

U.S. Senators look to enhance American leadership in AI. Federal Agencies Warn of Rising Cyberattacks on Civil Society. The Pentagon says they’re satisfied with Microsoft’s post-breach security pivots. Patch Tuesday updates. A Mississippi health system alerts users of a post-ransomware data breach. The FTC cautions automakers over data collection. CISOs feel pressure to understate cyber risks. On the Learning Layer, Sam and Joe continue their certification journey. Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2K’s Brandon Karpf about cyber civil defense clinics. A crypto mixing service developer finds himself behind bars. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Sarah Powazek of UC Berkeley's Center for Long-Term Cybersecurity (CLTC) speaks with N2K’s Brandon Karpf at 2024 RSA Conference about cyber civil defense clinics and the CLTC. Learn about their upcoming Cyber Civil Defense Summit being held at the International Spy Museum in Washington DC next month.  Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss how to use the midterm exam and Test Day Strategy video.  Selected Reading Senators Propose $32 Billion in Annual A.I. Spending but Defer Regulation (The New York Times) Civil society under increasing threats from 'malicious' state cyber actors, US warns (The Record) Post-data breach, DOD held 'very candid discussions' with Microsoft (DefenseScoop) Microsoft issues patches for over 60 software vulnerabilities (Tech Monitor) Adobe releases May 2024 fixes for critical issues in Reader, Acrobat, Illustrator and other products (BeyondMachines.net) CISA issues ICS advisories on hardware vulnerabilities from Rockwell, SUBNET, Johnson Controls, Mitsubishi Electric (Industrial Cyber) 900k Impacted by Data Breach at Mississippi Healthcare Provider (SecurityWeek) FTC fires 'shot across the bow' at automakers over connected-car data privacy (The Record) Security leaders report pressure from boards to downplay cyber risks (​​ITPro) Tornado Cash Developer Jailed for Laundering Billions of Dollars (GB Hackers) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google patches another Chrome zero-day. UK insurance agencies and the NCSC team up to reduce ransom payments. The FCC designates a robocall scam group. Vermont passes strong data privacy laws. A malicious Python package targets macOS users. ESET unpacks Ebury malware. Don’t answer Jenny’s email. Guest is author Barbara McQuade discussing her book "Attack from Within: How Disinformation is Sabotaging America.”  The White House says, “Keep your crypto mining away from our missile silos!”  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Barbara McQuade joins us to discuss her book "Attack from Within: How Disinformation is Sabotaging America" with Caveat co host Ben Yelin. You can hear Barbara and Ben’s full conversation on last week’s episode of Caveat here. You can catch Caveat on your favorite podcast app each Thursday where hosts Dave and Ben examine the latest in surveillance, digital privacy, cybersecurity law and policy.  Selected Reading Google Patches Second Chrome Zero-Day in One Week (SecurityWeek) UK Insurance and NCSC Join Forces to Fight Ransomware Payments (Infosecurity Magazine) FCC Warns of 'Royal Tiger' Robocall Scammers (SecurityWeek) Vermont passes data privacy law allowing consumers to sue companies (The Record) PyPi package backdoors Macs using the Sliver pen-testing suite (Bleeping Computer) Apple backports fix for RTKit iOS zero-day to older iPhones (Bleeping Computer) Ebury is alive but unseen: 400k Linux servers compromised for cryptocurrency theft and financial gain (WeLiveSecurity) Security Experts Issue Jenny Green Email Warning For Millions (Forbes) US government shuts down Chinese-owned cryptomine near nuclear missile base in Wyoming (Data Centre Dynamics) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

IntelBroker claims to have breached a Europol online platform. The U.S. and China are set to discuss AI security. U.S. agencies warn against BlackBasta ransomware operators. A claimed Russian group attacks British local newspapers. Cinterion cellular modems are vulnerable to malicious SMS attacks. A UK IT contractor allegedly failed to report a major data breach for months. Generative AI is a double edged sword for CISOs. Reality Defender wins the RSA Conference's Innovation Sandbox competition. Our guest is Chris Betz, CISO of AWS, discussing how to build a strong culture of security. Solar storms delay the planting of corn.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Chris Betz, CISO of AWS, discussing how to build a strong culture of security. In his blog, Chris writes about how AWS’s security culture starts at the top, and it extends through every part of the organization.  Selected Reading Europol confirms web portal breach, says no operational data stolen (Bleeping Computer) US and China to Hold Discussions on AI Risks and Security (BankInfo Security) CISA, FBI, HHS, MS-ISAC warn critical infrastructure sector of Black Basta hacker group; provide mitigations (Industrial Cyber) 'Russian' hackers deface potentially hundreds of local British news sites (The Record) Cinterion IoT Cellular Modules Vulnerable to SMS Compromise (GovInfo Security) MoD hack: IT contractor concealed major hack for months (Computing) AI's rapid growth puts pressure on CISOs to adapt to new security risks (Help Net Security) Reality Defender Wins RSAC Innovation Sandbox Competition (Dark Reading) Solar Storms are disrupting farmer GPS systems during critical planting time (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity Sales Engineer Brandon Robinson shares how he built his career in technology and the barriers he experienced along the way. He talks about how his job involves him interacting with customers at the highest levels making sure their solution is meeting needs. In addition, Brandon describes how as a black man and a trailblazer, he's been met with resistance. His positive spin on moving ahead involves relying on himself. Brandon's advice: find your passion, don't be intimidated and you will be met with success. Our thanks to Brandon for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Dick O'Brien from Symantec Threat Hunter team is discussing their research on “Graph: Growing number of threats leveraging Microsoft API.” The team observed an increasing number of threats that have begun to leverage the Microsoft Graph API, usually to facilitate communications with command-and-control (C&C) infrastructure hosted on Microsoft cloud services. The research states "the technique was most recently used in an attack against an organization in Ukraine, where a previously undocumented piece of malware used the Graph API to leverage Microsoft OneDrive for C&C purposes." The research can be found here: Graph: Growing number of threats leveraging Microsoft API Learn more about your ad choices. Visit megaphone.fm/adchoices

Project Fortress looks to protect the US financial system. News from San Francisco as RSA Conference winds down. Dell warns customers of compromised data. Google updates Chrome after a zero day is exploited in the wild. Colleges in Quebec are disrupted by a cyberattack. CopyCop uses generative AI for misinformation. The FBI looks to snag members of Scattered Spider. Betsy Carmelite, Principal at Booz Allen, shares our final Woman on the Street today from the 2024 RSA Conference. Guest Deepen Desai, Chief Security Officer at Zscaler, joins us to offer some highlights on their AI security report. A solar storm’s a-comin’. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Betsy Carmelite, Principal at Booz Allen, shares our final Woman on the Street today. N2K’s Brandon Karpf caught up with Betsy to share insights from the 2024 RSA Conference.  Guest Deepen Desai, Chief Security Officer at Zscaler, joins us to offer some highlights on their AI security report. Selected Reading Treasury launches ‘Project Fortress,’ an alliance with banks against hackers (CNN Business) Cyberthreat landscape permanently altered by Chinese operations, US officials say (The Record) White House to Push Cybersecurity Standards on Hospitals (Bloomberg) Dell warns of “incident” that may have leaked customers’ personal info (Ars Technica) Google fixes fifth Chrome zero-day exploited in attacks this year (Bleeping Computer) Cyberattack shuts down 4 Quebec CEGEPs, cancelling classes and exams (CBC News) AI-Powered Russian Network Pushes Fake Political News (Infosecurity Magazine) University System of Georgia: 800K exposed in 2023 MOVEit attack (Bleeping Computer) FBI working towards nabbing Scattered Spider hackers, official says (Reuters) Severe solar storm threatens power grids and navigation systems (Financial Post) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ascension healthcare shuts down systems following a cybersecurity event. Updates from RSA Conference. The FDA recalls an insulin pump app. Polish officials blame Russia for recent cyber attacks. IntelBroker claims to have compromised a pair of UK banks. New Mexico’s top cop accuses Meta of failing to protect kids. British Columbia reports "sophisticated cybersecurity incidents" on government networks. Researchers uncover a vulnerability in UPS software affecting critical infrastructure. Zscaler investigates a claimed data breach. On the Learning Layer, host Sam Meisenberg and N2K’s Urban Alliance Intern, David Nguyen, discuss David's AZ-900 exam experience. The Library of Congress stands strong. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Caleb Barlow, CEO at Cyberbit, is our Man on the Street today. N2K’s Brandon Karpf caught up with Caleb to talk about the 2024 RSA Conference.  Learning Layer On our bonus Learning Layer segment, host Sam Meisenberg and N2K’s Urban Alliance Intern, David Nguyen, discuss David's AZ-900 exam experience, including some remote proctoring issues. David gives tips and strategies for those gearing up for their own exam.  Selected Reading Ascension healthcare takes systems offline after cyberattack (Bleeping Computer) With nation-state threats in mind, nearly 70 software firms agree to Secure by Design pledge (The Record) CISA starts CVE "vulnrichment" program (Help Net Security) Cyber director sees potential for a new era in White House office (The Record) FDA recalls defective iOS app that injured over 200 insulin pump users (The Verge) Poland says it was targeted by Russian military intelligence hackers (The Record) IntelBroker Hacker Leaks Alleged HSBC & Barclays Bank Data (Hack Read) Undercover operation nets arrests as New Mexico's top prosecutor blames Meta for online predators (AP News) B.C. government hit by ’sophisticated cybersecurity incidents’ (Vancouver Sun) Cyble detects critical vulnerabilities in CyberPower PowerPanel Business Software used in critical infrastructure (Industrial Cyber) Zscaler is investigating data breach claims (Industrial Cyber) Thwarted cyberattack targeted Library of Congress in tandem with October British Library breach (Nextgov/FCW)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

International law enforcement put a leash on a LockBit leader. Updates from RSA Conference, including our Man on the Street Rob Boyce, Managing Director at Accenture. TikTok sues the U.S. government. The Commerce Department restricts chip sales to Huawei. A third-party breach exposes payroll records of Britain’s armed forces. BogusBazaar operates over 75,000 fake webshops. Android security updates address 26 vulnerabilities. A Philadelphia real estate investment trust gets hit with ransomware. BetterHelp will pay $7.8 million to settle FTC charges of health data misuse. On the Learning Layer, Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls. AI steals the Met Gala spotlight. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Rob Boyce, Managing Director at Accenture is our Man on the Street today. Rob stops by to share his thoughts on the 2024 RSA Conference.  Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls, which includes: 4.1 Assess and implement secure design principles in network architectures 4.2 Secure network components 4.3 Implement secure communication channels according to design Selected Reading International law enforcement put a leash on a LockBit leader. Updates from RSA Conference, including our Man on the Street Rob Boyce, Managing Director at Accenture. TikTok sues the U.S. government. The Commerce Department restricts chip sales to Huawei. A third-party breach exposes payroll records of Britain’s armed forces. BogusBazaar operates over 75,000 fake webshops. Android security updates address 26 vulnerabilities. A Philadelphia real estate investment trust gets hit with ransomware. BetterHelp will pay $7.8 million to settle FTC charges of health data misuse. On the Learning Layer, Sam and Joe dive into CISSP Domain 4, Communication and Network Security, and discuss networking, the OSI model, and firewalls. AI steals the Met Gala spotlight. Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Secretary Blinken and Senator Warner weigh in on cybersecurity at RSA Conference. Ransomware profits are falling. Proton Mail is under scrutiny for information sharing. A senior British lawmaker blames China for a UK cyberattack. Medstar Health notifies patients of a potential data breach. A study finds cybersecurity education programs across the U.S vary wildly. Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference. An Australian pension fund gets lost in the clouds. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Brandon Karpf, N2K Man on the Street, stops by to share his thoughts on the 2024 RSA Conference.  Selected Reading Blinken unveils State Dept. strategy for ‘vibrant, open and secure technological future’ (The Record) Warner: Lawmakers 'in process' of finding Section 702 fix (The Record) Ransomware operations are becoming less profitable (Help Net Security) Proton Mail Discloses User Data Leading to Arrest in Spain (Restore Privacy) UK says defence ministry targeted in cyberattack (Digital Journal) Novel attack against virtually all VPN apps neuters their entire purpose (Ars Technica) MedStar Health data breach affects 183,079 patients (WUSA9) Researchers say cybersecurity education varies widely in US (Tech Xplore) System outage affecting UniSuper services (UniSuper)  UniSuper private cloud, secondary systems taken out by "rare" Google Cloud "issues" (iTnews) Superannuation: What It Is, How It Works, Types of Plans (Investopedia) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The CyberWire’s Chief Analyst and Senior Fellow, interviews Eugene Spafford about his 2024 Cybersecurity Canon Hall of Fame book: “Cybersecurity Myths and Misconceptions.” References: Eugene Spafford, Leigh Metcalf, Josiah Dykstra, Illustrator: Pattie Spafford. 2023. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book]. Goodreads. Helen Patton, 2024. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us [Book Review]. Cybersecurity Canon Project. Staff, 2024. CERIAS - Center for Education and Research in Information Assurance and Security [Homepage]. Purdue University. Rick Howard Cybersecurity Canon Concierge Cybersecurity Canon Committee members will be in the booth outside the RSA Conference Bookstore to help anybody interested in the Canon’s Hall of Fame and Candidate books. If you’re looking for recommendations, we have some ideas for you. RSA Conference Bookstore JC Vega: May 6, 2024  | 02:00 PM PDT Rick Howard: May 7, 2024  | 02:00 PM PDT Helen Patton: May 8, 2024  | 02:00 PM PDT Rick Howard RSA Birds of a Feather Session:  I'm hosting a small group discussion called  “Cyber Fables: Debating the Realities Behind Popular Security Myths.” We will be using Eugene Spafford’s Canon Hall of Fame book, “ “Cyber Fables: Debating the Realities Behind Popular Security Myths” as the launchpad for discussion. If you want to engage in a lively discussion about the infosec profession, this is the event for you.  May. 7, 2024 | 9:40 AM - 10:30 AM PT Rick Howard RSA Book Signing I published my book at last year’s RSA Conference. If you’re looking to get your copy signed, or if you just want to tell me how I got it completely wrong, come on by. I would love to meet you. RSA Conference Bookstore May 8, 2024 | 02:00 PM PDT Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard Cyware Panel:  The Billiard Room at the Metreon | 175 4th Street | San Francisco, CA 94103 May 8, 2024 | 8:30am-11am PST Simone Petrella and Rick Howard RSA Presentation:  Location: Moscone South Esplanade level May. 9, 2024 | 9:40 AM - 10:30 AM PT Simone Petrella, Rick Howard, 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. Learn more about your ad choices. Visit megaphone.fm/adchoices

Secretary of State Antony Blinken is set to unveil a new international cybersecurity strategy at the RSA Conference in San Francisco. Paris prepares for Olympic-sized cybersecurity threats. Wichita, Kansas is recovering from a ransomware attack. A massive data breach hits citizens of El Salvador. Researchers steal cookies to bypass authentication. Cuckoo malware targets macOS systems. Iranian threat actors pose as journalists to infiltrate network targets. A former Microsoft insider analyzes the company’s recommitment to cybersecurity. Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2K’s Rick Howard to discuss the benefits of security lakes in a post-AI world. Ukrainian officials introduce an AI generated spokesperson.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Mark Terenzoni, Director of Risk Management at AWS, joins N2K’s Rick Howard to discuss the benefits of security lakes and other security considerations for a post-AI world. Read Mark's blog on the subject. Selected Reading Biden administration rolls out international cybersecurity plan (POLITICO) Paris 2024 gearing up to face unprecedented cybersecurity threat (Reuters) Wichita government shuts down systems after ransomware incident (The Record) El Salvador suffered a massive leak of biometric data (Security Affairs) Stealing cookies: Researchers describe how to bypass modern authentication (CyberScoop) Malware: Cuckoo Behaves Like Cross Between Infostealer and Spyware (Kandji) Iranian hackers pose as journalists to push backdoor malware (Bleeping Computer) Breaking down Microsoft’s pivot to placing cybersecurity as a top priority (DoublePulsar) Ukraine unveils AI-generated foreign ministry spokesperson | Artificial intelligence (AI) (The Guardian) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K’s CSO and The Cyberwire’s Chief Analyst and Senior Fellow, interviews Andy Greenberg about his 2024 Cybersecurity Canon Hall of Fame book: “Tracers in the Dark.” References: Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads. Larry Pesce, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Rick Howard, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. Ben Rothke, 2024. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book Review]. Cybersecurity Canon Project. TheScriptVEVO, 2012. The Script - Hall of Fame (Official Video) ft. will.i.am [Music Video]. YouTube. Satoshi Nakamoto, 2008. Bitcoin: A Peer-to-Peer Electronic Cash System [Historic and Important Paper]. Bitcoin. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. RSA Presentation:  May. 9, 2024 | 9:40 AM - 10:30 AM PT Rick Howard, Simone Petrella , 2024. The Moneyball Approach to Buying Down Risk, Not Superstars [Presentation]. RSA 2024 Conference. Learn more about your ad choices. Visit megaphone.fm/adchoices

Technology attorney and startup chief of staff Elizabeth Wharton shares her experiences and how she came to work with companies in technology. Elizabeth talks about how she always liked solving problems and Nancy Drew mysteries, but not litigation. These morphed finding into her home in the policy legal world and some time later, technology law. Elizabeth describes how she loves planning and strategy in her work and encourages others to ask questions and absorb all of the information. Our thanks to Elizabeth for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Adam Marré, CISO at Arctic Wolf, is diving deep into geopolitical tension with China including APT31, iSoon and TikTok with Dave this week. They also discuss some of the history behind China cyber operations. Adam shares information on how different APT groups are able to create spear phishing campaigns, and provides info on how to combat these groups. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Texas operator of rehab facilities faces multiple lawsuits after a ransomware attack. Microsoft warns Android developers to steer clear of the Dirty Stream. The Feds warn of North Korean social engineering. A flaw in the R programming language has been patched. Zloader borrows stealthiness from ZeuS. The GAO highlights gaps in NASA’s cybersecurity measures. Indonesia is a spyware hot-spot. Germany summons a top Russian envoy to address cyber-attacks linked to Russian military intelligence. An Israeli PI is arrested in London following allegations of a cyberespionage campaign. In our Industry Voices segment, Allison Ritter, Senior Product Manager from Cyberbit shares her career journey, off the bench and onto the court. A cybersecurity consultant allegedly attempts to extort a one-point-five million dollar exit package.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Allison Ritter, Senior Product Manager from Cyberbit, shares her cybersecurity journey: “Off the bench and onto the court.” Selected Reading Rehab Hospital Chain Hack Affects 101,000; Facing 6 Lawsuits (GovInfo Security) Microsoft Warns of 'Dirty Stream' Vulnerability in Popular Android Apps (SecurityWeek) U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers (GB Hackers) R-bitrary Code Execution: Vulnerability in R's Deserialization (HiddenLayer) ZLoader Malware adds Zeus's anti-analysis feature (Security Affairs) GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity (Industrial Cyber)  Indonesia is a Spyware Haven, Amnesty International Finds (InfoSecurity Magazine) Germany summons Russian envoy over 2023 cyber-attacks (The Guardian) Israeli private eye arrested in London over alleged hacking for US firm (Reuters) Cybersecurity consultant arrested after allegedly extorting IT firm (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dropbox’s secure signature service suffers a breach. CISA is set to announce a voluntary pledge toward enhanced security. Five Eyes partners issue security recommendations for critical infrastructure. Microsoft acknowledges VPN issues after recent security updates. LockBit releases data from a hospital in France. One of REvil’s leaders gets 14 years in prison. An Phishing-as-a-Service provider gets taken down by international law enforcement. China limits Teslas over security concerns. In our Threat Vector segment, David Moulton from Unit 42 explores Adversarial AI and Deepfakes with two expert guests, Billy Hewlett, and Tony Huynh. NightDragon founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC. And celebrating the 60th  anniversary of the BASIC programming language. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, explores Adversarial AI and Deepfakes as part of the ongoing series “AI’s Impact in Cybersecurity'' with two expert guests, Billy Hewlett, Senior Director of AI Research at Palo Alto Networks, and Tony Huynh, a Security Engineer specializing in AI and deepfakes. They unpack the escalating risks posed by adversarial AI in cybersecurity. You can catch Threat Vector every other Thursday on the N2K CyberWire network and where you get all of your favorite podcasts. Listen to David’s full discussion with Billy and Tony here. Plus, NightDragon Founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC including a look into his “State of the Cyber Union” keynote. Selected Reading Security Breach Exposes Dropbox Sign Users (Infosecurity Magazine) The US Government Is Asking Big Tech to Promise Better Cybersecurity (WIRED) CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) Russian Hackers Target Industrial Systems in North America, Europe (SecurityWeek) Microsoft says April Windows updates break VPN connections (Bleeping Computer) LockBit publishes confidential data stolen from Cannes hospital in France (The Record) Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware (The Record) LabHost Crackdown: 37 Arrested In Global Cybercrime Bust (Security Boulevard) Tesla cars to be banned from Chinese government buildings amid security fears — report (Drive) The BASIC programming language turns 60 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A breach at J.P. Morgan Chase exposes data of over 451,000 individuals. President Biden Signs a National Security Memorandum to Strengthen and Secure U.S. Critical Infrastructure. Verizon’s DBIR is out. Cornell researchers unveil a worm called Morris II. A prominent newspaper group sues OpenAI. Marriott admits to using inadequate encryption. A Finnish man gets six years in prison for hacking a psychotherapy center. Qantas customers had unauthorized access to strangers’ travel data. The Feds look to shift hiring requirements toward skills. In our Industry Voices segment, Steve Riley, Vice President and Field CTO at Netskope, discusses generative AI and governance. Major automakers take a wrong turn on privacy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on Industry Voices, Steve Riley, Vice President and Field CTO at Netskope, discusses generative AI and governance. For more of Steve’s insights into gen AI, check out his article in Forbes.  Selected Reading Breach at J.P. Morgan Exposes Data of 451,000 Plan Participants (PLANADVISER) White House releases National Security Memorandum on critical infrastructure security and resilience (Industrial Cyber) DBIR Report 2024 - Summary of Findings (Verizon) Experimental Morris II worm can exploit popular AI services to steal data and spread malware (Computing) Major U.S. newspapers sue OpenAI, Microsoft for copyright infringement (Axios) Marriott admits it falsely claimed for five years it was using encryption during 2018 breach (CSO Online) Finnish hacker imprisoned for accessing thousands of psychotherapy records and demanding ransoms (AP News) Qantas Airways Says App Showed Customers Each Other's Data (GovInfo Security) Agencies to turn toward ‘skill-based hiring’ for cyber and tech jobs, ONCD says (CyberScoop) Carmakers lying about requiring warrants before sharing location data, Senate probe finds (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

UnitedHealth’s CEO testimony before congress reveals details of the massive data breach. Major US mobile carriers are hit with hefty fines for sharing customer data. Muddling Meerkat manipulates DNS. A report from Sophos says ransomware payments skyrocketed this past year. The DOE addresses risks and benefits of AI. LightSpy malware targets macOS. A crucial Kansas City weather and traffic system is disabled by a cyberattack. A Canadian pharmacy chain shuts down temporarily following a cyberattack. Guest Kayla Williams, CISO from Devo, joins us to share CISO insights into the pressure of their roles they feel mounting on them and gives us a look into their plans for RSAC 2024. Pay attention - that AWS meter may be running.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Kayla Williams, CISO from Devo, joins us to share CISO insights into the pressure of their roles they feel mounting on them and gives us a look into their plans for RSAC 2024. Selected Reading Change Healthcare hackers broke in using stolen credentials — and no MFA, says UHG CEO (TechCrunch) FCC Fines Carriers $200m For Selling User Location Data (Infosecurity Magazine) Muddling Meerkat hackers manipulate DNS using China’s Great Firewall (Bleeping Computer) Ransom Payments Surge by 500% to an Average of $2m (Infosecurity Magazine) US DOE rolls out initial assessment report on AI benefits and risks for critical energy infrastructure (Industrial Cyber)  LightSpy malware has made a comeback, and this time it's coming after your macOS devices (ITPro) Kansas City system providing roadside weather, traffic info taken down by cyberattack (The Record) London Drugs pharmacy chain closes stores after cyberattack (Bleeping Computer) An Empty S3 Bucket Can Make Your AWS Bills Explode (GB Hackers) - kicker How an empty S3 bucket can make your AWS bill explode (Medium) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Okta warns of a credential stuffing spike. A congressman looks to the EPA to protect water systems from cyber threats. CISA unveils security guidelines for critical infrastructure. Researchers discover a stealthy botnet-as-a-service coming from China. The UK prohibits easy IoT passwords. New vulnerabilities are found in Intel processors. A global bank CEO shares insights on cybersecurity. Users report mandatory Apple ID resets. A preview of N2K CyberWire activity at RSA Conference. Police in Japan find a clever way to combat gift card fraud.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest It’s the week before the 2024 RSA Conference. Today, we have N2K’s own Rick Howard, Brandon Karpf, and Dave Bittner previewing N2K’s upcoming activities and where you can find our team at RSAC 2024. Special Edition: Threat Vector Understanding the Midnight Eclipse Activity and CVE 2024-3400: Host David Moulton and Andy Piazza, Sr. Director of Threat Intelligence at Unit 42, dive into the critical vulnerability CVE-2024-3400 found in PAN-OS software of Palo Alto Networks, emphasizing the importance of immediate patching and mitigation strategies for such vulnerabilities, especially when they affect edge devices like firewalls or VPNs.  Selected Reading Okta warns customers about credential stuffing onslaught (Help Net Security) Crawford puts forward bill on cybersecurity risks to water systems (The Arkansas Democrat-Gazette)  CISA unveils guidelines for AI and critical infrastructure (FedScoop) Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services (GB Hackers) UK becomes first country to ban default bad passwords on IoT devices (The Record) Researchers unveil novel attack methods targeting Intel's conditional branch predictor (Help Net Security) Standard Chartered CEO on why cybersecurity has become a 'disproportionately huge topic' at board meetings (The Record) Security Bite: Did Apple just declare war on Adload malware? (9to5Mac) Apple users are being locked out of their Apple IDs with no explanation (9to5Mac) Japanese police create fake support scam payment cards to warn victims (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Host of Darknet Diaries podcast Jack Rhysider shares his experiences from studying computer engineering at university to his strategy of using gamification on his career that led to him landing in the security space. Jack talks about how his wide experiences came together in security and what prompted him to learn podcasting. Jack endeavors to share the whole story through his podcasts while making them entertaining, enlightening and inspirational. Our thanks to Jack for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit.  The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability." The research can be found here: Cerber Ransomware: Dissecting the three heads Learn more about your ad choices. Visit megaphone.fm/adchoices

Healthcare providers report breaches affecting millions. PlugX malware is found in over 170 countries. Hackers exploit an old vulnerability to launch Cobalt Strike. A popular Wordpress plugin is under active exploitation. Developing nations may serve as a test bed for malware developers. German authorities question Microsoft over Russian hacks. CISA celebrates the success of their ransomware warning program. Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Password trends are a mixed bag. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Selected Reading Kaiser Permanente data breach may have impacted 13.4 million patients (Security Affairs) LA County Health Services: Patients' data exposed in phishing attack (Bleeping Computer) China-linked PlugX malware infections found in more than 170 countries (The Record) Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike (GB Hackers) Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors (SecurityWeek) Cybercriminals are using developing nations as test beds for ransomware attacks (TechSpot) Microsoft Questioned by German Lawmakers About Russian Hack (GovInfo Security) More than 800 vulnerabilities resolved through CISA ransomware notification pilot (The Record) Most people still rely on memory or pen and paper for password management (Help Net Security)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape.  In this episode, we center our conversation around the Cyber Workforce Pipeline. We discuss where the next great wave of talent is going to come. We talk more about these sources of new talent, such as K-12 programs, higher education, and trade school programs, transitioning military, and other initiatives and programs focused on cultivating the next generation of cyber professionals. Explore Cyber Talent Insights N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool, Cyber Workforce Consultant  Dr. Heather Monthie, Cybersecurity Workforce Consultant Jeff Welgan, Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Strategic Cyber Workforce Intelligence resources for your organization Cyber Talent Acquisition Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco releases urgent patches for their Adaptive Security Appliances. Android powered smart TVs could expose Gmail inboxes. The FTC refunds millions to Amazon Ring customers. The DOJ charges crypto-mixers with money laundering. A critical vulnerability has been disclosed in the Flowmon network monitoring tool. A Swiss blood donation company reopens following a ransomware attack. Multiple vulnerabilities are discovered in the Brocade SANnav storage area network management application. Brokewell is a new Android banking trojan. Meta’s ad business continues to face scrutiny in the EU.  Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast speaks with LinkedIn's CISO Geoff Belknap. And an AI Deepfake Sparks a Community Crisis. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast talking with Geoff Belknap sharing "Insights from LinkedIn's CISO." You can listen to their full discussion here.  Selected Reading 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks (WIRED) Cisco Releases Security Updates Addressing ArcaneDoor Campaign, Exploited Vulnerabilities in ASA and FTD (NHS England Digital) Android TVs Can Expose User Email Inboxes (404 Media) FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures (SecurityWeek) Southern District of New York | Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses (United States Department of Justice) Maximum severity Flowmon bug has a public exploit, patch now (Bleeping Computer) Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack (The Record) New Brokewell malware takes over Android devices, steals data (Bleeping Computer) Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking (SecurityWeek) Meta could face further squeeze on surveillance ads model in EU (TechCrunch) Baltimore County educator framed principal with AI-generated voice, police say (Baltimore Banner) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President’s desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden’s liquor stores bare.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes: Cryptographic life cycle Cryptographic method Public key infrastructure (PKI). Industry Voices On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness.  Selected Reading Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers) Congress passes bill that could ban TikTok after years of false starts (Washington Post) Russian hackers claim cyberattack on Indiana water plant (The Record) Major Data Leaks from Honda Vietnam, US Airports, and Chinese Huawei/iPhone Users (SOCRadar® Cyber Intelligence Inc.) Global attacker median dwell time continues to fall (Help Net Security) New Password Cracking Analysis Targets Bcrypt (SecurityWeek) North Korean Hackers Target Dozens of Defense Companies (Infosecurity Magazine) ​​Hackers hijack antivirus updates to drop GuptiMiner malware (Bleeping Computer) Sweden's liquor shelves to run empty this week due to ransomware attack (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The State Department puts visa restrictions on spyware developers. UnitedHealth says its recent breach could affect tens of millions of Americans. LockBit leaks data allegedly stolen from the DC government. Microsoft says APT28 has hatched a GooseEgg. The White House and HHS update HIPAA rules to protect private medical data. Keyboard apps prove vulnerable. A New Hampshire hospital suffers a data breach. Microsoft’s DRM may be vulnerable to compromise. On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. GoogleTeller just can’t keep quiet.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. Selected Reading U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity (Security Affairs) UnitedHealth Group Previews Massive Change Healthcare Breach (GovInfo Security) Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor (SecurityWeek) Russian APT28 Group in New “GooseEgg” Hacking Campaign (Infosecurity Magazine) HHS strengthens privacy protections for reproductive health patients and providers (The Record) The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers (The Citizen Lab) Records of almost 2,800 CMC patients vulnerable in 'data security incident': hospital | Crime (Union Leader)  Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services (SecurityWeek) The creepy sound of online trackers (Axbom)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Section 702 gets another two years.  MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHub’s comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the President’s Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of RSAC 2024. Targeting kids online puts perpetrators in the malware crosshairs.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We have two guests today. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists and what to look for on the innovation front at RSAC 2024. For 18 years, cybersecurity's boldest new innovators have competed in the RSAC Innovation Sandbox contest to put the spotlight on their potentially game-changing ideas. This year, 10 finalists will once again have three minutes to make their pitch to a panel of judges. Since the start of the contest, the Top 10 Finalists have collectively seen over 80 acquisitions and $13.5 billion in investments. Innovation Sandbox will take place on Monday, May 6th at 10:50am PT. Selected Reading Warrantless spying powers extended to 2026 with Biden’s signature (The Record) MITRE breached by nation-state threat actor via Ivanti zero-days (Help Net Security) CrushFTP File Transfer Vulnerability Lets Attackers Download System Files (Infosecurity Magazine) Researchers Claim that Windows Defender Can Be Bypassed (GB Hackers) Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns  (The Record) GitHub comments abused to push malware via Microsoft repo URLs (Bleeping Computer) Presumably Chinese industrial spies stole VW data on e-drive technology (Bleeping Computer) CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading (Industrial Cyber) Malware dev lures child exploiters into honeytrap to extort them (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonprofit. She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of CyberWire-X, N2K CyberWire’s Podcast host Dave Bittner is joined by Brian Davis, Principal Software Engineer, and Thomas Gardner, Senior Detection Engineer, both from Red Canary. They engage in a cloud architect vs. detection engineer discussion. Through the conversation, they illustrate how one person benefits the other's work and how they work together. Red Canary is our CyberWire-X episode sponsor. Learn more about your ad choices. Visit megaphone.fm/adchoices

Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails.  The research states "While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to spoof various personas and, in February 2024, began incorporating web beacons for target profiling." The research can be found here: From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering Learn more about your ad choices. Visit megaphone.fm/adchoices

Two swift responses to recent cyberattacks. Frontier Communications discloses cyberattack. Texas town repels water system cyberattack by unplugging. List of undesirables falls into the wrong hands. CryptoChameleon phishing kit impersonates LastPass. Ransomware payments trending down in Q1 2024 and a warning for small to medium-sized businesses. US auto manufacturers targeted by FIN7. Akira ransomware has made $42 million since March 2023. No more WhatsApp or Threads in China. Concerning drop in US cybersecurity job listings. Our guest is Zscaler’s Chief Security Officer Deepen Desai exploring encrypted attacks amidst the AI revolution. Meghan Markle hacked by Kate supporters.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Deepen Desai, Chief Security Officer and SVP Security Engineering & Research at Zscaler, joins us to talk about exploring encrypted attacks amidst the AI revolution. Selected Reading Frontier Communications Shuts Down Systems Following Cyberattack (SecurityWeek) Tiny Texas City Repels Russia-Tied Hackers Eyeing Water System (Bloomberg)  Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals (The Register)  Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns (LastPass) Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! (Help Net Security) FIN7 cybercriminals targeted large U.S. automotive manufacturer last year (The Record)  Akira Ransomware Made Over $42 Million in One Year: Agencies (SecurityWeek)  Apple pulls WhatsApp, Threads from China App Store following state order (TechCrunch) Alarming Decline in Cybersecurity Job Postings in the US (Infosecurity Magazine) Meghan Markle's new lifestyle website hijacked by anonymous user whose ‘thoughts are with Kate’ (GB News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape.  In this episode, we shift our point of view to provide guidance for an individual's first career or perhaps considering a career change transitioning into the field. We discuss a market-driven approach to career development. We also explore how to discover one’s niche in cybersecurity, including how to stand out in this competitive market and align personal interests with career goals. Lastly, we examine the role certifications play when navigating your path throughout the talent acquisition, development, and retention of the cybersecurity workforce management lifecycle.   Explore Cyber Talent Insights N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool, Cyber Workforce Consultant  Dr. Heather Monthie, Cybersecurity Workforce Consultant Jeff Welgan, Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Cyber Talent Acquisition Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar Learn more about your ad choices. Visit megaphone.fm/adchoices

A major Phishing-as-a-service operation gets taken down by international law enforcement. US election officials are warned of nation-state influence operations. The house votes to limit the feds’ purchase of citizens personal data. A Michigan healthcare provider suffered a ransomware attack. Critical infrastructure providers struggle to trust cybersecurity tools. Cloudflare reports on DDoS. Kaspersky uncovers new Android banking malware. Kubernetes cryptominers leverage previously patched flaws. The Massachusetts Attorney General emphasizes the responsible use of AI. Our guest Caleb Barlow, CEO of Cyberbit, joins us to talk about badge swipe fraud as more are returning to the office. Colorado passes a law to keep big tech out of our heads.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest and podcast partner Caleb Barlow, CEO of Cyberbit, joins us to talk about badge swipe fraud as more are returning to the office. Are your employees faking their badge swipes? Selected Reading LabHost phishing service with 40,000 domains disrupted, 37 arrested (Bleeping Computer) US Election Officials Told to Prepare for Nation-State Influence Campa (Infosecurity Magazine) House votes in favor of curtailing government transactions with data brokers (The Record) 180k Impacted by Data Breach at Michigan Healthcare Organization (SecurityWeek) Trust in Cyber Takes a Knock as CNI Budgets Flatline (Infosecurity Magazine) DDoS threat report for 2024 Q1 (Cloudflare)  SoumniBot malware exploits Android bugs to evade detection (Bleeping Computer) Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (Bleeping Computer) Massachusetts official warns AI systems subject to consumer protection, anti-bias laws (AP News) Your Brain Waves Are Up for Sale. A New Law Wants to Change That (NY Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Russian hacker group boldly targets critical infrastructure. The Change Healthcare ransomware attack is projected to cost over a billion dollars. Three hundred bucks is the going rate for a SIM swap. PuTTY potentially reveals private keys. Cisco Talos reports a surge in brute-force attacks. Ivanti updates its MDM product. Omni Hotels & Resorts confirm a data breach. Financially motivated hackers target Businesses in Latin America with steganography. A prolific cryptojacker faces decades in prison. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. The ransomware equivalent of a Saturday night special.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for Domain 2, Asset Security.  Resources: Domain 2, Asset Security Identify and securely provision information assets, establish handling requirements, manage the data lifecycle, and apply data security controls to comply with applicable laws. 2.1 Identify and classify information and assets 2.2 Establish information and asset handling requirements 2.3 Provision resources securely 2.4 Manage data lifecycle 2.5 Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS)) 2.6 Determine data security controls and compliance requirements Are you studying for the CISSP exam, considering taking the test soon, or did you have an unsuccessful exam experience? Here are some CISSP exam pitfalls to avoid so that you’re confident and successful on exam day. Selected Reading Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities (WIRED) T-Mobile, Verizon workers get texts offering $300 for SIM swaps (Bleeping Computer) PuTTY SSH client flaw allows recovery of cryptographic private keys (Bleeping Computer)  Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials (Talos Intelligence) Ivanti Patches Two Critical Avalanche Flaws in Major Update (Infosecurity Magazine) Omni Hotels confirms data compromise in apparent ransomware attack (SC Media) Steganography Campaign Targets Global Enterprises (GovInfo Security) Nebraska man allegedly defrauded cloud providers of millions via cryptojacking (The Record) Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion (The Record) ‘Junk gun’ ransomware: Peashooters can still pack a punch (Sophos News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco Dou warns of a third-party MFA-related breach. MGM Resorts sues to stop an FTC breach investigation. Meanwhile the FTC dings another mental telehealth service provider. Open Source foundations call for caution after social engineering attempts. The NSA shares guidance for securing AI systems. IntelBroker claims to have hit a US geospatial intelligence firm. The UK clamps down on deepfakes. Hard-coded passwords provide the key to smart-lock vulnerabilities. On our Industry Voices segment, Ryan Lougheed, Director of Product Management at Onspring, discusses the benefits of artificial intelligence in governance, risk and compliance (GRC). A Law Firm’s Misclick Ends 21 Years of Matrimony.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Ryan Lougheed, Director of Product Management at Onspring, discusses the benefits of artificial intelligence in governance, risk and compliance (GRC). Selected Reading Cisco Duo MFA logs exposed in third-party data breach (ITPro) Casino operator MGM sues FTC to block probe into 2023 hack (Reuters) Open Source Leaders Warn of XZ Utils-Like Takeover Attempts (Infosecurity Magazine) FTC Bans Online Mental Health Firm From Sharing Certain Data (GovInfo Security) New NSA guidance identifies need to update AI systems to address changing risks, bolster security (Industrial Cyber) IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data (HackRead)  Creating sexually explicit deepfakes to become a criminal offence (BBC) CISA warns of critical vulnerability in Chirp smart locks (The Register) Wrong couple divorced after computer error by law firm Vardag's (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Palo Alto Networks releases hotfixes for an exploited zero-day. Delinea issues an urgent update for a critical flaw. Giant Tiger data is leaked online. A European semiconductor manufacturer deals with a data breach. Roku suffers its second breach of the year. Operators of the Hive RAT face charges.  A former Amazon security engineer gets three years in prison for hacking cryptocurrency exchanges. Zambian officials arrest 77 in a scam call center crack down. Our guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division describes dual ransomware. And Rob Boyce, Managing Director at Accenture, shares his thoughts on security testing of generative AI. And selling Pokemon cheats leaves one man in Japan feeling like he had a run-in with a Scaldiburn. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have two guests, Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division discussing dual ransomware. Followed by Rob Boyce, Managing Director at Accenture, sharing some thoughts on security testing of generative AI. Selected Reading Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge (SecurityWeek) A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (Help Net Security) Hacker claims Giant Tiger data breach, leaks 2.8M records online (Bleeping Computer) Press statement: Nexperia IT Breach (Nexperia) Roku issues warning over massive customer account breach (ITPro) Two People Arrested in Australia and US for Development and Sale of Hive RAT (SecurityWeek) Ex-Amazon engineer gets 3 years for hacking crypto exchanges (Bleeping Computer) Zambia arrests 77 people in swoop on "scam" call centre (Bitdefender) Japanese Police Arrest 36-Year-Old Man on Suspicion of Tampering With Pokémon Violet Save Data (IGN)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

You can learn more about AWS in Orbit at space.n2k.com/aws. N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11.  Our guests today are ​​Clint Crosier, Director at AWS Aerospace and Satellite, and Jim Tran, Vice President of Government Solutions at Iridium. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Founder and CEO Stu Sjouwerman takes us on a journey of how his career developed from starting a software service company to currently focusing on the infosec side of the business where his team essentially helps to create human firewalls. Stu talks about learning all aspects of the business while creating startups and suggests you learn to speak the language of the area you are looking to get into. He even touches on predicting the future and taking over the world. Our thanks to Stu for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

You can learn more about AWS in Orbit at space.n2k.com/aws. N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11.  Our guests today are ​​Salem El Nimri, Chief of Space Technology at AWS Aerospace and Satellite, and Declan Ganley, Chairman and CEO at Rivada Space Networks. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Tomer Peled, a Security & Vulnerability Researcher from Akamai is sharing their work on "What a Cluster: Local Volumes Vulnerability in Kubernetes." This research focuses on a high-severity vulnerability in Kubernetes, allowing for remote code execution with system privileges on all Windows endpoints within a Kubernetes cluster. The research states "The discovery of this vulnerability led to the discovery of two others that share the same root cause: insecure function call and lack of user input sanitization." The research can be found here: What a Cluster: Local Volumes Vulnerability in Kubernetes Learn more about your ad choices. Visit megaphone.fm/adchoices

Section 702 edges closer to a vote. CISA provides guidance on Sisense and Microsoft breaches. A major conservative think tank reports a breach. Obsolete D-Link devices are under active exploitation, and Palo Alto warns of a zero-day. Raspberry Robin grows more stealthy. A lastpass employee thwarts a deepfake phishing attempt. Are AI models growing more persuasive? Our guest Kevin Magee from Microsoft Canada joins us to talk about cross domain prompt injection and AI. Floppies keep the trains running on time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest and podcast partner Kevin Magee from Microsoft Canada joins us to talk about cross domain prompt injection and AI.  Selected Reading Compromise of Sisense Customer Data (CISA) ED 24-02: Mitigating the Significant Risk from Nation-State Compromise of Microsoft Corporate Email System (CISA) US think tank Heritage Foundation hit by cyberattack (TechCrunch) Exploitation of Unpatched D-Link NAS Device Vulnerabilities Soars (SecurityWeek) Palo Alto Networks Warns About Critical Zero-Day in PAN-OS (Infosecurity Magazine) Hackers are using Windows script files to spread malware and swerve antivirus software ( ITPro) LastPass Employee Targeted With Deepfake Calls (SecurityWeek) Anthropic says its AI models are as persuasive as humans (Axios) 5.25-inch floppy disks expected to help run San Francisco trains until 2030 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape.  In the first episode of the series on cybersecurity workforce development, we dive into the complex world of cyber workforce management and planning, particularly as it pertains to the perspective of the enterprise. We explore the current state of the cybersecurity workforce, navigate various challenges in talent acquisition, and explore the nuances of job classifications, titles, compensation, and the dynamics of remote, onsite, and hybrid work environments.  Our experts further address talent development strategies like professional development, training, conferences, mentorship programs, communities of interest, and corporate cyber academies.  Finally, we touch upon the critical aspect of talent retention, an essential component in closing the cybersecurity talent gap. We hope you will join us on this journey. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool, Cyber Workforce Consultant  Dr. Heather Monthie, Cybersecurity Workforce Consultant Jeff Welgan, Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Strategic Cyber Workforce Intelligence resources for your organization Cyber Talent Acquistion Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar Learn more about your ad choices. Visit megaphone.fm/adchoices

Apple warns targeted users of mercenary spyware attacks. CISA expands its Malware Next-Gen service to the private sector. US Cyber Command chronicles their “hunt forward” operations. Taxi fleets leak customer data. Trend Micro tracks DeuterBear malware. The BatBadBut vulnerability enables command injection on Windows. Cybercriminals manipulate GitHub's search functionality. Scully Spider may be utilizing AI generated Powershells scripts. A study from ISC2 shed’s light on salary disparities. On our Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former Recon Marine, as they delve into the indispensable role of a military mindset in cybersecurity. Guest Dr. Sasha Vanterpool, Cyber Workforce Consultant with N2K, introducing the new podcast series Cyber Talent Insights. And AI music sings the license.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests On our Threat Vector segment, host David Moulton, Director of Thought Leadership at Unit 42, welcomes Donnie Hasseltine, VP of Security at Second Front Systems and a former Recon Marine, as they delve into the indispensable role of a military mindset in cybersecurity. You can listen to the full conversation here.  Guest Dr. Sasha Vanterpool, Cyber Workforce Consultant with N2K, introducing the new podcast series Cyber Talent Insights that is launching on Friday, April 12, 2024. You can read more about Cyber Talent Insights here. Selected Reading iPhone users in 92 countries received a spyware attack warning from Apple (Engadget) CISA to expand automated malware analysis system beyond government agencies (The Record) US Cyber Force Assisted Foreign Governments 22 Times in 2023 (SecurityWeek) Taxi software vendor exposes personal details of nearly 300K (The Register) Cyberespionage Group Earth Hundun's Continuous Refinement of Waterbear and Deuterbear (Trend Micro) BatBadBut: You can't securely execute commands on Windows (Flatt) New Technique to Trick Developers Detected in an Open Source Supply Chain Attack (Checkmarx) Malicious PowerShell script pushing malware looks AI-written (Bleeping Computer) Women make less than men in US cyber jobs — but the gap is narrowing (CyberScoop) Permission is hereby granted (Suno)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The House moves forward on Section 702 reauthorization. Ukraine suspends a top cybersecurity official. A Wisconsin health coop suffers a data breach. Sophos uncovers a malicious backdoor. Fortinet issues patches for critical and high severity vulnerabilities. A Microsoft server exposed employee passwords, keys, and credentials. LG releases patches to secure smart TVs. The IMF warns of cyberattacks potential to trigger bank runs. It was a busy patch Tuesday. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and how to avoid frustration when you get a practice question wrong. X marks the spot where Elon’s impulsiveness turns chaotic.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and discuss Domain 1, Security and Risk Management. They cover note-taking best practices and how to avoid getting frustrated when you get a practice question wrong. Selected Reading House sets up debate on Section 702 bill, along with votes on proposed changes (The Record) Ukrainian security service’s cyber chief suspended following media investigation (The Record) 530k Impacted by Data Breach at Wisconsin Healthcare Organization (SecurityWeek) Smoke and (screen) mirrors: A strange signed backdoor (Sophos News) Fortinet reports FortiClient critical flaw and issues in FortiOS and FortiProxy (Beyond Machines) Microsoft left internal passwords exposed in latest security blunder (The Verge) LG releases updates for vulnerabilities that could allow hackers to gain access to TVs (The Record) Extreme cyberattacks could cause bank runs, IMF warns (Silicon Republic) Johannes Ulrich's summary of MS patch Tuesday (SANS Internet Storm Center) X automatically changed 'Twitter' to 'X' in users' posts, breaking legit URLs (Mashable)  Example from X/Twitter story: https://wetdry.world/@seraph/112241754503585255 Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Change Healthcare gets hit with another ransom demand. A French football team warns fans of a cyberattack. The Home Depot breach is chalked up to a misconfigured SaaS application. The FCC looks to sure up car connectivity security to protect survivors of domestic violence. Targus reports a disruptive cyberattack. A massive doxxing event hits El Salvador. India's top audio and wearables brand investigates a customer data breach. The Israeli military jams GPS. Microsoft Security’s Ann Johnson, host of Afternoon Cyber Tea podcast, shares a segment of her latest episode featuring Jason Healey, founding scholar and director for cyber efforts at Columbia's School of International and Public Affairs. They discuss nurturing trust in cybersecurity. And, I’ll have a burger with a side of surveillance.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, Microsoft Security’s Ann Johnson, host of Afternoon Cyber Tea podcast, shares a segment of her latest episode featuring Jason Healey, founding scholar and director for cyber efforts at Columbia's School of International and Public Affairs. They discuss nurturing trust in cybersecurity. You can listen to the full episode here. Selected Reading Change Healthcare breach data may be in hands of new ransomware group (SC Media) French football club PSG says ticketing system targeted by cyberattack (The Record) Misconfigured SaaS applications led to the Home Depot data breach, and experts say it’s no surprise (ITPro) FCC opens rulemaking to probe connected car stalking (The Record) Targus discloses cyberattack after hackers detected on file servers (Bleeping Computer) Hacker doxxes nearly every adult in El Salvador (Protos) Hit with massive data breach, boAt loses data of 7.5 million customers (Forbes) Israel’s Scrambled GPS Signals Turn Life Upside Down in Tel Aviv (Bloomberg) How fast food is becoming a new surveillance ground (Fast Company) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Might there be motion from Congress on data privacy legislation? Maryland passes a pair of privacy bills. A database allegedly from the EPA shows up on Russian cybercrime forums. HHS issues an alert for the Healthcare and Public Health sectors. CISA gears up for their Cyber Storm. A leading UK veterinary service provider suffers a cyber incident. A hardcoded backdoor is discovered in deprecated Network Attached Storage devices. NSA’s new cybersecurity director takes the reins. Guest Caleb Barlow, CEO of Cyberbit, shares his insights on the evolving role of the CISO. The bull market for Zero-days. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Caleb Barlow, CEO of Cyberbit, discussing how we need to think about the role and position of the CISO. Selected Reading A Breakthrough Online Privacy Proposal Hits Congress (WIRED) Maryland Passes 2 Major Privacy Bills, Despite Tech Industry Pushback (The New York Times) US Environmental Protection Agency Allegedly Hacked, 8.5M User Data Leaked (HACKREAD) U.S. Department of Health warns of attacks against IT help desks (Security Affairs) CISA’s ‘Cyber Storm’ will help it update National Cyber Incident Response Plan (Federal News Network) Veterinary Giant CVS Reveals Major Cyber-Attack (Infosecurity Magazine) Over 92,000 exposed D-Link NAS devices have a backdoor account (Bleeping Computer) NSA Appoints Dave Luber as Cybersecurity Director (SecurityWeek) Price of zero-day exploits rises as companies harden products against hackers (TechCrunch)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber threat intelligence analyst Selena Larson takes us on her career journey from being a journalist to making the switch to industrial security. As a child who wrote a book about a green goldfish who dealt with bullying, Selena always liked investigating and researching things. Specializing in cybersecurity journalism led to the realization of how closely aligned or similar skills are required from an investigative journalist and a cyber threat intelligence analyst. Our thanks to Selena for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him. The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment. The research can be found here: What happens when you accidentally leak your AWS API keys? [Guest Diary] Learn more about your ad choices. Visit megaphone.fm/adchoices

Acuity downplays its recent breach. IcedID gives way to a new malware strain. Russia arrests alleged credit card thieves. Wiz uncovers security flaws in Hugging Face AI models. NERC and the E-ISAC review lessons learned from simulated attacks on the electrical grid. UK police track honey traps targeting MPs. Microsoft says China is actively trying to influence US elections. A major global lens maker suffers a cyber attack.  Guest Dick O'Brien from the Symantec Threat Hunter Team shares how ransomware operators adapt to disruption. And SEO under threat of legal action.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Dick O'Brien from Symantec Threat Hunter Team by Broadcom shares how ransomware operators adapt to disruption. Get more details in the blog: Ransomware: Attacks Continue to Rise as Operators Adapt to Disruption. Selected Reading Acuity Responds to US Government Data Theft Claims, Says Hackers Obtained Old Info (SecurityWeek) New Latrodectus malware replaces IcedID in network breaches (bleepingcomputer) Magecart-style hackers charged by Russia in theft of 160,000 credit cards (The Record) Wiz Discovers Flaws in GenAI Models Enabling Customer Data Theft (Infosecurity Magazine) Lessons learned from electrical grid security exercise (nerc) British police investigating ‘honey trap’ WhatsApp messages sent to MPs (The Record) China is trying to influence US elections with AI, Microsoft claims (siliconrepublic) Lens Maker Hoya Scrambling to Restore Systems Following Cyberattack (SecurityWeek) A ‘Law Firm’ of AI Generated Lawyers Is Sending Fake Threats as an SEO Scam (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The State Department investigates an alleged breach. The FCC looks at regulating connected vehicles. A big-tech consortium hopes to mitigate AI-related job losses. Google aims to thwart cookie-thieves. SurveyLama exposes sensitive info of over four millions users. Omni Hotels & Resorts is recovering from a cyberattack. A national cancer treatment center suffers a breach. How cyber is approached on both sides of the pond. In our Industry Voices segment , George Jones, CISO at Critical Start, discusses strategies for maximizing cybersecurity investments to achieve optimal risk reduction. Playing the identity theft long-game.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On Industry Voices, guest George Jones, CISO at Critical Start, joins us to share thoughts on the topic "Spend Smarter, Risk Less: Cybersecurity ROI Strategies for Security Leaders." George discusses strategies for maximizing cybersecurity investments to achieve optimal risk reduction.  Selected Reading Threat Actor Claims Classified Five Eyes Data Theft (Infosecurity Magazine) Automakers and FCC square off over potential regulations for connected cars (The Record) Big tech companies form new consortium to allay fears of AI job takeovers (TechCrunch) Amazon is cutting hundreds of jobs in its cloud computing unit AWS (NPR) Google Proposes Method for Stopping Multifactor Runaround (GovInfo Security) Google fixes two Pixel zero-day flaws exploited by forensics firms (Bleeping Computer) SurveyLama data breach exposes info of 4.4 million users (Bleeping Computer) Omni Hotels confirms cyberattack behind ongoing IT outage (Bleeping Computer) The US or the UK: Where Should You Get a Cybersecurity Job? (GovInfo Security) US Cancer Center Data Breach Impacting 800,000 (SecurityWeek) Iowa sysadmin pleads guilty to 33-year identity theft of former coworker (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Cyber Safety Review Board hands Microsoft a scathing report. Jackson County, Missouri declares a state of emergency following a ransomware attack. The concerning growth of Chinese brands in U.S. critical infrastructure. Malware campaigns make use of YouTube. OWASP issues a data breach warning. Trend Micro tracks LockBit’s faltering rebound. India’s government cloud service leaks personal data. ChatGPT jailbreaks spread on popular hacker forums. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and focus on the when and how of studying for Domain 1. And you can no longer just walk out of an Amazon grocery store.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's CISSP study journey and focus on the when and how of studying for Domain 1.  Resources for this session:  Effect of sunlight exposure on cognitive function among depressed and non-depressed participants: a REGARDS cross-sectional study Selected Reading Scathing federal report rips Microsoft for shoddy security, insincerity in response to Chinese hack (AP News) Missouri county declares state of emergency amid suspected ransomware attack (Ars Technica) Forescout research finds surge in Chinese-manufactured devices on US networks, including critical infrastructure (Industrial Cyber) YouTube channels found using pirated video games as bait for malware campaign (The Record) OWASP issues data breach alert after misconfigured server leaked member resumes (ITPro) Trend Micro: LockBit ransomware gang's comeback is failing (TechTarget) Indian government’s cloud spilled citizens’ personal data online for years (TechCrunch) ChatGPT jailbreak prompts proliferate on hacker forums (SC Media) Amazon Ditches 'Just Walk Out' Checkouts at Its Grocery Stores (Gizmodo)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Google agrees to delete billions of user records. NIST addresses the NVD backlog. India rescues hundreds of citizens from scam jobs in Cambodia. The UK and US agree to collaborate on AI safety. The FTC tracks an explosion in impersonation fraud. A PandaBuy breach exposes over 1.3 million customers. Prudential Financial informs over 36,000 customers of a data breach. A look at safeguarding sensitive data. Our guest is Jeff Reich, Executive Director of the Identity Defined Security Alliance (IDSA), with insights on identity security best practices. A dash of curiosity reveals a hotel chain vulnerability.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Jeff Reich, Executive Director of the Identity Defined Security Alliance (IDSA), sharing insights on identity security best practices, identity and access sprawl, and how Generative AI is helping and hurting identity management. The IDSA’s Identity Management Day 2024 is coming up on April 9, 2024. Selected Reading Google agreed to erase billions of browser records to settle a class action lawsuit (Security Affairs) Vulnerability database backlog due to increased volume, changes in 'support,' NIST says (The Record) India rescues 250 citizens enslaved by Cambodian cybercrime gang (Bleeping Computer) The US and UK are teaming up to test the safety of AI models (Engadget) Impersonation Scams Net Fraudsters $1.1bn in a Year ( Infosecurity Magazine) PandaBuy data breach allegedly impacted +1.3M customers (Security Affairs) Prudential Financial Data Breach Impacts 36,000 (SecurityWeek) How to bridge the gap between the IT and legal staffs to better combat insider risk (SC Media) IBIS hotel check-in terminal keypad-code leakage (Pentagrid AG) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The xz backdoor sets the open source community back on its heels. AT&T resets passwords on millions of customer accounts. Researchers track a macOS infostealer. Poland investigates past internal use of Pegasus spyware. The latest Vultur banking trojan grows trickier than ever. We note the passing of a security legend. On our Solution Spotlight, N2K President Simone Petrella talks about “Bits, Bytes, and Loyalty: How to Improve Team Retention” with Yameen Huq of the Aspen Institute. A ghost ship trips Africa’s internet.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks about “Bits, Bytes, and Loyalty: How to Improve Team Retention” with Yameen Huq of the Aspen Institute. Selected Reading What we know about the xz Utils backdoor that almost infected the world (Ars Technica) AT&T resets account passcodes after millions of customer records leak online (TechCrunch) Info stealer attacks target macOS users (Security Affairs) Poland launches inquiry into previous government’s spyware use (The Guardian) Vultur banking malware for Android poses as McAfee Security app (Bleeping Computer) Ross Anderson, professor and famed author of ‘Security Engineering,’ passes away (The Record) A Ghost Ship’s Doomed Journey Through the Gate of Tears (WIRED)  Swapping scripts nightmare. (N2K) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Liji Samuel from NSA sits down to share her exciting career path through the years until she found a job working for as Chief of Standards and Certification at NSA's Cyber Collaboration Center. She starts by sharing that she had always wanted to work in the STEM field, explaining that growing up she was surrounded with older cousins who were choosing STEM careers and it became an interesting topic for her. She accounts working for a number of companies that helped her grow into the role she is in now. Cybersecurity became a big buzzword for her, causing her to step out of the agency into US cyber command to help take up a management position for the architecture and engineering division. From there, she continued her cybersecurity journey first as the exploration director before moving into where she is now. Liji shares that there were barriers along the way that she had to endure and hop over to get to the right path. She says "So there are challenges and barriers that come across constantly with our work. Um, one just has to pause and reflect on how we can work with it, around it, or influence like our stakeholders and jointly create a vision around it." We thank Liji for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Elad, a Senior Security Researcher from Cycode is sharing their research on "Cycode Discovers a Supply Chain Vulnerability in Bazel." This security flaw could let hackers inject harmful code, potentially affecting millions of projects and users, including Kubernetes, Angular, Uber, LinkedIn, Databricks, DropBox, Nvidia, Google, and many more. The research states "We reported the vulnerability to Google via its Vulnerability Reward Program, where they acknowledged our discovery and proceeded to address and fix the vulnerable components." Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: Cycode Discovers a Supply Chain Vulnerability in Bazel Learn more about your ad choices. Visit megaphone.fm/adchoices

The Pentagon unveils its cybersecurity roadmap. A major Massachusetts health insurer reveals a massive data breach. Hot Topic reports credential stuffing. Cisco warns of password spraying targeting VPNs. The FS-ISAC highlights the risk of generative AI to financial institutions. The FEC considers efforts to combat deceptive artificial intelligence. A look at Thread Hijacking attacks. Guests Linda Gray Martin and Britta Glade from RSA Conference join us to discuss what's new and what to look forward to at this year’s big show. Plus my conversation with Eric Goldstein, Executive Assistant Director for Cybersecurity at  CISA, with insights on their recent Notice of Proposed Rulemaking. And Baltimore’s tragic bridge collapse lays bare the degeneration of X-Twitter.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guests Linda Gray Martin, Senior Vice President for Operations, and Britta Glade, Vice President for Content and Curation, join us to discuss what's new and what to look forward to at RSA Conference 2024. This year’s theme is the Art of Possible.  Also joining us is Eric Goldstein, Executive Assistant Director for Cybersecurity at  CISA, sharing their CIRCIA Notice of Proposed Rulemaking. Selected Reading Pentagon lays out strategy to improve defense industrial base cybersecurity (The Record) Massachusetts Health Insurer Data Breach Impacts 2.8 Million (SecurityWeek) American fast-fashion firm Hot Topic hit by credential stuffing attacks (Security Affairs) Cisco Warns of Password Spraying Attacks Exploiting VPN Services (Cybersecurity News) AI abuse and misinformation campaigns threaten financial institutions (Help Net Security) Federal Elections Commission Considers Regulating AI (BankInfo Security) Thread Hijacking: Phishes That Prey on Your Curiosity (Krebs on Security) The slow death of X-Twitter is measured in disasters like the Baltimore bridge collapse (Vox) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

You can learn more about AWS in Orbit at space.n2k.com/aws. Baptiste Tripard is the Chief Marketing Officer at Alteia. Aiga Stokenberga is the Senior Transport Economist at the World Bank. We explore how Alteia and the World Bank are leveraging AWS's cloud, AI, and space capabilities to monitor critical road networks at scale to support large scale infrastructure investments. From road networks to bridges, they share real-world applications that are making a difference in emerging economies. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite AWS re:Invent Alteia and the World Bank assess and enhance road infrastructure data quality at scale using AWS Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

PyPI puts a temporary hold on operations. OMB outlines federal AI governance. Germany sounds the alarm on Microsoft Exchange server updates. Cisco patches potential denial of service vulnerabilities. The US puts a big bounty on BlackCat. Darcula and Tycoon are sophisticated phishing as a service platforms. Don’t dilly-dally on the latest Chrome update. On our Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42, to discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education. And Data brokers reveal alleged visitors to pedophile island.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, host David Moulton has guest Sam Rubin, VP and Global Head of Operations at Unit 42. They discuss Sam's testimony to the US Congress on the multifaceted landscape of ransomware attacks, AI, and automation, the need for more cybersecurity education and more. Listen to the full episode with David and Sam's in-depth discussion. Read Sam Rubin's testimony. Selected Reading PyPi Is Under Attack: Project Creation and User Registration Suspended (Malware News) OMB Issues First Governmentwide AI Risk Mitigation Rules (GovInfo Security) German cyber agency warns 17,000 Microsoft Exchange servers are vulnerable to critical bugs (The Record) Cisco Patches DoS Vulnerabilities in Networking Products (Security Week) US offers a $10 million bounty for information on UnitedHealth hackers (ITPro) IPhone Users Beware! Darcula Phishing Service Attacking Via IMessage (GB Hackers) Tycoon 2FA, the popular phishing kit built to bypass Microsoft and Gmail 2FA security protections, just got a major upgrade — and it’s now even harder to detect (ITPro) Update Chrome now! Google patches possible drive-by vulnerability (Malwarebytes) Jeffrey Epstein's Island Visitors Exposed by Data Broker (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2024 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Vice President for Cyber and Information Solutions within Mission Systems at Northrop Grumman, Jennifer Walsmith takes us on her pioneering career journey. Following in her father's footsteps at the National Security Agency, Jennifer began her career out of high school in computer systems analysis. Jennifer notes she saw the value of a college degree and at her parents' urging attended night school. She completed her bachelors in computer science at University of Maryland, Baltimore County with the support of the NSA. Jennifer talks about the support of her team at NSA where she was one of the first women to have a career and a family, raising two children while working. Upon retirement from government service, Jennifer chose an organization with values that closely matched her own and uses her position to help her team define possible where they sometimes think they can't. We thank Jennifer for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Facebook's Secret Mission to Unmask Snapchat. The White House wants AI audits. Hackers exploit the open-source Ray AI framework. Finnish Police ID those responsible for the 2021 parliament breach. Operation FlightNight targets Indian government and energy sectors. Chinese APT groups target ASEAN entities. A notorious robocaller is rung up for nearly ten million dollars. In our latest Learning Layer, join Sam Meisenberg as he unpacks the intricacies of the CISSP diagnostic with Joe Carrigan from Johns Hopkins University. And Ann Johnson from Microsoft's Afternoon Cyber Tea visits the world of Smashing Security with Graham Cluley and Carole Theriault . And the UK’s watchers need watching. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Join us for part three as this Learning Layer special series continues. Learning Layer host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. In this segment, they continue to discuss the results of Joe's CISSP diagnostic and dive deep into one of the assessment questions. Learn more about ISC2’s Certified Information Systems Security Professional (CISSP) certification, and explore our online certification courses, practice tests, and labs that ensure that you’re ready for exam day. Microsoft Security’s Ann Johnson, host of the Afternoon Cyber Tea podcast, goes inside the Smashing Security podcast with Graham Cluley and Carole Theriault.  Selected Reading Facebook snooped on users’ Snapchat traffic in secret project, documents reveal (TechCrunch) NTIA Pushes for Independent Audits of AI Systems (GovInfo Security) Thousands of companies using Ray framework exposed to cyberattacks, researchers say (The Record) Finland confirms APT31 hackers behind 2021 parliament breach (BleepingComputer) Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign (EclecticIQ) Chinese Hackers Target ASEAN Entities in Espionage Campaign (Infosecurity Magazine) Federal Court Enters $9.9M Penalty and Injunction Against Man Found to Have Caused Thousands of Unlawful Spoofed Robocalls (US Department of Justice) UK counter-eavesdropping agency gets slap on the wrist for eavesdropping (The Record)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks Unit 42's Threat Vector podcast featuring host David Moulton's discussion with Jacqueline Wudyka about the SEC's Cybersecurity Law. In this episode, join host David Moulton as he speaks with Stephanie Regan, a senior consultant at Unit 42. Stephanie, with a background in law enforcement, specializes in compromise assessment and incident response. Discover her insights into combating the Muddled Libra threat group and similar adversaries. Stephanie highlights the crucial role of reconnaissance in investigations and the importance of strong multi-factor authentication (MFA) to counter phishing and social engineering attacks. She delves into techniques like domain typo squatting and shares how domain monitoring can thwart attackers. Learn how Unit 42 assists clients in recovering from attacks, especially those by Muddled Libra. Stephanie emphasizes rapid response and coordination, including using out-of-band communications to outmaneuver threat actors. You can learn more about Muddled Libra at https://unit42.paloaltonetworks.com/muddled-libra/ where Kristopher was the lead author for the Threat Group Assessment: Muddled Libra. Join the conversation on our social media channels: Website: ⁠https://www.paloaltonetworks.com/unit42⁠ Threat Research: ⁠https://unit42.paloaltonetworks.com/⁠ Facebook: ⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠ LinkedIn: ⁠https://www.linkedin.com/company/unit42/⁠ YouTube: ⁠@PaloAltoNetworksUnit42⁠ Twitter: ⁠https://twitter.com/PaloAltoNtwks⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

An alleged sinister hacking plot by China. CISA and the FBI issued a 'secure-by-design' alert. Ransomware hits municipalities in Florida and Texas. The EU sets regulations to safeguard the upcoming European Parliament elections. ReversingLabs describe a suspicious NuGet package. Senator Bill Cassidy questions a costly breach at HHS. A data center landlord sues over requests to reveal its customers. On our Industry Voices segment, Jason Kikta, CISO & Senior Vice President of Product at Automox, discusses ways to increase IT efficiency while avoiding tool overload & complexity. And Google's AI Throws Users a Malicious Bone. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Jason Kikta, CISO & Senior Vice President of Product at Automox, discusses ways to increase IT efficiency including automation & tool streamlining, IT automation/automated patching, and tool overload & complexity. You can learn more in Automox’s 2024 State of IT Operations Research Report. Selected Reading Millions of Americans caught up in Chinese hacking plot (BBC) US Government Urges Software Makers to Eliminate SQL Injection Vulnerabilities (SecurityWeek) CISA adds FortiClient EMS, Ivanti EPM CSA, Nice Linear eMerge E3-Series bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) St. Cloud most recent in string of Florida cities hit with ransomware (The Record) Hackers demand $700K in ransomware attack on Tarrant Appraisal District (MSN) The impact of compromised backups on ransomware outcomes (Sophos News) EU sets rules for Big Tech to tackle interference in European Parliament elections (The Record) Suspicious NuGet package grabs data from industrial systems (ReversingLabs) Senator demands answers from HHS about $7.5 million cyber theft in 2023 (The Record) Data center landlord refuses Fairfax County demand for tenant information (Washington Business Journal) Google's AI-powered search feature recommends malicious sites, including scams and malware (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Head of Cyber Governance with Red Sift, Dr. Rois Ni Thuama shares the circuitous route of her career into cyber governance. She notes the route "looks really clean, but actually it was a bit more Jeremy Bearimy." While at Trinity College, Rois was moved to be part of history unfolding in South Africa and pause her studies. While there, she began making music videos and wildlife documentaries. Upon her return to London, Rois started working in corporate governance and risk at a music technology startup. This ignited her enthusiasm for startups. She now works in a company with several coworkers from that tech startup doing cyber governance. Rois advises law students of many ways into the industry including doing coding, learning risk management, and understanding privacy legislation, and then "just get into the game." We thank Rois for sharing her story.  Learn more about your ad choices. Visit megaphone.fm/adchoices

A supply chain attack targets python developers. Russia targets German political parties. Romanian and Spanish police dismantle a cyber-fraud gang. Pwn2Own prompts quick patches from Mozilla. President Biden nominates the first assistant secretary of defense for cyber policy at the Pentagon. An influential think tank calls for a dedicated cyber service in the US. Unit42 tracks a StrelaStealer surge. GM reverses its data sharing practice. Our guest is Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, who shares trends in cloud-native security. And a Fordham Law School professor suggests AI creators take a page from medical doctors.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Anna Belak, Director of the Office of Cybersecurity Strategy at Sysdig, shares trends in cloud-native security. To learn more, you can check out Sysdig’s 2024 Cloud-Native Security and Usage Report.  Selected Reading Top Python Developers Hacked in Sophisticated Supply Chain Attack (SecurityWeek) Russian hackers target German political parties with WineLoader malware (Bleeping Computer) Police Bust Multimillion-Dollar Holiday Fraud Gang (Infosecurity Magazine) Mozilla Patches Firefox Zero-Days Exploited at Pwn2Own (SecurityWeek) Biden nominates first assistant defense secretary for cyber policy (Nextgov/FCW) Pentagon, Congress have a ‘limited window’ to properly create a Cyber Force (The Record) StrelaStealer targeted over 100 organizations across the EU and US (Security Affairs) General Motors Quits Sharing Driving Behavior With Data Brokers (The New York Times) AI's Hippocratic Oath by Chinmayi Sharma (SSRN) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites them. And, we thank Marcelle for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Liviu Arsene from CrowdStrike joins to discuss their research "HijackLoader Expands Techniques to Improve Defense Evasion." The research has found that HijackLoader continues to become increasingly popular among adversaries for deploying additional payloads and tooling. In their analysis of a recent HijackLoader sample, CrowdStrike researchers discovered new techniques designed to increase the defense evasion capabilities of the loader. Researchers state "this new approach has the potential to make defense evasion stealthier." Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: HijackLoader Expands Techniques to Improve Defense Evasion And be sure to join our live webinar: CISOs are the new Architects (of the Workforce) Join N2K’s Simone Petrella and Intuit’s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the event page. Learn more about your ad choices. Visit megaphone.fm/adchoices

Advanced wiper malware hits Ukraine. Nemesis gets dismantled. Apple deals with an unpatchable vulnerability. FortiGuard rises to the rescue. CISA and FBI join forces against DDoS attacks. US airlines data security and privacy policies are under review. Hackers hit thousands in Jacksonville Beach. Geoffrey Mattson, CEO of Xage Security  sits down to discuss CISA's 2024 JCDC priorities. And Hotel keycard locks can’t be that hard to crack. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Geoffrey Mattson, CEO of Xage Security, joins us to discuss CISA's 2024 JCDC priorities. You can connect with Geoff on LinkedIn and learn more about Xage Security on their website and read about the JCDC 2024 Priorities here.  Geoff’s interview first appeared on March 21st’s episode of T-Minus Space Daily. Check out T-Minus here.  Selected Reading Sandworm-linked group likely knocked down Ukrainian internet providers (The Record)  AcidPour wiper suspected to be used against Ukrainian telecom networks (SC Media) Never-before-seen data wiper may have been used by Russia against Ukraine (Ars Technica) AcidPour | New Embedded Wiper Variant of AcidRain Appears in Ukraine (SentinelOne) F5, ScreenConnect vulnerabilities leveraged in global Chinese cyberattacks (SC Media) Nemesis darknet marketplace raided in Germany-led operation (The Record) Unpatchable vulnerability in Apple chip leaks secret encryption keys (Ars Technica) Exploit Released For Critical Fortinet RCE Flaw: Patch Soon! (GBHackers on Security)  CISA & FBI Released Guide to Respond for DDoS Attacks (Cyber Security News)  CISA, FBI, and MS-ISAC Release Update to Joint Guidance on Distributed Denial-of-Service Techniques (CISA)  US airlines’ data security, privacy policies to be under federal review (SC Media)  Jacksonville Beach and other US municipalities report data breaches following cyberattacks (The Record)  Hackers Found a Way to Open Any of 3 Million Hotel Keycard Locks in Seconds (WIRED)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 2 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency. Summary Dr. Ursula Wilder (LinkedIn) joins Andrew (X; LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency.  What You’ll Learn Intelligence How psychology can be useful to national security Historical examples of leadership analysis  Leadership personality assessments & the Cuban Missile Crisis Psychoanalytic theory and espionage  Reflections Human nature throughout history History repeating itself  And much, much more … Quotes of the Week “Together, these documents are quite powerful. The psych assessments are very, very carefully, tightly held and are classified at a high level. Every intelligence officer has this fantasy about seeing the file that's kept on them by the opponents.” – Dr. Ursula Wilder. Resources  SURFACE SKIM *SpyCasts* Agent of Betrayal, FBI Spy Robert Hanssen with CBS’ Major Garrett and Friends (2023) The North Korean Defector with Former DPRK Agent Kim, Hyun Woo (2023) SPY@20 – “The Spy of the Century” with Curators Alexis and Andrew on Kim Philby (2022) “How Spies Think” – 10 Lessons in Intelligence with Sir David Omand (2020) *Beginner Resources* What is Psychoanalysis? Institute of Psychoanalysis, YouTube (2011) [3 min. video] Psychologists in the CIA, American Psychological Association (2002) [Short article] 7 Reasons to Study Psychology, University of Toronto (n.d.) [Short article] DEEPER DIVE Books Freud and Beyond, S. A. Mitchell (Basic Books, 2016) Narcissism and Politics: Dreams of Glory, J. M. Post (Cambridge University Press, 2014) The True Believer: Thoughts on the Nature of Mass Movements, E. Hoffer (Harper Perennial Modern Classics, 2010)  Team of Rivals: The Political Genius of Abraham Lincoln, D. K. Goodwin (Simon & Schuster, 2004) Leaders, Fools, and Impostors: Essays on the Psychology of Leadership, M. F. R. Kets de Vries (iUniverse, 2003)  Primary Sources  Charles de Gaulle to Pamela Digby Churchill (1942)  Blood, Toil, Tears and Sweat (1940) Memoirs of Ulysses S. Grant (1885) Gettysburg Address (1863)  House Divided Speech (1858) Excerpt on Cleopatra from Plutarch's Life of Julius Caesar (ca. 2nd century AD) Plutarch’s The Life of Alexander (ca. 2nd century AD)  Appian’s The Civil Wars (ca. 2nd century AD)  Virgil’s The Aeneid (19 B.C.E)  *Wildcard Resource* On Dreams by Sigmund Freud (1901) In this simplified version of the father of psychoanalysis’ seminal book The Interpretation of Dreams, you can get a small taste for Freudian philosophy. Freud believed that dreams were a reflection of the subconscious mind and that studying a person’s dreams can elucidate their inner wants and needs. What are your dreams telling you?  Learn more about your ad choices. Visit megaphone.fm/adchoices

The House Unanimously Passes a Bill to Halt Sale of American Data to Foreign Foes. The U.S. Sanctions Russian Individuals and Entities for a Global Disinformation Campaign. China warns of cyber threats from foreign hacking groups. A logistics firm isolates its Canadian division after a cyber attack. Ivanti warns of another critical vulnerability. Researchers find hundreds of vulnerable Firebase instances. Microsoft phases out weaker encryption. Formula One fans fight phishing in the fast lane. Glassdoor is accused of adding real names to profiles without user consent. Our guest is Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, discussing how adversaries are attacking cloud environments and why it’s an increasingly popular attack surface. And Pwn2Own winners take home their second Tesla.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Adam Meyers, SVP of Counter Adversary Operations at CrowdStrike, discussing how adversaries are attacking cloud environments and why it’s an increasingly popular attack surface – especially as more companies implement AI. For more information, check out CrowdStrike’s 2024 Global Threat Report.  Selected Reading House unanimously passes bill to block data brokers from selling Americans’ info to foreign adversaries (The Record) Treasury Sanctions Actors Supporting Kremlin-Directed Malign Influence Efforts (US Treasury Department) China warns foreign hackers are infiltrating ‘hundreds’ of business and government networks (SCMP) International freight tech firm isolates Canada operations after cyberattack (The Record) Ivanti urges customers to fix critical RCE flaw in Standalone Sentry solution (Security Affairs) 19 million plaintext passwords exposed by incorrectly configured Firebase instances (Malwarebytes) Microsoft deprecates 1024-bit Windows RSA keys — now would be a good time to get machine identity management in order (ITPro) Users ditch Glassdoor, stunned by site adding real names without consent (Ars Technica) Famous Spa GP F1 race comms hijacked by phishing scammers (Cyber Daily) Security Researchers Win Second Tesla At Pwn2Own (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Principal in PricewaterhouseCoopers Cyber Risk and Regulatory Practice, Sloane Menkes, shares her story of how non-linear math helped to shape her life and career. Sloane credits a high school classmate for inspiring her mantra "What is the 2%?" that she employs when she feels like things are shutting down. She talks about her experiences in calculus class at the US AIr Force Academy that helped to enlighten her and inform the intuitive problem solving skill or way of thinking that she'd been employing in her life. She joined Office of Special Investigations and working with Howard Schmidt is where Sloane first started to get interested in cybersecurity. She shares what she loves about the consulting role is that the environment is constantly changing, and she offers some advice for women interested in cybersecurity. We thank Sloane for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House Mobilizes a National Effort to Shield Water Systems from Cyber Threats and Announces Major Investment in U.S. Chip Manufacturing. The U.S. and Allies Issue Fresh Warnings on China's Volt Typhoon Cyber Threats to Critical Infrastructure. Microsoft Streamlines 365 Services with a Unified Cloud Domain. Ukrainian authorities take down a credential theft operation. LockBit claims another pharmaceutical company. A popular Wordpress plugin puts tens of thousands of websites at risk. A breach at Mintlify compromises GitHub tokens. An Idaho man pleads guilty to online extortion. The SEC fines firms for AI washing. We’ve got part two of our continuing Learning Layer series with Joe Carrigan and Sam Meisenberg logging Joe’s journey toward his CISSP certification.  And password stuffing Pokemon.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Join us as part two of the Learning Layer special series kicks off. Over the next several weekly episodes of the Learning Layer, host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. On this episode, they continue to discuss Joe's journey to becoming a CISSP as well as discussing step one of Joe's study journey: the diagnostic assessment. Selected Reading White House Calls on States to Boost Cybersecurity in Water Sector (SecurityWeek) Five Eyes issue another China Volt Typhoon warning (The Register) Biden to Tout Government Investing $8.5 Billion in Intel's Computer Chip Plants in Four States (VoaNews) Microsoft Notifies DevOps Teams That Major Domain Change Is Coming (Cybersecurity News) Ukraine Arrests Hackers for Selling 100 Million Email, Instagram Accounts (Hack Read) Pharmaceutical development company investigating cyberattack after LockBit posting (The Record) WordPress Plugin Flaw Exposes 40,000+ Websites to Cyber Attack (GBHackers) Mintlify Confirms Data Breach Through Compromised GitHub Tokens (Hack Read) ‘Lifelock’ hacker pleads guilty to extorting medical clinics (The Record) What does 'AI Washing' mean? Firms Fined $400K by SEC for Exaggerated Statements (Cybersecurity News) Pokémon resets some users’ passwords after hacking attempts (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks Unit 42's Threat Vector podcast featuring host David Moulton's discussion with Jacqueline Wudyka about the SEC's Cybersecurity Law. In this episode of Threat Vector, we dive deep into the new SEC cybersecurity regulations that reshape how public companies handle cyber risks. Legal expert and Unit 42 Consultant Jacqueline Wudyka brings a unique perspective on the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape.  Whether you're a cybersecurity professional, legal expert, or just keen on understanding the latest in cyber law, this episode is packed with insights and strategies for navigating this new terrain. Tune in to stay ahead in the world of cybersecurity compliance! If you're interested to learn more about Unit 42's world-class visit https://www.paloaltonetworks.com/unit42 Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠⁠⁠ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: ⁠⁠⁠⁠@PaloAltoNetworksUnit42⁠⁠⁠⁠ Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

A SIM-swapper faces prison and fines. Here come the class action suits against UnitedHealth Group. Aviation and Aerospace find themselves in the cyber crosshairs. A major mortgage lender suffers a major data breach. A look at election misinformation. The UK shares guidance on migrating SCADA systems to the cloud. Collaborative efforts to contain Smoke Loader. Trend Micro uncovers Earth Krahang. Troy Hunt weighs in on the alleged AT&T data breach. Ben Yelin unpacks the case between OpenAI and the New York Times. And fool me once, shame on you… Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, Program Director at University of Maryland’s Center for Health and Homeland Security and cohost of our Caveat podcast, discusses the article on how “OpenAI says New York Times ‘hacked’ ChatGPT to build copyright lawsuit.”   Selected Reading District of New Jersey | Former Telecommunications Company Manager Admits Role in SIM Swapping Scheme (United States Department of Justice) Cash-Strapped Women's Clinic Sues UnitedHealth Over Attack (Gov Info Security) Nations Direct Mortgage Data Breach Impacts 83,000 Individuals (SecurityWeek) Preparing Society for AI-Driven Disinformation in the 2024 Election Cycle (SecurityWeek) NCSC Publishes Security Guidance for Cloud-Hosted SCADA (Infosecurity Magazine) Unit 42 Collaborative Research With Ukraine’s Cyber Agency To Uncover the Smoke Loader Backdoor (Palo Alto Networks Unit 42) Prolific Chinese Threat Campaign Targets 100+ Victims (Infosecurity Magazine) Troy Hunt: Inside the Massive Alleged AT&T Data Breach (Troy Hunt) Kids’ Cartoons Get a Free Pass From YouTube’s Deepfake Disclosure Rules (WIRED) Ransomware Groups: Trust Us. Uh, Don't. (BankInfoSecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CEO and Founder of KeyCaliber, Roselle Safran, takes us on her circuitous career journey from startup to White House and back to startup again. With a degree in civil engineering, Roselle veered off into a more technical role at a startup and she says "caught the startup bug." After convincing a hiring manager that she could learn on the job, she transitioned to computer forensics and started on the path of cybersecurity. Roselle worked in government for the Department of Homeland Security and then to the Executive Office of the President leading all of the security operations. She jumped back into the world of startups and has stayed there. Roselle tells people interested in a career in cybersecurity to just apply. Learn as much as you can and go for it. We thank Roselle for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Volt Typhoon retains the attention of US investigators. The IMF reports a cyber breach. Fujitsu finds malware on internal systems. Securonix researchers describe DEEP#GOSU targeting South Korea. Subsea cable breaks leave West and Central Africa offline. Health care groups oppose enhanced cyber security regulations. A Pennsylvania school district grapples with a ransomware attack. AT&T denies a data leak. Our guest Kevin Magee of Microsoft Canada shared his experiments with board reporting. And Apex Legends eSports competitors get some unexpected upgrades.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Kevin Magee of Microsoft Canada sharing his experiments using N2K’s CSO Rick Howard's forecasting methodology from his Cybersecurity First Principles book regarding board reporting.  Selected Reading US is still chasing down pieces of Chinese hacking operation, NSA official says (The Record) IMF Investigates Serious Cybersecurity Breach (Infosecurity Magazine) Tech giant Fujitsu says it was hacked, warns of data breach (TechCrunch) Analysis of New DEEP#GOSU Attack Campaign Likely Associated with North Korean Kimsuky Targeting Victims with Stealthy Malware (securonix) Ghana says repairs on subsea cables could take five weeks  (Reuters) Health care groups resist cybersecurity rules in wake of landmark breach (CyberScoop) Pennsylvania’s Scranton School District dealing with ransomware attack (The Record) AT&T says leaked data of 70 million people is not from its systems (BleepingComputer) The Aviation and Aerospace Sectors Face Skyrocketing Cyber Threats (Security Affairs) Massive ‘Apex Legends’ Hack Disrupts NA Finals, Raises Serious Security Concerns (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The Workforce Framework for Cybersecurity (NICE Framework) (NIST Special Publication 800-181, revision 1) provides a set of building blocks for describing the Tasks, Knowledge, and Skills (TKS) that are needed to perform cybersecurity work by individuals or teams. Through these building blocks, the NICE Framework enables organizations to develop their workforces to perform cybersecurity work, and it helps learners to explore cybersecurity work and to engage in appropriate learning activities to develop their knowledge and skills. On this Special Edition podcast, N2K CyberWire's Dave Bittner is joined by the team at NIST and FIU's Jack D. Gordon Institute for Public Policy to delve into the history of the NICE Framework through its latest update and looking into the future. Brian Fonseca, Director at the Jack D. Gordon Institute for Public Policy, shares an introduction to the NICE Framework. Karen Wetzel, NICE Framework Manager, discusses the updates to the framework. Rodney Petersen, Director of NICE, talks about what these updates mean to cybersecurity education's future. Resources: NICE Framework Resource Center Getting Started with the NICE Framework 2024 NICE Conference and Expo: Strengthening Ecosystems: Aligning Stakeholders to Bridge the Cybersecurity Workforce Gap Take advantage of the early bird pricing until March 19, 2024. Don’t miss out on this opportunity! Jack D. Gordon Institute for Public Policy at Florida International University (FIU) Veterans and First Responders Training Initiative Intelligence Fellowship And be sure to check out our live webinar: CISOs are the new Architects (of the Workforce) Join N2K’s Simone Petrella and Intuit’s Kim Jones on Wednesday, March 27th for an online discussion about the pivotal role security leaders play in shaping the security workforce landscape, and how we can start showing up for the future of our industry. Learn more and register on the event page. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dawn Cappelli, OT CERT Director at Dragos, sits down to share what she has learned after her 25+ year career in the industry. She recalls wanting to have been a rockstar when she grew up, now she refers to herself as the fairy godmother of security. She shares some of the amazing things she got to work on throughout her career, including working with the Secret Service when the Olympics came to Salt Lake City, Utah in 2002. She shares how she was able to rise through the ranks to get to where she is now. Dawn talks about how she wasn't ready to retire quite yet because she loved the industry so much, saying "I retired, but I knew I still loved security. I have this passion for protection and so Dragos came along and they offered me this role of Director of OT CERT. I feel like I'm the security fairy godmother." She shares words of wisdom for all trying to get into the industry, saying that you need to always take the risk like she did when she first started her career. We thank Dawn for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Robert Duncan from Netcraft is sharing their research on "Phishception - SendGrid abused to host phishing attacks impersonating itself." Netcraft has recently observed that criminals abused Twilio SendGrid’s email delivery, API, and marketing services to launch a phishing campaign impersonating itself.  Hackers behind this novel phishing campaign used SendGrid’s Tracking Settings feature, which allows users to track clicks, opens, and subscriptions with SendGrid. The malicious link was masked behind a tracking link hosted by SendGrid.  Please take a moment to fill out an audience survey! Let us know how we are doing! The research can be found here: Phishception – SendGrid is abused to host phishing attacks impersonating itself Learn more about your ad choices. Visit megaphone.fm/adchoices

Russia’s accused of jamming a jet carrying the UK’s defense minister. Senators introduce a bipartisan Section 702 compromise bill. The Cybercrime Atlas initiative seeks to dismantle cybercrime. StopCrypt ransomware grows stealthier. A Scottish healthcare provider is under cyber attack. Workers in France are at risk of data exposure. CERT-BE warns of critical vulnerabilities in Arcserve UDP software. The FCC approves IoT device labeling. Researchers snoop on AI chat responses. A MITRE-Harris poll tracks citizens’ concern over critical infrastructure. On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. The FTC fines notorious tech support scammers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella discusses the shortage of ethical hackers against the rise of AI with IOActive's CTO Gunter Ollmann. Coming this weekend Tune in to the CyberWire Daily Podcast feed on Sunday for a Special Edition podcast we produced in collaboration with our partners at NICE, “Unveiling the updated NICE Framework & cybersecurity education’s future.” We delve into the history of the NICE Framework, dig into its latest update, and look into the future of cybersecurity education. Selected Reading Defence Secretary jet hit by an electronic warfare attack in Poland (Security Affairs) Russia believed to have jammed signal on UK defence minister's plane - source (Reuters) Senators propose a compromise over hot-button Section 702 renewal (The Record) WEF effort to disrupt cybercrime moves into operations phase (The Register) StopCrypt: Most widely distributed ransomware now evades detection (Bleeping Computer) Scottish health service says ‘focused and ongoing cyber attack’ may disrupt services (The Record) Massive Data Breach Exposes Info of 43 Million French Workers (Hack Read) WARNING: THREE VULNERABILITIES IN ARCSERVE UDP SOFTWARE DEMAND URGENT ACTION, PATCH IMMEDIATELY! (certbe) FCC approves cybersecurity label for consumer devices  (CyberScoop) Hackers can read private AI-assistant chats even though they’re encrypted  (Ars Technica) MITRE-Harris poll reveals US public's concerns over critical infrastructure and perceived risks  (Industrial Cyber) Tech Support Firms Agree to $26M FTC Settlement Over Fake Services (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of Women's History Month, please enjoy this episode of the International Spy Museum's SpyCast podcast featuring part 1 of Andrew Hammond's discussion with Dr. Ursula Wilder of the Central Intelligence Agency. Summary Dr. Ursula Wilder (LinkedIn) joins Andrew (X; LinkedIn) to discuss the intersections between psychology and intelligence. Ursula is a clinical psychologist with over two decades of experience working at the Central Intelligence Agency.  What You’ll Learn Intelligence How psychology can be useful to national security Historical examples of leadership analysis  Leadership personality assessments & the Cuban Missile Crisis Psychoanalytic theory and espionage  Reflections Human nature throughout history History repeating itself  And much, much more … Quotes of the Week “Together, these documents are quite powerful. The psych assessments are very, very carefully, tightly held and are classified at a high level. Every intelligence officer has this fantasy about seeing the file that's kept on them by the opponents.” Resources  SURFACE SKIM *SpyCasts* Agent of Betrayal, FBI Spy Robert Hanssen with CBS’ Major Garrett and Friends (2023) The North Korean Defector with Former DPRK Agent Kim, Hyun Woo (2023) SPY@20 – “The Spy of the Century” with Curators Alexis and Andrew on Kim Philby (2022) “How Spies Think” – 10 Lessons in Intelligence with Sir David Omand (2020) *Beginner Resources* What is Psychoanalysis? Institute of Psychoanalysis, YouTube (2011) [3 min. video] Psychologists in the CIA, American Psychological Association (2002) [Short article] 7 Reasons to Study Psychology, University of Toronto (n.d.) [Short article] DEEPER DIVE Books Freud and Beyond, S. A. Mitchell (Basic Books, 2016) Narcissism and Politics: Dreams of Glory, J. M. Post (Cambridge University Press, 2014) The True Believer: Thoughts on the Nature of Mass Movements, E. Hoffer (Harper Perennial Modern Classics, 2010)  Team of Rivals: The Political Genius of Abraham Lincoln, D. K. Goodwin (Simon & Schuster, 2004) Leaders, Fools, and Impostors: Essays on the Psychology of Leadership, M. F. R. Kets de Vries (iUniverse, 2003)  Primary Sources  Charles de Gaulle to Pamela Digby Churchill (1942)  Blood, Toil, Tears and Sweat (1940) Memoirs of Ulysses S. Grant (1885) Gettysburg Address (1863)  House Divided Speech (1858) Excerpt on Cleopatra from Plutarch's Life of Julius Caesar (ca. 2nd century AD) Plutarch’s The Life of Alexander (ca. 2nd century AD)  Appian’s The Civil Wars (ca. 2nd century AD)  Virgil’s The Aeneid (19 B.C.E)  *Wildcard Resource* On Dreams by Sigmund Freud (1901) In this simplified version of the father of psychoanalysis’ seminal book The Interpretation of Dreams, you can get a small taste for Freudian philosophy. Freud believed that dreams were a reflection of the subconscious mind and that studying a person’s dreams can elucidate their inner wants and needs. What are your dreams telling you?  Learn more about your ad choices. Visit megaphone.fm/adchoices

The US House votes to enact restrictions on TikTok. HHS launches an investigation into Change Healthcare. An Irish Covid-19 portal puts over a million vaccination records at risk. Google distributes $10 million in bug bounty rewards. Nissan Oceana reports a data breach resulting from an Akira ransomware attack. Meta sues a former VP for alleged data theft.  eSentire sees Blind Eagle focusing on the manufacturing sector. Claroty outlines threats to health care devices. A major provider of yachts is rocked by a cyber incident. In our Threat Vector segment, David Moulton explores the new SEC cybersecurity regulations with legal expert and Unit 42 Consultant Jacqueline Wudyka. And ransomware victims want their overtime pay.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, host David Moulton explores the new SEC cybersecurity regulations that reshape how public companies handle cyber risks with legal expert and Unit 42 Consultant Jacqueline Wudyka. They discuss the challenges of defining 'materiality,' the enforcement hurdles, and the impact on the cybersecurity landscape.  Selected Reading Bill that could spur TikTok ban gains House OK  (SC Media) What would a TikTok ban look like for users? (NBC News) HHS to investigate UnitedHealth and ransomware attack on Change Healthcare (The Record) How a user access bug in Ireland’s vaccination website exposed more than a million records (ITPro) Google Paid $10m in Bug Bounties to Security Researchers in 2023 (Infosecurity Magazine) Nearly 100K impacted by Nissan Oceania cyberattack (SC Media) Meta Sues Former VP After Defection to AI Startup (Infosecurity Magazine) Malware Analysis: Blind Eagle's North American Journey (esentire) Only 13% of medical devices support endpoint protection agents (Help Net Security) Billion-dollar boat seller MarineMax reports cyberattack to SEC (The Record) City workers not getting paid overtime amid Hamilton's ransomware attack: unions (CBS News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Teresa Rothaar, a governance, risk, and compliance (GRC) analyst at Keeper Security sits down to share her story, from performer to cyber. She fell in love with writing as a young girl, she experimented with writing fanfiction which made her want to grow up to be in the arts. After attending college she found that she was good at math, lighting the way for her to start her cyber career. Teresa moved to being a writer at Keeper, finding she wanted to spread out and try more, so she ended up becoming an analyst while still doing writing on the side. She quotes David Duchovny in an interview once, explaining how sometimes you need to keep your head down and outwork others. Teresa said this resonated with her, saying, "that's how I went from a foreclosure box on the porch to where I am now. I have a good job and, and I have a career and I have a really good career and I absolutely love it." We thank Teresa for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices

ODNI’s Annual Threat Assessment highlights the usual suspects. The White House meets with UnitedHealth Group’s CEO. A convicted LockBit operator gets four years in prison. The Clop ransomware group leaks data from major universities. Equilend discloses a data breach. Fortinet announces critical and high-severity vulnerabilities. GhostRace exploits speculative race conditions in popular CPUs. Incognito Market pulls the rug and extorts its users. Patch Tuesday notes. On the Learning Layer, Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. They explore Joe's journey on the road to taking his CISSP test. And, I do not authorize Facebook, Meta or any of its subsidiaries to use this podcast. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Join us as a Learning Layer special series kicks off. Over the next several weekly episodes of the Learning Layer, host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. On this episode, they explore Joe's journey as he embarks on the road to taking his CISSP test after fourteen years in the cyber industry, and why he decided to get it now. Learn more about ISC2’s Certified Information Systems Security Professional (CISSP) certification, and explore our online certification courses, practice tests, and labs that ensure that you’re ready for exam day. Selected Reading ODNI's 2024 Threat Assessment: China, Russia, North Korea pose major cyber threats amid global instability - Industrial Cyber (Industrial Cyber) White House meets with UnitedHealth CEO over hack  (Reuters) LockBit ransomware affiliate gets four years in jail, to pay $860k (bleepingcomputer) Stanford University ransomware attack impacts 27K  (SC Media) EquiLend Employee Data Breached After January Ransomware Attack (HACKread) Fortinet reports two critical and three high severity issues, plan to patch (beyondmachines) Major CPU, Software Vendors Impacted by New GhostRace Attack (SecurityWeek) Incognito Market: The not-so-secure dark web drug marketplace  (Graham Cluley) Microsoft Patch Tuesday – Major Flaws In Office, Exchange And SQL Server (cybersecuritynews) New Facebook photo rule hoax spreads (Malwarebytes)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Biden’s budget earmarks thirteen billion bucks for cybersecurity. DOJ targets AI abuse. A US trade mission to the Philippines includes cyber training. CISA and OMB release a secure software attestation form. CyberArk explores AI worms. Russia arrests a South Korean on cyber espionage charges. French government agencies are hit with DDoS attacks. Jessica Brandt is named director of the Foreign Malign Influence Center. Afternoon Cyber Tea host Ann Johnson speaks with her guest Keren Elazari about the hacker mindset. Google builds itself the Bermuda Triangle of Broadband.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Afternoon Cyber Tea host Ann Johnson talks with her guest Keren Elazari about the hacker mindset. To hear the full conversation, please listen to the episode of Afternoon Cyber Tea. Selected Reading US Federal Budget Proposes $27.5B for Cybersecurity (GovInfo Security) Justice Department Beefs up Focus on Artificial Intelligence Enforcement, Warns of Harsher Sentences (SecurityWeek) Microsoft to train 100,000 Philippine women in AI, cybersecurity (South China Morning Post) US launches secure software development attestation form to enhance federal cybersecurity (Industrial Cyber) The Rise of AI Worms in Cybersecurity (Security Boulevard) South Korean detained earlier this year is accused of espionage in Russia, state news agency says (Associated Press)  Massive cyberattacks hit French government agencies (Security Affairs) ODNI appoints new election security leader ahead of presidential race (The Record) Google’s self-designed office swallows Wi-Fi “like the Bermuda Triangle” ( Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

A roundup of news out of CISA. California reveals data brokers selling the sensitive information of minors. Permiso Security shares an open-source cloud intrusion detection tool. Darktrace highlights a campaign exploiting DropBox.  EU's Cyber Solidarity Act forges ahead. A White House committee urges new economic incentives for securing OT systems. Paysign investigates claims of a data breach.  Our guest is Alex Cox, Director Threat Intelligence, Mitigation, and Escalation at LastPass, to discuss what to expect after LockBit. And Axios highlights the clowns and fools behind ransomware attacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Alex Cox, Director, Threat Intelligence, Mitigation, Escalation (TIME) at LastPass, joins us to discuss what to expect after LockBit. Selected Reading Top US cybersecurity agency hacked and forced to take some systems offline (CNN Politics) CISA’s open source software security initiatives detailed (SC Media) GAO uncovers mixed feedback on CISA's OT cybersecurity services when it comes to addressing risks (Industrial Cyber) Dozens of data brokers disclose selling reproductive healthcare info, precise geolocation and data belonging to minors (The Record) New Open Source Tool Hunts for APT Activity in the Cloud (SecurityWeek) Dropbox Abused in New Phishing, Malspam Scam to Steal SaaS Logins (HACKREAD) Everything you need to know about the EU's Cyber Solidarity Act (ITPro) White House advisory group says market forces ‘insufficient’ to drive cybersecurity in critical infrastructure (CyberScoop) Paysign investigating reports of consumer information data breach (The Record) The clowns and fools behind ransomware attacks (Axios)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineering. She mentions how she had her first real experience with a computer when she was 17 in her first year at college. Aside from being one of 30 young women in a sea of 500 young men there, Swati described it as a "good culture shock because anything that takes you out of your comfort zone actually makes you learn and grow." She notes that challenges experienced in life increase your risk appetite so significantly. Swati advises those looking to make a job change to be certain of what is attracting them and to be yourself. We thank Swati for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of Women's History Month, please enjoy this encore of Dr. Sasha Vanterpool's webinar. In this webinar, N2K Networks Cyber Workforce Consultant Dr. Sasha Vanterpool shares how to update job descriptions to better reflect cyber role expectations to improve hiring, training, and retention. To view the original webinar on demand, visit here. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Jamie MacColl and Dr. Pia Hüsch from RUSI discussing their work on "Ransomware: Victim Insights on Harms to Individuals, Organisations and Society." The research reveals some of the harms caused by ransomware, including physical, financial, reputational, psychological and social harms. Researchers state "Based on interviews with victims and incident responders, this paper outlines the harm ransomware causes to organisations, individuals, the UK economy, national security and wider society." The research can be found here: Ransomware: Victim Insights on Harms to Individuals, Organisations and Society Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian hackers persist against Microsoft’s internal systems. Change Healthcare systems are slowly coming back online. Russian propaganda sites masquerade as local news. Swiss government info is leaked on the darknet.  Krebs on Security turns the tables on the Radaris online data broker. The NSA highlights the fundamentals of Zero Trust. The British Library publishes lessons learned from their ransomware attack. Researchers run a global prompt hacking competition. CheckPoint looks at Magnet Goblin. Experts highlight the need for psychological safety in cyber security. Our guest is Dinah Davis, Founder and Editor-In-Chief of Code Like A Girl, sharing the work they do to inspire young women to consider a career in technology. And the I-Soon leak reveals the seedy underbelly of Chinese cyber operations. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Dinah Davis, Founder and Editor-In-Chief of Code Like A Girl, sharing the work they do to inspire young women to consider a career in technology. Selected Reading Microsoft says Russian-state sponsored hackers have been able to access internal systems  (Reuters)  Change Healthcare brings some systems back online after cyberattack (The Record) Spate of Mock News Sites With Russian Ties Pop Up in U.S  (The New York Times) Play ransomware attack on Xplain exposed 65,000 files containing data relevant to the Swiss Federal Administration (Security Affairs) A Close Up Look at the Consumer Data Broker Radaris (krebsonsecurity) NSA Details Seven Pillars Of Zero Trust (GB Hackers) LEARNING LESSONS FROM THE CYBER-ATTACK British Library cyber incident review (British Library) A Taxonomy of Prompt Injection Attacks  (Schneier on Security) https://arxiv.org/pdf/2311.16119.pdf (Research) Magnet Goblin Targets Publicly Facing Servers Using 1-Day Vulnerabilities  (Check Point Research) Why 'psychological safety' is so important for building a robust security culture (ITPro) Inside Chinese hacking company’s culture of influence, alcohol and sex (C4isernet) International Women's Day (International Women’s Day)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of International Women's Day, please enjoy this encore of our 2023 Women in Cyber panel. In the dynamic field of cybersecurity, it’s well established that creating more opportunities for diversity and inclusion is essential for developing a highly skilled workforce. As an industry, we are starting to see the fruits of that labor, but there is a growing need for diverse leadership to nurture continuous innovation and resilience in cybersecurity. As part of N2K’s 2023 Women in Cyber content series, we’re excited to host an engaging virtual panel discussion moderated by N2K's President Simone Petrella featuring insights, experiences, and strategies for advancing more women into leadership roles within the field. This virtual discussion explores different areas including: Navigating the Cybersecurity Landscape: Gain insights into our guests' career journeys, including mentors, challenges, and success, and how the evolving landscape may present different challenges and opportunities for women. Building a Supportive Ecosystem: Explore the importance of mentorship, allyship, and a strong network in propelling women into leadership, and how to create an environment where everyone can thrive. Closing the Gender Gap: Delve into actionable strategies and best practices for organizations to promote gender diversity in their cybersecurity leadership teams. The Future of Cybersecurity Leadership: Gain a forward-looking perspective on the evolving role of women in shaping the future of cybersecurity. This panel discussion is a must-listen event for professionals, leaders, and aspiring cybersecurity experts who are committed to promoting diversity and empowering women to excel in cybersecurity leadership. Don't miss the opportunity to be part of this inspiring conversation and drive positive change in the industry. Panelists: Abisoye Ajayi, Cyber & Analytics Manager at Tulsa Innovation Labs Koma Gandy, VP, Leadership & Business at Skillsoft Lauren Zabierek, Sr. Advisor at CISA Learn more about your ad choices. Visit megaphone.fm/adchoices

A former Google software engineer is charged with stealing AI tech for China. State attorneys general from forty-one states call out Meta over account takeover issues. Researchers demonstrate a Stuxnet-like attack using PLCs. Buyer beware - A miniPC comes equipped with pre installed malware. A Microsoft engineer wants the FTC to take a closer look at Copilot Designer. There’s a snake in Facebook’s walled garden. Bruce Schneier wonders if AI can strengthen democracy. On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. And NIST works hard to keep their innovations above water. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Jason Lamar, Senior Vice President of Product at Cobalt, joins us to discuss offensive security strategy. You can find out more from Cobalt’s OffSec Shift report here.  Selected Reading Former Google Engineer Charged With Stealing AI Secrets (Infosecurity Magazine) Several States Attorneys General have written to Meta demanding better account recovery (NY gov) Remote Stuxnet-Style Attack Possible With Web-Based PLC Malware: Researchers  (SecurityWeek) Whoops! ACEMAGIC ships mini PCs with free bonus pre-installed malware  (Graham Cluley) Microsoft AI engineer warns FTC about Copilot Designer safety concerns  (The Verge) Snake, a new Info Stealer spreads through Facebook messages (Security Affairs) NSA Details Seven Pillars Of Zero Trust (gbhackers) How Public AI Can Strengthen Democracy  (Schneier on Security) This agency is tasked with keeping AI safe. Its offices are crumbling. (WashingtonPost) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of International Women's Day, please enjoy this encore of Dinah Davis sharing her story. Coming from her love of math, VP of R&D at Arctic Wolf Networks Dinah Davis shares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in joining the field to go for what they believe in. And, we thank Dinah for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA says Super Tuesday ran smoothly. The White House sanctions spyware vendors. The DoD launches its Cyber Operational Readiness Assessment program. NIST unveils an updated NICE Framework. Apple patches a pair of zero-days. The GhostSec and Stormous ransomware gangs join forces. Cado Security tracks a new Golang-based malware campaign. Google updates its search algorithms to fight spammy content. Canada's financial intelligence agency suffers a cyber incident. On our Industry Voices segment, our guest Amitai Cohen, Attack Vector Intel Lead at Wiz joins us to discuss cloud threats. Moonlighting on the dark side.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, our guest Amitai Cohen, Attack Vector Intel Lead at Wiz and host of their Crying Out Cloud podcast, joins us to discuss cloud threats. Learn more in Wiz's State of the AI Cloud report.  Selected Reading No security issues as Super Tuesday draws to a close, CISA official says (The Record) Biden administration sanctions makers of commercial spyware used to surveil US (CNN Business) US DoD launches CORA program to revolutionize cybersecurity strategy (Industrial Cyber) Unveiling NICE Framework Components v1.0.0: Explore the Latest Updates Today! (NIST) Update your iPhones and iPads now: Apple patches security vulnerabilities in iOS and iPadOS (Malwarebytes) Watch out, GhostSec and Stourmous groups jointly conducting ransomware attacks (Security Affairs) Hackers target Docker, Hadoop, Redis, Confluence with new Golang malware (Bleeping Computer) Google is starting to squash more spam and AI in search results (The Verge) Cyberattack forces Canada’s financial intelligence agency to take systems offline (The Record) Cyber Pros Turn to Cybercrime as Salaries Stagnate (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of Women's History Month, please enjoy this episode of the Palo Alto Networks' Unit 42 podcast, Threat Vector, featuring David Moulton's discussion with Wendi Whitmore about the evolving threat landscape. In this conversation, David Moulton from Unit 42 discusses the evolving threat landscape with Wendi Whitmore, SVP of Unit 42. Wendi highlights the increasing scale, sophistication, and speed of cyberattacks, with examples like the recent Clop ransomware incident, and emphasizes that attackers, including nation-state actors and cybercriminals, are leveraging AI, particularly generative AI, to operate faster and more effectively, especially in social engineering tactics. To protect against these threats, businesses must focus on speed of response, automated integration of security tools, and operationalized capabilities and processes. The conversation underscores the importance of staying vigilant and leveraging technology to defend against the rapidly changing threat landscape. Theat Group Assessments https://unit42.paloaltonetworks.com/category/threat-briefs-assessments/ Please share your thoughts with us for future Threat Vector segments by taking our ⁠brief survey⁠. Join the conversation on our social media channels: Website: ⁠⁠https://www.paloaltonetworks.com/unit42⁠⁠ Threat Research: ⁠⁠https://unit42.paloaltonetworks.com/⁠⁠ Facebook: ⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠ LinkedIn: ⁠⁠https://www.linkedin.com/company/unit42/⁠⁠ YouTube: ⁠⁠@PaloAltoNetworksUnit42⁠⁠ Twitter: ⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠ About Threat Vector Unit 42 Threat Vector is the compass in the world of cyberthreats. Hear about Unit 42’s unique threat intelligence insights, new threat actor TTPs, real-world case studies, and learn how the team works together to discover these threats. Unit 42 will equip listeners with the knowledge and insight to proactively prepare and stay ahead in the ever-evolving threat landscape. PALO ALTO NETWORKS Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Is the ALPHV gang pulling up a twenty two million dollar rug? Meta platforms are experiencing outages.  Ukraine claims a cyberattack on the Russian Ministry of Defense. Malicious phishers hope to hook hashes. TeamCity users are warned of critical vulnerabilities. The Discord leaker pleads guilty. AmEx suffers a third-party data breach. Amazon is flooded with fake copycat publications. Our guest is Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division to discuss Volt Typhoon. And, Dude, she is just not that into you. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division joins us to discuss Volt Typhoon. Selected Reading Hackers Behind the Change Healthcare Ransomware Attack Just Received a $22 Million Payment  (WIRED) Ukraine claims it hacked Russian Ministry of Defense servers (Bleeping Computer) Hundreds of orgs targeted with emails aimed at stealing NTLM authentication hashes (Help Net Security) TeamCity Users Urged to Patch Critical Vulnerabilities (Infosecurity Magazine) Pentagon leak defendant Jack Teixeira pleads guilty, faces years in prison (Reuters) American Express credit cards exposed in third-party data breach (Bleeping Computer) Tech writer Kara Swisher has a new book. Enter the AI-generated scams. (Bleeping Computer) Retired Army officer charged with sharing classified information about Ukraine on foreign dating site (CBS News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In honor of International Women's Day, please enjoy this encore of Monica Ruiz sharing her story. Cyber Initiative and Special Projects Fellow at the Hewlett Foundation Monica Ruiz shares her career development from aspirations of being a weather woman to her current role as a grantmaker and connector in cybersecurity. Monica discusses how her international study experience changed her outlook and brought her to the field of security. She shares the difficulties she faced as a woman of color when when not that many people look like you, and how she used that as her reason to move forward and better the cybersecurity field through her work. Our thanks to Monica for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

The US healthcare sector is struggling to recover from a cyberattack. Russia listens in via Webex. The former head of NCSC calls for a ransomware payment ban. An Indian content farm mimics legitimate online news sites. The FTC reminds landlords that algorithmic price fixing is illegal. FCC employees are targeted by a phishing campaign. Experts weigh in on NIST’s updated cybersecurity framework. Police shut down the largest German-speaking cybercrime market. Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. And celebrating the most inspiring women in cyber. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Mike Hanley, Chief Security Officer and the Senior Vice President of Engineering at GitHub, shares insights with Ann Johnson of Afternoon Cyber Tea. You can hear their full discussion here, and tune in to Microsoft Security’s Afternoon Cyber Tea every other Tuesday on the N2K’s CyberWire Network.   Selected Reading Health-care hack spreads pain across hospitals and doctors nationwide (Washington Post) Russia’s chief propagandist leaks intercepted German military Webex conversation (The Record) Cyber ransoms are too profitable. Let’s make paying illegal (The Times UK) News farm impersonates 60+ major outlets: BBC, CNN, CNBC, Guardian… (Bleeping Computer) Price fixing by algorithm is still price fixing (Federal Trade Commission) FCC Employees Targeted in Sophisticated Phishing Attacks (SecurityWeek) Industry Reactions to NIST Cybersecurity Framework 2.0: Feedback Friday (SecurityWeek) Germany takes down cybercrime market with over 180,000 users (Bleeping Computer) Exceptional Women Recognised for Contribution to Cyber Industry at Most Inspiring Women in Cyber Awards 2024 (IT Security Guru) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Product Manager in Anti-Fraud Solutions at SpyCloud, Pattie Dillon shares her journey from raising her family to specializing in the anti-fraud space. Upon reentering the workforce, Pattie worked on identity verification and developed a system with privacy concerns in mind. She moved to work in gift cards and was exposed to money laundering. Traveling along the fraud spectrum, Pattie learned about underground data and feels that this data can be leveraged to actually prevent and fight online fraud. Pattie believes if you don't try, you'll never know. We know we appreciate Pattie sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by, Selena Larson from Proofpoint, who is discussing their research, "Bumblebee Buzzes Back in Black." Bumblebee is a sophisticated downloader used by multiple cybercriminal threat actors and was a favored payload from its first appearance in March 2022 through October 2023 before disappearing. After a four month hiatus, Proofpoint researchers found that the downloader returned. Its return aligns with a surge of cybercriminal threat activity after a notable absence of many threat actors and malware. The research can be found here: Bumblebee Buzzes Back in Black  Learn more about your ad choices. Visit megaphone.fm/adchoices

A court orders NSO Group to hand over their source code. The Five Eyes reiterate warnings about Ivanti products. Researchers demonstrate a generative AI worm. Fulton County calls LockBit’s bluff. SMS codes went unprotected online. Golden Corral serves up a buffet of personal data. Ransom demands continue to climb. A US Senator calls on the FTC to investigate auto industry privacy practices. Dressing up data centers. Our guest is Dominic Rizzo, founder and director of OpenTitan and CEO at zeroRISC, discussing the first open-source silicon project to reach commercial availability. And Cops can’t keep their suspects straight.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Dominic Rizzo, founder and director of OpenTitan and CEO at zeroRISC, discussing the first open-source silicon project to reach commercial availability. You can find the press release here.  Selected Reading Five Eyes Warn of Ivanti Vulnerabilities Exploitation, Detection Tools Insufficient (Infosecurity Magazine) A leaky database spilled 2FA codes for the world’s tech giants (TechCrunch) Report: Average Initial Ransomware Demand in 2023 Reached $600K (Security Boulevard) Here Come the AI Worms (WIRED) Golden Corral restaurant chain data breach impacts 183,000 people (Bleeping Computer) Hackers stole 'sensitive' data from Taiwan telecom giant: ministry(Tech Xplore) CISA adds Microsoft Streaming Service bug to its Known Exploited Vulnerabilities catalog (Security Affairs) Senator asks FTC to investigate automakers’ data privacy practices (The Record) Looking good, feeling safe – data center security by design (Data Center Dynamics) Cops visit school of 'wrong person's child,' mix up victims and suspects in epic data fail (The Register) OpenTitan® Partnership Makes History as First Open-Source Silicon Project to Reach Commercial Availability (lowRISC) Creating Connections: Embracing change. (N2K Women in STEM newsletter)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Iran-Linked Cyber-Espionage Targets Middle East's Aerospace and Defense. SpaceX is accused of limiting satellite internet for US troops. Savvy Seahorse' Floods the Net with Investment Scams. GUloader Malware draws on a crafty graphic attack vector. Repo confusion attacks persist. European consumer groups question Meta’s data collection options. Allegations of Russia targeting civilian critical infrastructure in Ukraine. Cisco patches high-severity flaws. The US puts a Canadian cyber firm on its Entity List. On the Threat Vector segment, we have a conversation between host David Moulton and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing Unit 42's 2024 Incident Response Report. And the counter-productive messaging in anti-piracy campaigns.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment, we have a conversation between host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42,  and Michael "Siko" Sikorski, Unit 42's CTO and VP of Engineering, discussing the Unit 42's 2024 Incident Response Report.  Selected Reading Suspected Iranian cyber-espionage campaign targets Middle East aerospace, defense industries (The Record) US tells Musk to allow service in Taiwan (Taipei Times) SpaceX Refutes Claim It’s Withholding Starshield in Taiwan (Bloomberg)  Beware the Shallow Waters: Savvy Seahorse Lures Victims to Fake Investment Platforms Through Facebook Ads (infoblox) GUloader Unmasked: Decrypting the Threat of Malicious SVG Files  (McAfee Blog) Over 100,000 Infected Repos Found on GitHub (Apiiro) Rights groups file GDPR suits on Meta's pay-or-consent model (The Register) Russia Attacked Ukraine's Power Grid at Least 66 Times to ‘Freeze It Into Submission’ (WIRED) Cisco Patches High-Severity Vulnerabilities in Data Center OS  (SecurityWeek) Network intelligence company Sandvine banned from trading in the US  (SC Media) Intimidating anti-piracy warnings have the opposite effect on men, new study says (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

President Biden is set to sign an executive order restricting overseas sharing by data brokers. US Federal agencies warn of exploited Ubiquiti EdgeRouters. A new ransomware operator claims to have hacked Epic Games. A cross-site scripting issue leaves millions of Wordpress sites vulnerable. The Rhysida ransomware group posts a multi-million dollar ransom demand on a Children’s Hospital in Chicago. Mandiant tracks Chinese threat actors targeting Ivanti VPNs. The former head of DHS weighs in on a federal cyber insurance backstop. Domain Registrars offer bulk name blocking for brands. Our guest is Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. Cameo celebrities are taken out of context for political gains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Magpie Graham, Principal Adversary Hunter Technical Director at Dragos, reviews the key findings of Dragos’ Cybersecurity Year in Review report. You can download a copy of the report here. To hear the full interview with Magpie, check out Control Loop.  Selected Reading Biden Executive Order Targets Bulk Data Transfers to China (GovInfo Security) FBI Alert: Russian Hackers Target Ubiquiti Routers for Data, Botnet Creation (HACKREAD) Fortnite game developer Epic Games allegedly hacked (Cyber Daily) LiteSpeed Cache Plugin XSS Flaw Exposes 4M+ Million Sites to Attack (Cyber Security News) Ransomware gang seeks $3.4 million after attacking children’s hospital (The Record) Chinese Cyberspies Use New Malware in Ivanti VPN Attacks (SecurityWeek) A Cyber Insurance Backstop (Schneier on Security) Cyberwar Podcast with Kate and Alex - Special Guest Michael Chertoff  Registrars can now block all domains that resemble brand names (BleepingComputer) Cameo is being used for political propaganda — by tricking the stars involved (NPR) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

NIST’s Cybersecurity Framework gets an upgrade. ONCD makes a case against memory-related software bugs. A recent cyberattack targets Canada's Royal Canadian Mounted Police. US dethrones Russia as top target in cyber breaches. Caveat podcast cohost Ben Yelin discusses remedies in the generative AI copyright cases.And, Reggaeton Be Gone, a creative way to deal with your neighbors’ music choices.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin, cohost of Caveat podcast and Program Director, Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security, thinking about remedies in the generative AI copyright cases. You can find the Lawfare article Ben references here.   Selected Reading NIST Releases Version 2.0 of Landmark Cybersecurity Framework (NIST) After decades of memory-related software bugs, White House calls on industry to act (The Record)  Canada's RCMP, Global Affairs Hit by Cyberattacks (SecurityWeek) A cyber attack hit the Royal Canadian Mounted Police (Security Affairs)  UK email mistake put ‘lives at risk’ for Afghans who had worked with British military (The Record)  Russia and Belarus targeted by at least 14 nation-state hacker groups, researchers say (The Record)  Number of data breaches falls globally, triples in the US (TechSpot) Steel giant ThyssenKrupp confirms cyberattack on automotive division (Bleeping Computer) The Change Healthcare cyberattack is still impacting pharmacies. It's a bigger deal than you think (Fast Company) US Pharmacy Outage Triggered by 'Blackcat' Ransomware at UnitedHealth Unit, Sources Say (US News and World Report)  Getting Ahead of Cybersecurity Materiality Mayhem (Security Boulevard)  Raspberry Pi maker builds device to hack neighbor's Bluetooth speakers that were streaming annoying music (TechSpot) Reggaeton Be Gone (Hackster.io) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

LockBits reawakening. China's ramp up to safety for vital sectors. Data leak leaves China feeling exposed. Malware hidden by North Korea in fake developer job listings. UK Watchdog rebukes firm for biometric scanning of staff at leisure centers. SVR found adapting for the cloud environment. DOE proposes cybersecurity guidelines for the electric sector. Wideness of breach in the financial industry revealed. Moving on to better things. Things are looking up in the cybersecurity startup ecosystem. UK's National Cyber Security Centre announced they are launching a Cyber Governance Training Pack for boards. N2K’s President Simone Petrella talks with Elastic's CISO Mandy Andress about the CISO role and the intersection of cybersecurity, law, and organizational strategy. And, there’s a facial recognition battle going on at Waterloo, the University of Waterloo that is.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Simone Petrella, N2K’s President, talks with Mandy Andress, Elastic's CISO, about the CISO role and the intersection of cybersecurity, law, and organizational strategy. Selected Reading LockBit Ransomware Gang Resurfaces With New Site (SecurityWeek) LockBit ransomware gang attempts to relaunch its services following takedown (The Record)  China to increase protections against hacking for key industries (Reuters) The I-Soon data leak unveils China's cyber espionage tactics, techniques, procedures, and capabilities. (N2K CyberWire) Fake Developer Jobs Laced With Malware (Phylum Blog) Data watchdog tells off outsourcing giant for scanning staff biometrics despite 'power imbalance' (The Register)  SVR cyber actors adapt tactics for initial cloud access (National Cyber Security Centre) New DOE-Funded Initiative Outlines Proposed Cybersecurity Baselines for Electric Distribution Systems (Energy.gov)  LoanDepot says about 17 million customers had personal data and Social Security numbers stolen during cyberattack (TechCrunch)  Actual filing to Office of Maine Attorney General: Data Breach Notifications - Consumer Protection (Maine.gov)  U-Haul data breach affects 67,000 customers in US and Canada (AZ Central) Actual filing to Office of Maine AG: Data Breach Notifications - Consumer Protection (Maine.gov)   Funding Down, Optimism Up: The Bright Spots For Cybersecurity Startups In 2024 (Forbes) NCSC to Offer Cyber Governance Guidance to Boards (InfoSecurity Magazine)  'Facial recognition' error message on vending machine sparks concern at University of Waterloo (CTV News)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Director of Security Engineering at Marqeta and Host of Hacker Valley Studio podcast Chris Cochran describes his transitions throughout the cybersecurity industry, from an intelligence job with the Marine Corps, to starting the intelligence apparatus for the House of Representatives, then on to leading Netflix's threat intelligence capability. Chris points out that when pivoting to different roles and responsibilities, you must rely on your own strengths to move forward and bring value to your work Our thanks to Chris for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Assaf Dahan and Daniel Frank from Palo Alto Networks Cortex sit down with Dave to talk about their research "Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor." From late 2020 to late 2022, Unit 42 researchers discovered an active campaign that targeted several web hosting and IT providers in the United States and European Union. The research states "They have further deepened their foothold in victims’ environments by mass deployment of web shells, which granted them sustained access, as well as access to internal resources of the compromised websites." The research can be found here: Manic Menagerie 2.0: The Evolution of a Highly Motivated Threat Actor Learn more about your ad choices. Visit megaphone.fm/adchoices

The FTC fines Avast over privacy violations. ConnectWise's ScreenConnect is under active exploitation. AT&T restores services nationwide. An Australian telecom provider suffers a data breach. EU Member States publish a cybersecurity and resilience report. Microsoft unleashes a PyRIT. A new infostealer targets the oil and gas sector. A cyberattack cripples a major US healthcare provider. Our guest is Kevin Magee from Microsoft Canada with insights on why cybersecurity startups in Ireland are having so much success building new companies there. And  a USB device is buzzing with malware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Kevin Magee from Microsoft Canada talks about recently meeting 15 cybersecurity startups in Ireland and finding out why they are having so much success building new companies there.  Selected Reading FTC Order Will Ban Avast from Selling Browsing Data for Advertising Purposes, Require It to Pay $16.5 Million Over Charges the Firm Sold Browsing Data After Claiming Its Products Would Block Online Tracking (FTC) Cybercriminal groups actively exploiting ‘catastrophic’ ScreenConnect bug (The Record) AT&T services resume, company blames "incorrect process" (Data Center Dynamics) 230k Individuals Impacted by Data Breach at Australian Telco Tangerine (SecurityWeek) EU releases comprehensive risk assessment report on cybersecurity, resilience of communication networks (Industrial Cyber) Microsoft Releases Red Teaming Tool for Generative AI (SecurityWeek) New Infostealer Malware Attacking Oil and Gas Industry (GB Hackers on Security) UnitedHealth says Change Healthcare hacked by nation state, as US pharmacy outages drag on (TechCrunch) Vibrator virus steals your personal information (Malwarebytes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

AT&T experiences a major outage. The LockBit takedown continues. An updated Doppelgänger is spreading misinformation. A roundup of critical infrastructure initiatives. Toshiba and Orange make a quantum leap. An eyecare provider hack comes into focus. A phony iphone repair scheme leads to convictions. In our Learning Layer segment, Sam Meisenberg shares the latest learning science research. And we are shocked - shocked! - to discover that phone chargers can be used to attack our devices.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On this month’s Learning Layer segment, host Sam Meisenberg of N2K discusses learning science research. Sam breaks down research about quizzes and their impact on learner motivation and long term retention. Want to know more? Sam suggests you check out The Value of Using Tests in Education as Tools for Learning—Not Just for Assessment. Selected Reading AT&T, Verizon and T-Mobile customers hit by widespread cellular outages in U.S. (NBC News) US Offering $10M for LockBit Leaders as Law Enforcement Taunts Cybercriminals (SecurityWeek) LockBit Group Prepped New Crypto-Locker Before Takedown (Gov Info Security) Ukraine arrests father-son duo in Lockbit cybercrime bust (Reuters) Russian Cyberwarfare campaign (ClearSky Cyber Security) US Coast Guard issues cybersecurity directive for Chinese-made cranes after Biden's Executive Order (Industrial Cyber)  US agencies release joint fact sheet to strengthen cybersecurity in water and wastewater systems (Industrial Cyber)  E-ISAC 2023 report highlights cybersecurity triumphs and challenges in electricity sector (Industrial Cyber)  Toshiba and Orange test quantum encryption on traditional network (Computer Weekly) Hack at Services Firm Hits 2.4 Million Eye Doctor Patients (Gov Info Security) Chinese Duo Found Guilty of $3m Apple Fraud Plot (Infosecurity Magazine) VoltSchemer attacks use wireless chargers to inject voice commands, fry phones (BleepingComputer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

President Biden to sign EO to bolster maritime port security. Apple announces post-quantum encryption for iMessage. Malwarebytes examines the i-Soon data leak. Law enforcement airs LockBit’s dirty laundry. Varonis highlights vulnerabilities affecting Salesforce platforms. An appeals court overturns a $1 billion piracy verdict. NSA’s Rob Joyce announces his retirement. Anne Neuberger chats with WIRED.  A leading staffing firm finds its data for sale on the dark web. In our sponsored Industry Voices segment, Navneet Singh, VP of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some examples from healthcare. Hackers and hobbyists push back on the proposed Flipper Zero ban.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Navneet Singh, VP of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some examples in healthcare. Selected Reading Biden to sign executive order to give Coast Guard added authority over maritime cyber threats (CyberScoop) Apple Announces 'Groundbreaking' New Security Protocol for iMessage (MacRumors) A first analysis of the i-Soon data leak (Malwarebytes) Cops turn LockBit ransomware gang's countdown timers against them (The Register) Security Vulnerabilities in Apex Code Could Leak Salesforce Data (Varonis) Court blocks $1 billion copyright ruling that punished ISP for its users’ piracy (Ars Technica) NSA cyber director to step down after 34 years of service (Nextgov/FCW) Anne Neuberger, a Top White House Cyber Official, Is Staying Surprisingly Optimistic (WIRED) Critical flaw found in deprecated VMware EAP. Uninstall it immediately (Security Affairs) Hackers Claim Data Breach at Staffing Giant Robert Half, Sell Sensitive Data (HackRead) Save Flipper (Save Flipper) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Operation Cronos leaves LockBit operations on borrowed time. An alleged leak reveals internal operations from the Chinese Ministry of Public Security. An Israeli airline thwarts communications hijacking attempts. The alleged Raccoon Infostealer operator has been extradited to the US. ConnectWise patches critical vulnerabilities. Schneider Electric confirms a Cactus ransomware attack. Alleged Maryland money launderers face indictments. Russian hackers target media outlets in Ukraine. Our guest is Tomislav Pericin, Chief Software Architect at Reversing Labs , on the rise of software supply chain attacks. and Tinder hopes to reel in the catfish. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest is Tomislav Pericin, ReversingLabs Chief Software Architect, talking about the rise of software supply chain attacks. Learn more in their 2024 State of Software Supply Chain Security Report.  Selected Reading Police arrests LockBit ransomware members, release decryptor in global crackdown (BleepingComputer) U.S. and U.K. Disrupt LockBit Ransomware Variant (US Justice Department) Chinese Ministry Of Public Security Breach: Data On GitHub (The Cyber Express) Massive “i-Soon” leak reveals Chinese firm's hacking tools, targets, including NATO (The Stack) I-S00N Leaked Chinese foreign government infiltration intel on Github : r/cybersecurity (Reddit) Israeli Aircraft Survive “Cyber-Hijacking” Attempts (Infosecurity Magazine) Raccoon Infostealer operator extradited to the United States (Malwarebytes) Critical ConnectWise ScreenConnect vulnerabilities fixed, patch ASAP! (Help Net Security) Schneider Electric confirms data was stolen in Cactus ransomware attack (IT Pro) Maryland Busts $9.5 Million #BEC Money Laundering Ring (CyberCrime & Doing Time) Several Ukrainian media outlets attacked by Russian hackers (The Record) Tinder Expands ID Checks Amid Rise in AI Scams, Dating Crimes (Bloomberg) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Kathy O’Donnell is the leader of Space Solutions Architecture for AWS Aerospace and Satellite. In this extended conversation, we dive into how AWS is supporting generative AI in the space domain. She walks us through some incredible case studies with AWS customers who are using generative AI and space technologies to improve life here on Earth. Learn more about generative AI use cases for space at AWS re:Invent. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS successfully runs AWS compute and machine learning services on an orbiting satellite in a first-of-its kind space experiment | AWS Public Sector Blog AWS re:Invent 2022 - Accelerate Geospatial ML with Amazon SageMaker (AER204)  AWS re:Invent 2023 Audience Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Tim Miller, Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford, Esri’s CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor. To learn more about Cloud-Native Application Protection Platforms, check out Panoptica’s website at https://panoptica.app and consider attending the Cisco Live EMEA in Amsterdam, February 5-8, 2024. Learn more about your ad choices. Visit megaphone.fm/adchoices

Privacy and data security lawyer, Dominique Shelton Leipzig shares that she has always wanted to be a lawyer, ever since she was a little girl. She talks about what her role is with clients in protecting and managing their data, sometimes adhering to up to 134 different data protection laws for global companies. Learn that not a lot has changed for an African-American woman partner at an Amlaw 100 firm as far as diversity during Dominique's career, and how Dominique suggests young lawyers should address those odds. Our thanks to Dominque for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Ori David from Akamai is sharing their research "Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal." FritzFrog takes advantage of the fact that only internet facing applications were prioritized for Log4Shell patching and targets internal hosts, meaning that a breach of any asset in the network by FritzFrog can expose unpatched internal assets to exploitation.  The research states "FritzFrog has traditionally hopped around by using SSH brute force, and has successfully compromised thousands of targets over the years as a result." Over the years Akamai has seen more than 20,000 FritzFrog attacks, and 1,500+ victims. The research can be found here: Frog4Shell — FritzFrog Botnet Adds One-Days to Its Arsenal Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI kicks Moobot out of small business routers. Sensitive data has been stolen from a state government network. AMC proposes a multi-million-dollar settlement after improperly sharing subscriber’s viewing habits. The U.S. targets an Iranian military ship in the Red Sea with a cyberattack. Lawmakers propose transparency in the use of algorithms in criminal trials. CERT-EU highlights a spear phishing spike. An infamous Zeus and IcedID operator pleads guilty. Our guests are Dr. Josh Brunty, Head Coach, and Brad Wolfenden, Program Director, of US Cyber Games join us to share the details of how their 2024 season is shaping up. And AI comes to video. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Dr. Josh Brunty, Head Coach, and Brad Wolfenden, Program Director, of US Cyber Games join us to share the details of how the 2024 season is shaping up. Selected Reading US disrupts Russian hacking campaign that infiltrated home, small business routers: DOJ (ABC News)  U.S. State Government Network Hacked Via Former Employee Account (Cyber Security News) CISA Urges Patching of Cisco ASA Flaw Exploited in Ransomware Attacks (SecurityWeek) AMC to pay $8M for allegedly violating 1988 law with use of Meta Pixel (Ars Technica) U.S. conducted cyberattack on suspected Iranian spy ship (NBC News) New bill would let defendants inspect algorithms used against them in court (The Verge) Hackers Exploit EU Agenda in Spear Phishing Campaigns (Infosecurity Magazine) Ukrainian Hacker Pleads Guilty for Leading Zeus & IcedID Malware Attacks (GBHackers on security) OpenAI introduces Sora, its text-to-video AI model  (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft highlights adversaries experiments with AI LLMs. A misconfiguration exposes a decades worth of emails. SentinelOne describes Kryptina ransomware as a service. The European Court of Human Rights rules against backdoors. Senator Wyden calls out a location data broker. GoldFactory steals facial scans to bypass bank security. The Glow fertility app exposes the data of twenty five million users. Qakbot returns. Our Guest Rob Boyce from Accenture talks about tailored extortion. And hacking the airport taxi line leads to prison.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Rob Boyce from Accenture talks about tailored extortion as actors continue to shift to pure data extortion, with old and new tactics. Selected Reading State-backed hackers are experimenting with OpenAI models (Cyberscoop) Staying ahead of threat actors in the age of AI (Microsoft) U.S. Internet Leaked Years of Internal, Customer Emails (Krebs on security) Kryptina RaaS | From Underground Commodity to Open Source Threat  (SentinelOne) Backdoors that let cops decrypt messages violate human rights, EU court says (Arstechnica) A company tracked visits to 600 Planned Parenthood locations for anti-abortion ads, senator says (POLITICO) Cybercriminals are stealing Face ID scans to break into mobile banking accounts (theregister) Fertility tracker Glow fixes bug that exposed users’ personal data (TechCrunch) New Qbot malware variant uses fake Adobe installer popup for evasion (bleepingcomputer) Duo headed to prison for charging cabbies to skip JFK Airport line with Russian hackers' aid (nydailynews) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

It’s always DNS, but that may just be FUD. The DoD notifies victims of a cloud email server leak. New Jersey cops sue online data brokers. Crooks use WiFi jammers to thwart security systems. A copyright case against OpenAI is partially dismissed. Patch Tuesday includes two actively exploited zero days. CharmingCypress gathers political intelligence. Ann Johnson from Microsoft Security’s Afternoon Cyber Tea podcast talks with Frank Cilluffo, Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. And beware Cupid’s misleading arrow. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ann Johnson from Microsoft Security’s Afternoon Cyber Tea podcast talks with Frank Cilluffo, Director for Cyber and Critical Infrastructure Security at the McCrary Institute of Auburn University, about cyber and critical infrastructure. Check out the episode with the full conversation between Ann and Frank here.  Selected Reading KeyTrap DNS Attack Could Disable Large Parts of Internet: Researchers (SecurityWeek) US military notifies 20,000 of data breach after cloud email leak (TechCrunch) New Jersey law enforcement officers sue 118 data brokers for not removing personal info (The Record) Minnesota burglars are using Wi-Fi jammers to disable home security systems (TechSpot) Sarah Silverman’s lawsuit against OpenAI partially dismissed (The Verge) Microsoft February 2024 Patch Tuesday fixes 2 zero-days, 73 flaws (BleepingComputer) DarkMe Malware Targets Traders Using Microsoft SmartScreen Zero-Day Vulnerability (The Hacker News) CharmingCypress Use Poisoned VPN Apps to Install Backdoor (Cyber Security News) Beyond the Hype: Questioning FUD in Cybersecurity Marketing  (SecurityWeek) Valentine's Day Scams Woo the Lonely-Hearted (Security Boulevard)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Attackers lock up Azure accounts with MFA. Bank of America alerts customers to a third party data breach. Malicious cyber activity targets elections worldwide. CISA highlights a vulnerability in Roundcube Webmail. Lawmakers introduce a bipartisan bill to enhance healthcare cybersecurity. Siemens and Schneider Electric address multiple industrial vulnerabilities. Perception in tech gender parity still has a ways to go. Dave Bittner speaks with Guests Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief for Cyber at the FBI, about Chinese threat actor Volt Typhoon. And the scourge of online obituary spam.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guests Andrew Scott, Associate Director of China Operations at CISA, and Brett Leatherman, Section Chief at FBI, discussing  PRC/Volt Typhoon advisory and living off the land guidance. Read the press release on “U.S. and International Partners Publish Cybersecurity Advisory on People’s Republic of China State-Sponsored Hacking of U.S. Critical Infrastructure.” Selected Reading Ongoing campaign compromises senior execs’ Azure accounts, locks them using MFA (Ars Technica)  Bank of America warns customers of data breach after vendor hack (BleepingComputer) Global Malicious Activity Targeting Elections is Skyrocketing (Security Affairs) CISA Warns Of Active Attacks on Roundcube Webmail XSS Vulnerability (CISA) Bipartisan Senate Bill Requires HHS to Bolster Cyber Efforts (Gov Info Security) ICS Patch Tuesday: Siemens Addresses 270 Vulnerabilities (SecurityWeek)  Four in five men in tech say women are treated equally, as women criticise ‘invisible challenges’ (Euronews) The rise of obituary spam (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ shuts down the Warzone rat. Ransomware hits over twenty Romanian hospitals, and Rysida gets a decryptor. Canada may ban the Flipper Zero. Chinese espionage claims against the US are light on facts. Australia looks to criminalize doxxing. Federal IT leaders seek better coordination with CISA and the JCDC. Wired looks at the effect of cyberattacks on inequality. Our guest is Manny Felix, Founder and CEO of US Cyber Initiative, sharing their work in unlocking cyber career opportunities for young people. And this thumb drive will self-destruct in five seconds. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Manuel "Manny" Felix, Founder and CEO of US Cyber Initiative, sharing their work in unlocking career opportunities for young people who are interested in cyber and emergent technology. US Cyber Initiative grew out of AZ Cyber. Learn more about AZ Cyber here.  Selected Reading DOJ shuts down ‘Warzone’ malware vendor and charges two in connection (The Record) Ransomware attack forces 18 Romanian hospitals to go offline (BleepingComputer) Decryptor for Rhysida ransomware is available (Help Net Security) Canada moves to ban the Flipper Zero amid rising auto theft concerns (TECHSPOT) China’s Cyber Revenge | Why the PRC Fails to Back Its Claims of Western Espionage (SentinelOne) ‘Doxxing’ laws to be brought forward after Jewish WhatsApp leak  (The Sydney Morning Herald) Exclusive: Duke Energy to remove Chinese battery giant CATL from Marine Corps Base (Reuters) Federal IT officials call on CISA for tougher standards, more coordination (FedScoop) Priorities of the Joint Cyber Defense Collaborative for 2024 (CISA) The Hidden Injustice of Cyberattacks (WIRED) Ovrdrive USB stick with data-hiding and overheating self-destruct features nears crowdfunding goal (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Computer security writer, podcaster and public speaker Graham Cluley describes learning to program on his own from magazines, creating text adventure games for donations, and his journey from programming to presenting and writing with a bit of tap dancing on the side. Along the way, Graham collaborated with others and learned to communicate so that all could understand, not just techies. Our thanks to Graham for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Jon DiMaggio, Chief Security Strategist for Analyst1, is discussing his research on "Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of RansomedVC." While there is evidence to support that RansomedVC runs cybercrime operations, Jon questions the claims it made regarding the authenticity of the data it stole and the methods it used to extort victims. The research states "I uncovered sensitive information about the group's leader, Ransomed Support (also known as Impotent), relating to secrets from his past." In this episode John shares his 6 key findings after spending months engaging with the lead criminal who runs RansomedVC. The research can be found here: Ransomware Diaries Volume 4: Ransomed and Exposed - The Story of RansomedVC Learn more about your ad choices. Visit megaphone.fm/adchoices

A LastPass imitator sneaks its way past Apple’s app store review. Bitdefender identifies a new macOS backdoor. The Air Force and Space Force collaborate for stronger cyber defense. CISA offers an election security advisory program. The FCC bans AI robocalls. The Feds put a bounty on the Hive ransomware group. Senators introduce a bipartisan drone security act. Cisco Talos IDs a new cyber espionage campaign. Fighting the good fight against software bloat. On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel, Senior Vice President for Strategic Workforce Relationships at CompTIA about the cyber talent gap. And sports fans check your passwords.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with Amy Kardel, Senior Vice President for Strategic Workforce Relationships at CompTIA about their perspectives and initiatives in response to the cyber talent gap. Selected Reading Fake LastPass App Sneaks Past Apple's Review Team (MacRumors) Warning: Fraudulent App Impersonating LastPass Currently Available in Apple App Store (LastPass) New Rust-Based macOS Backdoor Steals Files, Linked to Ransomware Groups (HACKREAD) New Department of Air Force partnership brings cyber, space and information units closer (DefenseScoop) Federal Cybersecurity Agency Launches Program to Boost Support for State, Local Election Offices (SecurityWeek) FCC votes to outlaw scam robocalls that use AI-generated voices (CNN Business) US offers $10 million for tips on Hive ransomware leadership (Bleeping Computer) New legislation would give NIST drone cybersecurity responsibilities (FedScoop)  New Zardoor backdoor used in long-term cyber espionage operation targeting an Islamic organization (Talos Intelligence) Why Bloat Is Still Software’s Biggest Vulnerability (IEEE Spectrum) Super Bowl of Passwords: Chiefs vs. 49ers in the Battle of Cybersecurity (Security Boulevard) Taylor Swift's Influence on Cybersecurity (Enzoic) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A joint advisory warns of Volt Typhoon’s extended network infiltration. Check your Cisco devices for patches. Fortinet clarifies its latest vulnerabilities. Internet outages plague Pakistan on election day. Kaspersky describes the new Coyote banking trojan. Cyber insurance is projected to reach new heights. The White House appoints a leader for the AI Safety Institute, and sees pushback on proposed reporting regulations. Can we hold AI liable for its foreseeable harms? Joe Carrigan joins us with insights on the Mother of All Data Breaches. The potential of Passkeys versus the comfort of passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Podcast partner and Hacking Humans co-host Joe Carrigan stops by today to discuss the mother of all data breaches. Selected Reading Chinese hackers hid in US infrastructure network for 5 years (BleepingComputer)  Akira, LockBit actively searching for vulnerable Cisco ASA devices (Help Net Security) Cisco fixes critical Expressway Series CSRF vulnerabilities (SecurityAffairs) Fortinet warns of new FortiSIEM RCE bugs in confusing disclosure (BleepingComputer)  Pakistani telcos suffer widespread Internet blackouts on election day (DCD) Coyote: A multi-stage banking Trojan abusing the Squirrel installer (Securelist) Cyber insurance market growing dramatically, Triple-I Finds (AI-TechPark) Biden Administration Names a Director of the New AI Safety Institute (SecurityWeek) No one's happy with latest US cyber incident reporting plan (The Register) DHS Is Recruiting Techies for the AI Corps (BankInfoSecurity) Can the courts save us from dangerous AI? (Vox) I Stopped Using Passwords. It's Great—and a Total Mess (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A security researcher has been charged in an alleged multi-million dollar theft scheme targeting Apple. A House committee hearing explores OT security. Fortinet withdraws accidental CVEs. 2023 saw record highs in ransomware payments. A youtuber finds a cheap and easy bypass for Bitlocker encryption. Political pressure proves challenging for the JCDC. New Hampshire tracks down those fake Biden robocalls. European security agencies bolster warnings about Ivanti devices. HHS fines a New York medical center millions over an identity theft ring. On our sponsored Industry Voices segment, Navneet Singh, Vice President of Marketing Network Security at Palo Alto Networks, shares some practical examples of healthcare organizations transitioning to the cloud. Giving that toothbrush story the brushoff. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Navneet Singh, Vice President of Marketing Network Security at Palo Alto Networks, discusses the transition to the cloud and shares some practical examples in healthcare. Selected Reading A Security Researcher Allegedly Scammed Apple (404 Media) US House Homeland Security subcommittee addresses OT threats, CISA's role in securing OT - Industrial Cyber (Industrial Cyber) Operational Technology disruptions: An eye on the water sector. Robert M. Lee’s opening statement to before the U.S. Congressional Subcommittee on Cybersecurity and Infrastructure Protection. (Control Loop podcast) Securing Operational Technology: A Deep Dive into the Water Sector (Homeland Security Events YouTube) Fortinet Patches Critical Vulnerabilities in FortiSIEM (SecurityWeek) Fortinet snafu: Critical FortiSIEM CVEs are duplicates, issued in error (Bleeping Computer) Ransomware hackers raked in $1 billion last year from victims (NBC News) BitLocker encryption broken in 43 seconds with sub-$10 Raspberry Pi Pico — key can be sniffed when using an external TPM (Tom’s Hardware) The far right is scaring away Washington's private hacker army (POLITICO) N.H. attorney general says he found source of fake Biden robocalls (NBC News) European security agencies publish joint statement on Ivanti Connect Secure, Policy Secure vulnerabilities (Industrial Cyber) Medical Center Fined $4.75M in Insider ID Theft Incident (GovInfoSecurity) Surprising 3 Million Hacked Toothbrushes Story Goes Viral—Is It True? (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The global community confronts spyware. Canon patches critical vulnerabilities in printers. Barracuda recommends mitigations for Web Application Firewall issues. Group-IB warns of ResumeLooters. Millions are at risk after a data breach in France. Research from the UK reveals contradictory approaches to cybersecurity. Meta’s Oversight Board recommends updates to Facebook’s Manipulated Media policy. We’ve got a special segment from the Threat Vector podcast examining Ivanti's Connect Secure and Policy Secure products. And it’s time to brush up on IOT security.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In a special segment from Palo Alto Networks’ Threat Vector podcast, host David Moulton, Director of Thought Leadership at Unit 42, along with guests Sam Rubin, VP, Global Head of Operations, and Ingrid Parker, Senior Manager of the Intel Response Unit, dives deep into the critical vulnerabilities found in Ivanti's Connect Secure and Policy Secure products. You can check out the full conversation here.  Selected Reading US to restrict visas for those who misuse commercial spyware (Reuters) Britain and France assemble diplomats for international agreement on spyware (The Record) Israeli government absent from London spyware conference and pledge (The Record) Government hackers targeted iPhones owners with zero-days, Google says (TechCrunch) Google agrees to pay $350 million settlement in security lapse case (Washington Post) Canon Patches 7 Critical Vulnerabilities in Small Office Printers  (SecurityWeek) Barracuda Disclosed Critical Vulnerabilities in WAF, Affecting File Upload and JSON Protection (SOCRadar) ResumeLooters target job search sites in extensive data heist (Help Net Security) Millions at risk of fraud after massive health data hack in France (The Connexion) Fragmented cybersecurity vendor landscape is exacerbating risks and compounding skills shortages, SenseOn research reveals (IT Security Guru) Meta’s Oversight Board Urges a Policy Change After a Fake Biden Video (InfoSecurity Magazine) Toothbrushes are a cybersecurity risk, too: millions participate in DDoS attacks (Cybernews) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Anydesk confirms a serious breach. Clorox and Johnson Controls file cyber incidents with the SEC. There’s already a potential Apple Vision Pro kernel exploit. A $25 million deepfake scam. Akamai research hops on the FritzFrog botnet. The US sanctions Iranians for attacks on American water plants. Commando Cat targets Docker API endpoints. Pennsylvania courts fall victim to a DDoS attack. A new leader takes the reins at US Cyber Command and the NSA. Our guest is Dr. Heather Monthie from N2K Networks, with insights on the White House's recent easing of education requirements for federal contract jobs. And remembering one of the great cryptology communicators.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Heather Monthie from N2K Networks shares some insight into the White House's recent easing of education requirements for federal contract jobs. You can find the background to that in our Selected Reading section.  Selected Reading AnyDesk, an enterprise remote software platform used by major firms including Raytheon and Samsung, suffered a security breach - here’s what you need to know (IT Pro) Clorox and Johnson Controls Reveal $76m Cyber-Attack Bill (Infosecurity Magazine) MIT student claims to hack Apple Vision Pro on launch day (Cybernews) Finance worker pays out $25 million after video call with deepfake ‘chief financial officer’ (CNN) FritzFrog botnet is exploiting Log4Shell bug now, experts say (The Record) US sanctions Iranian officials over cyber-attacks on water plants (BBC) The Nine Lives of Commando Cat: Analysing a Novel Malware Campaign Targeting Docker  (Cado Security) Pennsylvania court agency's website hit by disabling cyberattack, officials say (ABC News) Cyber Command, NSA usher in Haugh as new chief (The Record) White House moves to ease education requirements for federal cyber contracting jobs (CyberScoop) White House moves to ease education requirements for federal cyber contracting jobs (GAO) David Kahn, historian who cracked the code of cryptology, dies at 93 (Washington Post) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cybersecurity and disinformation researcher Bilyana Lilly shares her career path from studying where she was always a foreigner to an expert on the Russian perspective. While studying international law in Kosovo, Bilyana realized there are no winners in war. Through her work, she hopes to bring a greater understanding of Russia's strategic thinking. Our thanks to Bilyana for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Johannes Ullrich from SANS talking about the Internet Storm Center and how they do research. Internet Storm Center was created as a mix of manual reports submitted by security analysts during Y2K and automated firewall collection started by DShield. The research shares how SANS used their "agile honeypots" to "zoom in" on events to more effectively collect data targeting specific vulnerabilities. Internet Storm Center has been noted on three separate attacks that were observed. The research can be found here: Jenkins Brute Force Scans Scans for Ivanti Connect "Secure" VPN Vulnerability (CVE-2023-46805, CVE-2024-21887) Scans/Exploit Attempts for Atlassian Confluence RCE Vulnerability CVE-2023-22527 Learn more about your ad choices. Visit megaphone.fm/adchoices

Former CIA leaker sentenced to 40 years. Interpol arrests suspected cybercriminals and takes down servers. Cloudflare discloses a Thanksgiving Day data breach. The FBI removes malware from outdated routers. President Biden plans to veto a Republican-led bill overturning cyber disclosure rules. Attackers target poorly managed Linux systems. Infected USB devices take advantage of popular websites for malware distribution. Blackbaud faces a data deletion mandate from the FTC. Our guest is Adam Marré, CISO of Arctic Wolf, to kick off our continuing discussion of 2024 election security. A cybersecurity incident in Georgia leads to a murder suspect on the run. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Adam Marré, CISO of Arctic Wolf, joins us to begin our discussion of election security in 2024. Adam will be sharing their Election Cybersecurity Survey outlining key cybersecurity threats to the 2024 election season.  Selected Reading 40 years in prison for ex-CIA coder who leaked hacking tools to WikiLeaks (Digital Journey) Interpol arrests more than 30 cybercriminals in global ‘Synergia’ operation (The Record) Cloudflare Hacked After State Actor Leverages Okta Breach (HACKREAD) FBI removes malware from hundreds of routers across the US (Malwarebytes) Biden to Veto Attempt to Overturn SEC Cyber Incident Disclosure Rules (SecurityWeek) Threat Actors Installing Linux Backdoor Accounts (ASEC) USB Malware Chained with Text Strings on Legitimate Websites Attacks Users (Cybersecurity News) FTC settles with Blackbaud over poor data practices leading to massive hack (The Record) Murder suspect mistakenly released from jail after 'cybersecurity incident'  (ABC News)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Directors Wray and Easterly warn congress of threats from Chinese hackers. Myanmar authorities extradite pig butchering suspects. Automation remains a challenge. Snyk Security Labs plugs holes in “Leaky Vessels.” Pegasus spyware targets human rights groups in Jordan. Subtle-paws scratch at Ukrainian military personnel. White Phoenix brings your ransomed files back from the ashes. In today’s Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, speaks with MDR Senior Manager Oded Awaskar, about how AI might change the world of security operations and threat-hunting. A wee lil trick for bypassing Chat GPT guardrails. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In today’s segment of Threat Vector, host David Moulton, Director of Thought Leadership at Unit 42, speaks with Oded Awaskar, an MDR Senior Manager, about threat-hunting and how AI and ML might change the world of security operations and threat-hunting. Tune in to Palo Alto Networks’ biweekly Threat Vector podcast on our network for the full conversation. If you are interested to learn more about Unit 42 World-Renowned threat hunters, visit https://www.paloaltonetworks.com/unit42/respond/managed-threat-hunting and https://www.paloaltonetworks.com/unit42/respond/managed-detection-response In coming episodes, David will discuss the impact of the SEC Cyber Rules with Jacqueline Wudyka and share a conversation with Sam Rubin, Global Head of Operations for Unit 42, about his testimony at the Congressional hearing on the growing threat of ransomware. Selected Reading Wray warns Chinese hackers are aiming to 'wreak havoc' on U.S. critical infrastructure (NPR) FBI director warns Chinese hackers aim to 'wreak havoc' on U.S. critical infrastructure (NBC News) Opening Statement by CISA Director Jen Easterly (CISA on YouTube) FBI issues dramatic public warning: Chinese hackers are preparing to 'wreak havoc' on the US (CNN on YouTube)  CISA orders federal agencies to disconnect Ivanti VPN appliances by Saturday (Bleeping Computer) iPhone Under Attack: U.S. Government Issues 21 Days To Comply Warning (Forbes) Why Are Cybersecurity Automation Projects Failing? (Security Week) Crime bosses behind Myanmar cyber ‘fraud dens’ handed over to Chinese government (The Record) Leaky Vessels: Docker and runc Container Breakout Vulnerabilities (Snyk) At Least 30 Journalists, Lawyers and Activists Hacked With Pegasus in Jordan, Forensic Probe Finds (SecurityWeek) Online ransomware decryptor helps recover partially encrypted files (Bleeping Computer) Analysis and Detection of STEADY#URSA Attack Campaign Targeting Ukraine Military Dropping New Covert SUBTLE-PAWS PowerShell Backdoor (Securonix) OpenAI's GPT-4 safety systems broken by Scots Gaelic (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Global Affairs Canada investigates a major data breach. New York sues Citibank over inadequate online security. Alpha ransomware launches a dedicated leak site on the dark web. A leaked database with 50 million records may or may not be real. CISA and the FBI provide guidance for SOHO routers.Patch ‘em if ya got ‘em. Krustyloader exploits Ivanti weaknesses. Unit 42 tracks a large-scale scareware campaign. Alex Stamos calls Microsoft’s security strategies “morally indefensible.” Our guests are Gianna Whitver and Maria Velasquez from the Cybersecurity Marketing Society to talk about their new podcast "Breaking Through in Cybersecurity Marketing." And do you have what it takes to protect his majesty’s royal laptop? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guests Gianna Whitver and Maria Velasquez from the Cybersecurity Marketing Society join Dave to share about their podcast "Breaking Through in Cybersecurity Marketing" that is joining the N2K network. You can listen to their newest episode on our network.  Selected Reading Global Affairs investigating 'malicious' hack after VPN compromised for over one month (National Post)  Lawsuit: Citibank refused to reimburse scam victims who lost “life savings”  (Ars Technica) Unveiling Alpha Ransomware: A Deep Dive into Its Operations (Netenrich) Nearly 50 million Europcar customer records put up for sale on the dark web – or were they? (ITPro) Apple and Google Just Patched Their First Zero-Day Flaws of the Year (WIRED) Threat actors exploit Ivanti VPN bugs to deploy KrustyLoader Malware (Security Affairs) ApateWeb: An Evasive Large-Scale Scareware and PUP Delivery Campaign (Palo Alto Networks) Microsoft's Dangerous Addiction To Security Revenue (LinkedIn) Be the Royal Family’s Cybersecurity Manager, and get a cut-price honey dipper! (Graham Cluley)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The U.S. counters a Chinese hacking campaign. Juniper issues out of band patches. Schneider Electric suffers a ransomware attack. Over a million and a half individuals are affected by an insurance consulting firm breach. AT&T finds DarkGate malware leveraging Microsoft teams. The White House is set to require AI developers to share safety test results. Resecurity finds high level credentials posted online. Zscaler says Zloader malware is back. The Georgia county prosecuting former President Trump got hit with a cyberattack. Microsoft’s Ann Johnson speaks with guest Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, about cybersecurity at 35,000 feet. And yesterday’s airborne joker is off the hook.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast, talks with guest Deneen DeFiore, Vice President and Chief Information Security Officer at United Airlines, about cybersecurity at 35,000 feet. Selected Reading Exclusive: US disabled Chinese hacking network targeting critical infrastructure (Reuters) China-Linked Hackers Target Myanmar's Top Ministries with Backdoor Blitz (The Hacker News) Juniper Networks Releases Urgent Junos OS Updates for High-Severity Flaws (The Hacker News) Schneider Electric confirms it was hit by ransomware attack (Silicon Republic) 1.5 Million Affected by Data Breach at Insurance Broker Keenan & Associates (SecurityWeek) DarkGate malware delivered via Microsoft Teams - detection and response (AT&T) AI companies will need to start reporting their safety tests to the US government (AP) Hundreds of network operators’ credentials found circulating in Dark Web (Security Affairs) New ZLoader Malware Variant Surfaces with 64-bit Windows Compatibility (The Hacker News) Cyberattack Hits Georgia County Where Trump Is Charged (Bloomberg) British man acquitted over London-Spain flight bomb hoax (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Solarwinds seeks dismissal of SEC allegations. Urgent calls to implement fixes for Jenkins open-source software automation tools. A New Jersey township closes schools and offices after a cyberattack. The Centre for Cybersecurity Belgium warns of a critical vulnerability in GitLab. The FBI arrests a notorious swatter. HHS releases cybersecurity performance goals. The feds remind organizations to preserve online messaging. Mercedes-Benz exposes data after an authentication token was left unsecured. A dark web drug dealer pleads guilty. Our guest is Caleb Barlow from Cyberbit, discussing hacker celebrities and why yours truly did not make the list. And threats of airport terrorism on public WiFi is no joking matter. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Podcast partner Caleb Barlow, CEO of Cyberbit, discusses hacker celebrities and why our own Dave Bittner did not make the list. Selected Reading SolarWinds Seeks Dismissal of ‘Unfounded’ SEC Cybersecurity Suit  (Bloomberg Law) Fix Available for Critical Jenkins Flaw That Leads to RCE Attacks (Security Boulevard) Freehold Township district: All schools and offices closed Monday due to cybersecurity incident (News12 New Jersey) WARNING: CRITICAL ARBITRARY FILE WRITE VULNERABILITY IN GITLAB CE/EE, PATCH IMMEDIATELY! (Centre for Cybersecurity Belgium) Police Arrest Teen Said to Be Linked to Hundreds of Swatting Attacks (WIRED) HHS debuts voluntary cybersecurity performance goals to enhance healthcare sector resilience (Industrial Cyber) Don’t Delete Slack or Signal Chats, US Agencies Warn Companies (Bloomberg Law) How a mistakenly published password exposed Mercedes-Benz source code (TechCrunch) Dark Web Drugs Vendor Forfeits $150m After Guilty Plea (Infosecurity Magazine) ‘On My Way to Blow Up the Plane’: Teen Faces Huge Fine After Joke Leads to Fighter Jets Scrambling (Gizmodo) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rashmi Bharathan, an Information Technology Internal Auditor from Wintrust Financial Corporation sits down to share her story as a woman with 10 years in the IT industry and how she got her start. From childhood Rashmi always wanted to be a good leader, helping those around her, now she shares how helping people is a passion of hers and spends a lot of her time volunteering to help those coming into this industry. She says "It's all about, you should know your connections. That is more important. So I would say that networking and volunteering is really going to help you to grow in your career," sharing that community is the key to her success and working hard to network has been a great help to her to get her where she is today. We thank Rashmi for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Tim Miller, Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford, Esri’s CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor. To learn more about Cloud-Native Application Protection Platforms, check out Panoptica’s website at https://panoptica.app and consider attending the Cisco Live EMEA in Amsterdam, February 5-8, 2024. Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaron Bradley from Jamf Threat Labs is sharing their work on "Jamf Threat Labs discovers new malware embedded in pirated applications." Jamf Threat Labs has detected a series of pirated macOS applications that have been modified to communicate to attacker infrastructure. The research states "These applications are being hosted on Chinese pirating websites in order to gain victims." The discovery marks new and advanced malware, similar to the ZuRu malware, first discovered by Objective-See in 2021 within the iTerm2 application. The research can be found here: Jamf Threat Labs discovers new malware embedded in pirated applications Learn more about your ad choices. Visit megaphone.fm/adchoices

Senator Wyden calls out the NSA for purchasing American’s internet records. Senators look to add IT and ICS environments to federal employee cyber competitions. The FTC asks big tech about their investments in AI. Turns out the GSA bought a bunch of Chinese security cameras. Akira ransomware claims a breach of Lush cosmetics. ESET reports on the Blackwood cyberespionage group. Wired looks at Predatory Sparrow. The U.S. stands firm on the United Nations Cybercrime Treaty. Our guest is Tony Surak, CMO & Operating Partner from DataTribe, with insights on the state of venture capital in cyber. And a Trickbot gang member will be doing some time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Tony Surak from DataTribe joins us to share his take on the state of the VC cyber market. Selected Reading Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records; Calls on Intelligence Community to Stop Buying U.S. Data Obtained Unlawfully From Data Brokers, Violating Recent FTC Order  Senate Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition  FTC officially asks Big Tech about their AI deals | Cybernews  GSA Sparks Security Fears After Buying Risky Chinese Cameras Akira ransomware gang says it stole passport scans from Lush • The Register Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware - SecurityWeek How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar | WIRED On eve of final negotiations, US says consensus growing around ‘narrow’ UN cybercrime treaty Trickbot malware developer sentenced to 5 years behind bars • The Register Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cozy Bear breaches Hewlett Packard Enterprise. An investigation reveals global surveillance based on digital advertising. Cisco patches critical vulnerabilities. Meta aims to enhance the online safety of minors.  iOS notifications are exploited for tracking. EquiLend’s systems go offline after a cyberattack.  A DC theater faced financial crisis after seeing their bank account drained. Critical infrastructure is targeted in Ukraine.  The latest insights on ransomware. Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. And Teslas get POwned in Tokyo. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. Selected Reading Hewlett Packard Enterprise tells SEC it was breached by Russia’s 'Cozy Bear' hackers (The Record) Inside a Global Phone Spy Tool Monitoring Billions (404 Media) Cisco Patches Critical Vulnerability in Enterprise Collaboration Products (SecurityWeek) Instagram and Facebook will now prevent strangers from messaging minors by default (The Verge) Research Reveals How iPhone Push Notifications Leak User Data (MacRumors) Financial tech firm EquiLend says recovery after cyberattack ‘may take several days’ (The Record) 'No gift is too small' | GALA Hispanic Theater asking for donations after hackers drain bank accounts (WUSA9) Ukrainian energy giant, postal service, transportation agencies hit by cyberattacks (The Record) The 2024 Ransomware Threat Landscape (Symantec Enterprise Blogs) Who pays, and why: A researcher examines the ransomware victim’s mindset (The Record) Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive - SecurityWeek (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Biden prepares executive order on foreign access to data. Britain’s NCSC warns of a significant ransomware increase. Cisco Talos confirms ransomware surge. BuyGoods.com leaks PII and KYC data. Fortra faces scrutiny over slow disclosure. AI fights financial fraud. Intel471 highlights bulletproof hosting. NSO Group lobbies to revamp their image. Tussling in Missouri over election security. Integrating cyber education. Our guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking about a new partnership for a comprehensive Cyber Talent Study. And the moral panic of Furbies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking with Dave Bittner about a new partnership for a comprehensive Cyber Talent Study to deepen the collective understanding of cybersecurity competencies within the industry. Selected Reading Biden Seeks to Stop Countries From Exploiting Americans’ Data for Espionage (Bloomberg) British intelligence warns AI will cause surge in ransomware volume and impact (The Record) Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors (Talos) Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data (HACKREAD) Fortra blasted over slow response to critical GoAnywhere file transfer bug (SC Media) Gen AI Expected to Bring Big Changes to Banking Sector (GovInfo Security) Why Bulletproof Hosting is Key to Cybercrime-as-a-Service (Infosecurity Magazine) Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback (WIRED) Missouri secretary of state accused of withholding cybersecurity reviews of election authorities (StateScoop) Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (Check Point)  These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The mother of all data breaches. CISA director Easterly is the victim of a swatting incident. An AI robocall in New Hampshire seeks to sway the election. Australia sanctions an alleged Russian cyber-crime operator. Atlassian Confluence servers are under active exploitation. Apple patches a webkit zero-day. Black Basta hits a major UK water provider. Hackers who targeted an Indian ISP launch and online search portal. A Massachusetts hospital suffered a Christmas day ransomware attack. Ann Johnson host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl. And HP claims bricked printers are a security feature, not a bug.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Microsoft Security’s Afternoon Cyber Tea podcast host, Ann Johnson, speaks with Caitlin Sarian, known to many as Cybersecurity Girl, a leading influencer with a cybersecurity-focused social presence. Listen to the full interview here.  Selected Reading Mother of All Breaches: ​a Historic Data Leak Reveals 26 Billion Records (Cybernews) CISA’s Easterly the target of ‘harrowing’ swatting incident (The Record) AI robocalls impersonate President Biden in an apparent attempt to suppress votes in New Hampshire (PBS NewsHour) Hear fake Biden robocall urging voters not to vote in New Hampshire (YouTube) Medibank hack: Russian sanctioned over Australia's worst data breach (BBC) Hackers start exploiting critical Atlassian Confluence RCE flaw (BleepingComputer) iOS 17.3 and macOS Sonoma 14.3 Patch WebKit Vulnerability That May Have Been Exploited (MacRumors) UK water company that serves millions confirms system attackIndian ISP Hathway Data Breach (The Record) Hacker Leaks 4 Million Users, KYC Data (HACKREAD) Massachusetts hospital claimed to be targeted by Money Message ransomware (SC Media) HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies (The Register) HP CEO evokes James Bond-style hack via ink cartridges (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order another data broker to restrict location data. US Feds release security guidance for water and wastewater sectors. Senators question the DOJ on facial recognition technology. Ukraine’s Monobank gets DDoSed. N2K’s CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast. The passing of a Time Lord.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast launching next month.    Selected Reading Microsoft: Russian Hackers Had Access to Executives' Emails (GovInfo Security) LockBit ransomware gang claims the attack on the sandwich chain Subway (Security Affairs) Ransomware hits cloud service Tietoevry; numerous Swedish customers affected (The Record) Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021 (Mandiant) North Korea’s ScarCruft APT group targets infosec pros (CSO Online) FTC Order Will Ban InMarket from Selling Precise Consumer Location Data (Federal Trade Commission) US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities (SecurityWeek) Ukraine’s Monobank hit with massive DDoS attack (Silicon Republic) Senators ask DOJ to investigate whether facial recognition tech violates Civil Rights Act (The Record) RIP, Internet’s Time Lord (On My Om) Network Time Protocol (NTP) attack (noun) (Word Notes podcast) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CEO, Matt Devost, describes many firsts in his career including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and how he was able to translate those into a career. For those interested in cybersecurity, Matt advises opportunities for self-directed learning including heading down to your basement and building your own lab. Our thanks to Matt for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices

Jon Williams from Bishop Fox is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. The research can be found here: It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft warns of an Iranian cyberespionage group. The CyberSafety Review Board receives critical reviews of its own. VMWare warns of active product exploitation. Tax info gets leaked in accounting firm breach. Kansas State University reports a cyber incident. CISA adds Citrix Netscaler vulnerabilities to its Known Exploited Vulnerabilities catalog. Councils in the UK suffer online disruptions. Cyber insurance can be a double edged sword. More email security breaches lead to firings. In our Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service With an update on the Cybersecurity Talent Initiative. And it’s shields up for Generation Z. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service sharing an update on the Cybersecurity Talent Initiative and how federal agencies and early career existing talent that may be interested in the program’s offerings. Selected Reading Microsoft: Iranian hackers target researchers with new MediaPl malware (Bleeping Computer) Cyber Safety Review Board needs stronger authorities, more independence, experts say (Cyberscoop) VMware vCenter Server Vulnerability Exploited in Wild (SecurityWeek) ELO accounting data breach sparks tax fraud (Cybernews) Cyber attacks on Kent councils disrupt online services (BBC) Kansas State University suffered a serious cybersecurity incident (SecurityAffairs) CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities (Malwarebytes) Cyber Insurance in the Age of Ransomware: Protection or Provocation? (SOCRadar) Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks (IT Pro) Think boomers are most vulnerable to cybersecurity attacks? Wrong. It's actually Gen Z (CBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2024 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest This segment of Threat Vector dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. This thought-provoking discussion, hosted by David Moulton, director of thought leadership at Unit 42, ffocuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks. Visit Unit 42 by Palo Alto Networks to learn more.  Check out the Threat Vector podcast and follow it on your favorite podcast app.  Selected Reading Researcher uncovers one of the biggest password dumps in recent history (Ars Technica) Troy Hunt: Inside the Massive Naz.API Credential Stuffing List (Troy Hunt) Feds warn China-made drones pose risk to US critical infrastructure (SC Media) TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks (The Hacker News) Swiss Government Reports Nuisance-Level DDoS Disruptions (Data Breach Today) Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners (HACKREAD) PixieFail: Nine flaws in UEFI open-source reference implementation (Security Affairs) Update Chrome! Google patches actively exploited zero-day vulnerability (Malwarebytes) Cybercrime crew infects 172,000 smart TVs and set-top boxes (Risky Biz News) Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware (Google Threat Analysis Group) Security Brief: TA866 Returns with a Large Email Campaign (Proofpoint) Each Facebook User Is Monitored by Thousands of Companies (Consumer Reports) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Bryce Kennedy, President of the Association of Commercial Space Professionals (ACSP), is sharing what is on horizon in space law. Bryce is also a space lawyer and a regular contributor to our T-Minus daily space podcast right here on the N2K podcast network. You can hear more from the T-Minus space daily show here. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney.  Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday. Got a question you'd like us to answer on our show? You can send your audio file to caveat@thecyberwire.com. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Atlassian issues critical updates. CISA and the FBI warn of AndroxGh0st. A GPU vulnerability hits major manufacturers. A Foxconn subsidiary in Taiwan gets hacked. Australians suffer breached credit cards through credential stuffing. A parade of horrible hackers and scammers. CISO accountability is highlighted at ShmooCon. Cybersecurity VC funding plummets. On the Learning Layer, N2K’s Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session. Don’t ask ChatGPT to handle your Amazon product listings.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Learning Layer with N2K’s Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session he held with Jaden Dicks. Selected Reading Atlassian’s Confluence Data Center and Server Affected by Critical RCE Vulnerability, CVE-2023-22527: Patch Now (SOCRadar) FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation (Security Affairs) A new vulnerability affecting Apple, AMD, and Qualcomm GPUs could expose AI data (TechSpot) Taiwan’s Foxconn subsidiary faces cyberattack (Taiwan News) 15,000 Aussies Affected After Binge, The Iconic Hacked (Pedestrian) Hackers post disturbing videos to online forum used by UC Irvine students (ABC7) Heartless scammers prey on hundreds of lost pet owners, demanding ransoms or else… (Bitdefender) As hacks worsen, SEC turns up the heat on CISOs (TechCrunch) Cybersecurity Startup Funding Hits 5-Year Low, Drops 50% From 2022 (Crunchbase) Amazon Is Selling Products With AI-Generated Names Like "I Cannot Fulfill This Request It Goes Against OpenAI Use Policy" (Futurism) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ivanti products are under active zero-day exploitation. Phemedrone is a new open-source info-stealer. Bishop Fox finds exposed SonicWall firewalls. GitLab and VMware patch critical vulnerabilities. The Secret Service foils a phishing scam. Europol shuts down a cryptojacking campaign. Ransomware hits a Majorca municipality. RUSI looks at ransomware. Ben Yelin explains the New York Times going after OpenAI over the data scraping. And the sad case of an Ohio lottery winner.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest and partner Ben Yelin joins us today to discuss “The Most Critical Elements of the FTC’s Health Breach Rulemaking.” Ben is the Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and Co-Host of N2K’s Caveat Podcast. Selected Reading Ivanti Connect Secure zero-days now under mass exploitation (Bleeping Computer) Windows SmartScreen flaw exploited to drop Phemedrone malware (Bleeping Computer) Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (Security Affairs) GitLab Fixes Password Reset Bug That Allows Account Takeover (Security Boulevard) Patches Available for a Critical Vulnerability in VMware Aria Automation: CVE-2023-34063 (Malware News) US court docs expose fake antivirus renewal phishing tactics (Bleeping Computer) Hacker spins up 1 million virtual servers to illegally mine crypto (Bleeping Computer) Ransomware gang demands €10 million after attacking Spanish council (The Record) Ransomware: Victim Insights on Harms to Individuals, Organisations and Society (Royal United Services Institute) Cybersecurity incident delays payouts for big Ohio Lottery winners (Beacon Journal) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this encore episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together. Learn more about your ad choices. Visit megaphone.fm/adchoices

Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief marketer and podcaster Kathleen is doing just that. She shares how proving your worth can lead to success. Listen for Kathleen's advice on getting your foot in the door. Our thanks to Kathleen for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Ryan Westman, Senior Manager, Threat Intelligence, eSentire's Threat Response Unit (TRU), is discussing their research "Two Russian-speaking cyber gangs attack employees from 23 different companies." They are using malicious Google ads, promoting popular business software such as Zoom, Slack, and Adobe. The customers targeted are companies in the manufacturing, software, legal, retail and healthcare industries. The attacking threat actors belong to the Russian-speaking Malware-as-a-Service (MaaS) groups called BatLoader and FakeBat. The research can be found here: Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads Learn more about your ad choices. Visit megaphone.fm/adchoices

The Feds look to cast a wider hiring net. Legislators focus on deepfakes. Cookie stealers bypass MFA on Google accounts. A Fast food hiring chat bot got hacked. Medusa casts her gaze toward extortion. Akira ransomware is active in Finland. GitLab patches critical vulnerabilities. Bosch thermostats are vulnerable to some hot firmware. CSAM vendors’ crypto sophistication grows. CISA released ICS advisories. On our Solution Spotlight, N2K’s Simone Petrella speaks with Kim Jones, Director of Intuit's CyberCRAFT team, about the SEC's heightened focus on cybersecurity. And a little listener feedback, Karaoke style. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K’s Simone Petrella discusses a possible hurdle with Kim Jones, Director of Intuit's CyberCRAFT team. They talk about the SEC's heightened focus on cybersecurity. Selected Reading An analysis of cyberattacks against Danish energy infrastructure. Cryptomining campaign targets weak SSH passwords. (CyberWire) White House moves to ease education requirements for federal cyber contracting jobs (CyberScoop) State Legislators Tighten A.I. Rules to Combat Deceptive Election Ads (New York Times) Info-stealers can steal cookies for permanent access to your Google account (Malwarebytes) Hackers Break into AI Hiring Chatbot, Could Hire and Reject Fast Food Applicants (404 Media) Medusa Ransomware Turning Your Files into Stone (Unit 42 by Palo Alto Networks) Akira ransomware attackers are wiping NAS and tape backups  (Help Net Security) Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP (The Hacker News) Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise (Infosecurity Magazine) Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks (WIRED) CISA Releases Nine Industrial Control Systems Advisories (CISA) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A zero-day hits Ivanti VPN customers. CISA highlights an active MS Sharepoint Server flaw. Cisco patches a critical vulnerability. Atomic Stealer gets updates. Sensitive school emergency planning documents are exposed online. The FCC reports on risky communications equipment. The White House will introduce new cybersecurity requirements for hospitals. Mandiant explains their X-Twitter hack. Our guest is Palo Alto Networks’ Unit 42’s David Moulton, host of the new Threat Vector podcast. And we are shocked - shocked! - to learn that an online sex for money scheme is a scam.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest David Moulton from Palo Alto Networks joins us to talk about Threat Vector. It’s Unit 42’s segment turned podcast on the N2K media network. Selected Reading Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers (The Record) CISA Urges Patching of Exploited SharePoint Server Vulnerability (SecurityWeek) Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) (Help Net Security) Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (The Hacker News) FCC's Reimbursement Program shows progress in removing national security risks from communication networks (Industrial Cyber) After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding (The Messenger) US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak (WIRED) Mandiant’s X Account Was Hacked in Brute-Force Password Attack (Infosecurity Magazine) Believing they would be paid a fortune for having sex with women, hundreds of Indian men scammed out of cash  (Graham Cluely) Threat Vector Links. To get more information on Medusa ransomware, listen to this episode of Threat Vector. Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The World Economic Forum names AI a top global threat. The SEC suffers social media breach. The FTC settles with a data broker over location data sales. A massive data leak hits Brazil. Chinese researchers claim and AirDrop hack. A major real estate firm suffers data theft. Pikabot loader is seeing use by spammers. Ukraine’s Blackhit hits Russia’s M9 Telecom. Stuxnet methods are revealed. A Patch Tuesday rundown. Our guest is ​​Tim Eades from the Cyber Mentor Fund to discuss the growing prevalence of restoration as a part of incident response. And Hackers could screw up a wrench. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest ​​Tim Eades from Cyber Mentor Fund joins us to discuss the growing prevalence of restoration as a part of incident response.  Selected Reading AI-powered misinformation is the world's biggest short-term threat, Davos report says (AP News) NSA: Benefits of generative AI in cyber security will outweigh the bad (IT Pro) SEC account on X ‘compromised’ and regulator has not approved bitcoin ETFs (MarketWatch) SEC did not have 2FA enabled: X safety team on fake Bitcoin ETF post (Cointelegraph) FTC Order Prohibits Data Broker X-Mode Social and Outlogic from Selling Sensitive Location Data (Federal Trade Commission) Entire population of Brazil possibly exposed in massive data leak (Security Affairs) China says state-backed experts crack Apple's AirDrop (Digital Journal) Fidelity National Financial says hackers stole data on 1.3 million customers (TechCrunch) Water Curupira Hackers Launch Pikabot Malware Attack on Windows Machine (GBHackers On Security) Ukrainian “Blackjack” Hackers Take Out Russian ISP (Infosecurity Magazine) Ukraine is on the front lines of global cyber security (Atlantic Council)  Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report (SecurityWeek) New research paper explores post-quantum cryptography for critical infrastructure cybersecurity (Industrial Cyber) AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure (Wall Street Journal) Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks (Reuters) January Patch Tuesday: New year, more Windows bugs (The Register) Cybersecurity Advisory: Apache Struts Vulnerability CVE-2023-50164 (Uptycs) Hackers can infect network-connected wrenches to install ransomware (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Swatting is on the rise. LoanDepot, the Toronto Zoo and the World Council of Churches all confirm ransomware attacks. Iran-linked hackers target Albania. Sea Turtle focuses on espionage and information theft. Fake “security researchers” offer phony ransomware recovery services. Could AI make KYC  EOL? Avast enhances Babuk decryption. Joe Carrigan looks at the human side of email security. And a group of midwives fail to deliver. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Joe Carrigan from JHU ISI on the human elements that impact email security  Selected Reading Tanya Chutkan, the judge overseeing Trump's federal election interference case, appears to be victim of 'swatting' Special counsel Jack Smith was targeted by attempted swatting on Christmas Day LoanDepot Takes Systems Offline Following Ransomware Attack Toronto Zoo hit by ransomware attack | Cybernews Rhysida ransomware gang takes responsibility for attack on World Council of Churches Wiper malware found in analysis of Iran-linked attacks on Albanian institutions Turkish espionage campaigns in the Netherlands "Security researcher" offers to delete data stolen by ransomware attackers Gen AI could make KYC effectively useless | TechCrunch  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Robert M. Lee, founder and CEO of Dragos, to discuss intellectual property theft in manufacturing.  Selected Reading AsyncRAT campaign targets US infrastructure. (CyberWire) 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace (US Department of Justice) Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM (Nextgov/FCW) Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) Swiss Air Force documents exposed via cyber attack on third party (BeyondMachines.net) Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack (SecurityWeek) Merck settles with insurers who denied $700 million NotPetya claim (The Record) Syrian Threat Group Peddles Destructive SilverRAT (DarkReading) NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (The Hacker News) Mortgage firm loanDepot cyberattack impacts IT systems, payment portal (BleepingComputer) Big Tech has already made enough money in 2024 to pay all its 2023 fines (Proton) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dean of Research, Johannes Ullrich, relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And there’s a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. Our thanks to Johannes for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Base’s Phobos ransomware payload contains an embedded configuration, which is a significant difference between 8Base’s Phobos variant and other Phobos samples that have been observed in the wild since 2019.  In this 2-part research series, Talos conducts a deep dive into the Phobos ransomware, including its affiliate structure, activity and capabilities, as well as the one private key that could enable decryption of all the samples analyzed.  The research can be found here: A deep dive into Phobos ransomware, recently deployed by 8Base group Understanding the Phobos affiliate structure and activity Learn more about your ad choices. Visit megaphone.fm/adchoices

BGP attack disrupts Internet service. Data breach law firm breached. Remcos RAT returns. Poison packages in the PyPI repository. Hacktivist personae and GRU fronts. BreachForums impresario re-arrested. Cyber National Mission Force gets a new leader. On our Solution Spotlight, Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap. LinkedIn as a dating platform? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding Diversity, Equity and Inclusion (DE&I) initiatives. Selected Reading BGP attack disrupts Internet service. Pirated Zeppelin ransomware source code for sale in a C2C souk. BreachForums impresario re-arrested. (CyberWire) Hacker hijacks Orange Spain RIPE account to cause BGP havoc (Bleeping Computer) RIPE Account Hacking Leads to Major Internet Outage at Orange Spain (SecurityWeek) Law firm that handles data breaches was hit by data breach (TechCrunch) UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (The Hacker News) EXPERTS FOUND 3 MALICIOUS PACKAGES HIDING CRYPTO MINERS IN PYPI REPOSITORY (SecurityAffairs) BreachForums administrator detained after violating parole (The Record) Russian hackers wiped thousands of systems in KyivStar attack (Bleeping Computer) US military’s Cyber National Mission Force gets a new chief (The Record) The Hottest New Dating Site: LinkedIn (Business Insider) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Sandworm was in Kyivstar's networks for months. Museums face online outages. Emsisoft suggests a ransomware payment ban. An ambulance service suffers a data breach. Mandiant’s social media gets hacked. GXC Team's latest offerings in the C2C underground market. 23andMe blames their breach on password reuse. Lawyers are using outdated encryption.  On today’s Threat Vector segment, David Moulton chats with Garrett Boyd,  senior consultant at Palo Alto Networks Unit 42  about the importance of internal training and mentorship in cybersecurity. And in Russia, holiday cheers turn to political jeers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Threat Vector segment with David Moulton features Garrett Boyd, a senior consultant at Unit 42 by Palo Alto Networks with a background as a Marine and professor, discusses the importance of internal training and mentorship in cybersecurity. He provides insights into how training prepares professionals for industry challenges and how mentorship fosters professional growth and innovation. Garrett emphasizes the need for a mentorship culture in organizations and the responsibility of both mentors and mentees in this dynamic. The episode highlights the transformative impact of mentorship through personal experiences and concludes with an invitation for listeners to share their stories and a reminder to stay vigilant in the digital world. Threat Vector To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Selected Reading Compromised accounts and C2C markets. Cyberespionage and state-directed hacktivism. (CyberWire) Exclusive: Russian hackers were inside Ukraine telecoms giant for months (Reuters) Hackers linked to Russian spy agency claim cyberattack on Ukrainian cell network (reuters) Museum World Hit by Cyberattack on Widely Used Software (The New York Times) The State of Ransomware in the U.S.: Report and Statistics 2023 (Emsisoft) Nearly 1 million affected by ambulance service data breach (The Record) Mandiant’s account on X hacked to push cryptocurrency scam (Bleeping Computer) Cybercriminals Implemented Artificial Intelligence (AI) For Invoice Fraud (Resecurity) 23andMe tells victims it’s their fault that their data was breached (TechCrunch+) The Curious Case of MD5 (katelynsills) Firmware prank causes LED curtain in Russia to display ‘Slava Ukraini’ — police arrest apartment owner (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber-kidnapping in Utah. Hospitals sue for data recovery. The US Department of Homeland Security assesses cyber threats to the US. Mac malware is on the rise. Cameras hacked by Russian intelligence services provide targeting information. Ransomware roundup. An NPM dependency campaign. Google recommends enhanced safe browsing. Rob Boyce from Accenture describes the Five Families and the trend of hacker collaboration. And the FTC wants to hear your cloned voice. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Rob Boyce from Accenture talking about the Five Families, the trend of hacker collaboration.  Selected Reading Missing Riverdale foreign exchange student found near Brigham City in case of ‘cyber kidnapping’ (ABC4) What is ‘cyber kidnapping’ and what can you do to stay safe online? (Deseret News) Hospitals ask courts to force cloud storage firm to return stolen data (BleepingComputer) Homeland Threat Assessment (US Department of Homeland Security)  The Mac Malware of 2023 (Objective-See) SBU blocks webcams that ‘flashed’ operation of air defense during missile attack on Kyiv on Jan 2 (Interfax-Ukraine) Ukraine says Russia hacked web cameras to spy on targets in Kyiv (The Record)  Akumin radiology and oncology reports ransomware attack and data breach (beyondmachines) Coop supermarket chain hit by ransomware cyberattack (beyondmachines) When “Everything” Goes Wrong: NPM Dependency-Hell Campaign – 2024 Edition (Checkmarx) Accounts in danger: Google recommends enhanced safe browsing and extra care (cybernews) The FTC Voice Cloning Challenge (FTC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A zero-click exploit affects iPhones belonging to Kaspersky employees. A GRU cyber campaign incorporates novel malware. The Indian government targets Apple over hacking attempts. Microsoft disables App Installer. Australian courts’ AV is compromised. A BlackBasta decryptor is released. Cyber Toufan claims attacks against Israeli targets. Patients in Oklahoma face online extortion. LoanCare customers’ data is at risk. Google settles a private browsing lawsuit. Barracuda patches a zero-day. That Chinese spy balloon was making a local call. And then Caleb Barlow, a friend of our show, shares password security tips you should know.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Caleb Barlow, CEO of Cyberbit, joins us today to share helpful tips to remember those passwords.  Selected Reading 4-year campaign backdoored iPhones using possibly the most advanced exploit ever (Ars Technica)  New malware found in analysis of Russian hacks on Ukraine, Poland (The Record) Russian Military Intelligence Blamed for Blitzkrieg Hacks (GovInfo Security) India targets Apple over its phone hacking notifications (Washington Post) Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews)  Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews)  Cyber attack on Victoria's court system may have exposed recordings of sensitive cases (ABC News)  New Black Basta decryptor exploits ransomware flaw to recover files (Bleeping Computer) Pro-Palestinian operation claims dozens of data breaches against Israeli firms (The Record) Integris Health patients get extortion emails after cyberattack (Bleeping Computer)  AG: Corewell Health reports another data breach; affects 1 million patients (The Oakland Press) LoanCare Notifying 1.3 Million of Data Breach Following Cyberattack on Parent Company (Security Week) Google settles $5 billion consumer privacy lawsuit (Reuters) Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (Security Affairs) U.S. intelligence officials determined the Chinese spy balloon used a U.S. internet provider to communicate (NBC News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsoft’s effort to make the digital world safe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today.    Resources: View Charlie Bell on LinkedIn   View Ann Johnson on LinkedIn     Related Microsoft Podcasts:          Listen to: Uncovering Hidden Risks  Listen to: Security Unlocked   Listen to: Security Unlocked: CISO Series with Bret Arsenault        Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Financial firm CISO, Tom Quinn, takes us from his first experience with modern computers in the military to his current role as a Chief Information Security Officer. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference. Our thanks to Tom for sharing his story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign. The research states, "For years, the campaign had operated undetected, siphoning intellectual property and sensitive data." The team quickly made two reports on the campaign, one sharing an examination on the tactics and techniques. The second gives a detailed analysis of the malware and exploits used. The research can be found here: Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to the T-Minus Overview Radio Show. In this program we’ll feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. In this episode we’re covering cybersecurity for space. What is it? What are the threats to space systems, why is there such an emphasis on it right now, and what are people doing about it?  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Our first guest is Renee Wynn, former CIO of NASA. Our second guest is Matthieu Bailly, Vice President of Space at CYSEC, a cybersecurity company based in Lausanne, Switzerland. Our third guest speaking to T-Minus Producer Alice Carruth, is Steve Luczynski, Board Chairman of the Aerospace Village. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Marc catches up with Mimecast CEO and co-founder Peter Bauer. They cover Peter's CEO journey, including what it was like growing up in South Africa, why he opted out of attending university, highlights from Mimecast's 20-year history, and what Peter learned from taking the company public — and then private again. You'll also learn:  When and how to raise capital, and how to manage meeting the board's expectations.  How CEOs can overcome self-doubt and continuously reimagine their role to look at challenges with new eyes.  How to view the company's history as a story with chapters and eras, and why it's important to always believe you're at the beginning of the book.  Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by John Scrimsher, chief information security officer (CISO) at Kontoor Brands, Inc., and Marcel Bucsescu, senior director of credentialing and strategic engagement at NACD, to expand upon the NACD Accelerate program. Then Ian Furr, security integration engineer at RH-ISAC, talks about his volunteer work with the Information Technology Disaster Resource Center (ITDRC) and the Fairfax County Fire and Rescue Department. Finally, Luke chats with Bidemi (Bid) Ologunde, intelligence analyst at Expedia Group, about his own podcast, The Bid Picture, background, and the trajectory of cybersecurity. Thank you to Fortinet for their sponsorship of the Retail & Hospitality ISAC podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems.  Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief. Guests: Brandon Karpf, Vice President at N2K Networks (LinkedIn) (Website) Dr. Lynne S. McNeill, Associate Professor at Utah State University (LinkedIn) (Twitter) Dr. John Laudun, Professor at University of Louisiana at Lafayette (LinkedIn) (Twitter) (Website) Lev Gorelov, Research Director at Handshake Consulting (LinkedIn) (Twitter) (Website) Resources Interview with the AI, part one, by the Brandon Karpf / the CyberWire 'Hard Fork': An Interview With Sam Altman, by The New York Times The Exciting, Perilous Journey Toward AGI, Ilya Sutskever TED Talk Ilya: the AI scientist shaping the world, by The Guardian Meet Loab, the AI Art Woman Haunting the Internet: Is she a demon? A Cryptid? Or nothing at all..., the Guardian In 2016, Microsoft’s Racist Chatbot Revealed the Dangers of Online Conversation The bot learned language from people on Twitter—but it also learned values, IEEE Spectrum Perry's Digital Folklore episode about AI Handshake's Generative AI Masterclass on Maven Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, shop for merch, support the show on Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news. Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound. 8Li cover art by Chris Machowski @ https://www.RansomWear.net/. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

Summary Cathy Hackl (Twitter, LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss the potential implications of the metaverse on intelligence. Cathy has been called the “Godmother of the Metaverse.” What You’ll Learn Intelligence What the metaverse is Security and counterintelligence in a virtual world Futurism within intelligence agencies  Potential risks and consequences of the metaverse Reflections How virtual spaces can affect our physical world The necessity to evolve alongside technology And much, much more … Episode Notes The web will continue to evolve and change with time, but what’s coming next? And how will this evolution affect the ways that intelligence organizations around the world conduct their operations? This week on SpyCast, Cathy Hackl joins Andrew to explain what the metaverse is, what we can expect from living in this new virtual world, and how intelligence agencies can begin planning for the Web 3 future. Cathy Hackl has been dubbed the “Godmother of the Metaverse”  Resources Featured Resource Into the Metaverse: The Essential Guide to the Business Opportunities of the Web3 Era, Cathy Hackl (Bloomsbury, 2023)  Metaverse Marketing [Cathy’s podcast] *Beginner Resources* What Is the Metaverse, Exactly?, Wired (2022) [Article] Web 3.0 Explained In 5 Minutes, YouTube (2022) [5 min. Video] 12 new tech terms you need to understand the future, R. Gray, BBC (2018) *SpyCasts* How Artificial Intelligence is Changing the Spy Game – with Mike Susong (2022) Trafficking Data: The Digital Struggle with China -- with Aynne Kokas (2022) The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 1 of 2) The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 2 of 2)  *Wildcard Resource* Watch the world’s first metaverse music video, Snoop Dogg’s “House I Built,” here! Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview from August 18th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Camille Stewart Gloster, Deputy National Cyber Director at the The White House discuss the White House's cybersecurity workforce and education strategy. Learn more about your ad choices. Visit megaphone.fm/adchoices

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of Christmas, my malware gave to me: 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eleventh day of Christmas, my malware gave to me: 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the twelfth day of Christmas, my malware gave to me: 12 Hackers hacking... 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Lapsus$ hacker is sentenced to hospital detention. Online ads and phishing drain crypto wallets. Cyberespionage continues. LockBit and ALPHV say they want to form a ransomware cartel. The 8220 gang's cryptojacking. DarkGate RAT's propagation. The evolution of Bandook. A prominent title insurance company takes systems offline. Rick Howard speaks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence. And Trump’s Dumps lead to BidenCash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s Rick Howard talks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence in conjunction with Google. Selected Reading The infamous GTA VI hacker has been convicted - and the story is simply absurd (IT Pro) Crypto drainer steals $59 million from 63k people in Twitter ad push (Bleeping Computer) Threat Actor 'UAC-0099' Continues to Target Ukraine (Deep Instinct)  ‘Today FBI Got Him, Tomorrow They Will Get Me’: LockBit, BlackCat Unite to Form Cyber Cartel (The Cyber Express)  Imperva Detects Undocumented 8220 Gang Activities (Imperva) BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint) Bandook - A Persistent Threat That Keeps Evolving (Fortinet) First American takes IT systems offline after cyberattack (Bleeping Computer) BidenCash darkweb market gives 1.9 million credit cards for free (Bleeping Computer) BidenCash (Searchlight Cyber) Russia Seizes Ferum, Sky-Fraud, UAS, and Trump’s Dumps—and Signals More Takedowns to Come [Updated] (Flashpoint) Share your feedback.Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

German officials take down a dark web market. Google patched zero-day. Terrapin attack targets SSL. A look at payment fraud. Agent Tesla is spreading through an old vulnerability. An iPhone thief explains his techniques. Ukrainian reprisals for Russia's Kyivstar attack. Israeli officials warn of data wipers. Rick Howard speaks with Scott Roberts of Interpress about Driving Intelligence with MITRE ATT&CK, and leveraging limited resources to build an evolving threat repository. And go ahead and click that like button - just don’t expect to get paid. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest Scott Roberts of Interpres joins N2K’s Rick Howard from the recent MITRE ATT&CKcon event. They discuss driving intelligence with MITRE ATT&CK: Leveraging limited resources to build evolving threat repository.  Selected Reading German police takes down Kingdom Market cybercrime marketplace (BleepingComputer) GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY (Securityaffairs) SSH protects the world’s most sensitive networks. It just got a lot weaker (Ars Technica) Annual Payment Fraud Intelligence Report: 2023 (Recorded Future) Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla (Zscaler) iPhone Thief Explains How He Breaks Into Your Phone (Wall Street Journal) Ukrainian hackers breach Rosvodokanal, seize data of Russia's largest private water utility (RBC Ukraine) Fake F5 BIG-IP zero-day warning emails push data wipers (BleepingComputer) “Get Paid to Like Videos”? This YouTube Scam Leads to Empty Wallets (Hack Read) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Interpol leads cybercrime take downs. ALPHV/Blackcat is in a “tug of Tor” with the FBI.  The Senate confirms a new leader for Cyber Command and NSA. Rite Aid is banned from using facial recognition. CISA prepares a new approach to information sharing. Remote encryption of ransomware. CitrixBleed is exploited to access customer data. An update on the Kyivstar cyberattack. The Tallinn Mechanism solidifies Western support for Ukraine's cybersecurity. In today’s Learning Layer segment, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. And GCHQ introduces youngsters to code breaking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Learning Layer segment today, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. For more information on practice tests, please visit N2K’s certification page.  Learning Layer links Practice tests Selected Reading Interpol operation arrests 3,500 cybercriminals, seizes $300 million (Bleeping Computer) AlphV claims to have ‘unseized’ its darkweb domain from the FBI. What’s happening? (The Record) Senate confirms Biden’s pick for Cyber Command, NSA (The Record) Rite Aid Banned from Using AI Facial Recognition After FTC Says Retailer Deployed Technology without Reasonable Safeguards (Federal Trade Commission) Enabling Threat-Informed Cybersecurity: Evolving CISA’s Approach to Cyber Threat Information Sharing (CISA) CryptoGuard: An asymmetric approach to the ransomware battle (Sophos) Notice To Customers of Data Security Incident (Businesswire) Ukraine's Kyivstar says it is fully operational after cyber attack (Reuters) UK and partners form The Tallinn Mechanism for cyber security (Gov.UK) GCHQ Christmas challenge: Agency reveals 2023 codebreaker (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI takes down ALPHV/BlackCat. Comcast reveals breach of nearly 36 million Xfinity customers. Microsoft and Cyberspace Solarium Commission release water sector security report. Malware increasingly uses public infrastructure. Iran's Seedworm and its telco targets. QR code scams. Feds release joint analysis of 2022 election integrity. Joint advisory on Play ransomware group. In today’s Mr Security Answer Person, John Pescatore considers the risks of AI. Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC. Iranian gas stations running on empty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests John Pescastore joins us for Mr. Security Answer Person to address the question, “Things seem to be moving quickly with AI, what is your feeling about that positioning for early 2024?” Today’s guest is Lauren Brennan of GuidePoint Security. N2K’s Rick Howard caught up with Lauren recently  at the MITRE ATT&CKcon 4.0. They discussed evaluating and maturing your SOC. Selected Reading Authorities claim seizure of notorious ALPHV ransomware gang’s dark web leak site (TechCrunch+) Comcast says hackers stole data of close to 36 million Xfinity customers (TechCrunch+) Microsoft, Cyberspace Solarium Commission propose measures to strengthen water sector cybersecurity (Industrial Cyber) Malware leveraging public infrastructure like GitHub on the rise (Reversing Labs) Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (Symantec) “Quishing” you a Happy Holiday Season (netcraft) 2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS (Securityweek) US and Australia Warn of Play Ransomware Threat (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A US mortgage company reveals major data breach. Updates from CISA. NSA provides guidance on SBOMs. MongoDB warns customers of a breach. BlackCat/ALPHV is still a market leader, but feeling competitive pressure. Reassessing the effects of Log4shell. The International Committee of the Red Cross calls for restraint in cyber warfare. Ransomware hits a cancer center. Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. And what can I do to make you take home this chatbot today? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Host of Microsoft Security’s Afternoon Cyber Tea podcast, Ann Johnson, goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. Ann’s full discussion with Tanya can be heard here. You can catch Afternoon Cyber Tea every other Tuesday on your favorite podcast apps and the N2K Network.  Selected Reading Mr. Cooper reveals breach exposed 14.6 million clients (Cybernews) Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment (CISA) NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity (Security Week) MongoDB says customer data was exposed in a cyberattack (Bleeping Computer) ALPHV Targeting: Ransomware & Digital Extortion (ZeroFox) A Log4Shell Retrospective - Overblown and Exaggerated (VulnCheck) We call on States to stop turning a blind eye to the participation of civilian hackers in armed conflict (ICRC) Seattle cancer center confirms cyberattack after ransomware gang threats (The Record) What can I do to make you take home this chatbot today? (Mastodon) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Oren Koren, Co-Founder and Chief Product Officer from Veriti sits down to share his amazing story. Before entering the vendor side of the cyber world, Oren served for 14 years in the Israeli 8200 unit where he led a variety of cybersecurity activities and researches that eventually earned him four 8200-unit cyber innovation awards. When he left the Israel Defense Forces, he joined Check Point Software to lead their AI-based innovations and advanced data analytics projects that redefined threat hunting and SIEM applications. This eventually inspired him to start his own company, with fellow co-founder Adi Ikan. Oren shares that he had a love for music growing up, and wanted to be a musician, saying music was the catalyst to him becoming interested in the cyber field, saying "I believe the music helped me a bit with my career in cybersecurity." We thank Oren for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just published new threat intelligence on Fighting Ursa (aka APT28), a group associated with Russia's military intelligence, on how they are exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) to target organizations in NATO member countries, Ukraine, Jordan, and the UAE. These organizations are of strategic importance in defense, foreign affairs, economy, energy, transportation, and telecommunications. The research can be found here: Fighting Ursa Aka APT28: Illuminating a Covert Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

Google boosts Maps privacy, a court shields password disclosure, feds foil a massive scam operation, Iran-Israel cyber tensions escalate, Idaho National Labs reports a significant data breach, a security engineer's cybercrime confession.  N2K’s Rick Howard reports from the recent MITRE ATT&CK con, speaking with Blake Strom of Microsoft about 10 years of the MITRE ATT&CK Framework. And Brian Krebs' relentless investigation into the Target breach. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K’s Rick Howard recently attended the MITRE ATT&CK Con. While there, Rick spoke with Blake Strom of Microsoft and they discussed 10 years of MITRE ATT&CK Framework. Selected Reading Google is rolling out new protections for our location data (The Washington Post) Four men indicted in $80 million ‘pig butchering’ scheme (CNBC) Just In: Crypto Hacker Shakeeb Ahmed Admits to $12 Million Heist (BET US) Suspects can refuse to provide phone passcodes to police, court rules (Ars Technica) Gaza Cybergang | Unified Front Targeting Hamas Opposition (Sentinal Labs) Israeli CEO recruits Muslim hackers to fight Hamas in cyberwarfare (The Jerusalem Post)  Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach (Securityweek) Ten Years Later, New Clues in the Target Breach (krebsonsecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft takes down the Storm-1152 cybercrime operation. “GambleForce” is a newly discovered threat actor.  The SVR exploits a JetBrains TeamCity vulnerability. US Postal Service impersonation. Malicious ads associated with Zoom. An update on the cyberattack against Kyivstar. Apache issues a Struts 2 security advisory. The FCC adopts new data breach rules.  In our latest Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. And the State Department's Global Engagement Center is under fire. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Threat Vector segment with Palo Alto Networks Unit 42’s David Moulton, hear about decoding cyber adversaries. David discusses unveiling intent and behavior in the world of threat hunting with Madeline Sedgwick. Selected Reading Microsoft disrupts cybercrime operation selling fraudulent accounts to notorious hacking gang (TechCrunch+) New hacker group GambleForce targets government and gambling sites in Asia Pacific using SQL injections (Group-IB) Russian Foreign Intelligence Service (SVR) Exploiting JetBrains TeamCity CVE Globally (Joint Advisory) Malvertisers zoom in on cryptocurrencies and initial access (MalwareBytes) Russian hacker group claims responsibility for Kyivstar cyberattack (The Kyiv Independent)  New Critical RCE Vulnerability Discovered in Apache Struts 2 - Patch Now (The Hacker News) FCC Adopts Updates to Data Breach Rules, Sets Up Privacy Battle (Bloomberg Law) State Dept.’s Fight Against Disinformation Comes Under Attack (The New York Times) Threat Vector. In this Threat Vector segment, David Moulton and Palo Alto Networks Madeline Sedgwick discuss the skills and methods necessary for understanding threat actor intent and behaviors. Madeline, a Senior Cyber Research Engineer and Threat Analyst for the Cortex Xpanse team at Palo Alto Networks, shares insights into how analyzing adversary behavior helps in anticipating threats and avoiding guesswork. They discuss the value of understanding both system dynamics and human behavior in cybersecurity, emphasizing that cyber adversaries are limited by the same laws of internet physics. Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK faces a looming threat of a catastrophic ransomware attack. The Senate confirms a new National Cyber Director. The rivalry between malware groups BatLoader and FakeBat. BazarCall phishing attack and its unusual use of Google Forms. A serious vulnerability threatens K-12 student data. Spiderman game developer Insomniac Games becomes the latest ransomware victim. Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202 with China’s influence operations in Taiwan, along with a look back at 2023. We'll touch on Microsoft's Patch Tuesday and why outdated password policies are still a problem. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Tim Starks from the Washington Post’s Cybersecurity 202. Tim and Dave discuss China’s influence operations in Taiwan, along with a look back at 2023.  Selected Reading UK at high risk of ‘catastrophic ransomware attack’, report says (The Guardian) Roll Call Vote 118th Congress - 1st Session  (United States Senate) How Does Access Impact Risk? (IST) API and App Security: Q3 2023 Snapshot (ThreatX) The Kids Aren’t Alright: Vulnerabilities in Edulog Portal Revealed K-12 Student Location Data (tenable) Press and pressure: Ransomware gangs and the media (Sophos) BazarCall Attack Leverages Google Forms to Increase Perceived Credibility (Abnormal) Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads (esentire) Spider-Man 2 developer Insomniac Games hit by Rhysida ransomware attack  (cyberdaily) Microsoft Patch Tuesday December 2023 (Sans) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyberattack on Ukraine's largest telecom operator. Ukraine's GUR claims a hit on Russia's tax service, while the fate of the ALPHV/BlackCat group remains shrouded in mystery. The Air Force disciplines members over a classified documents breach, and Apple releases urgent security updates. From Spain, a significant arrest in the Kelvin Security hacking group. On today’s Industry Voices segment, my conversation with Andre Durand,  CEO and Founder of Ping Identity, on digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud. Plus, a cautionary tale about burning bridges. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we speak with Andre Durand, the CEO and Founder of Ping Identity. Andre discusses the state of digital experiences. Ping recently commissioned a study to better understand the changing sentiments around digital experiences, brand trust and loyalty, behaviors and attitudes towards security, authentication and fraud, as well as digital wallets and the use of decentralized identity. Selected Reading Ukraine’s Mobile Operator Kyivstar Facing ‘Powerful’ Cyberattack (Bloomberg) Ukraine's top mobile operator hit by biggest cyber attack of war so far (Reuters) GUR says it has hacked servers of Russian tax service (Interfax-Ukraine) ALPHV/BlackCat Site Downed After Suspected Police Action (Infosecurity Magazine) BlackCat ransomware site down amidst rumours of law enforcement action (Computing) No confirmation on rumored ALPHV/BlackCat site takedown by law enforcement (SC Media) Cloudflare 2023 Year in Review (Cloudflare) Bitsight and Google collaborate to reveal global cybersecurity performance (Bitsight) 15 Air National Guardsmen disciplined in Discord server leak (C4ISRNET) Apple emergency updates fix recent zero-days on older iPhones (Bleeping Computer) Kelvin Security hacking group leader arrested in Spain (Bleeping Computer) Cloud engineer gets 2 years for wiping ex-employer’s code repos (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

China allegedly targets US critical infrastructure, while a small Irish village goes without water due to an Iranian CyberAv3ngers attack. The EU sets a global precedent with new AI regulations. Unraveling the latest maneuvers of the Lazarus Group. The Sandman APT's links to Chinese cyber threats. "5Ghoul" vulnerabilities represent  a new challenge in telecom security. The deceptive dangers of the MrAnon infostealer in a booking app. The GRU's phishing tactics lead to the spread of Headlace malware. On today’s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K’s President Simone Petrella about DXC’s “All in on Cyber” program. And 23andMe's controversial update to its terms and conditions. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Solution Spotlight segment, Kristie Grinnell from DXC Technology talks with N2K’s President Simone Petrella about DXC’s “All in on Cyber” program. Kristie is DXC’s Senior Vice President and Chief Information Officer.  Selected Reading China’s cyber army is invading critical US services (Washington Post)  Hackers hit Erris water in stance over Israel (Western People) FBI: Cyberattack against Aliquippa water authority was a targeted 'escalation' on overlooked technology (Post Gazette) White House aide says Iranian hack of US waterworks is call to action (C4ISRNet) EU reaches deal on landmark AI bill, racing ahead of US (Washington Post)  Operation Blacksmith: Lazarus targets organizations worldwide using novel Telegram-based malware written in DLang (Cisco Talos) Sandman APT | China-Based Adversaries Embrace Lua (SentinelOne) 5Ghoul  : Unleashing Chaos on 5G Edge Devices (Singapore University of Technology and Design) MrAnon Stealer Spreads via Email with Fake Hotel Booking PDF (Fortinet)  ITG05 operations leverage Israel-Hamas conflict lures to deliver Headlace malware (Security Intelligence) 23andMe changes terms of service amid legal fallout from data breach (Axios) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber analyst, Tracy Maleeff, shares her unexpected journey from the library to cybersecurity and offers advice for those both seeking to make a change and those doing the hiring. It's not just about the invitation, it's more than that. Our thanks to Tracy for sharing her story with us.  Learn more about your ad choices. Visit megaphone.fm/adchoices

You can learn more about AWS in Orbit at space.n2k.com/aws. Baptiste Tripard is the Chief Marketing Officer at Alteia. Aiga Stokenberga is the Senior Transport Economist at the World Bank. We explore how Alteia and the World Bank are leveraging AWS's cloud, AI, and space capabilities to monitor critical road networks at scale to support large scale infrastructure investments. From road networks to bridges, they share real-world applications that are making a difference in emerging economies. AWS in Orbit is a podcast collaboration between N2K and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. You can learn more about AWS in Orbit at space.n2k.com/aws. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite AWS re:Invent Alteia and the World Bank assess and enhance road infrastructure data quality at scale using AWS Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dana Behling, researcher from Carbon Black, sharing their work on "Hunting Vulnerable Kernel Drivers." The Carbon Black Threat Analysis Unit (TAU) discovered 34 unique vulnerable drivers, six of which allow kernel memory access, accepting firmware access. TAU reported the issues to the vendors whose drivers had valid signatures at the time of discovery, but only two vendors fixed the vulnerabilities. TAU is calling for more comprehensive approaches in the future than the current banned-list method used by Microsoft. The research states "By exploiting the vulnerable drivers, an attacker without the system privilege may erase/alter firmware, and/or elevate privileges." The research can be found here: Hunting Vulnerable Kernel Drivers Learn more about your ad choices. Visit megaphone.fm/adchoices

Legal action against Star Blizzard's FSB operators. A critical Bluetooth vulnerability has been discovered. How the GRU faked celebrity videos in its Doppelgänger campaign. The persistence of Log4j vulnerabilities. Lack of encryption as a contributor to data loss. Supply chain breaches plague the energy sector. Our guest is Allan Liska, creator of a new comic book featuring the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator. And Russian activists make clever use of QR codes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Allan Liska, creator of Green Archer Comics, shares the first installment in a new comic book series: "Yours Truly, Johnny Dollar #1." The series follows the adventures of Johnny Dollar, a hard-nosed cyber insurance investigator, as he takes on ransomware attacks, insider threats and more. The series is based on a popular radio serial of the same name that ran from 1949 through 1962, now reimagined for the digital age. Selected Reading Russian FSB Cyber Actor Star Blizzard Continues Worldwide Spear-phishing Campaigns (CISA) The cyberattacks also allegedly took aim at U.S. energy networks and American spies. (Wall Street Journal) Russian Star Blizzard hackers linked to efforts to hamper war crimes investigation (The Guardian) U.S. Takes Action to Further Disrupt Russian Cyber Activities (US Department of State) Rewards for Justice (Rewards for Justice) Two Russian Nationals Working with Russia’s Federal Security Service Charged with Global Computer Intrusion Campaign (US Department of Justice) United States and the United Kingdom Sanction Members of Russian State Intelligence-Sponsored Advanced Persistent Threat Group (US Department of Treasury) Critical Bluetooth Flaw Exposes Android, Apple & Linux Devices to Takeover (DarkReading) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian influence and cyber operations adapt for long haul and exploit war fatigue (Microsoft) State of Log4j Vulnerabilities: How Much Did Log4Shell Change? (Veracode) ESG Report Operationalizing Encryption and Key Management (Fortanix) Russian opposition activists use QR codes to spread anti-Putin messages (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our 5 question survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Unpacking LogoFAIL's threat to Windows and Linux. The US DHS's new healthcare cybersecurity strategy, and dual Russian influence campaigns. A look at supply chain risks, increased bot activity in retail, Meta's end-to-end encryption in Messenger and Android's Autospill vulnerability. On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan, with insights on data resiliency. And the discovery of an alleged software 'kill switch' in Polish trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, we welcome Todd Thorsen, CISO from CrashPlan. Todd discusses data resiliency.  In an era where ransomware and malicious attacks are relentless, even the most secure organizations are not immune. These attacks can cripple organizations financially, operationally, and damage their reputation and compliance standing. My guest today is Todd Thorsen, CISO from CrashPlan. In this sponsored Industry Voices segment, we delve into crucial strategies for bolstering data resiliency. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/232 Selected Reading Just about every Windows and Linux device vulnerable to new LogoFAIL firmware attack (Ars Technica)  CISA, NSA, FBI and International Cybersecurity Authorities Publish Guide on The Case for Memory Safe Roadmaps (CISA)  The Case for Memory Safe Roadmaps (Joint release) HEALTHCARE  SECTOR CYBERSECURITY (US Department of Health and Human Services) HHS releases cybersecurity strategy for health care sector (American Hospital Association) Fake Taylor Swift Quotes Are Being Used to Spread Anti-Ukraine Propaganda (WIRED) Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Britain summons Russian ambassador over years-long FSB cyberespionage campaign (Reuters) NCSC exposes Russian cyber attacks on UK political processes (ComputerWeekly) Russian FSB cyber actor Star Blizzard continues worldwide spear-phishing campaigns (NCSC) Defending Democracy (NCSC) The State of Supply Chain Defense: Annual Global Insights Report (BlueVoyant) 2023 Holiday Bad Bot Report (Kasada) Facebook and Messenger to automatically encrypt messages (BBC) Your mobile password manager might be exposing your credentials (TechCrunch) Dieselgate, but for trains – some heavyweight hardware hacking (BadCyber) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Governments target push notification metadata. Dissecting the latest GRU cyber activities. A look at  Russia's AI-powered Doppelgänger influence campaigns, and how cyber warfare is evolving beyond the battlefield. We've got updates on the Adobe ColdFusion vulnerability, the expanding 23andMe data breach, and insights into the financial impacts of ransomware. Our guest is Camille Stewart Gloster, Deputy National Cyber Director for Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Plus, discover how the TSA is embracing AI for future security.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Camille Stewart Gloster, Deputy National Cyber Director, Technology & Ecosystem Security from the Office of the National Cyber Director at the White House. Camille shares her views on women in cybersecurity, their efforts in diversity, equity and inclusion and what she sees for the future. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/231 Selected Reading Governments spying on Apple, Google users through push notifications - US senator (Reuters)  Obfuscation and AI Content in the Russian Influence Network “Doppelgänger” Signals Evolving Tactics (Recorded Future) Russian AI-generated propaganda struggles to find an audience (CyberScoop) How cybersecurity teams should prepare for geopolitical crisis spillover (CSO) Russia’s Fancy Bear launches mass credential collection campaigns (CSO) The Dragos Community Defense Program Helps Secure Industrial Infrastructure for Small Utilities (Dragos) Threat Actors Exploit Adobe ColdFusion CVE-2023-26360 for Initial Access to Government Servers (CISA) CVE-2023-26360 Detail (NIST) SEC on 23andMe breach (SEC)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK Government's denial of a cyber incident at Sellafield. There’s been a surge in Iranian cyberattacks on US infrastructure. Misuse of Apple's lockdown mode, the mysterious AeroBlade's activities in aerospace, and a clever "Disney+" scam. Plus The latest application security trends, and a new cybersecurity futures study. In our Industry Voices segment, On today’s Industry Voices segment, we welcome Matt Radolec, Vice President of Incident Response and Cloud Operations at Varonis explaining the intersection of AI, cloud and insider threats. And insights on resilience from the UK's Deputy PM. CyberWire Guest On today’s Industry Voices segment, we welcome Matt Radolec. Matt is Vice President of Incident Response and Cloud Operations at Varonis. He talks about the  intersection of AI, cloud and insider threats. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/230 Selected Reading Sellafield nuclear site hacked by groups linked to Russia and China (The Guardian) Response to a news report on cyber security at Sellafield (GOV.UK) Guardian news article (Office of Nuclear Regulation) Ministers pressed by Labour over cyber-attack at Sellafield by foreign groups (The Guardian) US warns Iranian terrorist crew broke into 'multiple' US water facilities (The Register) Florida water agency latest to confirm cyber incident as feds warn of nation-state attacks (The Record) AeroBlade on the Hunt Targeting the U.S. Aerospace Industry (Blackberry) Fake Lockdown Mode: A post-exploitation tampering technique (Jamf) Disney+ Impersonated in Elaborate Multi-Stage Email Attack with Personalized Attachments (Abnormal Security) Building Security in Maturity Model (BSIMM) report (Synopsis) Deputy Prime Minister annual Resilience Statement (GOV.UK) Learn more about your ad choices. Visit megaphone.fm/adchoices

The US and Israel attribute attacks on PLCs to Iran. Agent Raccoon backdoors organizations on three continents. XDSpy is reported to be phishing the Russian defense sector. Trends in digital banking fraud. Repojacking Go module repositories. Ann Johnson from Afternoon Cyber Tea speaks with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. And when it comes to security, don't look to the stars. CyberWire Guest Guest is Ann Johnson from Afternoon Cyber Tea talking with Lynn Dohm, executive director of WiCyS, about the power of diverse perspectives. Tune in to Microsoft Security’s Afternoon Cyber Tea podcast every other Tuesday on the N2K Network. You can hear Ann’s full interview with Lynn here.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/229 Selected Reading IRGC-Affiliated Cyber Actors Exploit PLCs in Multiple Sectors, Including U.S. Water and Wastewater Systems Facilities (CISA) Water and Wastewater Cybersecurity (CISA) P2Pinfect - New Variant Targets MIPS Devices (Cado) New Tool Set Found Used Against Organizations in the Middle East, Africa and the US (Palo Alto Networks Unit 42) XDSpy hackers attack military-industrial companies in Russia (The Record) Mobile Emulators Eclipse Bots in 2023 as Preferred Fraud Vector in North America (PR Newswire) Hijackable Go Module Repositories (VulnCheck) Learn more about your ad choices. Visit megaphone.fm/adchoices

Bernard Brantley, CISO from Corelight sits down to share his inspiring career path with others. Bernard started at the very bottom of the tech stack, and shares how he was extremely unclear about what it was that he wanted to do in life and how he was going to get there. Ultimately he reached a point now where he has the self confidence and an incredible level of success that allows him to be authentic and proudly share his story. Bernard overcame dropping out of the military academy and was trying to figure out how he could take these big dreams and aspirations he had as a child and turn them into something fruitful as an adult. Working his way up from the bottom he is now sharing how he overcomes those days of adversity, saying "I spend minimum time trying to like spin my wheels or, kind of stay in frustration or a down period and, and really, uh, try as quickly as possible to move from, "hey, this was a tough day" to, to, into, "all right, uh, this was a tough day because maybe I didn't commit enough time in this area, or maybe I could have had a bit better conversation with this person." We thank Bernard for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ryan from Bishop Fox joins to describe their work on "Building an Exploit for FortiGate Vulnerability CVE-2023-27997." After Lexfo published details of a pre-authentication remote code injection vulnerability in the Fortinet SSL VPN, Bishop Fox worked up a proof of concept demo. This research share how they were able to create that proof-of-concept exploit, step by step. The researchers state "Our debugging environment consisted of a FortiGate 7.2.4 virtual machine which we modified to disable some self-verification functionality. After bypassing these integrity checks, we were able to install an SSH server, BusyBox, and debugging tools such as GDB." The research can be found here: Building an Exploit for FortiGate Vulnerability CVE-2023-27997 Learn more about your ad choices. Visit megaphone.fm/adchoices

Senator Wyden blocks the Senate vote on the new NSA and Cyber Command lead. GPS interference is attributed to Iran. Meta identifies and removes Chinese and Russian accounts and groups for coordinated inauthenticity. The EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’. Twisted Spider is observed conducting new ransomware campaigns. Staples sustains a cyberattack. Apple releases security updates for two actively exploited zero-days. On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative. And how can you tell if your bot is involved in insider trading? CyberWire Guests On today’s Mr. Security Answer Person segment, John Pescatore joins us to talk about Microsoft's Secure Future Initiative.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/228 Selected Reading Wyden to block Senate vote on new NSA, Cyber Command lead (Politico) Meaconing, Intrusion, Jamming, and Interference Reporting (Federation of American Scientists) Commercial Flights Are Experiencing 'Unthinkable' GPS Attacks and Nobody Knows What to Do (Vice) GPS Spoofing Traced To Iran (Location Business News) Adversarial Threat Report, Third Quarter 2023 (Meta) EU Council president proposes ‘European cyber force’ with ‘offensive capabilities’ (The Record) Microsoft warns of new ransomware campaign by Twisted Spider group (Computing) Staples confirms cyberattack behind service outages, delivery issues (BleepingComputer) Technical Report: Large Language Models can Strategically Deceive their Users when Put Under Pressure (Cornell University) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Reports of a Critical Vulnerability in ownCloud. Sites serving bogus McAfee virus alerts. Japan’s space agency reports a breach. Okta revises the impact of their recent breach. Cryptomixer gets taken down in an international law enforcement operation. "SugarGh0st" RAT prospects targets in Uzbekistan and South Korea. NATO cyber exercise runs against the background of Russia's hybrid war.  On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner about the intricacies of managing threat intelligence feeds. And Russian DDoS’ers are looking for volunteers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests On today’s Threat Vector segment, David Moulton of Palo Alto Networks’ Unit 42 talks with guest John Huebner, an XSIAM Consultant at Palo Alto Networks. David and John delve into the intricacies of managing threat intelligence feeds in cybersecurity. They discuss the challenges organizations face in sifting valuable intelligence from the noise, emphasizing the importance of risk assessments in guiding the selection and tuning of these feeds. Threat Vector Please share your thoughts with us for future Threat Vector segments by taking our brief survey. To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin.  T-Minus commentary on JAXA’s cyber threat.  Dave is joined by T-Minus Space Daily host, Maria Varmazis, to discuss the significant cyber threat faced by Japan’s Aerospace Exploration Agency, known as JAXA. Listen to yesterday’s episode of T-Minus where they covered the incident.  Selected Reading ownCloud vulnerability with maximum 10 severity score comes under “mass” exploitation (Ars Technica) Associated Press, ESPN, CBS among top sites serving fake virus alerts (Malwarebytes) VIDAR INFOSTEALER STEALS BOOKING.COM CREDENTIALS IN FRAUD SCAM (Secureworks) Japan space agency hit with cyberattack, rocket and satellite info not accessed (Reuters) Okta October breach affected 134 orgs, biz admits (The Register) October Customer Support Security Incident - Update and Recommended Actions (Okta) Okta Hack Update Shows Challenges in Rapid Cyber Disclosures (Wall Street Journal) US seizes Sinbad crypto mixer used by North Korean Lazarus hackers (Bleeping Computer) Treasury Sanctions Mixer Used by the DPRK to Launder Stolen Virtual Currency (US Department of Treasury) Crypto Country:  North Korea’s Targeting of Cryptocurrency (Recorded Future) New SugarGh0st RAT targets Uzbekistan government and South Korea (Cisco Talos) Russian hackers pose ‘high’ threat level to EU, bloc’s cyber team warns (Politico) NATO Holds Cyber Defense Exercise as Wartime Hacking Threats Rise (Wall Street Journal) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A major ransomware gang is taken down in an international sweep. CISA and the WaterISAC respond to the Aliquippa cyberattack. Attacks against infrastructure operators hit business systems. Qlik Sense installations are hit with Cactus ransomware. Researchers discover a Google Workspace vulnerability. A hacktivist auxiliary compromises a Russian media site.  In an exclusive interview, Eric Goldstein, Executive Assistant Director at CISA, describes their new Secure by Design Alerts program launching today. Tim Starks from the Washington Post shares some insights on the latest legislation dealing with section 702 surveillance. And security teams need not polish up that resumé after a breach. CyberWire Guest We have 2 guests today. First, Dave recently spoke with Eric Goldstein, Executive Assistant Director at CISA, about their new Secure by Design Alerts program that launched today.  And, Tim Starks from the Washington Post’s Cybersecurity 202 stopped by to share some insight into some of the latest trending cybersecurity headlines.  For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/226 Selected Reading Police dismantle ransomware group behind attacks in 71 countries (Bleeping Computer) Ransomware group dismantled in Ukraine in a major international operation supported by Eurojust and Europol (Eurojust) Water and Wastewater Cybersecurity (CISA) (TLP:CLEAR) Water Utility Control System Cyber Incident Advisory: ICS/SCADA Incident at Municipal Water Authority of Aliquippa (Water ISAC) Iran hits Pennsylvania water utility. (CyberWire) North Texas water utility serving 2 million hit with cyberattack (The Record)  DAIXIN TEAM GROUP CLAIMED THE HACK OF NORTH TEXAS MUNICIPAL WATER DISTRICT (Security Affairs) Slovenian power company hit by ransomware (Help Net Security) Qlik Sense Exploited in Cactus Ransomware Campaign (Arctic Wolf) Qlik Sense Enterprise for Windows - New Security Patches Available Now (Qlik) DeleFriend: Severe design flaw in Domain Wide Delegation could leave Google Workspace vulnerable for takeover (Hunters)  Researchers Claim Design Flaw in Google Workspace Puts Organizations at Risk (Dark Reading) Use IAM securely (Google)  Learn more about your ad choices. Visit megaphone.fm/adchoices