CyberWire Daily

CyberWire Daily

By N2K Networks

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Episodes

Maria Thompson-Saeb: Be flexible and make it happen. [Program Management] [Career Notes]

Please enjoy this encore of Career Notes. Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Maria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in security and took it upon herself to train up and move into that realm. Maria notes it was not without roadblocks, but that being flexible helped her address those challenges and make her career in security happen. We thank Maria for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/02/259m 26s

Bot or not? The fake CAPTCHA trick spreading Lumma malware. [Research Saturday}

Nati Tal, Head of Guardio Labs, discusses their work on "“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising." Guardio has uncovered a large-scale malvertising campaign dubbed “DeceptionAds,” which tricks users into running a malicious PowerShell command under the guise of proving they’re human. This fake CAPTCHA scheme delivers Lumma info-stealer malware while bypassing security measures like Google’s Safe Browsing. Even after disclosure and takedown efforts, the campaign resurfaced—raising concerns about the effectiveness of existing defenses against ad-driven cyber threats. The research can be found here: “DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising Learn more about your ad choices. Visit megaphone.fm/adchoices
15/02/2535m 8s

AI’s blind spots need human eyes.

Nakasone addresses AI at the Munich Cyber Security Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation. German officials investigate Apple’s App Tracking. Hackers exploited security flaws in BeyondTrust. CISA issues 20 new ICS advisories. The new Astoroth phishing kit bypasses 2FA. Hackers waste no time exploiting a SonicWall proof-of-concept vulnerability. Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. Have I Been Pwned ponders whether resellers are worth the trouble.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. You can read more in "How Cybercriminals Are Using AI: Exploring the New Threat Landscape." Selected Reading Putting the human back into AI is key, former NSA Director Nakasone says (The Record) Court Documents Shed New Light on DOGE Access and Activity at Treasury Department (Zero Day) Musk's DOGE team: Judges to consider barring it from US government systems (Reuters) Anyone Can Push Updates to the DOGE.gov Website (404 Media) Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster (Bleeping Computer) Apple app tracking rules more strict for others – watchdog (The Register) PostgreSQL flaw exploited as zero-day in BeyondTrust breach (Bleeping Computer) CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News)  Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins (GB Hackers)  SonicWall Firewall Vulnerability Exploited After PoC Publication (SecurityWeek) Have I Been Pwned likely to ban resellers (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/02/2534m 10s

Salt in the wound.

Salt Typhoon is still at it. Russian cyber-actor Seashell Blizzard expands its reach. The EFF sues DOGE to protect federal workers’ data. House Republicans pursue a comprehensive data privacy bill. Fortinet patches a critical vulnerability. Google views cybercrime as a national security threat. Palo Alto Networks issues 10 new security advisories. Symantec suspects a Chinese APT sidehustle. Guest Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. A massive IoT data breach exposes 2.7 billion records. Here come the AI agents.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest, Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. Selected Reading China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers (WIRED) Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops (Infosecurity Magazine) EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data (Infosecurity Magazine) Elon Musk and the Right Are Recasting Reporting as ‘Doxxing’ (New York Times) FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! (Hackread) Cybercrime evolving into national security threat: Google (The Record) House Republicans launch group for comprehensive data privacy legislation (The Record) Palo Alto Networks Patches Potentially Serious Firewall Vulnerability (SecurityWeek) Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job (SecurityWeek) Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords (Cyber Security News) Are You Ready to Let an AI Agent Use Your Computer? (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/02/2534m 41s

DOGEgeddon: The cyber crisis hiding in plain sight.

Is DOGE a cyberattack against America? The White House plans to nominate a new national cyber director. Patch Tuesday updates. Ivanti discloses a critical stack-based buffer overflow vulnerability. The GAO  identifies cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System. An Arizona woman pleads guilty to running a laptop farm for North Korea. A notorious swatter gets a prison sentence. Our guests are  Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast. Plague-themed phishing tests take it too far. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we welcome Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast, sharing their plans for 2025. You can listen to new episodes of Breaking Through in Cybersecurity Marketing every Wednesday airing on the N2K CyberWire network and wherever you get your podcasts.  Selected Reading DOGE's Cyberattack Against America (Foreign Policy) Trump plans to nominate GOP insider Sean Cairncross as national cyber director (The Record) Microsoft Fixes Another Two Actively Exploited Zero-Days (Infosecurity Magazine) Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens (SecurityWeek) Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely (Cyber Security News) GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System (SecurityWeek) Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence (The Record) California Teenager Sentenced to 48 Months in Prison for Nationwide Swatting Spree (US Department of Justice) Phishing Tests, the Bane of Work Life, Are Getting Meaner (Wall Street Journal)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/02/2534m 52s

Apple’s race to secure your iPhone.

Apple releases emergency security updates to patch a zero-day vulnerability. CISA places election security workers on leave. Elon Musk leads a group of investors making an unsolicited bid to acquire OpenAI. The man accused of hacking the SEC’s XTwitter account pleads guilty. Law enforcement seizes the leak site of the 8Base ransomware gang.  Researchers track a massive increase in brute-force attacks targeting edge devices. Experts question the U.K. government’s demand for an encryption backdoor in Apple devices. Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike." And it’s international day for women and girls in science. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike." Selected Reading Apple fixes zero-day exploited in 'extremely sophisticated' attacks (BleepingComputer) US cyber agency puts election security staffers who worked with the states on leave (AP News) Elon Musk-led group makes $97.4 billion bid for OpenAI, CEO refuses and offers to "buy Twitter for $9.74 billion" (TechSpot) OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials (SecurityWeek) Hacker who hijacked SEC’s X account pleads guilty, faces maximum five-year sentence (The Record) 8Base ransomware site taken down as Thai authorities arrest 4 connected to operation (The Record) Edge Devices Face Surge in Mass Brute-Force Password Attacks (Data Breach Today) U.K. Kicks Apple’s Door Open for China (Wall Street Journal) International Day of Women and Girls in Science- United Nations (United Nations) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/02/2535m 14s

Read all about it—or maybe not.

A cyberattack disrupts newspaper publishing. A major AI summit takes place in Paris this week. A federal judge restricts DOGE from accessing Treasury Department systems. Cybersecurity cooperation between Canada and the U.S. remains strong. The Kraken ransomware group leaks credentials allegedly linked to Cisco. Europol urges banks to start preparing for quantum-safe cryptography. Microsoft expands its Copilot bug bounty program. The PlayStation Network (PSN) experienced a major outage over the weekend. Indiana man sentenced to 20 years for $37m cryptocurrency fraud. Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI. Hunting for length and complexity in WiFi passwords.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI to enhance security. Selected Reading Cyberattack Disrupts Publication of Lee Newspapers Across the U.S. (New York Times) Trump’s AI Ambition and China’s DeepSeek Overshadow an AI Summit in Paris (SecurityWeek) Musk Team’s Treasury Access Raises Security Fears, Despite Judge’s Ordered Halt (New York Times) In Breaking USAID, the Trump Administration May Have Broken the Law (ProPublica) Judge: DOGE made US Treasury ‘more vulnerable to hacking’ (The Register) Cisco Data Breach – Ransomware Group Allegedly Breached Internal Network (GB Hackers) Europol Warns Financial Sector of “Imminent” Quantum Threat (Infosecurity Magazine) Trade war or not, Canada will keep working with the U.S. on cybersecurity (The Logic) Microsoft Expands Copilot Bug Bounty Program, Increases Payouts (SecurityWeek) PlayStation Network Down; Outage Leaves Gamers Frustrated (Updated) (HackRead) Indiana Man Sentenced to 20 Years in Federal Prison for Conspiracies Involving Cyber Intrusion and a Massive $37 Million Cryptocurrency Theft (DataBreaches.Net) The World's Longest and Strongest WiFi Passwords (InfoSec Write-ups)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/02/2531m 27s

Avi Shua: Try to do things by yourself. [CEO] [Career Notes]

Please enjoy this encore of Career Notes. CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity. Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get around the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his current position, Avi works to advance Orca's mission. He loves that his company works to reduce friction and enables security people to do their jobs. Instead of becoming of plumbers connecting things, Avi says they can do their job and become real security practitioners. We thank Avi for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/02/258m 4s

Cleo’s trojan horse. [Research Saturday]

Mark Manglicmot, SVP of Security Services from Arctic Wolf, is sharing their research on "Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software." Arctic Wolf Labs discovered an ongoing exploitation campaign targeting Cleo Managed File Transfer (MFT) products, beginning on December 7, 2024. Threat actors used a malicious PowerShell stager to deploy a Java-based backdoor, dubbed Cleopatra, which features in-memory file storage and cross-platform compatibility across Windows and Linux. Despite Cleo's previous patch for CVE-2024-50623, attackers appear to have leveraged an alternative access method, exploiting the software's autorun feature to execute payloads and establish persistent access. The research can be found here: Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software Learn more about your ad choices. Visit megaphone.fm/adchoices
08/02/2521m 31s

DOGE-eat-DOGE world.

Security concerns grow over DOGE’s use of AI. The British government demands access to encrypted iCloud accounts. Researchers identify critical vulnerabilities in the DeepSeek iOS app. Microsoft Edge uses AI to block scareware. A phishing campaign targets Facebook users with fake copyright infringement notices. Researchers discover malicious machine learning models on Hugging Face. A major data broker faces yet-another data breach lawsuit. CISA warns of a critical Microsoft Outlook vulnerability under active exploitation. Guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control. The UK’s cyber weather report says expect light phishing with a chance of ransomware.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control. For additional details, please visit this resource: The Reality of Resilience, Recovery, and Repeat Cyberattacks (Infographic) Selected Reading Elon Musk’s DOGE feeds AI sensitive federal data to target cuts (The Washington Post) Will DOGE Access to CMS Data Lead to HIPAA Breaches? (GovInfo Security) Federal judge tightens DOGE leash over critical Treasury payment system access (The Register) UK reportedly demands secret ‘back door’ to Apple users’ iCloud accounts (The Record) NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App (NowSecure) Microsoft Edge update adds AI-powered Scareware Blocker (Bleeping Computer) New Facebook Fake Copyright Notices Phishing Steals Your FB Credentials (Cyber Security News) Developers Beware! Malicious ML Models Detected on Hugging Face Platform (Cyber Security News) Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker (The Register) Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks - CISA Warns (CISA) UK cyberattack severity to be scored by world-first group  (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/02/2536m 53s

FCC around and find out.

Chaos and security concerns continue in Washington. Spanish authorities arrest a man suspected of hacking NATO, the UN, and the US Army. A major U.S. hiring platform exposes millions of resumes. Another British engineering firm suffers a cyberattack. Cisco patches multiple vulnerabilities. Cybercriminals exploit SVG files in phishing attacks. SparkCat SDK targets cryptocurrency via Android and iOS apps. CISA directs federal agencies to patch a high-severity Linux kernel flaw. Thailand leaves scamming syndicates in the dark. Positive trends in the fight against ransomware. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. Don’t eff with the FCC. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, guest Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. For some additional details, check out their blog on “Security Data Lakes: A New Tool for Threat Hunting, Detection & Response, and GenAI-Powered Analysis.” Selected Reading Musk’s DOGE agents access sensitive personnel data, alarming security officials (Washington Post) Union groups sue Treasury over giving DOGE access to sensitive data (The Record) Hacker Who Targeted NATO, US Army Arrested in Spain (SecurityWeek) Hiring platform serves users raw with 5.4 million CVs exposed (Cybernews) IMI becomes the latest British engineering firm to be hacked (TechCrunch) Cisco Patches Critical Vulnerabilities in Enterprise Security Product (SecurityWeek) Scalable Vector Graphics files pose a novel phishing threat (Sophos News) Crypto-stealing apps found in Apple App Store for the first time (Bleeping Computer) Ransomware payments dropped in 2024 as victims refused to pay hackers (TechCrunch) CISA orders agencies to patch Linux kernel bug exploited in attacks (Bleeping Computer) Thailand cuts power supply to Myanmar scam hubs (The Record) Robocallers posing as FCC fraud prevention team call FCC staff (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/02/2544m 0s

DOGE days numbered?

The DOGE team faces growing backlash. The Five Eyes release guidance on protecting edge devices. A critical macOS kernel vulnerability allows privilege escalation, memory corruption, and kernel code execution. Google and Mozilla release security updates for Chrome and Firefox. Multiple Veeam backup products are vulnerable to man-in-the-middle attacks. Zyxel suggests you replace those outdated routers. A former Google engineer faces multiple charges for alleged corporate espionage. CISA issues nine new advisories for ICS vulnerabilities. A house Republican introduces a cybersecurity workforce scholarship bill. On our CertByte segment, a look at ISC2’s CISSP exam. Google updates its stance on AI weapons.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare. This week, Chris is joined by Steven Burnley to break down a question targeting ISC2®'s CISSP - Certified Information Systems Security Professional) exam. Today’s question comes from N2K’s ISC2® CISSP - Certified Information Systems Security Professional Practice Test. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading Federal Workers Sue to Disconnect DOGE Server (WIRED) Treasury says DOGE review has ‘read-only’ access to federal payments system (The Record) ‘Things Are Going to Get Intense:’ How a Musk Ally Plans to Push AI on the Government (404 Media) Cybersecurity, government experts are aghast at security failures in DOGE takeover (CyberScoop) Five Eyes Launch Guidance to Improve Edge Device Security (Infosecurity Magazine) Apple's MacOS Kernel Vulnerability Let Attackers Escalate Privileges - PoC Released (Cyber Security News)  Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities (SecurityWeek) Critical Veeam Vulnerability (CVE-2025-23114) Exposes Backup Servers to Remote Code Execution (SOCRadar) Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers (TechCrunch) US cranks up espionage charges against ex-Googler accused of trade secrets heist (The Register) CISA Releases Nine Advisories Detailing vulnerabilities and Exploits Surrounding ICS (Cyber Security News) CISA hires former DHS CIO into top cyber position (Federal News Network) Proposal for federal cyber scholarship, with service requirement, returns in House (The Record) Google drops pledge not to use AI for weapons or surveillance (Washington Post) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
05/02/2533m 14s

A wolf in DOGE’s clothing?

DOGE’s unchecked access to federal networks sparks major cybersecurity fears. Senator Hawley’s AI ban targets China and raises free speech concerns. Apple service ticket portal vulnerability exposed millions of users’ data. North Korean ‘FlexibleFerret’ malware targets macos via job scams and fake zoom apps. February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. Grubhub data breach exposes customer and driver information. Abandoned cloud infrastructure creates major security risks. Texas to launch its own Cyber Command amid rising cyber threats. Dell PowerProtect vulnerabilities pose critical security risks. On our Threat Vector segment, David Moulton and his guests look at the potential dangers of DeepSeek. U.S. Government is quietly altering the Head Start database. And a moment of inspiration from a spacefaring poet. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Artificial intelligence is advancing fast, but with innovation comes risk. In this segment of Threat Vector, host David Moulton sits down with Sam Rubin, SVP of Consulting and Threat Intelligence at Unit 42, and Kyle Wilhoit, Director of Threat Research, to explore the vulnerabilities of DeepSeek, a new large language model. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday.  Selected Reading Musk’s DOGE effort could spread malware, expose US systems to threat actors (CSO Online) As DOGE teams plug into federal networks, cybersecurity risks could be huge, experts say (The Record) Senator Hawley Proposes Jail Time for People Who Download DeepSeek (404 Media) Apple Service Ticket portal Vulnerability Exposes Millions of Users Data (Cyber Security News)  N. Korean ‘FlexibleFerret’ Malware Hits macOS with Fake Zoom, Job Scams (Hackread) Google fixes Android kernel zero-day exploited in attacks (Bleeping Computer) GrubHub Data Breach - Customers Phone Numbers Exposed (Cyber Security News)  Here’s all the ways an abandoned cloud instance can cause security issues (CyberScoop) Texas to Establish Cyber Command Amid “Dramatic” Rise in Attacks (Infosecurity Magazine) Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System (Cyber Security News)  ‘Forbidden Words’: Github Reveals How Software Engineers Are Purging Federal Databases (404 Media)  T-Minus Deep Space: Inspiration4 with Dr. Sian “Leo” Proctor. (T-Minus Deep Space podcast) Dr. Sian Proctor got her ticket to space after being selected for her poetry (Instagram)  2025 SpaceCom: Interview with Dr. Sian Proctor (YouTube)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/02/2532m 54s

Federal agencies in power struggle crossfire.

Federal agencies become battlegrounds in an unprecedented power struggle. XE Group evolves from credit-card skimming to exploiting zero-day vulnerabilities. WhatsApp uncovers a zero-click spyware attack linked to an Israeli firm.Texas expands its ban on Chinese-backed AI and social media apps. Data breaches expose the personal and medical information of over a million people.NVIDIA patches multiple critical vulnerabilities. Arm discloses critical vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. The UK government aims to set the global standard for securing AI. Tim Starks from CyberScoop has the latest from Senate confirmation hearings. The National Cryptologic Museum rights a wrong.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining us today is Tim Starks, Senior Reporter from CyberScoop, to discuss two of his recent articles:  FBI nominee Kash Patel getting questions on cybercrime investigations, Silk Road founder, surveillance powers Even the US government can fall victim to cryptojacking Selected Reading Top Security Officials at Aid Agency Put on Leave After Denying Access to Musk Team (New York Times) Exclusive: Musk aides lock workers out of OPM computer system (Reuters) Federal Workers Block Doors of Admin Building Over Elon Musk Data Breach (DC Media Group) Trump Broke the Federal Email System and Government Employees Got Blasted With Astonishingly Vulgar Messages (Futurism) CISA employees told they are exempt from federal worker resignation program (The Record) From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts (CyberScoop) Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware (Cyber Security News) Texas Gov. Greg Abbott bans DeepSeek, RedNote and other Chinese-backed AI platforms (Statesman) Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina (SecurityWeek) Insurance Company Globe Life Notifying 850,000 People of Data Breach (SecurityWeek) NVIDIA GPU Display Driver Vulnerability Lets Attackers Steal Files Remotely - Update Now (Cyber Security News) Arm Mali GPU Kernel Driver 0-Day Vulnerability Actively Exploited in the Wild (Cyber Security News) UK Announces “World-First” AI Security Standard (Infosecurity Magazine) Larry Pfeiffer on Bluesky (Bluesky) Possibly related to the Bluesky post: Trailblazers in U.S. Cryptologic History  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/02/2532m 26s

Margaret Cunningham: A people scientist with a technology focus. [Behavioral science} [Career Notes]

Please enjoy this encore episode with Principal Research Scientist for Human Behavior at Forcepoint, Margaret Cunningham. She shares her story of how she landed in cybersecurity. With a background in psychology and counseling and not feeling that one-on-one counseling was her thing, Margaret had a transformational moment in her PhD program in applied experimental technology when she realized she could "provide helping services and good work services at a broader scale." Margaret found her professional footing at DHS's Human Systems Integration Branch of Science and Technology Department as the person who figured out how to measure how new technologies impacted human performance. Margaret points out that making connections and reading whatever you can is important to stay up to date in the field. She notes that her statistical analysis skills are an asset. She hopes to create champions in human behavior and performance in the world of technology. We thank Margaret for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
02/02/256m 56s

A Digital Eye on supply-chain-based espionage attacks. [Research Saturday]

This week, Dave Bittner is joined by Juan Andres Guerrero-Saade (JAGS) from SentinelOne's SentinelLabs to discuss the work his team and Tinexta Cyber did on "Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels." Tinexta Cyber and SentinelLabs have been tracking threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, we assess that it is highly likely these attacks were conducted by a China-nexus threat actor with cyberespionage motivations. The relationships between European countries and China are complex, characterized by cooperation, competition, and underlying tensions in areas such as trade, investment, and technology. Suspected China-linked cyberespionage groups frequently target public and private organizations across Europe to gather strategic intelligence, gain competitive advantages, and advance geopolitical, economic, and technological interests. The research can be found here: Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels Learn more about your ad choices. Visit megaphone.fm/adchoices
01/02/2527m 7s

The end of a cybercrime empire.

Authorities dismantle a Pakistan-based cybercrime network. Lawmakers question the feasibility of establishing a U.S. Cyber Force as a standalone military branch. The DOJ sues to block HPE’s acquisition of Juniper Networks. Tangerine Turkey deploys cryptomining malware. Major healthcare providers send breach notifications. Norwegian police seize a Russian-crewed ship suspected of damaging a communications cable. Researchers discover critical vulnerabilities in GitHub Copilot. D-Link patches a critical router vulnerability. CISA and the FDA have warned U.S. healthcare organizations of severe security vulnerabilities in Chinese-made patient monitors. Pauses in funding create confusion for federal cybersecurity vendors. We bid a fond farewell to a pair of N2K colleagues. The case of the disappearing government data.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest segment is bittersweet as we offer our thanks and see you laters to two of our beloved colleagues N2K President Simone Petrella, who’s taking her leadership role to our advisory board, and Executive Editor Brandon Karpf, who will be taking up the mantle of protecting our national security starting his own company, Hedy Cyber. Join us in celebrating their incredible journeys, contributions to our successes, and letting them both know just how deeply they will be missed by all of us here at N2K. Selected Reading US, Dutch Authorities Disrupt Pakistani Hacking Shop Network (SecurityWeek) Lawmakers push for guardrails, deadline on cyber military study (The Record) US Sues to Stop HPE $14 Billion Deal to Buy Juniper Networks (Bloomberg) Tangerine Turkey mines cryptocurrency in global campaign (Red Canary) US healthcare provider data breach impacts 1 million patients (Bleeping Computer) NorthBay Health Data Breach Impacts 569,000 Individuals (SecurityWeek) Norway seizes ship suspected of sabotage, says crew are Russian nationals (The Record) GitHub Copilot Jailbreak Vulnerability Let Attackers Train Malicious Models (Cyber Security News) D-Link Routers Vulnerability Let Attackers Gain Full Router Control Remotely (Cyber Security News) CISA, FDA Warn of Dangerous Backdoor in Contec Patient Monitors (SecurityWeek) Federal Cybersecurity Contractors Whiplashed By Uncertainty (GovInfo Security) Archivists Work to Identify and Save the Thousands of Datasets Disappearing From Data.gov (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
31/01/2536m 50s

Cracked and Nulled taken down.

International law enforcement takes down a pair of notorious hacking forums. Wiz discovers an open DeepSeek database. Time Bandit jailbreaks ChatGPT. Ransomware hits one of the largest U.S. blood centers. A cyberattack takes the South African Weather Service offline. Researchers describe a new “browser syncjacking” attack. TeamViewer patches a high-severity privilege escalation flaw. Over three dozen industry groups urge Congress to pass a national data privacy law. CISA faces an uncertain future. N2K’s Brandon Karpf speaks with Ellen Chang, Vice President Ventures at BMNT and Head of BMNT Ventures. OpenAI Cries Foul After Getting a Taste of Its Own Medicine.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K’s Brandon Karpf speaks with Ellen Chang, Vice President Ventures at BMNT and Head of BMNT Ventures, about the venture model, why it exists, how it works, and its impact. Selected Reading Police seizes Cracked and Nulled hacking forum servers, arrests suspects (Bleeping Computer) Wiz Research Uncovers Exposed DeepSeek Database Leaking Sensitive Information, Including Chat History (Wiz) Time Bandit ChatGPT jailbreak bypasses safeguards on sensitive topics(Bleeping Computer) US blood donation giant warns of disruption after ransomware attack (TechCrunch) South Africa’s government-run weather service knocked offline by cyberattack (The Record) Syncjacking Attack Enables Full Browser and Device Takeover (Infosecurity Magazine) TeamViewer Patches High-Severity Vulnerability in Windows Applications (SecurityWeek) Industry groups call on Congress to enact federal data privacy law (The Record) US Cyber Agency’s Future Role in Elections Remains Murky Under the Trump Administration (SecurityWeek) OpenAI Furious DeepSeek Might Have Stolen All the Data OpenAI Stole From Us (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/01/2538m 54s

Cats and RATS are all the rage.

Hackers linked to China and Iran are using AI to enhance cyberattacks. An AI-powered messaging tool for Slack and Discord is reportedly leaking user data. British engineering giant Smiths Group suffers a cyberattack. Rockwell Automation details critical and high-severity vulnerabilities. Researchers warn of new side-channel vulnerabilities in Apple CPUs. The Hellcat ransomware gang looks to humiliate its victims. SparkRAT targets macOS users and government entities. Flashpoint looks at FleshStealer malware. Cybercriminals leverage trust in government websites. Our guest is Ivan Novikov, CEO at Wallarm, sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car tech from being imported into the US. QR code shenanigans.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ivan Novikov, CEO at Wallarm, sharing insights on the recent United States ruling that bars certain Chinese and Russian connected car tech from being imported into the US and its impact. Selected Reading Chinese and Iranian Hackers Are Using U.S. AI Products to Bolster Cyberattacks (Wall Street Journal) Update: Cybercriminals still not fully on board the AI train (yet) (Sophos) Unprotected AI service streams private Slack messages for 30 bucks a month (Cybernews) Engineering giant Smiths Group discloses security breach (Bleeping Computer) Rockwell Patches Critical, High-Severity Vulnerabilities in Several Products (SecurityWeek) New Apple CPU side-channel attacks steal data from browsers (Bleeping Computer) SLAP (Predictors Fail) Meow-ware gang: the cyber cats who humiliate their prey (Cybernews) Hackers Attacking Windows, macOS, and Linux systems With SparkRAT (GB Hackers) Unmasking FleshStealer: A New Infostealer Threat in 2025 (Flashpoint) Threat Actors Exploit Government Websites for Phishing (Infosecurity Magazine) Christian Walther: "@gvy_dvpont Got me thinking… c…"  (Mastodon) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/01/2532m 30s

It was DDoS, not us.

DeepSeek blames DDoS for recent outages. Hackers behind last year’s AT&T data breach targeted members of the Trump family, Kamala Harris, and Marco Rubio’s wife.The EU sanctions Russians for cyberattacks against Estonia. ENGlobal confirms personal information was taken in last year’s ransomware attack. CISA issues a critical warning about a SonicWall vulnerability actively exploited. A large-scale phishing campaign exploits users’ trust in PDF files and the USPS. Apple patches a zero-day affecting many of their products. A ransomware attack on an Ohio-based operator of skilled nursing and rehabilitation facilities affects over 70,000. President Trump has a tumultuous first week back in office. Our guest is Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. A nonprofit aims to clean up the AI industry’s mess.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. Check out Bitdefender’s research on the topic here. Selected Reading DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge (SecurityWeek) DeepSeek FAQ (Stratechery) We tried out DeepSeek. It worked well, until we asked it about Tiananmen Square and Taiwan (The Guardian)  Hackers Mined AT&T Breach for Data on Trump's Family, Kamala Harris (404 Media) European Union Sanctions Russian Nationals for Hacking Estonia (SecurityWeek) ENGlobal Says Personal Information Accessed in Ransomware Attack (SecurityWeek) CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild (Cyber Security News) Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam (Security Boulevard) Amazon Prime Security Warning As Hackers Strike—What You Need To Know (Forbes)  Apple plugs exploited security hole in iOS, updates macOS (The Register) Nursing Home, Rehab Chain Says Hack Affects Nearly 70,000 (GovInfo Security) A Tumultuous Week for Federal Cybersecurity Efforts (Krebs on Security) Initiative Aims to Enable Ethical Coding LLMs (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/01/2534m 20s

China's chatbot sends tech stocks into tailspin.

Chinese AI startup DeepSeek shakes up the market. Trump freezes cyber diplomacy funding and puts a vital U.S.-EU data-sharing agreement at risk. A trojanized RAT targets script kiddies. U.K. telecom giant TalkTalk investigates a data breach. Researchers uncover a critical flaw in Meta’s Llama Stack AI framework. Attackers leverage hidden text salting in emails. The “FlowerStorm” phishing framework targets multiple brands to steal customer credentials. A critical zero-day hits SonicWall VPN appliances. Swedish authorities seized a cargo ship suspected of damaging a key fiber optic cable. Freezing out crypto-kidnappers. Our guest is Jon Miller, CEO and Co-founder from Halcyon, sharing trends in ransomware and insights on Brain Cipher. The British Museum defends its artefacts from IT attacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Jon Miller, CEO and Co-founder from Halcyon, sharing trends in ransomware along with some insights on Brain Cipher. For more detail, check out Halcyon’s Power Rankings: Ransomware Malicious Quartile Q4-2024.  Selected Reading A shocking Chinese AI advancement called DeepSeek is sending US stocks plunging (CNN Business) Politicization of intel oversight board could threaten key US-EU data transfer agreement (The Record) Cyber diplomacy funding halted as US issues broad freeze on foreign aid (The Record) Weaponised XWorm RAT builder Attacking script kiddies to Steal Sensitive Data (GB Hackers) Change Healthcare Breach Almost Doubles in Size to 190 Million Victims (Infosecurity Magazine) TalkTalk investigating data breach after hacker claims theft of customer data (TechCrunch) Meta rushes to fix critical Llama Stack AI flaw (Cybernews) Seasoning email threats with hidden text salting (Cisco Talos) New Phishing Framework Attacking Multiple Brands To Steal Customer Logins (Cyber Security News) More than 2,000 SonicWall devices vulnerable to critical zero-day (The Record) Sweden seizes vessel after another undersea cable damaged (The Register) Nicolas Bacca: "We have invented a unique organisational model for intervening in cryptocurrency ransom" (The Big Whale)  British Museum hit by alleged IT attack by ex-worker (BBC News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/01/2536m 6s

Dave Farrow: The guy that enabled the business. [Security leadership] [Career Notes]

Please enjoy this encore episode with VP of Information Security at Barracuda Dave Farrow, and how he shares how a teenage surfer fell in love with software development and made his way in the cybersecurity field. Dave chose to study electrical engineering in college because he wanted to learn something that didn't make sense to him. He says he's done things in his career that he said he'd never do: for example, he went into and fell in love with software development. Taking on leadership of a bug bounty program at Barracuda blossomed into the creation of an internal security team. Dave wants to be the guy who enables the business and not the one who prevented it. He hopes all will come to recognize that there are other threats besides cybersecurity threats to business. We thank Dave for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
26/01/258m 20s

LightSpy's dark evolution. [Research Saturday]

This week, we are joined by Ismael Valenzuela, VP of Threat Research & Intelligence, and Jacob Faires, Principal Threat Researcher, from Blackberry discussing the team's work on "LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign." In April 2024, BlackBerry uncovered a significant evolution of the LightSpy malware campaign, attributed to Chinese cyber-espionage group APT41. The newly introduced DeepData framework, a modular Windows-based surveillance tool, expands data theft capabilities with 12 specialized plugins for tasks like communication surveillance, credential theft, and system intelligence gathering. The campaign targets a wide range of communication platforms, including WhatsApp, Signal, and WeChat, with advanced techniques for monitoring and stealing sensitive information from victims across the Asia-Pacific region. The research can be found here: LightSpy: APT41 Deploys Advanced DeepData Framework In Targeted Southern Asia Espionage Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices
25/01/2525m 40s

The end of warrantless searches?

A federal court finds the FBI’s warrantless section 702 searches unconstitutional. The DOJ charges five in a fake IT worker scheme. The Texas Attorney General expands his investigation into automakers’ data sharing. CISA highlights vulnerabilities in the aircraft collision avoidance system. Estonia will host Europe's new space cybersecurity testing ground. Hackers use hardware breakpoints to evade EDR detection. Subaru’s Starlink connected vehicle service exposed sensitive customer and vehicle data. Asian nations claim progress against criminal cyber-scam camps. Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, with his outlook on 2025. Sticking AI crawlers in the tar pit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Dr. Chris Pierson, Founder and CEO of BlackCloak, joining us to share trends he sees coming our way in 2025. Selected Reading Court rules FBI’s warrantless searches violated Fourth Amendment (Ars Technica) US Charges Five People Over North Korean IT Worker Scheme (SecurityWeek) Texas probes four more car companies over how they collect and sell consumer data (The Record) CISA Warns of Flaws in Aircraft Collision Avoidance Systems (BankInfo Security) ESA - Estonia to host Europe's new space cybersecurity testing ground (European Space Agency) Bypassing EDR Detection by Exploiting Hardware Breakpoints at CPU Level (Cyber Security News) Subaru Starlink Vulnerability Exposed Cars to Remote Hacking (SecurityWeek) China and friends say they're hurting cyber-slave scam camps (The Register) Developer Creates Infinite Maze That Traps AI Training Bots (404 Media)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
24/01/2535m 0s

A warning from the cloud.

CISA and FBI detail exploit chains used by Chinese hackers to compromise Ivanti Cloud Service Appliances. Energy systems in Central Europe use unencrypted radio signals. A critical SonicWall vulnerability is under active exploitation. The Nnice ransomware strain isn’t. Cisco discloses a critical vulnerability in its Meeting Management tool. GhostGPT is a new malicious generative AI chatbot. ClamAV patches critical vulnerabilities in the open-source anti-virus engine. A new report questions the effectiveness of paying ransomware demands. DOGE piggybacks on the United States Digital Service. On our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI. Jen Easterly leaves CISA a legacy of resilience and dedication.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Today on our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI. Selected Reading FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know (SecurityWeek) Researchers say new attack could take down the European power grid (Ars Technica) Critical SonicWall Vulnerability Exploited In Attacks Execute Arbitrary OS Commands (Cyber Security News) Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques (GB Hackers) Cisco Fixes Critical Vulnerability in Meeting Management (Infosecurity Magazine) New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing (Infosecurity Magazine) Open-Source ClamAV Releases Critical Security Patch Updates – What’s Inside! (Cyber Security News) Companies who pay off ransomware attackers rarely get their data back, survey shows (Cybernews) Elon Musk Plays DOGE Ball—and Hits America’s Geek Squad (WIRED) Under Trump, US Cyberdefense Loses Its Head (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/01/2539m 56s

The uncertain future of cyber safety oversight.

The latest cyber moves from the Trump White House. Pompompurin faces resentencing. An attack on a government IT contractor impacts Medicaid, child support, and food assistance programs. Helldown ransomware targets unpatched Zyxel firewalls. Murdoc is a new Mirai botnet variant. Cloudflare maps the DDoS landscape. North Korea’s Lazarus group uses fake job interviews to deploy malware. Hackers are abusing Google ads to spread AmosStealer malware. Pwn2Own Automotive awards over $382,000 on its first day. In our CertByte segment, Chris Hare and Steven Burnley take on a question from N2K’s Agile Certified Practitioner (PMI-ACP)® Practice Test. NYC Restaurant week tries to keep bots off the menu.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s Agile Certified Practitioner (PMI-ACP)® Practice Test. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional sources:  https://www.pmi.org/certifications/agile-acp  https://www.pmi.org/-/media/pmi/documents/public/pdf/certifications/agile-certified-exam-outline.pdf  Selected Reading Trump Fires DHS Board Probing Salt Typhoon Hacks (Dark Reading) TSA chief behind cyber directives for aviation, pipelines and rail ousted by Trump team (The Record) Trump pardons Silk Road dark web market creator Ross Ulbricht (BBC) BreachForums Admin Conor Fitzpatrick (Pompompurin) to Be Resentenced (Hackread) Government IT contractor Conduent says 'third-party compromise’ caused outages (The Record) Helldown Ransomware Exploiting Zyxel Devices Using Zero-Day Vulnerability (Cyber Security News) New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers (Security Affairs) Record-Breaking DDoS Attack Reached 5.6 Tbps (SecurityWeek) InvisibleFerret Malware Attacking Windows Users Through Fake Job Interview Tactics (Cyber Security News) Fake Homebrew Google ads target Mac users with malware (Bleeping Computer) Over $380,000 Paid Out on First Day of Pwn2Own Automotive 2025 (SecurityWeek) Security Alert: Bots Target NYC Restaurant Week (DataDome) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/01/2535m 46s

Trump’s opening moves.

President Trump rolls back AI regulations and throws TikTok a lifeline. Attackers pose as Ukraine’s CERT-UA tech support. A critical vulnerability is found in the Brave browser. Sophos observes hacking groups abusing Microsoft 365 services and exploiting default Microsoft Teams settings. Researchers uncover critical flaws in tunneling protocols. A breach exposes personal information of thousands of students and educators. Oracle patches 320 security vulnerabilities. Kaspersky reveals over a dozen vulnerabilities in a Mercedes-Benz infotainment system. Tim Starks from CyberScoop discusses executive orders on cybersecurity and the future of CISA. We preview coming episodes of Threat Vector.  Honesty isn’t always the best policy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector podcast preview today:  IoT devices are everywhere, with billions deployed globally in industries like healthcare, manufacturing, and critical infrastructure. But this explosion of connectivity brings unprecedented security challenges. Host David Moulton speaks with Dr. May Wang, CTO of IoT Security at Palo Alto Networks, about how AI is transforming IoT security. Stay tuned for the full conversation this Thursday.  CyberWire Guest Our guest is Tim Starks from CyberScoop discussing executive orders on cybersecurity and the future of CISA. You can read Tim’s article on the recent Biden EO here.   Selected Reading Trump revokes Biden executive order on addressing AI risks (Reuters) TikTok is back up in the US after Trump says he will extend deadline (Bleeping Computer) Hackers impersonate Ukraine’s CERT to trick people into allowing computer access (The Record)  Brave Browser Vulnerability Let Malicious Website Mimic as Legitimate One (Cyber Security News)  Ransomware Groups Abuse Microsoft Services for Initial Access (SecurityWeek) Tunneling Flaws Put VPNs, CDNs and Routers at Risk Globally (Hackread) Students, Educators Impacted by PowerSchool Data Breach (SecurityWeek) Oracle To Address 320 Vulnerabilities in January Patch Update (Infosecurity Magazine) Details Disclosed for Mercedes-Benz Infotainment Vulnerabilities (SecurityWeek) Washington Man Admits to Role in Multiple Cybercrime, Fraud Schemes (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
21/01/2543m 44s

AWS in Orbit: Data Automation and Space Domain Awareness with Kayhan Space. [AWS in Orbit]

You can learn more about AWS in Orbit at space.n2k.com/aws. Our guests today are Araz Feyzi, Co-founder and CTO at Kayhan Space and Tim Sills, Lead Security Solutions Architect at AWS for Aerospace and Satellite. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/01/2527m 40s

Baan Alsinawi: Trust ourselves and be courageous. [Compliance] [Career Notes]

Please enjoy this encore of the Managing Director at Cerberus Sentinel, Chief Compliance Officer and the President of TalaTek, Baan Alsinawi as she shares her cybersecurity journey from a teenager who wanted to understand computers and held several positions in IT from help desk to systems engineering and cybersecurity. Founding her own business focusing on compliance, Baan says she spends maybe only 20% of her day on technical tasks and that there is always so more to do. Finding the right people for her team is a marker of success for Baan. She talks of the importance of sharing the sense of community of women in technology and nurturing women in the field. We thank Baan for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/01/258m 2s

A cute cover for a dangerous vulnerability. [Research Saturday]

Nati Tal, Head of Guardio Labs, sits down to share their work on “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack. Guardio Labs has uncovered a critical vulnerability in the Opera browser, enabling malicious extensions to exploit Private APIs for actions like screen capturing, browser setting changes, and account hijacking. Highlighting the ease of bypassing extension store security, researchers demonstrated how a puppy-themed extension exploiting this flaw could infiltrate both Chrome and Opera's extension stores, potentially reaching millions of users. This case underscores the delicate balance between enhancing browser productivity and ensuring robust security measures, revealing the alarming tactics modern threat actors employ to exploit trusted platforms. The research can be found here: “CrossBarking” — Exploiting a 0-Day Opera Vulnerability with a Cross-Browser Extension Store Attack Learn more about your ad choices. Visit megaphone.fm/adchoices
18/01/2524m 44s

Hacking the bureau.

The FBI warns agents of hacked call and text logs. The US Treasury sanctions entities tied to North Korea’s fake IT worker operations. Russian hacking group Star Blizzard attempted to infiltrate WhatsApp accounts of nonprofits supporting Ukraine. Yubico discloses a critical vulnerability in its Pluggable Authentication Module)software.  Google releases an open-source library for software composition analysis. CISA hopes to close the software understanding gap. Pumakit targets critical infrastructure. Simplehelp patches multiple flaws in their remote access software. The FTC bans GM from selling driver data. HHS outlines their efforts to protect hospitals and healthcare. Our guest Maria Tranquilli, Executive Director at Common Mission Project, speaks with N2K’s Executive Editor Brandon Karpf about the origins and impact of Hacking for Defense. Even the best of red teamers are humbled by AI.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Maria Tranquilli, Executive Director at Common Mission Project, speaks with N2K’s Executive Editor Brandon Karpf about the origins and impact of Hacking for Defense, and how universities can get involved. Selected Reading FBI Has Warned Agents It Believes Hackers Stole Their Call Logs (Bloomberg) US Announces Sanctions Against North Korean Fake IT Worker Network (SecurityWeek) Russian Star Blizzard hackers exploit WhatsApp accounts to spy on nonprofits aiding Ukraine (The Record) Yubico PAM Module Vulnerability Let Attackers Bypass Authentications In Certain Configurations (Cyber Security News) Google Releases Open Source Library for Software Composition Analysis (SecurityWeek) Closing the Software Understanding Gap (CISA) Pumakit - A Sophisticated Linux Rootkit Attack Critical Infrastructure (Cyber Security News) Vulnerabilities in SimpleHelp Remote Access Software May Lead to System Compromise (SecurityWeek) FTC hands GM a 5-year ban on selling sensitive driver info to data brokers (The Record) How HHS has strengthened cybersecurity of hospitals and health care systems (CyberScoop) Microsoft AI Red Team says security work will never be done (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/01/2540m 16s

Bolstering the digital shield.

President Biden issues a comprehensive  cybersecurity executive order. Updates on Silk Typhoon’s US Treasury breach. A Chinese telecom hardware firm is under FBI investigation. A critical vulnerability has been found in the UEFI Secure Boot mechanism. California-based cannabis brand Stiiizy suffers a data breach. North Korea’s Lazarus Group lures freelance developers. The FTC highlights major security failures at web hosting giant GoDaddy. Veeam patches a critical vulnerability in their Backup for Microsoft Azure product. Hackers leak sensitive data from over 15,000 Fortinet firewalls. Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. Shiver me timbers! Meta’s AI trains on a treasure chest of pirated books. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Oren Koren, Veriti's Co-founder and CPO, sharing insights about the state of healthcare cybersecurity. You can read more in their “The State of Healthcare Cybersecurity 2025” report.  Selected Reading Biden to sign executive order on AI and software security (Axios) Treasury Breach by Chinese Sponsored Hackers Focused on Sanctions, Report Says (Bloomberg) Exclusive: Chinese tech firm founded by Huawei veterans in the FBI's crosshairs (Reuters) New UEFI Secure Boot Bypass Vulnerability Exposes Systems to Malicious Bootkits (Cyber Security News) 380,000 Impacted by Data Breach at Cannabis Retailer Stiiizy (SecurityWeek) North Korean Hackers Targeting Freelance Software Developers (SecurityWeek) GoDaddy Accused of Serious Security Failings by FTC (Infosecurity Magazine) Veeam Azure Backup Solution Vulnerability Allows Attackers To Enumerate Network (Cyber Security News) Hacking group leaks Fortinet users’ details on dark web (Computing) Meta Secretly Trained Its AI on a Notorious Piracy Database, Newly Unredacted Court Docs Reveal (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/01/2534m 37s

Massive malware cleanup.

The FBI deletes PlugX malware from thousands of U.S. computers. Researchers uncover vulnerabilities in Windows 11 allowing attackers to bypass protections and execute code at the kernel level. A look at (a busy) Patch Tuesday. Researchers uncovered six critical vulnerabilities in a popular Linux file transfer tool. Texas sues Allstate for allegedly collecting, using, and selling driving data without proper consent. An executive order enables AI developers to build data centers on federal lands. On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. Meta profits while users suffer.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. You can read Mike’s thoughts here.  Selected Reading FBI deletes Chinese PlugX malware from thousands of US computers (Bleeping Computer)  Windows 11 Security Features Bypassed to Obtain Arbitrary Code Execution in Kernel Mode (Cyber Security News)  Microsoft Patches Eight Zero-Days to Start the Year (Infosecurity Magazine) Chrome 132 Patches 16 Vulnerabilities (SecurityWeek) Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities (SecurityWeek) Ivanti Patches Critical Vulnerabilities in Endpoint Manager (SecurityWeek) Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges (Cyber Security News) Apple Patches Flaw That Allows Kernel Security Bypassing (GovInfo Security) ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA (SecurityWeek) Linux Rsync File Transfer Tool Vulnerability Let Attackers Execute Arbitrary Code (Cyber Security News) Allstate car insurer sued for tracking drivers without permission (Bleeping Computer)  Biden Opens US Federal Sites for AI Data Center Growth (BankInfo Security) Instagram Ads Send This Nudify Site 90 Percent of Its Traffic (404 Media)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/01/2535m 35s

National security in the digital age.

A draft cybersecurity executive order from the Biden administration seeks to bolster defenses. Researchers identify a “mass exploitation campaign” targeting Fortinet firewalls. A Chinese-language illicit online marketplace is growing at an alarming rate. CISA urges patching of a second BeyondTrust vulnerability. The UK proposes banning ransomware payments by public sector and critical infrastructure organizations. A critical flaw in Google’s authentication flow exposes millions to unauthorized access.OWASP releases its first Non-Human Identities (NHI) Top 10. A Microsoft lawsuit targets individuals accused of bypassing safety controls in its Azure OpenAI tools. Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection. The feds remind the health care sector that AI must first do no harm.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Chris Pierson, Founder and CEO of BlackCloak, discussing digital executive protection. Selected Reading Second Biden cyber executive order directs agency action on fed security, AI, space (CyberScoop) Snoops exploited Fortinet firewalls with 'probable' 0-day (The Register) The ‘Largest Illicit Online Marketplace’ Ever Is Growing at an Alarming Rate, Report Says (WIRED) CISA Warns of Second BeyondTrust Vulnerability Exploited in Attacks (SecurityWeek) UK Considers Ban on Ransomware Payments by Public Bodies (Infosecurity Magazine) Google OAuth "Sign in with Google" Vulnerability Exposes Millions of Accounts to Data Theft (Cyber Security News) OWASP Publishes First-Ever Top 10 “Non-Human Identities (NHI) Security Risks (Cyber Security News) Microsoft Sues Harmful Fake AI Image Crime Ring (GovInfo Security) Feds Tell Health Sector to Watch for Bias in AI Decisions (BankInfo Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/01/2535m 20s

Multi-factor frustration.

An MFA outage affects Microsoft 365 Office apps. The Biden administration  introduces new export controls to block adversaries from accessing advanced AI chips. A Dutch university cancels lectures after a cyberattack. Three Russian nationals have been indicted for operating cryptocurrency mixers. Juniper Networks releases security updates for Junos OS. Spain’s largest telecommunications company confirms a data breach. The “Banshee” infostealer leverages a stolen Apple encryption algorithm. Researchers uncover a novel ransomware campaign targeting Amazon S3 buckets. A major data broker suffers a major data breach. Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them. The weirdness of AI.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Philippe Humeau, CEO and Founder of CrowdSec, shares the biggest issues currently facing cybersecurity and how open-source cybersecurity platforms combat them.  Selected Reading Microsoft MFA outage blocking access to Microsoft 365 apps (Bleeping Computer) White House Moves to Restrict AI Chip Exports (GovInfo Security) New Ransomware Group Uses AI to Develop Nefarious Tools (Infosecurity Magazine) Cyberattack forces Dutch university to cancel lectures (The Record) 3 Russians Indicted for Operating Blender.io and Sinbad.io Crypto Mixers (Hackread) Juniper Networks Fixes High-Severity Vulnerabilities in Junos OS (SecurityWeek) Aviatrix Controller RCE Vulnerability Exploited In The Wild (Cyber Security News)  Hackers Exploiting YouTube to Spread Malware That Steals Browser Data (GB Hackers) Banshee 2.0 Malware Steals Apple's Encryption to Hide on Macs (Dark Reading) A breach of a data broker's trove of location data threatens the privacy of millions (TechCrunch)  Abusing AWS Native Services: Ransomware Encrypting S3 Buckets with SSE-C (Halcyon)  AI Mistakes Are Very Different Than Human Mistakes (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/01/2534m 59s

Michael Bishop Jr.: Good, bad or indifferent. [Security] [Career Notes]

Please enjoy this encore episode, where we are joined by Senior Security Officer at Centers for Medicare and Medicaid Services Michael Bishop Jr. as he shares his journey from Army infantryman deployed to Iraq to working in cybersecurity. After 12 years in the U.S. Army, Mike found himself in a rough spot. Looking for work and having some personal challenges, Mike's mentor, an Army officer he met while enlisted, recognized Mike's struggles and helped to nudge him toward cybersecurity. Mike credits his mentor with helping him transition to where he is today. Undergoing training for cybersecurity, he was tested in many areas and found the route he wanted to go. We thank Michael for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/01/257m 20s

The hidden cost of data hoarding. [Research Saturday]

This week, we are joined by Kyla Cardona and Aurora Johnson from SpyCloud discussing their research "China’s Surveillance State Is Selling Citizen Data as a Side Hustle." Chinese technology companies, under CCP mandate, collect vast amounts of data on citizens, creating opportunities for corrupt insiders to steal and resell this information on dark markets. These stolen datasets, aggregated into "Social Work Libraries" (SGKs), mirror lower-tech versions of CCP internal security databases. Kyla and Aurora discuss how Chinese cybercriminals use these SGKs and their implications compared to Western, European, and Russian cybercrime ecosystems. With expertise in Chinese OSINT and cybersecurity policy, both researchers bring deep insights into the geopolitical and technical dynamics of China's digital landscape. The research can be found here: “Pantsless Data”: Decoding Chinese Cybercrime TTPs A Deep Dive Into the Intricate Chinese Cybercrime Ecosystem China’s Surveillance State Is Selling Citizen Data as a Side Hustle Learn more about your ad choices. Visit megaphone.fm/adchoices
11/01/2534m 38s

When retaliation turns digital.

New details emerge about Chinese hackers breaching the US Treasury Department. The Supreme Court considers the TikTok ban. Chinese hackers exploit a zero-day flaw in Ivanti Connect Secure VPN. A new credit card skimmer malware targets WordPress checkout pages. The Banshee macOS info-stealer has been updated. A California health services organization reports a data breach. A Florida firm pays a $337,750 HIPAA settlement following a 2018 breach. Samsung patches Android devices. A Proton Mail outage hits users worldwide. A popular e-card site recovers from malware. CertByte segment host Chris Hare interviews our guest Casey Marks, ISC2's Chief Qualifications Officer, about the future of certifications. That’s a feature, not a hack.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest CertByte segment host Chris Hare interviews our guest Casey Marks, ISC2's Chief Qualifications Officer, about certifications and where they could be heading. You can check out their 2024 ISC2 Cybersecurity Workforce study here.  Selected Reading Chinese hackers breached US government office that assesses foreign investments for national security risks (CNN) Supreme Court considers whether to allow TikTok ban to take effect (NBC News)  Ivanti VPN zero-day exploited by Chinese hackers (SC Media) New Skimmer Malware Hijacking WordPress Websites to Steal Credit Cards (Cyber Security News) Banshee macOS Malware Expands Targeting (SecurityWeek) BayMark Health Services Reports Data Breach, Exposing Patient Information (The Cyber Express) Florida Firm Fined $337K by Feds for Data Deleted in Hack (BankInfo Security) Samsung Patches Multiple Vulnerabilities That Let Attackers Execute Arbitrary Code (Cyber Security News) Proton Mail still down as Proton recovers from worldwide outage (Bleeping Computer) GroupGreeting e-card site attacked in “zqxq” campaign (Malwarebytes) Microsoft DRM Hacking Raises Questions on Vulnerability Disclosures (SecurityWeek) Facebook awards researcher $100,000 for finding bug that granted internal access (RocketNews) Developers sent into security panic by 'useful feature' (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/01/2533m 29s

Biden’s final cyber order tackles digital weaknesses.

The Biden administration is finalizing an executive order to bolster U.S. cybersecurity. Ivanti releases emergency updates to address a critical zero-day vulnerability. A critical vulnerability is discovered in Kerio Control firewall software. Palo Alto Networks patches multiple vulnerabilities in its retired migration tool. Fake exploits for Microsoft vulnerabilities lure security researchers. A medical billing company data breach affects over 360,000. A cyberattack disrupts the city of Winston-Salem. CrowdStrike identifies a phishing campaign exploiting its recruitment branding. Our guest is Danny Allen, CTO from Snyk, sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. The worst of the worst from CES.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Danny Allen, CTO from Snyk, sharing how a balanced approach between AI and human oversight can strengthen cybersecurity. Learn more in Snyk’s AI Readiness Report about how some companies are still hesitant to adopt AI, despite its clear benefits in addressing human error and keeping up with fast-evolving technology. Selected Reading White House Rushes to Finish Cyber Order After China Hacks (Bloomberg) Zero-Day Patch Alert: Ivanti Connect Secure Under Attack (GovInfo Security) GFI KerioControl Firewall Vulnerability Exploited in the Wild (SecurityWeek)  Palo Alto Networks Patches High-Severity Vulnerability in Retired Migration Tool (SecurityWeek)  Security pros baited by fake Windows LDAP exploits (The Register) Major US medical billing firm breached, 360K+ customers' healthcare data leaked (Cybernews) Recruitment Phishing Scam Imitates CrowdStrike Hiring Process (CrowdStrike) Some Winston-Salem city services knocked offline by cyberattack (The Record) Excelsior Orthopaedics Data Breach Impacts 357,000 People (SecurityWeek)  The 'Worst in Show' CES Products Put Your Data at Risk and Cause Waste, Privacy Advocates Say (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/01/2530m 37s

A new Mirai-based botnet.

Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On today’s CertByte segment, Chris Hare and Steven Burnley unpack a question from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test. Streaming license plate readers - no password required. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test. The CC(SM) - Certified in Cyber Security is an entry-level, ANAB accredited exam geared towards anyone who wants to prove their foundational skills, knowledge, and abilities. To learn more about this and other related topics under this objective, please refer to the following resource: ISC2 (n.d.). https://www.isc2.org/landing/cc-etextbook   Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/cc  Selected Reading New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (Infosecurity Magazine) First Android Update of 2025 Patches Critical Code Execution Vulnerabilities (SecurityWeek) A Day in the Life of a Prolific Voice Phishing Crew (Krebs on Security) Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data (AP News) Casio says hackers stole personal data of 8,500 people during October ransomware attack (TechCrunch) New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails (Hackread) Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication (Cyber Security News) CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks (SecurityWeek) New Labels Will Help People Pick Devices Less at Risk of Hacking (SecurityWeek) Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/01/2532m 9s

U.S. sanctions spark cyber showdown with China.

China criticizes U.S. sanctions. School districts face cyberattacks over the holiday season. The U.N.’s International Civil Aviation Organization (ICAO) is investigating a potential data breach. Eagerbee malware targets government organizations and ISPs in the Middle East. A major New York medical center notifies 674,000 individuals of a data breach. Hackers infiltrate Argentina’s Airport Security Police (PSA) payroll system. An industrial networking firm identifies critical vulnerabilities in its cellular routers, secure routers, and network security appliances. Phishing click rates among enterprise users surged in 2024. A California man is suing three banks for allegedly enabling criminals to steal nearly $1 million from him. On our Threat Vector segment, we preview this week’s episode where host David Moulton speaks with Margaret Kelley about the evolving landscape of cloud breaches. Microsoft’s Bing demonstrates imitation is the sincerest form of flattery.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector segment, we preview this week’s episode where host David Moulton speaks with Margaret Kelley about the evolving landscape of cloud breaches and how organizations can defend against sophisticated attacks. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.  Selected Reading China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks (SecurityWeek) Tencent added to US list of 'Chinese military companies' (The Register) School districts in Maine, Tennessee respond to holiday cyberattacks (The Record)  UN aviation agency 'actively investigating' cybercriminal’s claimed data breach (The Record)  Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs (Bleeping Computer) Staten Island Hospital Notifying 674,000 of May 2023 Hack (BankInfo Security) Industrial networking manufacturer Moxa reports 'critical' router bugs (CyberScoop) Phishing Click Rates Triple in 2024 (Infosecurity Magazine) Pig butchering victim sues banks for allowing scammers to open accounts (The Record)  Hackers Compromised Argentina’s Airport Security Payroll System (GB Hackers) Microsoft is using Bing to trick people into thinking they’re on Google (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/01/2533m 17s

China’s shadow over U.S. telecom networks.

New reports shed light on both Volt and Salt Typhoons. Tenable updates faulty Nessus Agents and resumes plugin updates. A new infostealer campaign targets gamers on Discord. A fake version of a popular browser extension has been discovered stealing login credentials and conducting phishing attacks. ESET warns Windows 10 users of a potential “security fiasco.” A vulnerability in Nuclei allows attackers to bypass template signature verification and inject malicious code. An Indiana dental practice pays a $350,000 settlement over an alleged ransomware coverup. Tim Starks, Senior Reporter from CyberScoop, joins us today to discuss a new United Nations cybercrime treaty and his outlook for 2025. Farewell to a visionary leader.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Tim Starks, Senior Reporter from CyberScoop, joins us today to discuss a new United Nations cybercrime treaty and his outlook for 2025. Read Tim’s article on the UN cybercrime treaty here.  Selected Reading The US’s Worst Fears of Chinese Hacking Are on Display in Guam (Bloomberg) How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons (Wall Street Journal) China protests US sanctions for its alleged role in hacking, complains of foreign hacker attacks (AP News) Tenable Disables Nessus Agents Over Faulty Updates (SecurityWeek) New Infostealer Campaign Uses Discord Videogame Lure (Infosecurity Magazine) Beware! Malicious EditThisCookie Chrome Extension Steals Login Credentials (Cyber Security News) Windows 10 users urged to upgrade to avoid "security fiasco" (Bleeping Computer) Nuclei flaw lets malicious templates bypass signature verification (Bleeping Computer) Dental Practice Pays State in Alleged Data Breach 'Cover Up' (GovInfo Security) Tenable CEO Amit Yoran Dead at 54 (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/01/2532m 41s

Dominique West: Security found me. [Strategy] [Career Notes]

Technical account manager Dominique West takes us on her career journey from engineering to cybersecurity. Even though her undergraduate degree was in information systems, Dominique did not learn about cybersecurity until she personally experienced credit card fraud. She had a range of positions from working the help desk in an art museum to vulnerability management and cloud security. Dominique mentions remembering feeling isolated as the only black person and one of few women in many situations. These experiences spurred her into action to create Security in Color to help others navigate their way into cybersecurity and share resources are available to them. Dominique recommends those interested in cybersecurity to go ahead and get your hands dirty out there; figure out what you like and what you don't like and do community. We thank Dominique for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/01/257m 53s

Crypto client or cyber trap? [Research Saturday]

Karlo Zanki, Reverse Engineer at ReversingLabs, discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa, designed to exfiltrate cryptocurrency wallet information. Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats. The research can be found here: Malicious PyPI crypto pay package aiocpa implants infostealer code Learn more about your ad choices. Visit megaphone.fm/adchoices
04/01/2524m 2s

AI-powered propaganda.

The U.S. sanctions Russian and Iranian groups over election misinformation. Apple settles a class action lawsuit over Siri privacy allegations. DoubleClickjacking exploits a timing vulnerability in browser behavior. FireScam targets sensitive info on Android devices. ASUS issues a critical security advisory for several router models. A former crypto boss faces extradition amidst allegations of defrauding investors out of more than $40 billion. HHS unveils proposed updates to HIPAA. Millions of email servers have yet to enable encryption. Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security discussing the complexities of safeguarding critical infrastructure. Using Doom to prove you’re human.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security. Joe joins us to discuss the complexities of safeguarding critical infrastructure amid the looming threat of cyber attacks and military conflict. Selected Reading US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters (SecurityWeek) Apple Agrees $95M Settlement Over Siri Privacy Violations (Infosecurity Magazine) SysBumps - New Kernel Break Attack Bypassing macOS Systems Security (Cyber Security News) 'DoubleClickjacking' Threatens Major Websites’ Security (GovInfo Security) FireScam Android Malware Packs Infostealer, Spyware Capabilities (SecurityWeek) ASUS Routers Vulnerabilities Allows Arbitrary Code Execution (Cyber Security News) Crypto Boss Extradited to Face $40bn Fraud Charges (Infosecurity Magazine) What's in HHS' Proposed HIPAA Security Rule Overhaul? (GovInfo Security) Over 3 million mail servers without encryption exposed to sniffing attacks (Bleeping Computer) CAPTCHAs now run Doom – on nightmare mode (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/01/2536m 36s

A breach in the U.S. Treasury.

Chinese hackers breach the U.S. Treasury Department. At least 35 Chrome extensions are compromised. Federal authorities arrest a U.S. Army soldier over accusations of sensitive data stolen from AT&T and Verizon. A misconfigured Amazon cloud server exposes sensitive data from over 800,000 VW EV owners. Rhode Island confirms a data breach linked to ransomware group Brain Cipher. Ascension healthcare confirms the exposure of the personal and medical data of 5.6 million customers. A recent patch to Windows BitLocker encryption proves inadequate. A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls for espionage. The DOJ bans the sale of Americans’ sensitive data to adversarial nations. HHS proposes a HIPAA update to address cybersecurity. Our guest is Mick Baccio, Global Security Advisor at Splunk, with insights on the cybersecurity resilience gap. CISA Director Easterly looks back at 2024.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mick Baccio, Global Security Advisor at Splunk’s security research team SURGe, sharing some insights on the cybersecurity resilience gap and top cyber challenges/priorities for the public sector. You can read more about this in SURGe’s blog and whitepaper.  Selected Reading US Treasury Department breached through remote support platform (Bleeping Computer) New details reveal how hackers hijacked 35 Google Chrome extensions (Bleeping Computer) U.S. Army Soldier Arrested in AT&T, Verizon Extortions (Krebs on Security) AT&T and Verizon Say Chinese Hackers Ejected From Networks (GovInfo Security) Volkswagen leak exposes private information of 800,000 EV owners, including location data (TechSpot) Hackers Leak Rhode Island Citizens' Data on Dark Web (Infosecurity Magazine) Ascension cyberattack exposed medical data of 5.6M customers (Healthcare IT News) Patched BitLocker Flaw Still Susceptible to Hack (GovInfo Security) Palo Alto Firewalls Backdoored by Suspected Chinese Hackers (BankInfo Security) US prohibits data sales to adversarial nations (SC Media)  Massive healthcare breaches prompt US cybersecurity rules overhaul (Bleeping Computer) CISA's 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
02/01/2536m 12s

Scotland’s position to lead cyber and space. [Deep Space]

Sharon Lemac-Vincere is an academic that focuses her research on the intersection of space and cyber. She has released a report on space and cybersecurity which outlines how Scotland can lead the way in both industries.  You can connect with Sharon on LinkedIn, and read her paper on The Cyber-Safe Gateway : Unlocking Scotland's Space Cybersecurity Potential on this website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
01/01/2530m 24s

Disrupting Cracked Cobalt Strike [The Microsoft Threat Intelligence Podcast]

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The Microsoft Threat Intelligence Podcast by Microsoft Threat Intelligence. See you in 2025! On this week's episode of The Microsoft Threat Intelligence Podcast, we discuss the collaborative effort between Microsoft and Fortra to combat the illegal use of cracked Cobalt Strike software, which is commonly employed in ransomware attacks.  To break down the situation, our host, Sherrod DeGrippo, is joined by Richard Boscovich, Assistant General Counsel at Microsoft, Jason Lyons, Principal Investigator with the DCU, and Bob Erdman, Associate VP Research and Development at Fortra. The discussion covers the creative use of DMCA notifications tailored by geographic region to combat cybercrime globally. The group express their optimism about applying these successful techniques to other areas, such as phishing kits, and highlight ongoing efforts to make Cobalt Strike harder to abuse.      In this episode you’ll learn:          The impact on detection engineers due to the crackdown on cracked Cobalt Strike  Extensive automation used to detect and dismantle large-scale threats  How the team used the DMCA creatively to combat cybercrime    Some questions we ask:          Do you encounter any pushback when issuing DMCA notifications?   How do you plan to proceed following the success of this operation?   Can you explain the legal mechanisms behind this take-down?    Resources:   View Jason Lyons on LinkedIn  View Bob Erdman on LinkedIn    View Richard Boscovich on LinkedIn   View Sherrod DeGrippo on LinkedIn     Related Microsoft Podcasts:                    Afternoon Cyber Tea with Ann Johnson  The BlueHat Podcast  Uncovering Hidden Risks        Discover and follow other Microsoft podcasts at microsoft.com/podcasts     Get the latest threat intelligence insights and guidance at Microsoft Security Insider      The Microsoft Threat Intelligence Podcast is produced by Microsoft and distributed as part of N2K media network.   Learn more about your ad choices. Visit megaphone.fm/adchoices
01/01/2538m 40s

Future-proofing finance: FS-ISAC’s blueprint for cryptographic agility. [Special Edition]

Brandon Karpf sits down with Mike Silverman, Chief Strategy and Innovation Officer at FS-ISAC, to discuss the white paper Building Cryptographic Agility in the Financial Sector. Authored by experts from FS-ISAC’s Post-Quantum Cryptography Working Group, the paper addresses the vulnerabilities posed by quantum computing to current cryptographic algorithms. It provides financial institutions with strategies to safeguard sensitive data and maintain trust as these emerging threats evolve. Discover the challenges and actionable steps to build cryptographic agility in this insightful conversation. Learn more about your ad choices. Visit megaphone.fm/adchoices
31/12/2424m 6s

Navigating AI Safety and Security Challenges with Yonatan Zunger [The BlueHat Podcast]

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, The BlueHat Podcast by Microsoft and MSRC. See you in 2025! Yonatan Zunger, CVP of AI Safety & Security at Microsoft joins Nic Fillingham and Wendy Zenone on this week's episode of The BlueHat Podcast. Yonatan explains the distinction between generative and predictive AI, noting that while predictive AI excels in classification and recommendation, generative AI focuses on summarizing and role-playing. He highlights how generative AI's ability to process natural language and role-play has vast potential, though its applications are still emerging. He contrasts this with predictive AI's strength in handling large datasets for specific tasks. Yonatan emphasizes the importance of ethical considerations in AI development, stressing the need for continuous safety engineering and diverse perspectives to anticipate and mitigate potential failures. He provides examples of AI's positive and negative uses, illustrating the importance of designing systems that account for various scenarios and potential misuses.      In This Episode You Will Learn:       How predictive AI anticipates outcomes based on historical data  The difficulties and strategies involved in making AI systems safe and secure from misuse  How role-playing exercises help developers understand the behavior of AI systems    Some Questions We Ask:        What distinguishes predictive AI from generative AI?  Can generative AI be used to improve decision-making processes?  What is the role of unit testing and test cases in policy and AI system development?    Resources:   View Yonatan Zunger on LinkedIn      View Wendy Zenone on LinkedIn   View Nic Fillingham on LinkedIn    Related Microsoft Podcasts:     Microsoft Threat Intelligence Podcast   Afternoon Cyber Tea with Ann Johnson   Uncovering Hidden Risks       Discover and follow other Microsoft podcasts at microsoft.com/podcasts   Learn more about your ad choices. Visit megaphone.fm/adchoices
30/12/2453m 34s

Streamlining the US Navy's innovation process: A conversation with Acting CTO Justin Fanelli.

Please enjoy this encore episode of a Special Edition. N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about the US Navy streamlining the innovation process. For some background, you can refer to this article.  Additional resources:  PEO Digital Innovation Adoption Kit  Atlantic Council’s Commission on Defense Innovation Adoption For industry looking to engage with PEO Digital: Industry Engagement Learn more about your ad choices. Visit megaphone.fm/adchoices
30/12/2439m 50s

Yatia (Tia) Hopkins: Grit and right place, right time. [Solutions Architecture] [Career Notes]

VP of Global Solutions Architecture at eSentire Tia Hopkins shares her career journey and talks about its beginnings in engineering and pivots into cybersecurity leadership. Tia shares how she liked to take things apart when she was young, including the brand new computer her mother bought her and how she was fascinated by all the pieces of it spread all across her bedroom floor. As she started studying engineering, Tia learned she was more of a technologist than an engineer. Tia got her start in technology without completing her formal education by what she says is "grit and right place, right time." Once she was in a management role, Tia wanted to validate her knowledge, experience, and ability and not only completed her bachelor's degree, but also two master's degrees. Tia recently started an organization to encourage and grow interest, confidence, and leaders of women of color in the field of cybersecurity. We thank Tia for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/12/248m 14s

On the prowl for mobile malware. [Research Saturday]

This week, we are joined by Asheer Malhotra and Vitor Ventura from Cisco Talos, and they are discussing "Operation Celestial Force employs mobile and desktop malware to target Indian entities." Cisco Talos revealed Operation Celestial Force, an espionage campaign by the Pakistani threat group "Cosmic Leopard," targeting Indian defense, government, and technology sectors. Active for at least six years, the operation has recently increased its use of mobile malware and commercial spyware for surveillance. The research can be found here: Operation Celestial Force employs mobile and desktop malware to target Indian entities Learn more about your ad choices. Visit megaphone.fm/adchoices
28/12/2427m 18s

A cyber carol.

Please enjoy this encore episode of Only Malware in the Building. Welcome in! You’ve entered, Only Malware in the Building. Grab your eggnog and don your coziest holiday sweater as we sleuth our way through cyber mysteries with a festive twist! Your host is Selena Larson, Proofpoint intelligence analyst and host of their podcast DISCARDED. Inspired by the residents of a building in New York’s exclusive upper west side, Selena is joined by N2K Networks Dave Bittner and Rick Howard to uncover the stories behind notable cyberattacks. Being a security researcher is a bit like being a detective: you gather clues, analyze the evidence, and consult the experts to solve the cyber puzzle. On this episode, our cyber ghosts delve into the past, present, and future of some of the season’s most pressing threats: two-factor authentication (2FA), social engineering scams, and the return to consumer-targeted attacks. Together, Rick, Dave, and Selena deliver a ghostly—but insightful—message about the state of cybersecurity, past, present, and future. Can their advice save your holiday season from digital disaster? Tune in and find out. May your holidays be merry, bright, and free of cyber fright! Learn more about your ad choices. Visit megaphone.fm/adchoices
27/12/2451m 22s

Putting a dent in the cybersecurity workforce gap.

Please enjoy this encore episode of Solution Spotlight. In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives. Learn more about your ad choices. Visit megaphone.fm/adchoices
26/12/2431m 3s

The CyberWire: The 12 Days of Malware. [Special edition]

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of Christmas, my malware gave to me: 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eleventh day of Christmas, my malware gave to me: 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the twelfth day of Christmas, my malware gave to me: 12 Hackers hacking... 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/12/247m 28s

A social engineering carol.

Gather 'round for a holiday treat like no other! In this festive edition of Only Malware in the Building, we present A Social Engineering Carol—a cunning twist on the classic Dickens tale, penned and created by our very own Dave Bittner. Follow a modern-day Scrooge as they navigate the ghostly consequences of phishing, vishing, and smishing in this holiday cybersecurity fable. Don't miss the accompanying video, packed with holiday cheer and cyber lessons to keep you safe this season! Check it out now! Learn more about your ad choices. Visit megaphone.fm/adchoices
25/12/248m 8s

Lessons from the Viasat cybersecurity attack. [T-Minus]

Please enjoy this encore of T-Minus Space Daily. A few hours prior to the Russian invasion of Ukraine on February 24, 2022, Russia’s military intelligence launched a cyberattack against ViaSat’s KA-SAT satellite network, which was used by the Ukrainian Armed Forces. It prevented them from using satellite communications to respond to the invasion. After the ViaSat hack, numerous cyber operations were conducted against the space sector from both sides of the conflict. What have we learnt from the Viasat attack? Clémence Poirier has written a report on the Viasat cybersecurity attack during the war in Ukraine. Hacking the Cosmos: Cyber operations against the space sector.  You can connect with Clémence Poirier on LinkedIn, and read her report on this website. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
24/12/2429m 2s

Decoding XDR: Allie Mellen on What’s Next [Threat Vector]

While we are on our winter publishing break, please enjoy an episode of our N2K CyberWire network show, Threat Vector by Palo Alto Networks. See you in 2025! Announcement: We are pleased to share an exciting announcement about Cortex XDR at the top of our show. You can learn more here. Check out our episode on "Cyber Espionage and Financial Crime: North Korea’s Double Threat" with Assaf Dahan, Director of Threat Research at Palo Alto Networks Cortex team. Join host David Moulton on Threat Vector, as he dives deep into the rapidly evolving XDR landscape with Allie Mellen, Principal Analyst at Forrester. With expertise in security operations, nation-state threats, and the application of AI in security, Allie offers an inside look at how XDR is reshaping threat detection and response. From tackling the SIEM market’s current challenges to optimizing detection engineering, Allie provides invaluable insights into the people, processes, and tools central to an effective SOC. This episode offers listeners a thoughtful exploration of how to navigate today's complex threat landscape and separate XDR hype from reality. Perfect for cybersecurity professionals looking to stay ahead in the field, tune in to hear expert perspectives on the next steps in cybersecurity resilience. Ready to go deeper? Join Josh Costa, Director of Product Marketing, Allie Mellen, Principal Analyst at Forrester and David Moulton, Director of Content and Thought Leadership for Unit 42 as they discuss the State of XDR https://start.paloaltonetworks.com/State-of-XDR-with-Forrester.  Join the conversation on our social media channels: Website: http://www.paloaltonetworks.com  Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/palo-alto-networks/ YouTube: ⁠⁠⁠⁠@paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices
24/12/2439m 59s

Court puts the ‘spy’ in spyware.

A federal judge finds NSO Group liable for hacking WhatsApp. China accuses the U.S. government of cyberattacks. The UK’s Operation Destabilise uncovers a vast criminal network. An alleged LockBit developer says he did it for the money. Apache releases a security update for their Tomcat web server. Siemens issues a security advisory for their User Management Component. Italy’s data protection authority fines OpenAI $15.6 million. Researchers demonstrate a method to bypass the latest Wi-Fi security protocol. Apple sends potential spyware victims to a nonprofit for help. Our guest is Sven Krasser, CrowdStrike's Senior Vice President Data Science and Chief Scientist, talking about balancing AI and human intervention. Hackers supersize their McDonald’s delivery orders.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, our guest is Sven Krasser, CrowdStrike's Senior Vice President Data Science and Chief Scientist, talking about balancing AI and human intervention. Selected Reading Judge rules NSO Group is liable for spyware hacks targeting 1,400 WhatsApp user devices (Recorded Future) Chinese cyber center points finger at U.S. over alleged cyberattacks to steal trade secrets (CyberScoop) Inside Operation Destabilise: How a ransomware investigation linked Russian money laundering and street-level drug dealing (Recorded Future) Suspected LockBit dev faces extradition to the US (The Register) Apache fixes remote code execution bypass in Tomcat web server (Bleeping Computer) Siemens Warn of Critical Vulnerability in UMC (GovInfoSecurity) Italy's Privacy Watchdog Fines OpenAI for ChatGPT's Violations in Collecting Users Personal Data (SecurityWeek) WPA3 Network Password Bypassed via MITM Attack & Social Engineering (CyberSecurityNews.com) Apple Warns Users Of iPhone Spyware Attacks—What You Need To Know (Forbes) McDonald’s Delivery App Vulnerability Let Anyone Place an Order for Just $0.01 (CyberSecurityNews.com) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/12/2436m 28s

Jim Zufoletti: Building your experience portfolio. [Entrepreneur] [Career Notes]

CEO and co-founder of SafeGuard Cyber Jim Zufoletti shares his journey starting out as an intrepreneur and transformation into a serial entrepreneur in cybersecurity. Jim shares how he got his feet wet working for others as an intrepreneur and catching the entrepreneurial bug in the mid-90s. He has co-founded a number of companies starting with FreeMarkets, a B2B ecommerce company. After that went public and Jim moved on, he went to business school at the University of Virginia and crossed paths with his future co-founder of SafeGuard Cyber. At UVA, Jim was inspired by a professor who exposed him to the effectuation approach to entrepreneurship, Along those lines, Jim recommends those looking to start a business in cyber build their experience portfolio. Jim took what he learned to help build where he is today. His company helps protect the humans in this new digital world with the current work from home environment. And, we thank Jim for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/12/247m 52s

Quishing for trouble. [Research Saturday]

Adam Khan, VP of Security Operations at Barracuda, joins to discuss his team's work on "The evolving use of QR codes in phishing attacks." Cybercriminals are evolving phishing tactics by embedding QR codes, or “quishing,” into PDF documents attached to emails, tricking recipients into scanning them to access malicious websites that steal credentials. Barracuda researchers found over half a million such emails from June to September 2024, with most impersonating brands like Microsoft, DocuSign, and Adobe to exploit urgency and trust. To counter these attacks, businesses should deploy multilayered email security, use AI-powered detection tools, educate employees on QR code risks, and enable multifactor authentication to safeguard accounts. The research can be found here: Threat Spotlight: The evolving use of QR codes in phishing attacks Learn more about your ad choices. Visit megaphone.fm/adchoices
21/12/2417m 16s

Ukraine’s fight to restore critical data.

Russian hackers attack Ukraine’s state registers. NotLockBit is a new ransomware strain targeting macOS and Windows. Sophos discloses three critical vulnerabilities in its Firewall product. The BadBox botnet infects over 190,000 Android devices. BeyondTrust patches two critical vulnerabilities. Hackers stole $2.2 billion from cryptocurrency platforms in 2024. Officials dismantle a live sports streaming piracy ring. Rockwell Automation patches critical vulnerabilities in a device used for energy control in industrial systems. A new report from Dragos highlights ransomware groups targeting industrial sectors. A Ukrainian national is sentenced to 60 months in prison for distributing the Raccoon Infostealer malware. We bid a fond farewell to our colleague Rick Howard, who’s retiring after years of inspiring leadership, wisdom, and camaraderie. The LockBit gang tease what’s yet to come.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest segment is bittersweet as we bid farewell to our beloved Rick Howard, who’s retiring after years of inspiring leadership, wisdom, and camaraderie. Join us in celebrating his incredible journey, sharing heartfelt memories, and letting him know just how deeply he’ll be missed by all of us here at N2K. Selected Reading Ukraine’s state registers hit with one of Russia’s largest cyberattacks, officials say (The Record) NotLockBit - Previously Unknown Ransomware Attack Windows & macOS (GB Hackers) Critical Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News) Botnet of 190,000 BadBox-Infected Android Devices Discovered (SecurityWeek) BeyondTrust Security Incident — Command Injection and Escalation Weaknesses (CVE-2024-12356, CVE-2024-12686) (SOCRadar) Crypto-Hackers Steal $2.2bn as North Koreans Dominate (Infosecurity Magazine) Massive live sports piracy ring with 812 million yearly visits taken offline (Bleeping Computer) Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems (SecurityWeek) Ransomware Attackers Target Industries with Low Downtime Tolerance (Infosecurity Magazine) Ukrainian Raccoon Infostealer Operator Sentenced to Prison in US (SecurityWeek) NetWalker Ransomware Operator Sentenced For Hacking Hundreds Of Organizations (Cyber Security News) LockBit Admins Tease a New Ransomware Version (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/12/2438m 34s

Breached but not broken.

CISA urges senior government officials to enhance mobile device security. Russian state-sponsored hacker group Sandworm is targeting Ukrainian soldiers. A website bug in GPS tracking firm Hapn is exposing customer information. Multiple critical vulnerabilities have been identified in Sharp branded routers. Ireland’s Data Protection Commission fines Meta $263 million for alleged GDPR violations. Google releases an urgent Chrome security update to address four high-rated vulnerabilities. Cyberattacks on India-based organizations surged 92% year-over-year. Cybercriminals target Google Calendar to launch phishing attacks. Fortinet patches a critical vulnerability in FortiWLM. Juniper Networks warns of a botnet infection targeting routers with default credentials. Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, with advice on using employee access controls to limit internal cyber threats. When is “undesirable” a badge of honor? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, talking about using employee access controls to limit internal cyber threats. Selected Reading CISA urges senior government officials to lock down mobile devices amid ongoing Salt Typhoon breach (The Record) Sandworm-linked hackers target users of Ukraine’s military app in new spying campaign (The Record) Tracker firm Hapn spilling names of thousands of GPS tracking customers (TechCrunch) Multiple security flaws reported in SHARP routers (Beyond Machines) Meta fined $263 million for alleged GDPR violations that led to data breach (The Record) Update Google Chrome Now—4 New Windows, Mac, Linux Security Warnings (Forbes) India Sees Surge in Banking, Utilities API Attacks (Dark Reading) Google Calendar Phishing Scam Targets Users with Malicious Invites (Hackread) Fortinet Patches Critical FortiWLM Vulnerability (SecurityWeek) Juniper Warns of Mirai Botnet Targeting Session Smart Routers (SecurityWeek) Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment” (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/12/2434m 38s

Hacking allegations and antitrust heat.

The U.S. considers a ban on Chinese made routers. More than 200 Cleo managed file-transfer servers remain vulnerable. The Androxgh0st botnet expands. Schneider Electric reports a critical vulnerability in some PLCs. A critical Apache Struts 2 vulnerability is being actively exploited. Malicious campaigns are targeting Chinese-branded IoT devices. A Nebraska-based healthcare insurer discloses a data breach affecting over 225,000 individuals. IntelBroker leaks 2.9GB of data from Cisco’s DevHub environment. CISA issues a Binding Operational Directive requiring federal agencies to enhance cloud security. On today’s CERTByte segment, Chris Hare and Dan Neville unpack a question targeting the Network+ certification. INTERPOL says, “Enough with the pig butchering.“ Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment This week, Chris is joined by Dan Neville to break down a question targeting the Network+ certification (N10-008 expires on 12/20/24 and the N10-009 update launched on June 20th of this year). Today’s question comes from N2K’s CompTIA® Network+ Practice Test, both exam versions of which are offered on our site. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading U.S. Weighs Ban on Chinese-Made Router in Millions of American Homes (Wall Street Journal) Attack Exposure: Unpatched Cleo Managed File-Transfer Software (BankInfo Security) Androxgh0st Botnet Targets IoT Devices, Exploiting 27 Vulnerabilities (Hackread) Schneider Electric reports critical flaw in Modicon Programmable Logic Controllers (Beyond Machines) RATs can sniff out your Chinese-made web cameras: here’s how to defend yourself (Cybernews) Regional Care Data Breach Impacts 225,000 People (SecurityWeek) Hacker IntelBroker Leaked 2.9GB of Data Stolen From Cisco DevHub Instance (Cyber Security News) New critical Apache Struts flaw exploited to find vulnerable servers (Bleeping Computer) CISA Issues Binding Operational Directive for Improved Cloud Security (SecurityWeek) Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure (CISA) INTERPOL urges end to 'Pig Butchering' term, cites harm to online victims (INTERPOL)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/12/2431m 30s

The cost of peeking at U.S. traffic.

The Biden administration takes its first step to retaliate against China for the Salt Typhoon cyberattack. The Feds release a draft National Cyber Incident Response Plan. Telecom Namibia suffers a cyberattack. The Australian Information Commissioner has reached a $50 million settlement with Meta over the Cambridge Analytica scandal. CISA releases its 2024 year in review. LastPass hackers nab an additional five millions dollars. Texas Tech University notifies over 1.4 million individuals of a ransomware attack. Researchers discover a new DarkGate RAT attack vector using vishing. A fraudster gets 69 months in prison. On our Threat Vector segment, David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks about predictions for 2025. Surveillance tweaks our brains in unexpected ways.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector segment, we preview this week’s episode where host David Moulton talks with Nir Zuk, Founder and CTO of Palo Alto Networks. They talk about Palo Alto Networks' predictions for 2025, focusing on the shift to unified data security platforms and the growing importance of AI in cybersecurity. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.  Selected Reading Biden Administration Takes First Step to Retaliate Against China Over Hack (The New York Times) US Unveils New National Cyber Incident Response Plan (Infosecurity Magazine) Telecom Namibia Cyberattack: 400,000 Files Leaked (The Cyber Express) Landmark settlement of $50m from Meta for Australian users impacted by Cambridge Analytica incident (OAIC) CISA Warns of New Windows Vulnerability Used in Hacker Attacks (CyberInsider) CISA 2024 Year in review (CISA) LastPass threat actor steals $5.4M from victims just a week before Xmas (Cointelegraph) Texas Tech University Data Breach Impacts 1.4 Million People (SecurityWeek) Microsoft Teams Vishing Spreads DarkGate RAT (Dark Reading) Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence (SecurityWeek) The psychological implications of Big Brother’s gaze (SCIMEX) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/12/2433m 58s

Rhode Island cyberattack exposes sensitive data.

A cyberattack in Rhode Island targets those who applied for government assistance programs. U.S. Senators propose a three billion dollar budget item to “rip and replace” Chinese telecom equipment. The Clop ransomware gang confirms exploiting vulnerabilities in Cleo’s managed file transfer platforms. A major Southern California healthcare provider suffers a ransomware attack. A leading US auto parts provider discloses a cyberattack on its Canadian business unit.SRP Federal Credit Union notifies over 240,000 individuals of cyberattack.  A sophisticated phishing campaign targets YouTube creators.  Researchers identify a high-severity vulnerability in Mullvad VPN. A horrific dark web forum moderator gets 30 years in prison. Our guests are Perry Carpenter and Mason Amadeus, hosts of the new FAIK Files podcast. Jailbreaking your license plate.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guests are Perry Carpenter and Mason Amadeus, hosts of The FAIK Files podcast, talking about their new show. You can find new episodes of The FAIK Files every Friday on the N2K CyberWire network.  Selected Reading Personal Data of Rhode Island Residents Breached in Large Cyberattack (The New York Times) Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches ( CyberScoop) Clop ransomware claims responsibility for Cleo data theft attacks (Bleeping Computer) Hackers Steal 17M Patient Records in Attack on 3 Hospitals (BankInfo Security) Major Auto Parts Firm LKQ Hit by Cyberattack (Securityweek) SRP Federal Credit Union Ransomware Attack Impacts 240,000 (Securityweek) ConnectOnCall Announces 914K-Record Data Breach (HIPAA Journal) Malware Hidden in Fake Business Proposals Hits YouTube Creators (Hackread) Critical Mullvad VPN Vulnerabilities Let Attackers Execute Malicious Code (Cyber Security News)  Texan man gets 30 years in prison for running CSAM exchange (The Register) Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/12/2437m 46s

Marcelle Lee: Cyber sleuth detecting emerging threats. [Research] [Career Notes]

Please enjoy this encore episode of Career Notes. Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites them. And, we thank Marcelle for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/12/247m 55s

Watching the watchers. IoT vulnerabilities exposed by AI. [Research Saturday]

This week, we are joined by Andrew Morris, Founder and CTO of GreyNoise, to discuss their work on "GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI." GreyNoise discovered two critical zero-day vulnerabilities in IoT-connected live streaming cameras, used in sensitive environments like healthcare and industrial operations, by leveraging its AI-powered detection system, Sift. The vulnerabilities, CVE-2024-8956 (insufficient authentication) and CVE-2024-8957 (OS command injection), could allow attackers to take full control of affected devices, manipulate video feeds, or integrate them into botnets for broader attacks. This breakthrough underscores the transformative role of AI in identifying threats that traditional systems might miss, highlighting the urgent need for robust cybersecurity measures in the expanding IoT landscape. The research can be found here: GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI Learn more about your ad choices. Visit megaphone.fm/adchoices
14/12/2421m 15s

Hackers in handcuffs.

The U.S. dismantles the Rydox criminal marketplace.  File-sharing provider Cleo urges customers to immediately patch a critical vulnerability. A Japanese media giant reportedly paid nearly $3 million to a Russia-linked ransomware group. The largest Bitcoin ATM operator in the U.S. confirms a data breach. Microsoft quietly patches two potentially critical vulnerabilities. Researchers at Claroty describe a malware tool used by nation-state actors to target critical IoT and OT systems. Dell releases patches for a pair of critical vulnerabilities. A federal court indicts 14 North Korean nationals for a scheme funding North Korea’s weapons programs. Texas accuses a data broker of sharing sensitive driving data without consent. Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. How the bots stole Christmas.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. Read more about it in Tim’s article. Selected Reading Rydox Cybercrime Marketplace Disrupted, Administrators Arrested (SecurityWeek) Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware (The Record) Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers (The Record) Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted (Hackread) Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog (SecurityWeek) Researchers Discover Malware Used by Nation-Sates to Attack OT Systems (Infosecurity Magazine) Critical Dell Security Vulnerabilities Let Attackers Compromise Affected Systems (Cyber Security News) 14 North Korean IT Workers Charged, US to Offer $5 Million Rewards for Info (Cyber Security News) Texas adds data broker specializing in driver behavior to list of alleged privacy law violators (The Record) UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/12/2432m 4s

When AI goes offline.

ChatGPT and Meta face widespread outages. Trump advisors explore splitting NSA and CyberCom leadership roles. A critical vulnerability in Apache Struts 2 has been disclosed. “AuthQuake” allowed attackers to bypass Microsoft MFA protections. Researchers identify Nova, a sophisticated variant of the Snake Keylogger malware. Adobe addresses critical vulnerabilities across their product line. Chinese law enforcement has been using spyware to collect data from Android devices since 2017. A new report highlights the gaps in hardware and firmware security management. A Krispy Kreme cyberattack creates a sticky situation. N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. Do Not Track bids a fond farewell.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K’s Executive Editor Brandon Karpf speaks with guest Mike Silverman, Chief Strategy and Innovation Officer at the FS-ISAC discussing cryptographic agility. You can learn more in their new white paper "Building Cryptographic Agility in the Financial Sector." We will share the extended version of this conversation over our winter break. Stay tuned.  Selected Reading ChatGPT Down Globally, Services Restored After Hours Of Outage (Cyber Security News) Facebook, Instagram and other Meta apps go down due to 'technical issue' (CNBC) Unfinished business for Trump: Ending the Cyber Command and NSA 'dual hat' (The Record) Apache issues patches for critical Struts 2 RCE bug (The Register) Microsoft MFA Bypassed via AuthQuake Attack (SecurityWeek) Nova Keylogger – A Snake Malware Steal Credentials and Capture Screenshorts From Windows (Cyber Security News) Adobe releases December 2024 patches for flaws in multiple products, including critical (Beyond Machines) Mobile Surveillance Tool EagleMsgSpy Used by Chinese Law Enforcement (SecurityWeek) Three-Quarters of Security Leaders Admit Gaps in Hardware Knowledge (Infosecurity Magazine) Krispy Kreme cyberattack impacts online orders and operations (Bleeping Computer) Firefox, one of the first “Do Not Track” supporters, no longer offers it (Ars Technica)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/12/2433m 10s

When exploits go wild and patches race the clock.

Microsoft confirms a critical Windows zero-day vulnerability. Global law enforcement agencies dismantle 27 DDoS platforms. Researchers compromise memory in AMD virtual machines. Ivanti reports multiple critical vulnerabilities in its Cloud Services Application. Group-IB researchers expose a sophisticated global phishing campaign. A zero-day vulnerability in Cleo’s managed file transfer software is under active exploitation. The U.S. sanctions a Chinese firm for a 2020 firewall exploit. Congress looks to require the FCC to regulate telecom cybersecurity. Our guest is Malachi Walker, Security Strategist at DomainTools, discussing their role in ODNI's newly established Sentinel Horizon Program. SpartanWarriorz dodge a Telegram crackdown.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Malachi Walker, Security Strategist at DomainTools, about their role in ODNI's newly established Sentinel Horizon Program. Selected Reading New Windows 0Day Attack Confirmed—Homeland Security Says Update Now (Forbes) Microsoft Fixes 71 CVEs Including Actively Exploited Zero-Day (Infosecurity Magazine) Atlassian, Splunk Patch High-Severity Vulnerabilities (SecurityWeek) Chrome Security Update, Patch for 3 High-severity Vulnerabilities (Cyber Security News) ICS Patch Tuesday: Security Advisories Released by Siemens, Schneider, CISA, Others (SecurityWeek) Operation PowerOFF Takes Down DDoS Boosters (Infosecurity Magazine) AMD Chip VM Memory Protections Broken by BadRAM (Security Boulevard) Three more vulns spotted in Ivanti CSA, all critical, one 10/10 (The Register) Global Ongoing Phishing Campaign Targets Employees Across 12 Industries (Hackread) New Cleo zero-day RCE flaw exploited in data theft attacks (Bleeping Computer)  US Sanctions Chinese Firm at Center of Global Firewall Hack (Infosecurity Magazine) Wyden legislation would mandate FCC cybersecurity rules for telecoms (CyberScoop) Scam Kit Maker Rebuilding Business After Telegram Channel Shut Down (Security Boulevard)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/12/2431m 42s

Buckets of trouble.

Researchers uncover a large-scale hacking operation tied to the infamous ShinyHunters. A Dell Power Manager vulnerability lets attackers execute malicious code. TikTok requests a federal court injunction to delay a U.S. ban. Radiant Capital attributed a $50 million cryptocurrency heist to North Korea. Japanese firms report ransomware attacks affecting their U.S. subsidiaries. WhatsApp’s “ViewOnce” feature faces continued scrutiny. SpyLoan malware targets Android users through deceptive loan apps. A major Romanian electricity distributor is investigating an ongoing ransomware attack. A critical flaw in OpenWrt Sysupgrade has been fixed. Contenders for top cyber roles in the next Trump administration visit Mar-a-Lago. On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Google’s new quantum chip promises scaling without failing.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Jason Lamar, Cobalt’s Senior Vice President of Product, joins us to share insights on offensive security: staying ahead of cyber threats. Check out Cobalt’s GigaOm Radar Report for PTaaS 2024 to learn more.  Selected Reading ShinyHunters, Nemesis Linked to Hacks After Leaking Their AWS S3 Bucket (Hackread) Dell Power Manager Vulnerability Let Attackers Execute Malicious Code (Cyber Security News) TikTok Asks Court To Suspend Ban Ahead of Supreme Court Appeal (The Information) Radiant links $50 million crypto heist to North Korean hackers (Bleeping Computer) US subsidiaries of Japanese water treatment company, green tea maker hit with ransomware (The Record) WhatsApp View Once Vulnerability Let Attackers Bypass The Privacy Feature (Cyber Security News) SpyLoan Malware: A Growing Threat to Android Users (Security Boulevard) Romanian energy supplier Electrica hit by ransomware attack (Bleeping Computer) OpenWrt Sysupgrade flaw let hackers push malicious firmware images (Bleeping Computer) Homeland Security veteran to be interviewed for Trump administration cyber role (The Record) Google claims ‘breakthrough’ with new quantum chip (Silicon Republic) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/12/2437m 20s

Router security in jeopardy.

A critical zero-day is confirmed by a Japanese router maker. Romania annuls the first round of its 2024 presidential election over concerns of Russian interference. A sophisticated malware campaign targets macOS users. Mandiant uncovers a method to bypass browser isolation using QR codes. Belgian and Dutch authorities arrest eight individuals linked to online fraud schemes. A medical device company discloses a ransomware attack. A community hospital in Massachusetts confirms a ransomware attack affecting over three hundred thousand. The Termite ransomware gang claims responsibility for the attack on Blue Yonder. Synology patches multiple vulnerabilities in its Router Manager (SRM) software. The head of U.S. Cyber Command outlines the challenges of keeping decision makers up to date. Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future. Robot rats join the mischief.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Anna Pobletts, Head of Passwordless at 1Password, discussing the state of passkeys and what she sees on the road to a truly passwordless future.  Selected Reading I-O Data Confirms Zero-Day Attacks on Routers, Full Patches Pending (SecurityWeek) Romania’s top court annuls presidential election result (CNN) MacOS Passwords Alert—New Malware Targets Keychain, Chrome, Brave, Opera (Forbes) QR codes bypass browser isolation for malicious C2 communication (Bleeping Computer) Eight Suspected Phishers Arrested in Belgium, Netherlands (SecurityWeek) Medical Device Maker Artivion Scrambling to Restore Systems After Ransomware Attack (SecurityWeek) Anna Jaques Hospital ransomware breach exposed data of 300K patients (Bleeping Computer) Blue Yonder SaaS giant breached by Termite ransomware gang (Bleeping Computer) Synology Router Vulnerabilities Let Attackers Inject Arbitrary Web Script (Cyber Security News) Cyber Command Chief Discusses Challenges of Getting Intel to Users (Defense.gov) Robot Rodents: How AI Learned To Squeak And Play (Hackaday) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/12/2433m 57s

Aviv Grafi: There needs to be fundamental changes in security. [CEO] [Career Notes]

CEO and Founder of Votiro Aviv Grafi shares his story from serving as a member of the IDF's intelligence forces to leading his own venture. Aviv says his service in the IDF shaped a lot of his thinking and problem solving. Following his military service, Aviv worked to gain more real world and business experience. Starting his own business as a pentester was where the seeds for what would become Votiro would form. Aviv talks about the roller coaster that you experience when starting your own venture and offers some advice. And, we thank Aviv for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/12/245m 18s

Digital Mindhunters: a novel look at cybersecurity and artificial intelligence. [Special Edition]

In this special edition podcast, N2K's Executive Editor Brandon Karpf talks with author, CEO and cybersecurity advisor Dr. Bilyana Lilly about her new novel "Digital Mindhunters." Book Overview In a high-stakes game of espionage and deception, a female analyst uncovers Russia's plot to wield artificial intelligence, espionage, and disinformation as weapons of chaos against the United States. As she races against time to thwart an assassination plot, she finds herself entangled in a web of international intrigue and discovers a parallel threat from a Chinese spy network aiming to steal data, manipulate American voters, and harness technology to dismantle the very foundations of U.S. democracy. In a world where lies are a weapon and trust is a luxury, she navigates the treacherous worlds of arms dealers, hackers, and spies to protect her country. About the author Dr. Bilyana Lilly is a cybersecurity and information warfare expert. She advises senior executives in the private and public sector on how to mitigate cybersecurity risk across their enterprises. Dr. Lilly serves on the Advisory Boards of the venture capital firm Night Dragon and the cybersecurity firm RunSafe Security. She chairs the Democratic Resilience Track of the Warsaw Security Forum and is an adjunct senior advisor for critical infrastructure and resilience at the Institute for Security and Technology. Her previous roles include a manager at Deloitte's Financial Cybersecurity Practice and a fellow at the RAND Corporation. Dr. Lilly holds a PhD in policy analysis and cyber security, and three master's degrees, including an honors degree from Oxford University. Her book "Russian Information Warfare" became a bestseller and is on display at the Pentagon. Dr. Lilly is a mentor and a speaker at RSA, DefCon, CyCon, and the Executive Women's Forum. She has been denounced by Russia's Ministry of Foreign Affairs and called cyber expert by Tom Hanks. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/12/2446m 37s

The JPHP loader breaking away from the pack. [Research Saturday]

Shawn Kanady, Global Director of Trustwave SpiderLabs, to discuss their work on "Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader." Trustwave SpiderLabs has uncovered Pronsis Loader, a new malware variant using the rare programming language JPHP and stealthy installation tactics to evade detection. The malware is capable of delivering high-risk payloads like Lumma Stealer and Latrodectus, posing a significant threat. Researchers highlight its unique capabilities and infrastructure, offering insights for bolstering cybersecurity defenses. The research can be found here: Pronsis Loader: A JPHP-Driven Malware Diverging from D3F@ck Loader Learn more about your ad choices. Visit megaphone.fm/adchoices
07/12/2425m 52s

The NTLM bug that sees and steals.

Researchers uncover a critical Windows zero-day.  An alleged Ukrainian cyberattack targets one of Russia’s largest banks. Russian group BlueAlpha exploits CloudFlare services. Microsoft flags Chinese hacking group Storm-0227 for targeting critical infrastructure and U.S. government agencies. SonicWall patches high-severity vulnerabilities in its secure access gateway. Atrium Health reports a data breach affecting over half a million individuals. Rockwell Automation discloses four critical vulnerabilities in its Arena software. U.S. authorities arrest an alleged member of the Scattered Spider gang. Our guest is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. C3PO gets caught in the crypto mines.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining Dave today is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. Read more details in the press release.  Selected Reading New Windows 7 To 11 Warning As Zero-Day With No Official Fix Confirmed (Forbes) Russian users report Gazprombank outages amid alleged Ukrainian cyberattack (The Record) BlueAlpha Russian hackers caught abusing CloudFlare services (SC Media) U.S. org suffered four month intrusion by Chinese hackers (Bleeping Computer) Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (The Register) SonicWall Patches 6 Vulnerabilities in Secure Access Gateway (SecurityWeek) Mitel MiCollab zero-day and PoC exploit unveiled (Help Net Security) Atrium Health Data Breach Impacts 585,000 People (SecurityWeek) Rockwell Automation Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News) US arrests Scattered Spider suspect linked to telecom hacks  (Bleeping Computer) Nebraska Man pleads guilty to $3.5 million cryptojacking scheme (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/12/2434m 11s

Dismantling the Manson cybercrime market.

Europol dismantles the Manson cybercrime market. Operation Destabilise stops two major Russian-speaking money laundering networks. New details emerge on China’s attacks on U.S. telecoms. Black Lotus Labs uncovers a covert campaign by the Russian-based threat actor “Secret Blizzard”. Cisco issues patches for a high impact bootloader vulnerability. Trend Micro researchers uncovered Earth Minotaur targeting Tibetan and Uyghur communities. Payroll Pirates target HR payroll systems to redirect employee funds .Pegasus spyware may be more prevalent than previously believed. Our guest today is Jon France, CISO at ISC2, with insights from the ISC2 2024 Workforce Study. How businesses can lose customers one tip at a time.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Jon France, CISO at ISC2, sharing the ISC2 2024 Workforce Study. You can read the press release about the report here and dig into the details of the report itself here.  Selected Reading 50 Servers Linked to Cybercrime Marketplace and Phishing Sites Seized by Law Enforcement (SecurityWeek) UK’s NCA Disrupts Multibillion-Dollar Russian Money Launderers (Infosecurity Magazine) The White House reveals at least 8 U.S. telecom firms impacted by China’s Salt Typhoon cyberattack (Fast Company) Senators implore Department of Defense to expand the use of Matrix (Element) Snowblind: The Invisible Hand of Secret Blizzard (Lumen) Frequent freeloader part I: Secret Blizzard compromising Storm-0156 infrastructure for espionage (Microsoft Security) Russian Hackers Exploit Rival Attackers’ Infrastructure for Espionage (Infosecurity Magazine) Bootloader Vulnerability Impacts Over 100 Cisco Switches (SecurityWeek) MOONSHINE Exploit Kit and DarkNimbus Backdoor Enabling Earth Minotaur’s Multi-Platform Attacks (Trend Micro) Hunting Payroll Pirates: Silent Push Tracks HR Redirect Phishing Scam (Silent Push) iVerify Mobile Threat Investigation Uncovers New Pegasus Samples (iVerify) How a Russian man’s harrowing tale shows the physical dangers of spyware (CyberScoop) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
05/12/2435m 35s

The end of MATRIX.

International law enforcement takes down the MATRIX messaging platform. SailPoint discloses a critical vulnerability in its IdentityIQ platform. A Solana library has been backdoored. SolarWinds discloses a critical vulnerability in its Platform product. Researchers identify 16 zero-day vulnerabilities in Fuji Electric’s remote monitoring software. Cisco urges users to patch a decade-old vulnerability. CISA warns of active exploitation of Zyxel firewall devices. A critical XSS vulnerability has been identified in MobSF. Google’s December 2024 Android security update addresses 14 high-severity vulnerabilities. The Federal Trade Commission settles with data brokers over alleged consent violations. On today’s CertByte segment, Chris Hare and Dan Neville break down a question targeting the A+ Core (220-1101) Exam 1 certification. A vodka company gets iced by ransomware. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. This week, Chris is joined by Dan Neville breaking down a question targeting the A+ Core (220-1101) Exam 1 certification. Today’s question comes from N2K’s CompTIA® A+ Core Exam 1 Practice Test (Core Exam 2 Practice Test is also available on our site). Have a question that you’d like to see covered? Email us at certbyte@n2k.com. Check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: www.comptia.org Selected Reading International Operation Dismantles MATRIX: A Sophisticated Encrypted Messaging Service (SOCRadar) German Police Shutter Country’s Largest Dark Web Market (Infosecurity Magazine) 10/10 directory traversal bug hits SailPoint's IdentityIQ (The Register) Solana Web3.js Library Backdoored in Supply Chain Attack (SecurityWeek) SolarWinds Platform XSS Vulnerability Let Attackers Inject Malicious Code (Cyber Security News) 16 Zero-Days Uncovered in Fuji Electric Monitoring Software (GovInfo Security) Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability (Hackread) VulnerabilitiesCISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks (SecurityWeek) U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog (SecurityAffairs) MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts (GB Hacker) Android's December 2024 Security Update Patches 14 Vulnerabilities (SecurityWeek) FTC accuses data brokers of improperly selling location info (The Register) Vodka Giant Stoli Files for Bankruptcy After Ransomware Attack (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/12/2433m 57s

Nam3l3ss but not harmless.

More than 760,000 see their personal data exposed on the BreachForums cybercrime forum. The new head of the UK’s NCSC warns against underestimating growing cyber threats. The Consumer Financial Protection Bureau (CFPB) looks to prevent data brokers from selling Americans’ personal and financial information. A U.S. government and energy sector contractor discloses a ransomware attack. The “smoked ham” Windows backdoor is being actively deployed. A new report warns of overreliance on Chinese-made LIDAR technology. SmokeLoader malware targets companies in Taiwan. NIST proposes new password guidelines. South Korean police make arrests over 240,000 satellite receivers with built-in DDoS attack capabilities. On our Threat Vector segment, we preview this week’s episode where host David Moulton goes Behind the Scenes with Palo Alto Networks CIO and CISO. ChatGPT has a Voldemort moment.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector segment, we preview this week’s episode where host David Moulton goes “Behind the Scenes with Palo Alto Networks CIO and CISO Securing Business Success with Frictionless Cybersecurity.” Meerah Rajavel, CIO of Palo Alto Networks, and Niall Browne, CISO of the organization, join David to discuss the importance of aligning IT strategy with cybersecurity. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.  Selected Reading 760,000 Employee Records From Several Major Firms Leaked Online (SecurityWeek) UK cyber chief warns country is ‘widely underestimating’ risks from cyberattacks (The Record) US agency proposes new rule blocking data brokers from selling Americans' sensitive personal data (TechCrunch) US government contractor ENGlobal says operations are ‘limited’ following cyberattack (TechCrunch) New Windows Backdoor Security Warning For Bing, Dropbox, Google Users (Forbes) Chinese LIDAR Dominance a Cybersecurity Threat, Warns Think Tank (Infosecurity Magazine) SmokeLoader Attack Targets Companies in Taiwan (FortiGuard Labs)  Korea arrests CEO for adding DDoS feature to satellite receivers (Bleeping Computer) Do Your Passwords Meet the Proposed New Federal Guidelines? (Wall Street Journal) These names cause ChatGPT to break, and it's due to AI hallucinations ( TechSpot)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/12/2433m 50s

The international effort making digital spaces safer.

A major cybercrime crackdown by Interpol nabs hundreds of suspects and millions in stolen funds. Zabbix has disclosed a critical SQL injection vulnerability. A novel phishing campaign exploits Microsoft Word’s file recovery feature. Researchers track the Rockstar 2FA phishing toolkit. Critical vulnerabilities are found in Advantech’s industrial wireless access points.  North Korea’s Kimsuky hacking group shifts their tactics. The U.N. forms an advisory body to address growing threats to critical undersea cable infrastructure.The U.K. is laser-focused on AI security research. Russian authorities arrest the Wazawaka ransomware affiliate. Our guest is Marshall Heilman, CEO of DTEX Systems, sharing his experience with a nation-state actor's attempt to gain employment at his company. OpenAI opens the door for encrudification.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Marshall Heilman, CEO of DTEX Systems, discussing how HR can spot fake IT workers and sharing their own experience with a nation-state actor's attempt to gain employment at his company. You can read DTEX Systems findings here.  Selected Reading Global Police Arrest 5500 in $400m Cyber-Fraud Crackdown (Infosecurity Magazine) Critical Vulnerability Found in Zabbix Network Monitoring Tool (SecurityWeek) Novel phishing campaign uses corrupted Word documents to evade security (Bleeping Computer) "Rockstar 2FA" Phishing-as-a-Service Steals Microsoft 365 Credentials Via AiTM Attacks (Cyber Security News)  Warning: Patch Advantech Industrial Wireless Access Points (GovInfo Security) North Korean Hacking Group Launches Undected Malwareless URL Phishing Attacks (Cyber Security News) UN, international orgs create advisory body for submarine cables after incidents (The Record) U.K. launches AI security lab to combat nation-state cyber threats (SC Media) Ransomware suspect Wazawaka reportedly arrested by Russia (SC World) OpenAI explores advertising as it steps up revenue drive (Financial Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
02/12/2433m 18s

Debra Danielson: Be fearless. [CTO] [Career Notes]

Please enjoy this encore episode, where we are joined by Chief Technology Officer and Senior Vice President, Engineering for Digital Guardian Debra Danielson, as she shares her career journey. From aspirations of becoming an astronaut studying mechanical and aerospace engineering, Finding her first job at a local software company that turned into a long term commitment after it was acquired by another firm. Debra mentions that when she was heads-down programming, there were many women in the field and when she emerged from the cube to take on management and leadership positions, the ratio of women had dropped dramatically. She noted at this time that it took a lot of energy to be different. Debra shared that each time she had challenges in her career, she learned from them. She offers advice of taking risks earlier in your career as you don't know what it could lead to. And, we thank Debra for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
01/12/247m 40s

Leaking your AWS API keys, on purpose? [Research Saturday]

Please enjoy this encore episode: Noah Pack, a SANS Internet Storm Center Intern, sits down to discuss research on "What happens when you accidentally leak your AWS API keys?" This research is a guest diary from Noah and shares a project he worked on after seeing an online video of someone who created a python script that emailed colleges asking for free swag to be shipped to him. The research states "In this article, I will share some research, resources, and real-world data related to leaked AWS API keys." In this research, Noah shares what he learned while implementing his experiment. The research can be found here: What happens when you accidentally leak your AWS API keys? [Guest Diary] Learn more about your ad choices. Visit megaphone.fm/adchoices
30/11/2426m 30s

Science fiction meets reality with Ronald D. Moore. [T-Minus Deep Space]

T-Minus Space Daily Podcast Host Maria Varmazis was asked to host a fireside chat with Sci-Fi legend Ronald D. Moore at the Beyond Earth Symposium in Washington DC.  Ronald D. Moore is an American screenwriter and television producer. He is best known for his work on Star Trek, the re-imagined Battlestar Galactica and For All Mankind TV series. Check out the full conversation on our YouTube Page here! Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/11/2449m 13s

Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition]

Please enjoy this encore episode: On this Solution Spotlight, guest Lee Parrish, author and CISO at Newell Brands, joins N2K President Simone Petrella to discuss his book "The Shortest Hour: An Applied Approach to Boardroom Governance of Cyber Security" and security relationship management. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/11/2434m 7s

Grappling with a ransomware attack.

Blue Yonder continues to grapple with ransomware attack. AI-powered scams surge this shopping season. Gaming engine exploited to deliver malware. Chinese hackers ride the router wave. TikTok’s beauty filter ban. Redefining cybersecurity education for the future. On our Industry Voices segment, Dave sits down with Damon Fleury, SpyCloud’s Chief Product Officer to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. And when do cyber criminals start their holiday scheming? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today on our Industry Voices segment, guest Damon Fleury, SpyCloud’s Chief Product Officer, joins Dave to discuss defending against what criminals know about you and the role of holistic digital identity in cyber defense. Selected Reading Kevin Beaumont (@GossiTheDog) on Mastodon (Mastodon) Advanced Cyberthreats Targeting Holiday Shoppers (FortiGuard Labs)  Black Friday Gets a Fakeover: Fake Stores Spike 110% by Using LLMs this Holiday Shopping Season (Netcraft) The Exploitation of Gaming Engines: A New Dimension in Cybercrime (Check Point Software)  T-Mobile Engineers Spotted Hackers Running Commands on Routers (Bloomberg Law)   TikTok will block beauty filters for teens over mental health concerns (The Verge) Australia passes bill banning social media for children under 16 (The Washington Post) CISA debuts new cybersecurity training platform (Federal News Network)  African cybercrime crackdown culminates in 1,006 captured and cuffed (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/11/2433m 50s

Taking aim at cybercrime.

Smashing cybercrime syndicates. CyberVolk goes global. Tech troubles mostly resolved. A malware web weaved by Salt Typhoon targets global sectors. Love at first exploit. Ransomware attack on Blue Yonder brews trouble. Google faces a UK court battle. Lateral moves and lost data. I sit down with Clemence Poirer, Senior Cyberdefense Researcher at the Center for Security Studies (CSS) at ETH Zurich | Space Cybersecurity to discuss cybersecurity attacks in space. And finally, a Cybersecurity sales pitch goes rogue. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest, Clemence Poirier, Senior Cyberdefense Researcher at the Center for Security Studies (CSS) at ETH Zurich, recently spoke with T-Minus Space Daily podcast host Maria Varmazis about cybersecurity attacks in space. Read the case study: Hacking the Cosmos: Cyber operations against the space sector. A case study from the war in Ukraine. Selected Reading Bangkok busts SMS Blaster sending 1 million scam texts from a van (Bleeping Computer) Police bust two Chinese syndicates (Bangkok Post) 'CyberVolk' hacktivists use ransomware in support of Russian interests (The Record)  Microsoft says massive Outlook and Teams outage is mostly resolved (CNN)  British hospital group declares ‘major incident’ following cyberattack (The Record)  NHS declares major cyber incident for third time this year (The Register) Game of Emperor: Unveiling Long Term Earth Estries Cyber Intrusions (Trend Micro) RomCom exploits Firefox and Windows zero days in the wild Starbucks, Grocery Stores Hit by Blue Yonder Ransomware Attack (SecurityWeek) Google hit with £7B claim over search engine dominance (The Register) CISA Details Red Team Assessment including TTPs & network defense (GB Hackers) DOJ: Man hacked networks to pitch cybersecurity services (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
26/11/2431m 39s

Novel attacks and creative phishing angles.

APT28 uses a novel technique to breach organizations via nearby WiFi networks. Your Apple ID is (not) suspended. UK highlighting Russian threats at NATO Cyber Defence Conference. US senators request an audit of TSA's facial recognition technology. Supply chain software company sustains ransomware attack. Critical QNAP vulnerability could allow remote code execution. Outdated Avast Anti-Rootkit driver exploited. No more internet rabbit holes for China. Guest Lesley Carhart from Dragos on "The Shifting Landscape of OT Incident Response." Stop & Shop turns cyber oops into coffee and cookies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is ​​Lesley Carhart, Technical Director at Dragos, speaking with Dave Bittner about "The Shifting Landscape of OT Incident Response." You can find the blog here. Selected Reading Russian Cyberspies Hacked Building Across Street From Target for Wi-Fi Attack (SecurityWeek) The Nearest Neighbor Attack: How A Russian APT Weaponized Nearby Wi-Fi Networks for Covert Access (Volexity) New Warning For 2 Billion iPhone, iPad, Mac Users—Your Apple ID Is Suspended (Forbes) Russia plotting to use AI to enhance cyber-attacks against UK, minister will warn (The Guardian)  Britain, NATO must stay ahead in 'new AI arms race', says UK minister (Reuters)  Senators call for audit of TSA’s facial recognition tech as use expands in airports (The Record)  Blue Yonder ransomware attack disrupts supply chains across UK and US (Tech Monitor) Critical QNAP Vulnerability Let Attackers Execute Remote Code (Cyber Security News) Malware campaign abused flawed Avast Anti-Rootkit driver (Security Affairs) When Guardians Become Predators: How Malware Corrupts the Protectors (Trellix report)  Imagine a land where algorithms don't ruin the Internet (The Register) Stop & Shop recovers from 'cybersecurity issue,' will give out free food, coffee (WTNH) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/11/2432m 49s

So you want to write a book about AI and cybersecurity? [CSO Perspectives]

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Caroline Wong, the Chief Strategy Officer at Cobalt to discuss the mechanics of writing a cybersecurity book about AI. References: Ben Smith. “Security Metrics: A Beginner’s Guide” Review [Review]. Cybersecurity Canon Project. Caroline Wong, 2011. Security Metrics, A Beginner’s Guide [Book]. Goodreads. Rick Howard, Caroline Wong, 2022. Interview with Author and Hall of Fame winner Caroline Wong [Interview]. Cybersecurity Canon Project. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Rick Howard. Security Metrics, A Beginner’s Guide [Review]. Cybersecurity Canon Project. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/11/2418m 59s

Greg Bell: Answer the question of "why?" [Open Source] [Career Notes]

Enjoy this encore episode where we are joined by Co-founder and Chief Strategy Officer for Corelight Greg Bell, as he describes the twists and turns of his career bringing him back to his childhood joy of computers. Working in a myriad of fields from human rights to Hollywood to writing a history of conspiracy belief before pivoting back to technology. Focusing on the relationships within the open source community, Greg works to change and improve the world through his mission-based organization. For those looking to begin their career in cyber, Greg offers that great mentorship and working for great organizations where you can soak in the culture are really important. And, we thank Greg for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
24/11/246m 30s

Exposing AI's Achilles heel. [Research Saturday]

This week, we are joined by Ami Luttwak, Co-Founder and CTO from Wiz, sharing their work on "Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35 percent of Cloud Environments." A critical vulnerability in the NVIDIA Container Toolkit, widely used for GPU access in AI workloads, could allow attackers to escape containers and gain full access to host environments, jeopardizing sensitive data. Wiz estimates that at least 33% of cloud environments are affected and urges immediate updates to NVIDIA's patched version. This discovery highlights the broader issue of young, under-secured codebases in AI tools, emphasizing the need for stronger security measures and collaboration. The research can be found here: Wiz Research Finds Critical NVIDIA AI Vulnerability Affecting Containers Using NVIDIA GPUs, Including Over 35% of Cloud Environments Learn more about your ad choices. Visit megaphone.fm/adchoices
23/11/2426m 32s

A not so BASIC farewell.

META details its efforts against pig butchering. The Salt Typhoon attack on major U.S. telecoms sparks interest from Congress.  Microsoft dismantles 240 domains linked to the ONNX phishing-as-a-service platform. A major U.S. gambling and lottery provider suffers a cyberattack. Hackers exploit newly patched zero-days in Palo Alto Networks firewalls. Researchers say Fortinet VPN servers lack sufficient logging. A pilot program looks to improve security for small U.S. water utilities. Bitdefender warns of scammers using Black Friday-themed spam emails. Our guest is DataDome’s CEO and Co-founder, Benjamin Fabre, discussing how "Fake Accounts Threaten Black Friday Gaming Sales." A fond farewell for a true cyber innovator.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In advance of Black Friday shopping next week, our guest is  DataDome’s CEO and Co-founder, Benjamin Fabre discussing their team's work on "Fake Accounts Threaten Black Friday Gaming Sales."  Selected Reading Meta cracks down on millions of accounts it tied to pig-butchering scams (CyberScoop) China’s Hacking Reached Deep Into U.S. Telecoms (New York Times) FCC leaders skirt call for wiretap security reform, hope to ‘go deeper’ on telecom breach briefings (NextGov) Microsoft disrupts ONNX phishing-as-a-service infrastructure (Bleeping Computer) Gambling and lottery giant disrupted by cyberattack, working to bring systems back online (The Record) Over 2,000 Palo Alto firewalls hacked using recently patched bugs (Bleeping Computer) Fortinet VPN design flaw hides successful brute-force attacks (Bleeping Computer) First Water Utilities Take Volunteer Cyber Help (The University of Chicago Harris School of Public Policy) Three-Quarters of Black Friday Spam Emails Identified as Scams (Infosecurity Magazine) Thomas E. Kurtz, a Creator of BASIC Computer Language, Dies at 96 (New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/11/2434m 8s

No more spinach for PopeyeTools.

The feds take down the PopeyeTools cybercrime market. Five alleged Scattered Spider members have been charged.  CISA warns of critical vulnerabilities in VMware’s vCenter Server. Global AI experts convene to discuss safety. MITRE updates its list of Top 25 Most Dangerous Software Weaknesses. US and Australian agencies warn critical infrastructure organizations about evolving tactics by the BianLian ransomware group. A new report looks at rising threats to the U.S. manufacturing industry. Researchers at ESET uncover the WolfsBane Linux backdoor. A pair of malicious Python packages impersonating ChatGPT went undetected for over a year. A data breach at a French hospital compromised the medical records of 750,000 patients. On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate’s Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." AI Pimping is the scourge of Instagram.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate’s Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." Resources:  Security Validation Essentials Hertz Israel Reduced Cyber Risk by 81% within 4 Months with Cymulate SecOps Roundtable: Security Validation and the Path to Exposure Management Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Selected Reading US seizes PopeyeTools cybercrime marketplace, charges administrators (Bleeping Computer) Five Charged in Scattered Spider Case (Infosecurity Magazine) CISA Warns of VMware VCenter Vulnerabilities Actively Exploited in Attacks (Cyber Security News) US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their Work (SecurityWeek) MITRE Updates List of 25 Most Dangerous Software Vulnerabilities (SecurityWeek) BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk (Infosecurity Magazine) Manufacturing Sector Under Siege: Industry Faces Wave of Advanced Email Attacks (Abnormal Security) Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware (Cyber Security News) Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data (GB Hackers) Cyberattack at French hospital exposes health data of 750,000 patients (Bleeping Computer) Inside the Booming 'AI Pimping' Industry (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
21/11/2437m 5s

When location data becomes a weapon.

A WIRED investigation uncovers the ease of tracking U.S. military personnel. Apple releases emergency security updates to address actively exploited vulnerabilities. Latino teenagers and LGBTQ individuals are receiving disturbing text messages spreading false threats. Crowdstrike says Liminal Panda is responsible for telecom intrusions. Oracle patches a high-severity zero-day vulnerability. Trend Micro has disclosed a critical vulnerability in its Deep Security 20 Agent software. A rural hospital in Oklahoma suffers a ransomware attack. A leading fintech firm is investigating a security breach in its file transfer platform. Researchers deploy Mantis against malicious LLMs.  Ben Yelin from the University of Maryland Center for Health and Homeland Security discusses AI’s bias in the resume screening process. Tracking down a lost Lambo.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have Ben Yelin, Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and our Caveat podcast co-host, discussing AI’s racial and gender bias in the resume screening process. You can read about it here. Selected Reading Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany (WIRED) GAO recommends new agency to streamline how US government protects citizens’ data (The Record) Apple Issues Emergency Security Update for Actively Exploited Flaws (Infosecurity Magazine) Texts threatening deportation and 're-education' for gays stoke both fear and defiance (NBC News) Chinese APT Group Targets Telecom Firms Linked to BRI (Infosecurity Magazine) Oracle Patches Exploited Agile PLM Zero-Day (SecurityWeek) Trend Micro Deep Security Vulnerability Let Attackers Execute Remote Code (Cyber Security News) Oklahoma Hospital Says Ransomware Hack Hits 133,000 People (GovInfo Security) Fintech Giant Finastra Investigating Data Breach (Krebs on Security) AI About-Face: 'Mantis' Turns LLM Attackers Into Prey (Dark Reading) Hackers Steal MLB Star Kris Bryant’s $200K Lamborghini By Rerouting Delivery (Carscoops) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/11/2432m 18s

Biden vs. Trump: A tale of two cybersecurity strategies.

Pundits predict Trump will overhaul U.S. cybersecurity policy. Experts examine escalating cybersecurity threats facing the U.S. energy sector. Palo Alto Networks patches a pair of zero-days. Akira and SafePay ransomware groups claim dozens of new victims. A major pharmacy group is pressured to pay a $1.3 million ransomware installment. Threat actors are exploiting Spotify playlists and podcasts. An alleged Phobos ransomware admin has been extradited to the U.S. Rapper “Razzlekhan” gets 18 months in prison for her part in the Bitfinex cryptocurrency hack. On today’s Threat Vector, David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea.  Swiss scammers send snail mail.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On this segment of Threat Vector, host David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea. To hear the full conversation between David and Assaf, listen to Cyber Espionage and Financial Crime: North Korea’s Double Threat, and catch new episodes of Threat Vector every Thursday on your favorite podcast app!  Selected Reading More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity (WIRED) How to remove the cybersecurity gridlock from the nation's energy lifelines (CyberScoop) Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek (SecurityWeek) SafePay ransomware: Obscure group uses LockBit builder, claims 22 victims (SC Media) Akira Ransomware Drops 30 Victims on Leak Site in One Day (SecurityWeek) Gang Shaking Down Pharmacy Group for Second Ransom Payment (GovInfo Security) Spotify abused to promote pirated software and game cheats (Bleeping Computer) Suspected Phobos Ransomware Admin Extradited to US (Infosecurity Magazine) Heather ‘Razzlekhan’ Morgan sentenced to 18 months in prison, ending Bitfinex saga (The Record) Now Hackers Are Using Snail Mail In Cyber Attacks—Here’s How (Forbes)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/11/2434m 27s

A new era for CISA under Trump?

CISA’s Director Easterly plans to step down in the coming year. DHS issues recommendations for AI in critical infrastructure.Palo Alto Networks confirms active exploitation of a critical zero-day vulnerability in its firewalls. Threat actors exploit Microsoft’s 365 Admin Portal to send sextortion emails. A China-based APT targets a zero-day in Fortinet’s Windows VPN. The EPA reports on vulnerabilities in drinking water systems. A critical authentication bypass vulnerability affects a popular WordPress plugin. Researchers track a rise in the ClickFix social engineering technique. An 18 year old faces up to twenty years behind bars for swatting. Our guest is  Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos. Nuisance calls are in decline.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos. Selected Reading CISA Director Jen Easterly to depart on Inauguration Day (Nextgov/FCW) DHS Releases Secure AI Framework for Critical Infrastructure (Dark Reading) Palo Alto firewalls exploited after critical zero-day vulnerability (Cybernews) Microsoft 365 Admin portal abused to send sextortion emails (Bleeping Computer)  Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report (SecurityWeek) 300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks (SecurityWeek) Security plugin flaw in millions of WordPress sites gives admin access (Bleeping Computer) Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape (Proofpoint) Teen serial swatter-for-hire busted, pleads guilty, could face 20 years (The Register) FTC Records 50% Drop in Nuisance Calls Since 2021 (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/11/2432m 26s

Cyber-entrepreneurship in the age of CyberAI. [CSO Perspectives]

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Kevin Magee, the Global Director of Cybersecurity Startups at Microsoft to discuss Cyber-entrepreneurship in the age of CyberAI. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. References: Andrew McCarty, Emma Eschweiler, Natalie Fratto, Andrew Pardo, Jake Ledbetter, 2024. The Rise of CyberAI [Analysis]. Silicon Valley Bank. Camille Périssère, 2024. 2024 cybersecurity market trends [Analysis]. AXA Venture Partners. Jeffrey Grabow, 2024. AI continues to drive venture capital activity [Analysis]. EY. Kaloyan Andonov, 2024. Energy companies increase investment in cybersecurity startups [Analysis]. Global Corporate Venturing. Staff, 2024. Cybersecurity Market Size, Share, Analysis Analysis]. Fortune Business Insights. Staff, 2024. RBC FinSec Incubator [Analysis]. Rogers Cybersecure Catalyst. Staff, 2024. Microsoft Digital Defense Report 2024 [White Paper]. Microsoft. Steve Morgan, 2022. Cybercrime To Cost The World 8 Trillion Annually In 2023 [Analysis]. Cybercrime Magazine. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/11/2422m 18s

Teresa Shea: The challenge of adapting new technologies. [Intelligence] [Career Notes]

Please enjoy this encore episode where Vice President of Raytheon's Cyber Offense, Defense Expert Teresa Shea speaks of her journey from math to adapting new technologies on the cutting edge, With a love of math, Teresa was offered a scholarship by the Society of Women Engineering and decided to pursue a degree in electrical engineering. Unsurprisingly, there were few other women in her program, Teresa interned with and then proceeded to work for the National Security Agency becoming their SIGINT director. Following her government career, Teresa worked to help bring new technologies to government through her work at Raytheon. We thank Teresa for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/11/247m 17s

Credential harvesters in the cloud. [Research Saturday]

This week we are joined by, Blake Darché, Head of Cloudforce One at Cloudflare, to discuss their work on "Unraveling SloppyLemming’s Operations Across South Asia." Cloudforce One's investigation into the advanced threat actor "SloppyLemming" reveals an extensive espionage campaign targeting South and East Asia, with a focus on Pakistan's government, defense, telecommunications, and energy sectors. Leveraging multiple cloud service providers, SloppyLemming employs tactics like credential harvesting, malware delivery, and command-and-control (C2) operations, often relying on open-source adversary emulation tools like Cobalt Strike. Despite its activities, the actor's poor operational security (OPSEC) has allowed investigators to gain valuable insights into its infrastructure and tooling. The research can be found here: Unraveling SloppyLemming’s operations across South Asia Learn more about your ad choices. Visit megaphone.fm/adchoices
16/11/2418m 55s

One tap, total access: Pegasus exploits unveiled.

Unredacted court filings from WhatsApp’s 2019 lawsuit against NSO Group reveal the scope of spyware infections. Glove Stealer can bypass App-Bound Encryption in Chromium-based browsers. Researchers uncover a new zero-day vulnerability in Fortinet’s FortiManager. Rapid7 detects an updated version of LodaRAT. CISA warns of active exploitation of Palo Alto Networks’ Expedition tool. Misconfigured Microsoft Power Pages accounts expose sensitive data. Iranian state hackers mimic North Koreans in fake job scams. Australia warns its critical infrastructure providers about state sponsored embedded malware. An especially cruel cybercriminal gets ten years in the slammer. Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents may change the cyber landscape. We’re countin’ down the top ten least secure passwords.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents are going to change the cyber landscape. Selected Reading 1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings (The Record) Glove Stealer Malware Bypasses Chrome's App-Bound Encryption (SecurityWeek) watchTowr Finds New Zero-Day Vulnerability in Fortinet Products ( Infosecurity Magazine) LodaRAT: Established malware, new victim patterns (Rapid7 Blog) CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks (SecurityWeek) Microsoft Power Pages misconfigs exposing sensitive data (The Register) Iranian Threat Actors Mimic North Korean Job Scam Techniques (BankInfo Security) Hackers Lurking in Critical Infrastructure to Wage Attacks (BankInfo Security) Cybercriminal devoid of boundaries gets 10-year prison sentence (The Register) Top 200 Most Common Passwords (NordPass) Special voting request.  Just when you thought voting was over for this year…It’s time to vote…again! The N2K CyberWire hosting team of Dave Bittner, Maria Varmazis, and Joseph Carrigan have been nominated for the Creator of the Year category in the Baltimore region’s 2024 Technical.ly Awards for their incredible work on the Hacking Humans podcast! If you're a fan of Hacking Humans, we’d be thrilled to have your support! Please cast your vote here. (Make sure you select the “Baltimore” region). Thanks for your vote! Voting ends Monday, November 18th, so don't delay! Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts wit h us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/11/2442m 15s

Eavesdropping on America’s eyes and ears.

The Feds confirm Chinese penetration of U.S. telecom wiretap systems. Anne Neuberger outlines top cybersecurity challenges facing the upcoming Trump administration. Former Air National Guardsman Jack Teixeira gets a 15-year prison sentence for leaking classified U.S. military documents. A Chinese national faces up to 20 years in prison after pleading guilty to money laundering for “pig-butchering” scams. Researchers say a popular pregnancy app has serious, unaddressed security vulnerabilities. NIST misses its deadline for clearing the NVD backlog. A B2B demand generation company confirms a leak affecting 122 million people. HHS warns healthcare organizations to be on the lookout for Godzilla. Moody’s designates the industries at highest risk of cyber attack. Guest Sarah Hutchins, Partner at Parker Poe, discusses the growing number of state data privacy laws. An AI grandma keeps scammers on the line.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Sarah Hutchins, Partner at Parker Poe, discusses the growing number of state data privacy laws. You can listen to Sarah’s full conversation including litigation trends related to targeted advertising and wiretapping, and key takeaways for companies on cybersecurity practices and risk reporting on today’s Caveat episode.  Selected Reading FBI confirms China-backed hackers breached US telecom giants to steal wiretap data (TechCrunch) Top White House cyber official urges Trump to focus on ransomware, China (The Record) Chinese national faces 20 years in US prison for laundering pig-butchering proceeds (The Record) IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discord (Bitdefender) Pregnancy Tracking App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover (404 Media) NIST Explains Why It Failed to Clear CVE Backlog (SecurityWeek) Leaked info of 122 million linked to B2B data aggregator breach (Bleeping Computer) Feds Warn of Godzilla Webshell Threats to Health Sector (BankInfo Security) Industries with highest cyber risk unveiled by Moody’s Rating (SC Media) O2 unveils Daisy, the AI granny wasting scammers’ time (Virgin Media O2)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/11/2432m 56s

‘Bitcoin Jesus’ and Sheboygan face problems.

Federal agencies and Five Eyes partners list the past year’s most exploited vulnerabilities. U.S. authorities hand down indictments in the Snowflake customer breach. Patch Tuesday updates. Zoom discloses multiple vulnerabilities. A China-linked hacker group has compromised Tibetan media and university websites. A cyberattack on a Dutch company affects over 2,000 U.S. grocery stores. Sheboygan suffers a ransomware attack. The White House plans to support a controversial UN cybercrime treaty. On today’s CertByte segment, N2K’s Chris Hare is joined by Dan Neville to break down a question from the CompTIA® Security+ certification Practice Test.  Bitcoin Jesus faces $48 million in tax fraud charges.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment On CertByte, host Chris Hare, content developer and project management specialist at N2K, shares practice questions and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Nevllie to break down a question targeting the CompTIA® Security+ (SY0-701) certification. Today’s question comes from N2K’s CompTIA® Security+ Practice Test. According to CompTIA®, Security+ is "the most widely adopted ISO/ANSI-accredited early career cybersecurity certification on the market." The exam is geared towards anyone who already holds a Network+ cert, and has two years of experience in a security or a systems admin role.To learn more about this and other related topics under this objective, please refer to the following resources: CompTIA Security+ Study Guide with over 500 Practice Test Questions (Sybex Study Guide), Chapter 17: Risk Management and Privacy and CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Chapter 11: Implementing Policies to Mitigate Risk. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: www.comptia.org Selected Reading FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (Bleeping Computer) Here’s the indictment against two men allegedly responsible for Snowflake customer breach (CyberScoop) Microsoft Patch Tuesday, November 2024 Edition (Krebs on Security) ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell (SecurityWeek) Zoom App Vulnerability Let Attackers Execute Remote Code (Cyber Security News) China-linked group hacked Tibetan media and university sites to distribute Cobalt Strike payload (The Record) Dutch company behind Hannaford, Stop & Shop says cyber issue affecting US network (The Record) City of Sheboygan hit by apparent ransomware attack (WPR) Biden Administration to Support UN Cyber Treaty Despite Concerns Over Misuse (Bloomberg) ‘Bitcoin Jesus’ Fights IRS Tax Evasion Case From Spanish Island (Bloomberg) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/11/2432m 26s

Ransomware as a public health crisis.

At the U.N. Anne Neuberger frames ransomware as a growing public health crisis. Amazon confirms a MOVEit-related data breach. SAP provides patches and mitigations for a variety of flaws. Researchers identify North Korean hackers embedding malware in macOS applications. Form I-9 Compliance reports a data breach impacting over 193,000 individuals. Hot Topic confirms a breach affecting over 54 million customers. Halliburton reports a $35 million ransomware event. Ymir ransomware follows in the footsteps of RustyStealer.  Threat actors prepare for a second Trump presidency. A Venezuelan man gets 25 years for romance scam kidnappings. Our guest is Tim Starks from CyberScoop sharing what he’s hearing from Washington insiders as they prepare for the next Trump administration. The Secret Service wonders if warrants are really required. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Tim Starks from CyberScoop sharing what he’s hearing from Washington insiders as they prepare for the next Trump administration. Selected Reading White House Slams Russia Over Ransomware's Healthcare Hits (BankInfo Security) Amazon employee data stolen by hacker, company confirms (Silicon Republic) SAP Patches High-Severity Vulnerability in Web Dispatcher (SecurityWeek) North Korean-linked hackers were caught experimenting with new macOS malware (CyberScoop) Form I-9 Compliance Data Breach Impacts Over 190,000 People (SecurityWeek) Hot Topic Data Breach: A Massive Leak Exposes Millions of Customer Records (SOCRadar) Energy Giant Halliburton Reveals $35m Ransomware Loss (Infosecurity Magazine) New Ymir ransomware partners with RustyStealer in attacks (Bleeping Computer) How Global Threat Actors May Respond to a Second Trump Term (GovInfo Security) Man Gets 25 Years for Online Dating Hostage Scams Targeting Americans (Hackread) 'FYI. A Warrant Isn’t Needed': Secret Service Says You Agreed To Be Tracked With Location Data (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
12/11/2435m 5s

Veterans Day Special. [CSO Perspectives]

Rick Howard, The CyberWire’s Chief Analyst, CSO, and Senior Fellow, and the cast of the entire CyberWire team, honor our U.S. veterans on this special day. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/11/2415m 33s

Kevin Magee: Focus on the archer. [CSO] [Career Notes]

Enjoy this special encore episode where we are joined by Chief Security Officer of Microsoft Canada Kevin Magee, he's sharing his background as a historian and how it applies to his work in cybersecurity. Likening himself to a dashing Indiana Jones, Kevin talks about how he sees history unfolding and the most interesting things right now are happening in security. Spending time tinkering with things in the university's computer room under the stairs gave way to Kevin's love affair with technology. As Chief Security Officer, Kevin says he uses an analogy: "I think we focus on the arrows, not the the archer" meaning there's too much focus on the attacks rather than the ones mounting them. As a historian and witness to our current history, Kevin sees the changes all affecting cybersecurity. We thank Kevin for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/11/247m 24s

Solution Spotlight: Rebuilding trust in the wake of tech calamities. [Special Edition]

In this special edition of our podcast, Simone Petrella sits down with cybersecurity luminary Alex Stamos, Chief Information Security Officer at SentinelOne, to delve into one of the most challenging years in tech history. 2024 has seen unprecedented breaches of multinational corporations, high-stakes attacks from state actors, massive data leaks, and the largest global IT failure on record. As both a seasoned security executive and respected thought leader, Stamos offers a firsthand perspective on how the security landscape is evolving under these pressures. In this exclusive keynote discussion, Stamos draws from his extensive experience to share hard-won lessons from the upheavals of 2024, discussing how companies can build — and rebuild — trust amidst this environment of constant threat. What new responsibilities do organizations have to their customers, employees, shareholders, and society? And what major shifts can we expect across cybersecurity and IT practices in response to these cascading challenges? Tune in for a deep dive into how security professionals are rising to meet their roles in a world brimming with motivated and capable adversaries. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/11/2426m 37s

A firewall wake up call. [Research Saturday]

Enjoy this special encore episode, where we are joined by Jon Williams from Bishop Fox, as he is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. The research can be found here: It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Learn more about your ad choices. Visit megaphone.fm/adchoices
09/11/2423m 1s

CISA issues urgent warning.

CISA issues a warning about a critical security flaw in Palo Alto Networks’ Expedition tool. A federal agency urges employees to limit phone use in response to Chinese hacking. Law enforcement is perplexed by spontaneously rebooting iPhones. A key supplier for oilfields suffers a ransomware attack. Hewlett Packard Enterprise (HPE) patches multiple vulnerabilities in its Aruba Networking access points. Cybercriminals use game-related apps to distribute Winos4.0. Germany proposes legislation protecting security researchers. The TSA proposes new cybersecurity regulations for critical transportation infrastructure. Our guest is Aaron Griffin, Chief Architect from Sevco Security, sharing the discovery of a significant Apple iOS bug involving iPhone Mirroring.  AI tries to wing it in a Reddit group, but moderators put a fork in it.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Aaron Griffin, Chief Architect from Sevco Security, sharing the discovery of a significant Apple iOS 18 and macOS Sequoia privacy bug that exposes employee personal iPhone apps and data to companies through iPhone Mirroring. Read Sevco’s blog on the topic. Selected Reading CISA warns of Critical Palo Alto Networks Vulnerability Exploited in Attacks (GB Hackers) U.S. Agency Warns Employees About Phone Use Amid Ongoing China Hack (Wall Street Journal) Host of House panels getting briefed on major Chinese hacker telecom breaches (CyberScoop) Police Freak Out at iPhones Mysteriously Rebooting Themselves, Locking Cops Out (404 Media) Texas-based oilfield supplier faces disruptions following ransomware attack (The Record) HPE Patches Critical Vulnerabilities in Aruba Access Points (SecurityWeek) Winos4.0 hides in gaming apps to hijack Windows systems (The Register) Germany drafts law to protect researchers who find security flaws (Bleeping Computer) TSA proposes new cybersecurity rule for surface transportation, seeks public feedback (Industrial Cyber) Reddit’s ‘Interesting as Fuck’ Community Rules That AI-Generated Video Is Not Interesting (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/11/2431m 22s

Canada cuts TikTok ties.

Canada orders ByteDance to shut down local operations. Cisco releases urgent patches for multiple vulnerabilities. SteelFox malware delivers a crypto-miner and info-stealer. North Korean campaigns pursue fake jobs and remote workers. A suspected cyber intrusion disrupts Washington state court systems. Over 200,000 customers of SelectBlinds have their credit card info stolen. Cyber experts encourage congress to pursue bipartisan readiness studies despite DoD pushback. On our Industry Voices segment, we welcome guest Jeremy Huval, Chief Innovation Officer at HITRUST®,  discussing the AI explosion and the need to consider the risks before implementation. Curiosity killed the cat lover’s computer.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we welcome guest Jeremy Huval, Chief Innovation Officer at HITRUST®,  discussing the AI explosion and the need to consider the risks before implementation. Learn more about how robust your AI risk management program is here. Selected Reading Canada Orders Shutdown of Local TikTok Branch Over Security Concerns (Infosecurity Magazine) Cisco Patches Critical Vulnerability in Industrial Networking Solution (SecurityWeek) Cisco Desk Phone Series Vulnerability Lets Remote Attacker Access Sensitive Information (GB Hackers) ‘SteelFox’ Miner and Information Stealer Bundle Emerges (SecurityWeek) North Korean Hackers Employing New Tactic To Acquire Remote Jobs (Cyber Security News) Outages impact Washington state courts after ‘unauthorized activity’ detected on network (The Record) SelectBlinds says 200,000 customers impacted after hackers embed malware on site (The Record) Congress must demand a study of America’s cyber forces (CyberScoop) Cybercrooks target Bengal cat lovers in Australia (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/11/2436m 42s

That’s a wrap on election day.

Election day wrap-up. The FBI issues a warning about cybercriminals selling government email credentials. Google issues an emergency update for Chrome. An Interpol operation nets dozens of arrests and IP takedowns. Microchip Technology disclosed $21.4 million in expenses related to a cybersecurity breach. Ransomware makes a Georgia hospital revert to paper records. South Korea fines Meta $15 million over privacy violations. A cyberattack disables panic alarms on British prison vans. A small city in Kansas recovers from a devastating pig butchering scheme. Our guest today is Javed Hasan, CEO and Co-Founder of Lineaje, discussing the growing risks within open source ecosystems. Sending data down the compressed air superhighway. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Javed Hasan, CEO and Co-Founder of Lineaje, discussing the growing risks within open source ecosystems. Selected Reading Top US cyber official says 'no evidence of malicious activity' impacting election (The Record) FBI Warns Gmail, Outlook Users Of $100 Government Emergency Data Email Hack (Forbes) Chrome Security Update: Patch for Multiple High Severity Vulnerabilities (Cyber Security News) Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41 (Bleeping Computer) Microchip Technology Reports $21.4 Million Cost From Ransomware Attack (SecurityWeek) Ransomware Attack Disrupts Georgia Hospital's Access to Health Records (SecurityWeek) South Korea Fines Meta $15 Million for Illegal Data Collection on Facebook Users (CEO Today) Cyberattack disables tracking systems and panic alarms on British prison vans (The Record) FBI recovers just $8M after crypto scam crashes Kansas bank (The Register) The bizarre reason pneumatic tubes are coming back (BBC Science Focus) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/11/2433m 37s

Confidence on election day.

On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Google claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management.  I spy air fry? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Threat Vector podcast, host David Moulton sits down with Christopher Scott, Managing Partner at Unit 42 by Palo Alto Networks, to explore the essentials of crisis leadership and management in cybersecurity. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app.  Selected Reading In final check-in before Election Day, CISA cites low-level threats, and not much else (The Record) Joint ODNI, FBI, and CISA Statement (FBI Federal Bureau of Investigation) Exclusive: Nakasone says all the news about influence campaigns ahead of Election Day is actually 'a sign of success' (The Record) Virginia Company and Two Senior Executives Charged with Illegally Exporting Millions of Dollars of U.S. Technology to Russia (United States Department of Justice) Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late (Forbes) Mandatory MFA is coming to Google Cloud. Here’s what you need to know (Google Cloud) Schneider Electric says hackers accessed internal project execution tracking platform (The Record) Google claims AI first after SQLite security bug discovered (The Register) Suspected Snowflake Hacker Arrested in Canada (404 Media) Is your air fryer spying on you? Concerns over ‘excessive’ surveillance in smart devices (The Guardian)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
05/11/2433m 33s

FBI fights fake news.

The FBI flags fake videos claiming to be from the agency. Okta patches an authentication bypass vulnerability. Microsoft confirms Windows Server 2025 Blue Screen of Death issues. Scammers exploit DocuSign’s APIs to send fake invoices that bypass spam filters. Hackers use smart contracts for command and control. ICS suppliers face challenges convincing customers to secure their environments. Barracuda tracks a phishing campaign impersonating OpenAI. X-Twitter makes controversial changes to its block feature. A Nigerian man gets 26 years in prison for email fraud. On our Solution Spotlight, N2K's Simone Petrella interviews Alex Stamos, CISO at SentinelOne, at the ISC2 Security Congress 2024 about lessons learned in 2024 and what that means for 2025. For a South Dakota plastic surgeon, ransomware was just the beginning of his financial woes. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K's Simone Petrella interviews Alex Stamos, CISO at SentinelOne, at the ISC2 Security Congress 2024 about lessons learned in 2024 and what that means for 2025. Selected Reading FBI flags false videos impersonating agency, claiming Democratic ballot fraud (CyberScoop) Okta security bug affects those with really long usernames (The Register) Microsoft confirms Windows Server 2025 blue screen, install issues (Bleeping Computer) Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices (Hackread) Supply Chain Attack Uses Smart Contracts for C2 Ops (Infosecurity Magazine) Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation (SecurityWeek) Cybercriminals impersonate OpenAI in large-scale phishing attack (Barracuda) X updates block feature, letting blocked users see your public posts (TechCrunch) US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing (SecurityWeek) Doctor Hit With $500K HIPAA Fine: Feds Worse Than Hacker (GovInfo Security)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/11/2437m 54s

State of security automation. [CSO Perspectives]

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to William MacMillan, the Chief Product Officer at Andesite, to discuss the Cybersecurity First Principle of automation: current state and what happens now with AI as it applies to SOC Operations. For a complete reading list and even more information, check out Rick’s more detailed essay on the topic. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Bob Violino, 2022. 7 top challenges of security tool integration [Analysis]. CSO Online. Bruce Japsen, 2024. UnitedHealth Group Cyberattack Costs To Hit $2.3 Billion This Year [News]. Forbes. Clay Chun, 2019. JOHN BOYD AND THE “OODA” LOOP (GREAT STRATEGISTS) [Explainer]. War Room - U.S. Army War College. Michael Cobb, 2023. The history, evolution and current state of SIEM [Explainer]. TechTarget. Rick Howard, 2022. History of Infosec: a primer. [Podcast and essay]. The CyberWire - CSO Perspectives. Rick Howard, 2020. Security operations centers: a first principle idea. [Podcast and Essay]. The CyberWire. Rick Howard, 2020. SOAR – a first principle idea. [Podcast and Essay]. The CyberWire - CSO Perspectives. Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. The CyberWire - CSO Perspectives. Robert Lemos, 2024. SOAR Is Dead, Long Live SOAR [Analysis]. Dark Reading. Timbuk 3, 1986. The Future’s So Bright, I Gotta Wear Shades [Song]. Genius. Timbuk3VEVO, 2009. Timbuk 3 - The Future’s So Bright [Music Video]. YouTube. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/11/2422m 34s

Dinah Davis: Building your network. [R&D] [Career Notes]

Please enjoy this encore episode, where we are joined by VP of R&D at Arctic Wolf Networks Dinah Davis, as she shares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in joining the field to go for what they believe in. And, we thank Dinah for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/11/248m 10s

Velvet Ant's silent invasion. [Research Saturday]

This week, we are joined by, Amnon Kushnir from Sygnia, who is sharing their work on "China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches." In early 2024, Sygnia observed the ‘Velvet Ant’ threat group exploiting a zero-day vulnerability (CVE-2024-20399) to infiltrate Cisco Switch appliances and operate undetected within enterprise networks. This attack enables threat actors to escape Cisco’s command interface and install malware directly on the device’s OS, bypassing standard security tools. The incident underscores the risks posed by third-party appliances and the importance of enhanced monitoring and threat detection to counter advanced persistent threats. The research can be found here: China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches Learn more about your ad choices. Visit megaphone.fm/adchoices
02/11/2422m 26s

A push to debunk election disinformation.

Georgia’s Secretary of State Pushes Social Media to Remove Russian Disinformation. CISA introduces its first international strategic plan. Microsoft issues a warning about the Quad7 botnet. Researchers uncover a zero-click vulnerability in Synology devices. CISA warns of critical ICS vulnerabilities. The U.S.and Israel outline the latest cyber activities of an Iranian threat group. Researchers track an online shopping scam operation called “Phish ‘n’ Ships.” A Colorado Pathology lab notifies 1.8 million patients of a data breach. Our guest is Gary Barlet, Public Sector CTO at Illumio, with a timely look at election security. Packing a custom PC full of meth.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Gary Barlet, Public Sector CTO at Illumio, discussing where elections are most vulnerable and the potential dangers beyond national elections. Selected Reading Georgia official asks social media sites to take down Russian disinformation video (The Record) CISA Strategic Plan Targets Global Cooperation on Cybersecurity (Security Boulevard) Microsoft: Chinese hackers use Quad7 botnet to steal credentials (Bleeping Computer) Microsoft delays Windows Recall again, now by December (Bleeping Computer) Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack (WIRED) CISA Warns of Critical Software Vulnerabilities in Industrial Devices (Infosecurity Magazine) US, Israel Describe Iranian Hackers' Targeting of Olympics, Surveillance Cameras (SecurityWeek) Fake product listings on real shopping sites lead to stolen payment information (SC Media) Medusa Ransomware Hack of Pathology Lab Affects 1.8 Million (BankInfo Security) Someone tried to smuggle 100kg of synthetic drugs into Australia inside a bunch of PC cases (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
01/11/2430m 45s

Guarding the Vote

CISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText’s NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta’s ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Be afraid of spooky data. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Selected Reading CISA Opens Election War Room to Combat Escalating Threats (GovInfo Security) Agencies face ‘inflection point’ ahead of looming zero-trust deadline, CISA official says (CyberScoop) Microsoft Provided Gender Detection AI on Accident (404 Media) Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution (SecurityWeek) QNAP patches critical SQLi flaw (Beyond Machines) EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files (Sysdig) Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer (Hackread) Exclusive: Senator calls on Commerce to tighten proposed rules on exporting surveillance, hacking tech to problematic nations (CyberScoop) GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI (GreyNoise)  Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices (WIRED) Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats (Sophos News) Spooky Data at a Distance (LinkedIn) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
31/10/2433m 47s

The Malware Mash

Happy Halloween from the team at N2K Networks! We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here. Lyrics I was coding in the lab late one night when my eyes beheld an eerie sight  for my malware threat score began to rise  and suddenly to my surprise... It did the Mash  It did the Malware Mash  The Malware Mash  It was a botnet smash  It did the Mash  It caught on 'cause of Flash  The Malware Mash  It did the Malware Mash From the Stuxnet worm squirming toward the near east  to the dark web souqs where the script kiddies feast  the APTs left their humble abodes  to get installed from rootkit payloads.  They did the Mash  They did the Malware Mash  The Malware Mash  It was an adware smash  They did the Mash  It caught on 'cause of Flash  The Malware Mash  They did the Malware Mash The botnets were having fun  The DDoS had just begun  The viruses hit the darknet,  with ransomware yet to come.  The keys were logging, phishing emails abound,  Snowden on chains, backed by his Russian hounds.  The Shadow Brokers were about to arrive  with their vocal group, "The NotPetya Five." They did the Mash  They played the Malware Mash The Malware Mash  It was a botnet smash  They did the Mash  It caught on 'cause of Flash  The Malware Mash  They played the Malware Mash Somewhere in Moscow Vlad's voice did ring  Seems he was troubled by just one thing.  He opened a shell then shook his fist  and said, "Whatever happened to my Turla Trojan twist."  It's now the Mash  It's now the Malware Mash  The Malware Mash  And it's a botnet smash  It's now the Mash  It caught on 'cause of Flash  The Malware Mash  It's now the Malware Mash Now everything's cool, Vlad's a part of the band  And the Malware Mash is the hit of the land.  For you, defenders, this mash was meant to  when you get to my door, tell them Creeper sent you. Then you can Mash  Then you can Malware Mash  The Malware Mash  And be a botnet smash  It is the Mash  Don't you dare download Flash  The Malware Mash  Just do the Malware Mash Learn more about your ad choices. Visit megaphone.fm/adchoices
31/10/244m 51s

Password snafu sparks election security questions.

Colorado election officials downplay a partial password leak. Over 22,000 CyberPanel instances were targeted in a ransomware attack. Google issues a critical security update for Chrome. Microsoft says Russia’s SVR is conducting a wide-ranging phishing campaign. The FakeCall Android banking trojan gains advanced evasion and espionage capabilities. A New 0patch Fix Blocks Malicious Theme Files. iOS malware LightSpy adds destructive features. LinkedIn faces class-action lawsuits over alleged privacy violations. The U.S. charges a Russian national as part of Operation Magnus. On this week’s CertByte segment, Chris Hare is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification. An Ex-Disney Staffer Allegedly Adds a Side of Sabotage to Park Menus.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment In this segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Certified Associate in Project Management (CAPM®) Practice Test. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: The 9 Most In-Demand Professional Certifications You Can Get Right Now Selected Reading Partial Breach of Election Machine Passwords in Colorado Poses No Risk, State Says (The New York Times) Election Threats Escalating as US Voters Flock to the Polls (BankInfo Security) Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (Bleeping Computer) Critical Chrome Security Update: Patch for Out-of-Bounds & WebRTC Vulnerability (Cyber Security News) Russian spies use remote desktop protocol files in unusual mass phishing drive (The Register) FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities (SecurityWeek) 0patch Blog: We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day) (0patch) Recent Version of LightSpy iOS Malware Packs Destructive Capabilities (SecurityWeek) Lawsuits Accuse LinkedIn of Tracking Users' Health Info (GovInfo Security) Feds name a Russian accused of developing Redline (The Register) Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/10/2432m 51s

Securing democracy.

Chinese hacking into US telecoms draws federal scrutiny. ESET examines Evasive Panda’s CloudScout toolset. A new ChatGPT jailbreak bypassed security safeguards. Nintendo warns users of a phishing scam. The Five Eyes launch the Secure Innovation initiative for startups. CISA releases “Product Security Bad Practices” guidelines. Apple’s new bug bounty program offers a million bucks for critical vulnerabilities. The City of Columbus drops its suit of a cybersecurity researcher. On our Solution Spotlight today, N2K’s Simone Petrella speaks with Chris Porter, CISO at Fannie Mae, on cultivating cybersecurity culture and talent. Spooky spam is back. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight today, N2K’s Simone Petrella speaks with Chris Porter, CISO at Fannie Mae, on cultivating cybersecurity culture and talent. You can hear Simone’s and Chris’ full conversation in this special edition podcast. Selected Reading Key Federal Cyber Panel to Probe Chinese Telecoms Hacking (Bank Info Security) CloudScout: Evasive Panda scouting cloud services (We Live Security) ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis (SecurityWeek) Nintendo Warns of Phishing Attack Mimics Company Email Address (gbhackers) Five Eyes Agencies Launch Startup Security Initiative (Infosecurity magazine) CISA sees elimination of ‘bad practices’ as next secure-by-design step (CyberScoop) Apple Launches 'Apple Intelligence' and Offers $1M Bug Bounty for Security (Hackread) Columbus drops lawsuit against data leak whistleblower Connor Goodwolf, but with a catch (NBC) Spooky Spam, Scary Scams: Halloween Threats Rise (Security Boulevard) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/10/2435m 15s

Solution Spotlight: Cultivating cybersecurity culture. [Special Edition]

In this Solution Spotlight episode, our very own Simone Petrella sits down with Chris Porter, the Chief Information Security Officer at Fannie Mae. As a seasoned expert in the financial and cybersecurity sectors, Chris shares insights into how Fannie Mae navigates the complexities of securing one of the nation's most critical financial institutions. Together, they discuss Fannie Mae's evolving cybersecurity posture, balancing innovation with risk management, and the critical strategies employed to protect sensitive data in an increasingly digital and interconnected world. Chris also delves into the importance of collaboration across the industry, highlighting partnerships and intelligence-sharing as vital components in mitigating cyber threats. Learn more about your ad choices. Visit megaphone.fm/adchoices
29/10/2435m 33s

Operation Magnus strikes back.

Operation Magnus disrupts notorious infostealers. Pennsylvania officials debunk election disinformation attributed to Russia. TeamTNT targets Docker daemons. Delta sues CrowdStrike. NVIDIA released a critical GPU Display Driver update. Fog and Akira ransomware exploit SonicWall VPNs. A researcher demonstrates Downgrade attacks against Windows systems. Qilin ransomware grows more evasive and disruptive. Pwn2Own Ireland awards over $1 million for more than 70 zero-day vulnerabilities. Our guest is Grant Geyer, Chief Strategy Officer at Claroty, talking about safeguarding our nation's critical food infrastructure. At long last, it’s legal to fix your McFlurry.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Grant Geyer, Chief Strategy Officer at Claroty, talking about safeguarding our nation's critical food infrastructure. The FBI recently held an Agriculture Threats Symposium in Nebraska, spotlighting growing concerns over the security of the nation's critical food infrastructure amid rising threats. As cyberattacks and bioterrorism increasingly target agriculture, the event highlighted urgent calls for stronger safety measures to protect the food supply chain.  Selected Reading Operation Magnus Disrupted Redline and Meta Infostealer Malware (Cyber Security News) Pennsylvania officials rebut false voter fraud claims from home and abroad (CyberScoop) TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters (Hackread) Delta sues CrowdStrike for $500 million in damages caused by massive airline cancelations (The Independent) NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux (Cyber Security News) Fog ransomware targets SonicWall VPNs to breach corporate networks (Bleeping Computer) New Windows Driver Signature bypass allows kernel rootkit installs (Bleeping Computer) Updated Qilin Ransomware Escalates Encryption and Evasion (BankInfo Security) Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland (Infosecurity Magazine) It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them (404 Media) DisMis: Explore our 3-part series on election propaganda. (N2K) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/10/2433m 41s

How to turn tech insights into real advantages. [CSO Perspectives]

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Dr. Rebecca Wynn, the Click Solutions Group Global Chief Security Strategist & CISO. She interviews Justin Daniels, a Baker Donelson lawyer and podcast host with expertise in cyber operations, M&A, and investment capital transactions, on the current state of cyber law and compliance. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Tatiana Rice, Keir Lamont, Jordan Francis, 2024. The Colorado Artificial Intelligence Act: An FPF U.S. Legislation Policy Brief [Explainer]. Colorado General Assembly. Dr Rebecca Wynn. Soulful CXO [Podcast]. Soulful CXO. Jodi Daniels, Justin Daniels. She Said Privacy/He Said Security [Podcast]. Apple Podcasts. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/10/2411m 8s

Mission possible? Navigating tech adoption in the DoD. [Special Edition]

In this episode, N2K's Brandon Karpf interviews Pete Newell, CEO and Founder of BMNT, about the challenges facing technology adoption within the Department of Defense (DoD). They discuss the concept of “mission acceleration,” focusing on the DoD’s struggle to keep pace with rapid changes on the battlefield and the importance of a human-centered approach to technology adaptation. Newell emphasizes that true innovation in defense is more of a "people problem" than a technology issue, requiring shifts in organizational culture and internal education. Tune in to hear insights on accelerating change in defense through better problem articulation and training. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/10/2434m 12s

Stephen Hamilton: Getting the mission to the next level. [Military] [Career Notes]

Enjoy this special encore episode where we are joined by Army Cyber Institute Technical Director and Chief of Staff Colonel Stephen Hamilton, as he takes us on his computer science journey. Fascinated with computers since the second grade, Stephen chose West Point after high school to study computer science. Following graduation he moved into the signal branch as it most closely matched his interest in ham radio as no branch related directly to computing. He was pulled from the motor pool to help with another area's computing needs and then worked his way to teaching computer science at. West Point and US Cyber Command. Stephen recommends coding it first to help realize the nuances, and then code it again. We thank Stephen for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/10/247m 38s

LLM security 101. [Research Saturday]

This week, we are pleased to be joined by Mick Baccio, global security advisor for Splunk SURGe, sharing their research on "LLM Security: Splunk & OWASP Top 10 for LLM-based Applications." The research dives into the rapid rise of AI and Large Language Models (LLMs) that initially seem magical, but behind the scenes, they are sophisticated systems built by humans. Despite their impressive capabilities, these systems are vulnerable to numerous cyber threats. Splunk's research explores the OWASP Top 10 for LLM Applications, a framework that highlights key vulnerabilities such as prompt injection, training data poisoning, and sensitive information disclosure. The research can be found here: LLM Security: Splunk & OWASP Top 10 for LLM-based Applications Learn more about your ad choices. Visit megaphone.fm/adchoices
26/10/2420m 53s

UnitedHealth breach numbers confirmed.

UnitedHealth confirms breach numbers. Patient privacy pains. Amazon vs. APT29. CDK vulnerability threatens user security. Fog and Akira take aim at SonicWall. Level up or log off. LinkedIn in hot water. Open source, closed doors.  Watt's the risk? Today, we are joined by Itzik Alvas, Entro Security’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. And Muni Metro hits Ctrl+Alt+Delete on floppy disks! Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Itzik Alvas, Entro Security’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. You can learn more here.  Selected Reading UnitedHealth: 100 Million Individuals Affected by the Change Healthcare Data Breach (Heimdal) OnePoint Patient Care data breach impacted 795916 individuals (Security Affairs) Amazon identified internet domains abused by APT29 (AWS Security Blog)  RDP configuration files as a means of obtaining remote access to a computer or "Rogue RDP" (CERT-UA#11690) (CERT-UA)  AWS Cloud Development Kit flaw exposed accounts to full takeover (The Register)  Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN (Arctic Wolf)  Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game (Hackread)  LinkedIn hit with $335 million fine for using member data for ad targeting without consent (The Record)  Linux creator approves de-listing of several kernel maintainers associated with Russia (The Record)  U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Cybersecurity Isn't Easy When You're Trying to Be Green (Dark Reading)  Goodbye, floppies - San Francisco pays Hitachi $212 million to remove 5.25-inch disks from its light rail service (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/10/2426m 42s

A giant FortiJump for cybercriminals.

Fortinet confirms a recently rumored zero-day. Officials investigate how restricted chips ended up in products from Huawei. The White House unveils a coordinated AI strategy for national security. Researchers jailbreak LLMs with Deceptive Delight. A new ransomware group exploits vulnerable device drivers. Sensitive documents from a UN trust fund are leaked online. Penn State pays over a millions dollars to settle allegations of inadequate security in government contracts. CISA adds a SharePoint vulnerability to its Known Exploited Vulnerabilities Catalog. A Microsoft report warns of growing election disinformation. On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience.  China is shocked - shocked! - that its space program has drawn the attention of foreign spies.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience.  Selected Reading Mandiant says new Fortinet flaw has been exploited since June (Bleeping Computer) TSMC Cuts Off Client After Discovering Chips Sent to Huawei (Bloomberg) White House unveils plan for US government to keep its edge on AI development (The Record) FACT SHEET: Biden-Harris Administration Outlines Coordinated Approach to Harness Power of AI for U.S. National Security (The White House) New LLM jailbreak method with 65% success rate developed by researchers (SC Media) Embargo Ransomware Disables Security Defenses (GovInfo Security) Misconfigured UN Database Exposes 228GB of Gender Violence Victims' Data (Hackread) Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements (SecurityWeek) CISA Warns Active Exploitation of Microsoft SharePoint Vulnerability (Cyber Security News) As Election Looms, Disinformation ‘Has Never Been Worse’ (The New York Times)  Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions (WIRED) China’s space programme targeted by ‘audacity’ of foreign agents, anti-spy agency warns (South China Morning Post)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
24/10/2438m 8s

NotLockBit takes a bite out of macOS.

NotLockBit mimics its namesake while targeting macOS. Symantec uncovers popular mobile apps with hardcoded credentials. Avast releases a Mallox ransomware decryptor. Akira ransomware reverts to tactics tried and true. Lawmakers ask the DOJ to prosecute tax prep firms for privacy violations. The SEC levies fines for misleading disclosures following the SolarWinds breach. Software liability remains a sticky issue. Updated guidance reiterates the feds’ commitment to the Traffic Light Protocol. A task force has cybersecurity recommendations for the next U.S. president. Today’s guest is Jérôme Segura, Sr. Director of Research at Malwarebytes, sharing their work on "Scammers advertise fake AppleCare+ service via GitHub repos." Warrantless surveillance, powered by your favorite apps.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Jérôme Segura, Sr. Director of Research at Malwarebytes, sharing their work on "Scammers advertise fake AppleCare+ service via GitHub repos." You can learn more about this research here.  Selected Reading NotLockBit Ransomware Can Target macOS Devices (SecurityWeek) Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys (Hackread) Mallox Ransomware Flaw Let Victims Recover Files Without Ransom Payment (Cyber Security News) Akira ransomware pivots back to double extortion, C++ code (SC Media) Lawmakers ask DOJ to prosecute tax prep firms for sharing customer data with big tech (The Record) SEC fines four companies $7M for 'misleading cyber disclosures' regarding SolarWinds hack (TechCrunch) The struggle for software liability: Inside a ‘very, very, very hard problem’ (The Record) US Government Pledges to Cyber Threat Sharing Via TLP Protocol (Infosecurity Magazine) Task force unveils cyber recommendations for the next president (CyberScoop) The Global Surveillance Free-for-All in Mobile Ad Data (Krebs on Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/10/2437m 2s

Zero-day exploited in the wild.

A zero-day affects Samsung mobile processors. A critical vulnerability is discovered in the OneDev DevOps platform. German authorities warn against vulnerable industrial routers. The Bumblebee loader buzzes around corporate networks. Ghostpulse hides payloads in PNG files. A Michigan chain of dental centers agrees to a multimillion dollar data breach settlement. A White House proposal tamps down international data sharing. Fortinet is reportedly patching an as-yet undisclosed severe vulnerability. In our Threat Vector segment, host David Moulton speaks with Nathaniel Quist about cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. Russian deepfakes spread election misinformation.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of the Threat Vector podcast, host David Moulton, Director of Thought Leadership at Palo Alto Networks, speaks with Nathaniel Quist, Manager of Cloud Threat Intelligence at Cortex & Unit 42. David and Nathaniel discuss recent cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app.  Selected Reading Google Warns of Samsung Zero-Day Exploited in the Wild (SecurityWeek) Critical OneDev DevOps Platform Vulnerability Let Attacker Read Sensitive Data (Cyber Security News) Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks (SecurityWeek) Hackers Use Bumblebee Malware to Gain Access to Corporate Networks (GB Hackers) CISA Adds Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog (Cyber Security News) Pixel perfect Ghostpulse malware loader hides inside PNG image files (The Register) Dental Center Chain Settles Data Breach Lawsuit for $2.7M (BankInfo Security) Biden administration proposes new rules governing data transfers to adversarial nations (The Record) Fortinet issues private notifications to FortiManager customers to patch an undisclosed flaw (Beyond Machines) Russian Propaganda Unit Appears to Be Behind Spread of False Tim Walz Sexual Abuse Claims (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/10/2432m 30s

On the run, caught on arrival.

An alleged Australian scammer wanted by the FBI gets nabbed in Italy. The Internet Archive has been breached again. Researchers discover vulnerabilities in encrypted cloud storage platforms. Cisco confirms stolen files but insists it’s not a data breach.  A Chinese disinformation group targets Senator Marco Rubio. Malicious chatbot prompts can hide inside harmless ones. The DoD wants to offer senior cyber executives part-time roles as military reservists. Six years out, the specter of Spectre remains. Russian prosecutors seek prison for REvil operators. Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Microsoft uses clever deception to reel in phishers.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Selected Reading Australian wanted by FBI over alleged $46 million scam arrested in Italy (The Sydney Morning Herald) Internet Archive breached again through stolen access tokens (Bleeping Computer) Severe flaws in E2EE cloud storage platforms used by millions (Bleeping Computer) Cisco Confirms Security Incident After Hacker Offers to Sell Data (SecurityWeek) Report: China’s Spamouflage disinformation campaign testing techniques on Sen. Marco Rubio (The Record) This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats (WIRED) Wanted: Weekend Warriors in Tech (Wall Street Journal) Spectre flaws continue to haunt Intel and AMD (The Register) Russia's case against REvil hackers proceeds as government recommends 6.5-year sentences (The Record) Microsoft creates fake Azure tenants to pull phishers into honeypots (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
21/10/2438m 25s

Identity 3.0. [CSO Perspectives]

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Kim Jones, the Managing Director at Ursus Security Consulting. He takes a first principles look at the idea of identity. Check out Rick's 3-part election mini-series: Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Olivia Gulin, Tomberry., Peter Steiner, Alan David Perkins, 2012. On the Internet, Nobody Knows You’re a Dog [History]. Know Your Meme. Staff, 2019. US Patent for Mutual authentication of computer systems over an insecure network Patent Patent]. Justia Patents Search. Staff, 2023. Federal Bureau of Investigation: Internet Crime Report [Report]. Internet Crime Complaint Center (IC3). Staff, 2024. Data Breach Investigations Report [Report]. Verizon Business. Learn more about your ad choices. Visit megaphone.fm/adchoices
21/10/2418m 10s

Aarti Borkar: Make your own choices. [Product] [Career Notes]

Enjoy this special encore episode where we are joined by the Head of Product for IBM Security Aarti Borkar, who shares her journey which included going after her lifelong love of math rather than following in her parents' footsteps in the medical field. In following her passions, Aarti found herself studying computer engineering and computer science, and upon taking a pause from her studies, she found a niche working at IBM in a mix of databases and networking. In her current position, Aarti describes her favorite discussion topics very often involve being around the use of AI for converting security into predictive domains. Aarti reminds us that you should pause and see if you are on the right path. Staying on a path just because you started there can be a bad idea. And, we thank Aarti for sharing her story. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/10/247m 8s

New targets, new tools, same threat. [Research Saturday]

This week we are joined by Chester Wisniewski, Global Field CTO from Sophos X-Ops team, to discuss their work on "Crimson Palace returns: New Tools, Tactics, and Targets." Sophos X-Ops has observed a resurgence in cyberespionage activity, tracked as Operation Crimson Palace, targeting Southeast Asian government organizations. After a brief lull, Cluster Charlie resumed operations in September 2023, using new tactics such as web shells and open-source tools to bypass detection, re-establish access, and map target network infrastructure, demonstrating ongoing efforts to exfiltrate data and expand their foothold. The research can be found here: Crimson Palace returns: New Tools, Tactics, and Targets  Learn more about your ad choices. Visit megaphone.fm/adchoices
19/10/2427m 17s

No more “cyber Snorlax” naps.

Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates from Bitdfender address Man-in-the-Middle attacks. An Alabama man is arrested for allegedly hacking the SEC. In our Industry Voices segment, Gerry Gebel, VP of Strata Identity, describes how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. CISOs want to see their role split into two positions. Game Freak’s Servers Take Critical Hit. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have our Industry Voices segment with Gerry Gebel, VP of Products and Standards at Strata Identity, discussing how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. Resources to learn more:  Identity Continuity™: How to have uninterrupted IDP access Resilience in extreme conditions: Why DDIL environments need continuous identity access Selected Reading macOS Vulnerability Could Expose User Data, Microsoft Warns (Infosecurity Magazine) Microsoft warns it lost some customer's security logs for a month (Bleeping Computer) 3 Longtime Health Centers Report Hacks Affecting 740,000 (GovInfo Security) Cicada3301 ransomware affiliate program infiltrated by security researchers (SC Media) Instagram Rolls Out New Sextortion Protection Measures (Infosecurity Magazine) Bitdefender Total Security Vulnerability Exposes Users to Man-in-the-Middle Attacks (Cyber Security News) Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike (SecurityWeek) CISOs Concerned Over Growing Demands of Role (Security Boulevard) Pokémon video game developer confirms its systems were breached by hackers (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/10/2435m 27s

Authorities bring down another hacker.

Brazilian authorities arrest the alleged “USDoD” hacker. The DoJ indicts the alleged operators of Anonymous Sudan. CISA and its partners warn of Iranian brute force password attempts. A new report questions online platforms’ ability to detect election disinformation. Recent security patches address critical vulnerabilities in widely-used platforms. North Korean threat actors escalate their fake IT worker schemes. CISA seeks comment on Product Security Bad Practices. Dealing effectively with post-breach stress. Tim Starks, Senior Reporter at CyberScoop, joins us to discuss “What’s new from this year’s Counter Ransomware Initiative summit.” Redbox DVD rental machines get a reboot.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We welcome back Tim Starks, Senior Reporter at CyberScoop, to discuss “What’s new from this year’s Counter Ransomware Initiative summit, and what’s next.” Selected Reading Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil (The Record) Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World (US Department of Justice) Iranian Hackers Using Brute Force on Critical Infrastructure (GovInfo Security) Before US election, TikTok and Facebook fail to block harmful disinformation. YouTube succeeds (Global Witness) F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability (Security Week) Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters (Security Week) GitHub patches critical vulnerability in its Enterprise Servers (CyberScoop) North Korea Escalates Fake IT Worker Schemes to Extort Employers (Infosecurity Magazine) CISA Seeks Feedback on Upcoming Product Security Flaws Guidance (Infosecurity Magazine) Helping Your Team Cope With the Stress of a Cyber Incident (BankInfo Security) Tinkerers Are Taking Old Redbox Kiosks Home and Reverse Engineering Them (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/10/2434m 8s

Sri Lanka says ‘no more’ to financial fakers!

Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams. Officials in Finland take down an online drug market. Cisco investigates an alleged data breach.  A major apparel provider suffers a data breach. Oracle’s latest patch update includes 35 critical issues. Microsoft has patched several high-severity vulnerabilities. The NCSC’s new boss calls for global collaboration to fight cybercrime. CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.Hackers steal data from Verizon’s push-to-talk (PTT) system. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Robot vacuums go rogue. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Candidates for the Microsoft Azure Administrator exam are Azure Administrators who manage cloud services that span storage, security, networking, and compute cloud capabilities. Candidates should be proficient in using PowerShell, the Command Line Interface, Azure Portal, ARM templates, operating systems, virtualization, cloud infrastructure, storage structures, and networking. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers. Reference: Microsoft Azure Blog > Virtual Machines > Gain business insights using Power BI reports for Azure Backup Selected Reading Sri Lankan Police Arrest Over 200 Chinese Scammers (BankInfo Security) Finnish Customs closed down the Sipulitie marketplace on the encrypted Tor network (Finnish Customs) Cisco investigates breach after stolen data for sale on hacking forum (Bleeping Computer) Varsity Brands Data Breach Impacts 65,000 People (SecurityWeek) Oracle October 2024 Critical Patch Update Addresses 198 CVEs (Security Boulevard) Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site (SecurityWeek) 'Nationally significant' cyberattacks are surging, warns the UK's new cyber chief (The Record) CISA Warns of Three Vulnerabilities Actively Exploited in the Wild (Cyber Security News) Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’ (404 Media) Hackers took over robovacs to chase pets and yell slurs (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/10/2431m 3s

Election Propaganda: Part 3: Efforts to reduce the impact of future elections.

Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1 & 2! Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. References: Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire. Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire. Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads. Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube. David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads. Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher. Nate Silver, 2024. What’s behind Trump’s surge in prediction markets? [Analysis]. Silver Bulletin. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads. Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads. Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/ Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/10/2446m 28s

A “must patch” list in the making.

CISA adds a Fortinet flaw to its “must patch” list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. Selected Reading Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds (CyberScoop) Fortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential Election (Fortinet) Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities (SecurityWeek) Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign (Infosecurity Magazine) Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds (CyberScoop) Eight Million Users Download 200+ Malicious Apps from Google Play (Infosecurity Magazine) TrickMo malware steals Android PINs using fake lock screen (Bleeping Computer) CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (Bleeping Computer) FIDO Alliance is Standardizing Passkey Portability (Thurrott) So far, cybercriminals appear to be just shopping around for a Telegram alternative (The Record) Ward Christensen, BBS inventor and architect of our online age, dies at age 78 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/10/2436m 23s

Solution Spotlight: A first look at ISC2's 2024 Cybersecurity Workforce Study. [Special Edition]

In this special edition of Solution Spotlight, join us for an exclusive conversation between ISC2's Executive Vice President of Corporate Affairs, Andy Woolnough, and N2K's Simone Petrella. Together, they take a deep dive into ISC2's 2024 Cybersecurity Workforce Study, offering a first look at the most pressing findings. Discover insights from a survey of 15,852 cybersecurity professionals and decision-makers across the globe, including the size of the current workforce, the demand for more professionals, and alarming trends around layoffs, budget cuts, and skills shortages. Andy and Simone also explore the growing disconnect between the skills in high demand by hiring managers and those that cybersecurity pros are prioritizing. Learn why organizations must take immediate action to foster talent and bridge these skills gaps to meet the industry's evolving needs. Plus, today marks the start of the ISC2 Security Congress 2024! Whether attending in person or virtually, this event is packed with opportunities to engage with industry experts and further your knowledge in cybersecurity. Tune in for actionable insights and exclusive details on the state of the cybersecurity workforce and how your organization can stay ahead. For more information on ISC2 Security Congress 2024, visit the event page here. Learn more about your ad choices. Visit megaphone.fm/adchoices
14/10/2431m 15s

Billy Wilson: Translating language skills to technical skills. [HPC] [Career Notes]

Enjoy this special encore episode, where we are joined by a High Performance Computing Systems Administrator at Brigham Young University. Billy Wilson tells his cybersecurity career story translating language skills to technical skills. According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning. He is currently pursuing his master's degree from SANS Technology Institute for Information Security Engineering while working to secure BYU's data for their computationally-intensive research. Billy notes that not everyone has one overarching passion which gives him variety in his work. And, we thank Billy for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/10/247m 7s

Ransomware on repeat. [Research Saturday]

In this episode, Trevor Hilligoss, VP of SpyCloud Labs at SpyCloud, discusses the increasing threat of ransomware, emphasizing the role of infostealer malware in facilitating these attacks. He draws from SpyCloud's 2024 Malware and Ransomware Defense Report, highlighting how compromised identity data from infostealers creates opportunities for ransomware operators. With 75% of organizations experiencing multiple ransomware attacks in the past year, Trevor explores findings from over 500 security leaders in the US and UK, discussing the challenges businesses face and how they can use insights from this research to defend against ransomware and other cybercrimes. The research can be found here: MALWARE AND RANSOMWARE DEFENSE REPORT Learn more about your ad choices. Visit megaphone.fm/adchoices
12/10/2428m 35s

Patient portals down, ransomware up.

A Colorado health system’s patient portal has been compromised. Malicious uploads to open-source repositories surge over the past year. Octo2 malware targets Android devices. A critical vulnerability in Veeam Backup & Replication software is being exploited. The U.S. and U.K. team up for kids online safety. The European Council adopts the Cyber Resilience Act. New York State adopts new cyber regulations for hospitals. The FBI created its own cryptocurrency to help thwart fraudsters. Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Getting dumped via AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Selected Reading Cyberattack targets healthcare nonprofit overseeing 13 Colorado facilities (The Record) Malicious packages in open-source repositories are surging (CyberScoop) Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices (HackRead) Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (Cybersecuritynews) Britain, US set up working group to improve children’s online safety (Reuters) European Council Adopts Cyber Resilience Act (BankInfoSecurity) New York State Enacts New Cyber Requirements for Hospitals (BankInfoSecurity) FBI created a crypto token so it could watch it being abused (The Register) Man learns he’s being dumped via “dystopian” AI summary of texts (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
11/10/2435m 41s

Hacked, attacked, and sued.

The Internet Archive gets breached and DDoSed. Dutch police arrest the alleged proprietors of an illicit online market. Fidelity Investments confirms a data breach. Marriott settles for $52 million over a multi-year data breach. Critical updates from Mozilla, FortiNet, Palo Alto Networks, VMWare, and Apple. Mongolian Skimmer targets Magento installations. On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations." Bankruptcy pulls back the curtain on a data brokerage firm.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations."  Selected Reading Internet Archive Breach Exposes 31 Million Users (WIRED) Dutch cops reveal takedown of 'largest dark web market'  Fidelity says data breach exposed personal data of 77,000 customers (TechCrunch) Marriott Agrees $52m Settlement for Massive Data Breach (Infosecurity Magazine) Mozilla releases patches for actively exploited Firefox bug (The Register) CISA says critical Fortinet RCE flaw now exploited in attacks (Bleeping Computer) Palo Alto Warns of Critical Flaw That Let Attackers Takeover Firewalls (Cyber Security News) VMware NSX Vulnerabilities Allow Hackers To Execute Arbitrary Commands (Cyber Security News) iTunes Local Privilege Escalation (CVE-2024-44193) Vulnerability Analysis and Exploitation (CYFIRMA)  The Mongolian Skimmer (Jscrambler) National Public Data files for bankruptcy after info leak (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
10/10/2434m 9s

Attacks amidst anniversaries.

Hackers target Russia’s court information system. Patch Tuesday rundown. GoldenJackal targets government and diplomatic entities in Europe, the Middle East, and South Asia.Cybercriminals are exploiting Florida’s disaster relief efforts. Australia introduced its first standalone cybersecurity law. CISA and the FBI issue guidance against Iranian threat actors. Mamba 2FA targets Microsoft 365 accounts. Casio reports a data breach. On our Solution Spotlight, Simone Petrella speaks with Andy Woolnough from ISC2's about their 2024 Cybersecurity Workforce Study.  Keeping the AI slop off Wikipedia.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight today, our guest is Andy Woolnough, ISC2's Executive Vice President Corporate Affairs Executive Vice President Corporate Affairs. Andy shares a first look at ISC2's 2024 Cybersecurity Workforce Study with N2K's Simone Petrella. You can catch Simone and Andy’s full conversation on Monday, October 14th in our CyberWire Daily feed. That is also the day the ISC2 Security Congress 2024 kicks off. You can find out more about the event that has a virtual option here.   Selected Reading For a second day, Ukrainian hackers hit Russian institutions (Washington Post) Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (Bleeping Computer) GoldenJackal APT Group Breached Air-Gapped European Government Systems (The Cyber Express) Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files (Hackread) Australia Introduces First Standalone Cybersecurity Law (Infosecurity Magazine) CISA Issues Guidance to Counter Iran's Election Interference (BankInfo Security) New Mamba 2FA bypass service targets Microsoft 365 accounts (Bleeping Computer) Casio says recent cyberattack 'caused system failure' (The Record) The Editors Protecting Wikipedia from AI Hoaxes (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/10/2436m 20s

Election Propaganda: Part 2: Modern propaganda efforts.

In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber. Check out Part 1! Make sure to check out Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging. References: Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Learn more about your ad choices. Visit megaphone.fm/adchoices
09/10/2450m 31s

Key player unmasked in global ransomware takedown.

Western authorities I.D. a key member of Evil Corp. A major U.S. water utility suffers a cyberattack. ODNI warns of influence campaigns targeting presidential and congressional races. A California deepfakes law gets blocked. Europol leads a global effort against human trafficking. Trinity ransomware targets the healthcare industry. Qualcomm patches a critical zero-day in its DSP service. ADT discloses a breach of encrypted employee data. North Korean hackers use stealthy Powershell exploits. On our Threat Vector segment, David Moulton and his guests tackle the pressing challenges of securing Operational Technology (OT) environments.  Machine Learning pioneers win the Nobel Prize.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Palo Alto Networks, hosts cybersecurity experts Qiang Huang Chung hwang, Palo Alto Networks VP of Product Management for Cloud Delivered Security Services, and Michela Menting, Senior Research Director in Digital Security at ABI Research, discuss the pressing challenges of securing Operational Technology (OT) environments.  Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David, Michela and Qiang’s full discussion, check it out here.  Selected Reading Police unmask Aleksandr Ryzhenkov as Evil Corp member and LockBit affiliate (The Record) American Water, the largest water utility in US, is targeted by a cyberattack (Associated Press) US Warns of Foreign Interference in Congressional Races (Infosecurity Magazine) US Judge Blocks California's Law Curbing Election Deepfakes (BankInfo Security) Global Police Track Human Traffickers in Online Crackdown (Infosecurity Magazine) Recently spotted Trinity ransomware spurs federal warning to healthcare industry (The Record) Qualcomm patches high-severity zero-day exploited in attacks (Bleeping Computer) ADT says hacker stole encrypted internal employee data after compromising business partner (The Record) North Korean Hackers Employ PowerShell-Based Malware With Serious Evasion Techniques (Cyber Security News) ‘Godfather of AI’ shares Nobel Prize in physics for work on machine learning (CNN) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
08/10/2434m 2s

Tapped and trapped.

Chinese hackers breach U.S. telecom wiretap systems. A third-party debt collection provider exposes sensitive information of Comcast customers. Homeland Security’s cybercrime division chronicles their success. Google removes Kaspersky antivirus from the Play store. Ukrainian hackers take down Russian TV and Radio channels. A crypto-thief pleads guilty to wire fraud and money laundering. A pig-butchering victim gets his money back. On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in. AI knows - the truth is out there.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in. Selected Reading Chinese hackers breached US court wiretap systems, WSJ reports (Reuters) Comcast says customer data stolen in ransomware attack on debt collection agency (TechCrunch) Cyber Cops Stopped 500 Ransomware Hacks Since 2021, DHS Says (Bloomberg) Google removes Kaspersky's antivirus software from Play Store (Bleeping Computer) Ukraine Claims Cyberattack Blocked Russian State TV Online on Putin’s Birthday (Bloomberg) Crypto Hacker Pleads Guilty for Stealing Over $37 Million in Cryptocurrency (Cyber Security News) A victim of a crypto ‘pig butchering’ scam just got his $140,000 back (NPR) How chatbots can win over crackpots (Fast Company) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
07/10/2434m 19s

Making security decisions around AI use. [CSO Perspectives]

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, has a free-wheeling conversation with Merritt Baer, Reco AI’s CISO, about how infosec professionals should think about AI, Machine Learning, and Large Language Models (LLMs). Learn more about your ad choices. Visit megaphone.fm/adchoices
07/10/2418m 13s

Dr. Jessica Barker: Cybersecurity has a huge people element to it. [Socio-technical] [Career Notes]

Enjoy this encore episode where we are joined by Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, as she shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in the human side of cybersecurity. She jumped in and the rest is history. Having experienced some negativity as a woman in cybersecurity, Jessica is a strong proponent of diversity in the field. She suggests that newcomers to the industry follow what interests them and jump in. And, we thank Jessica for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
06/10/247m 40s

Podcast bait, malware switch. [Research Saturday]

Joshua Miller from Proofpoint is discussing their work on "Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset." Proofpoint identified Iranian threat actor TA453 targeting a prominent Jewish figure with a fake podcast interview invitation, using a benign email to build trust before sending a malicious link. The attack attempted to deliver new malware called BlackSmith, containing a PowerShell trojan dubbed AnvilEcho, designed for intelligence gathering and exfiltration. This malware consolidates all of TA453's known capabilities into a single script rather than the previously used modular approach. The research can be found here: Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset Learn more about your ad choices. Visit megaphone.fm/adchoices
05/10/2422m 44s

Caught red-handed.

Interpol arrests eight in an international cybercrime crackdown. A MedusaLocker variant targets financial organizations. Cloudflare mitigates a record DDoS attempt. Insights from the Counter Ransomware Initiative summit. Fin7 uses deepnudes as a lure for malware. Researchers discovered critical vulnerabilities in DrayTek routers. CISA issues urgent alerts for products from Synacor and Ivanti. A former election official gets nine years in prison for a voting system data breach. Microsoft and the DOJ seize domains used by Russia’s ColdRiver hacking group. On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. to learn how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. Harvard students demonstrate glasses that can see through your privacy.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. Eric talks about how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. You can check out Strata’s blog on “Understanding the 7 A’s of IAM” and their book on “Identity Orchestration for Dummies”.  Selected Reading International police dismantle cybercrime group in West Africa (The Record) New MedusaLocker Ransomware Variant Deployed by Threat Actor (Infosecurity Magazine) Cloudflare Mitigates Record Breaking 3.8 Tbps DDoS Attack (Hackread) Recently patched CUPS flaw can be used to amplify DDoS attacks (Bleeping Computer) More frequent disruption operations needed to dent ransomware gangs, officials say (CyberScoop) FIN7 hackers launch deepfake nude “generator” sites to spread malware (Bleeping Computer) 14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs) CISA Warns Active Exploitation of Zimbra & Ivanti Endpoint Manager Vulnerability (Cyber Security News) Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop) Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (Bleeping Computer) Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
04/10/2438m 39s

The Global Race for the 21st Century

In this episode, Dmitri Alperovitch discusses his book World on the Brink: How America Can Beat China in the Race for the Twenty-First Century with host Ben Yelin. Alperovitch highlights the rising tensions between the U.S. and China, focusing on Taiwan as a critical flashpoint that could ignite a new Cold War. He shares insights on the strategies America must adopt to maintain its status as the world’s leading superpower while addressing the challenges posed by China. By examining both strengths and weaknesses, as well as providing a timely blueprint for navigating the complexities of global relations in the 21st century. Learn more about your ad choices. Visit megaphone.fm/adchoices
03/10/2442m 11s

Election Propaganda Part 1: How does election propaganda work?

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda. References: David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle. Jeff Berman, Renée DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube. Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post. Quentin Hardy, Renée DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube. Rob Tracinski, Renée DiResta, 2024.  The Internet Rumor Mill [Interview]. YouTube. Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post. Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post. Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber. Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI. Staff, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal. Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis. The New York Times. Stuart A. Thompson, 2024. Elon Musk’s Week on X: Deepfakes, Falsehoods and Lots of Memes [News]. The New York Times. Will Oremus, 2024. Zuckerberg expresses regrets over covid misinformation crackdown [News]. The Washington Post. Yascha Mounk, Renée DiResta, 2022. How (Not) to Fix Social Media [Interview]. YouTube. Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads. Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads. Learn more about your ad choices. Visit megaphone.fm/adchoices
02/10/2433m 37s

Breaking news blocked.

A global news agency suffers a cyberattack. CISA and the FBI provide guidance on cross site scripting attacks. A Texas health system diverts patients following a ransomware attack. Western Digital patches a critical vulnerability in network attached storage devices. California passes a law protecting domestic abuse survivors from being tracked. Verizon and PlayStation each suffer outages. CISA responds to critiques from the OIG. T-Mobile settles with the FCC over multiple data breaches. The DOJ indicts a Minnesota man on charges of selling counterfeit software license keys. On our Industry Voices segment kicking off Cybersecurity Awareness Month, we are joined by Chad Raduege, Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives. A Crypto Criminal Stretches His Limits—And His Legs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Segment On our Industry Voices segment kicks off Cybersecurity Awareness Month, we are joined by Chad Raduege, Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives.  Selected Reading AFP News Agency's Content Delivery Systems Hit by Cyberattack (Hackread) CISA and FBI Issue Alert on XSS Vulnerabilities (Security Boulevard) UMC Health System Diverts Patients Following Ransomware Attack (SecurityWeek) Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code (CyberSecurity News) California passes car data privacy law to protect domestic abuse survivors (The Record) The Playstation Network is down in a global outage (Bleeping Computer) Verizon Mobile Outages Reported Across the U.S. (The New York Times) DoJ audit finds CISA faces challenges in cyber threat information sharing, as participation hits record low (Industrial Cyber) T-Mobile pays $31.5 million FCC settlement over 4 data breaches (Bleeping Computer) Man charged for selling forged license keys for network switches (Bleeping Computer) Crooked Cops, Stolen Laptops & the Ghost of UGNazi (Krebs on Security) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
01/10/2436m 27s

Escape from GPU island.

A critical vulnerability has been discovered in the NVIDIA Container Toolkit. Representatives from around the world are meeting in Washington to address ransomware.  The Pentagon shoots down the notion of a separate cyber service. A genetic testing company leaves sensitive information in an unsecured folder. A public accounting firm breach affects 127,000 individuals. The DOJ charges a British national with hacking U.S. companies. California’s Governor vetoes an AI safety bill. CISOs deserve a seat at the table. Tim Starks from CyberScoop describes the House Homeland Security chair’s proposed cyber workforce bill. Password laziness leaves routers vulnerable.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Tim Starks from CyberScoop talking about the House Homeland Security chair releasing and pushing forth a cyber workforce bill. Read more in Tim’s article.  Selected Reading Critical flaw in NVIDIA Container Toolkit allows full host takeover (Bleeping Computer) Here's what to expect from the Counter Ransomware Initiative meeting this week (The Record) Pentagon asks lawmakers to kill third-party look at an independent cyber force (Breaking Defense) Facial DNA provider leaks biometric data via WordPress folder (Hackread) Accounting Firm WMDDH Discloses Data Breach Impacting 127,000 (SecurityWeek) British National Arrested, Charged for Hacking US Companies (SecurityWeek) California Gov. Newsom Vetoes Hotly Debated AI Safety Bill (BankInfo Security) PwC Urges Boards to Give CISOs a Seat at the Table (Infosecurity Magazine) New Critical Password Warning—86% Of All Router Users Need To Act Now (Forbes) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/09/2431m 3s

Security remediation automation. [CSO Perspectives]

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Rick Doten, the VP of Information Security at Centene and one of the original contributors to the N2K CyberWire Hash Table.  He makes the case to invigorate the automation first principle cybersecurity strategy. In this case, he is specifically addressing remediation automation. References: Staff, n.d. National Pie Championships [Website]. American Pie Council. Rick Doten. Rick’s Cybersecurity Videos [Youtube Channel]. YouTube. Joe, 2020. The Unbearable Frequency of PewPew Maps [Explainer]. Stranded on Pylos. Aanchal Gupta, 2022. Celebrating 20 Years of Trustworthy Computing [Explainer]. Microsoft Security Blog. Learn more about your ad choices. Visit megaphone.fm/adchoices
30/09/2418m 56s

Steve Blank, national security, and the dilemma of technology disruption. (Part 2 of 2) [Special Edition]

In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. Listen to part 1 here. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” Learn more about your ad choices. Visit megaphone.fm/adchoices
29/09/2437m 21s

Jason Clark: Challenge the way things are done. [Strategy] [Career Notes]

Enjoy this encore episode where we are joined by the Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be seeking out jobs you're actually not qualified for. I think that's how you grow. If you know you could do the job, and you've got half the skills, go for it." Jason aspires to a legacy of increasing diversity in the cybersecurity industry and founded a non-profit to do just that. And, we thank Jason for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
28/09/246m 42s

Beyond the permissions wall. [Research Saturday]

We are joined by Yves Younan, Senior Manager, Talos Vulnerability Discovery and Research from Cisco, discussing their work on "How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions." Cisco Talos has uncovered eight vulnerabilities in Microsoft applications for macOS that could allow attackers to exploit the system's permission model by injecting malicious libraries. By leveraging permissions already granted to these apps, attackers could gain access to sensitive resources like the microphone, camera, and screen recording without user consent. While Microsoft considers these issues low risk and has declined to fix them, the vulnerabilities pose a potential threat to user privacy and security. The research can be found here: How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions Learn more about your ad choices. Visit megaphone.fm/adchoices
28/09/2417m 47s

Darknet dollars exposed.

International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users’ passwords in plaintext. Delaware’s public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant at GuidePoint Security discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." Having the wisdom to admit you just don’t know.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mark Lance, Vice President DFIR and Threat Intelligence at GuidePoint Security, discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story."  Selected Reading US-led operation disrupts crypto exchanges linked to Russian cybercrime (The Record) Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected (SecurityWeek) Criminal charges coming in alleged Iranian hack of Trump campaign emails: Sources (ABC News) Meta fined $101 million for storing hundreds of millions of passwords in plaintext (The Record) Hackers attack Delaware libraries, seek ransom. Here's what we know (Delaware Online) Tor Merges With Security-Focused OS Tails (SecurityWeek) Progress urges admins to patch critical WhatsUp Gold bugs ASAP (Bleeping Computer) VLC Player Vulnerability Let Attackers Execute Malicious Code, Update Now (Cyber Security News) Bigger AI chatbots more inclined to spew nonsense — and people don't always realize (Nature) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
27/09/2434m 50s

Salt Typhoon’s cyber storm.

Salt Typhoon infiltrates US ISPs. Researchers hack the connected features in Kia vehicles.WiFi portals in UK train stations suffer Islamophobic graffiti. International partners release a joint guide for protecting Active Directory. A key house committee approves an AI vulnerability reporting bill. India’s largest health insurer sues Telegram over leaked data. HPE Aruba Networking patches three critical vulnerabilities in its Aruba Access Points. OpenAI plans to restructure into a for-profit business. CISA raises the red flag on Hurricane Helene scams. Our guest is Ashley Rose, Founder & CEO at Living Security, on the creation of Forrester’s newest cybersecurity category, Human Risk Management. The FTC says “Objection!” to the world’s first self-proclaimed robot lawyer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ashley Rose, Living Security’s Founder & CEO, talking about the creation of Forrester’s newest cybersecurity category, Human Risk Management. Read Ashley’s blog. Learn more on The Forrester Wave™: Human Risk Management Solutions, Q3 2024.   Selected Reading China-Backed Salt Typhoon Targets U.S. Internet Providers: Report (Security Boulevard) Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug (WIRED) Public Wi-Fi operator investigating cyberattack at UK's busiest train stations (The Rgister) ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises (CISA) House panel moves bill that adds AI systems to National Vulnerability Database (CyberScoop) India's Star Health sues Telegram after hacker uses app's chatbots to leak data (Reuters) HPE Aruba Networking fixes critical flaws impacting Access Points (Bleeping Computer) Exclusive: OpenAI to remove non-profit control and give Sam Altman equity (Reuters) OpenAI's technology chief Mira Murati, two other research executives to leave (Reuters) CISA Warns of Hurricane-Related Scams (CISA) DoNotPay must pay $193,000 to settle false claim charges from FTC. (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
26/09/2434m 7s

Blue screen blues.

CrowdStrike’s Adam Meyers testifies before congress. The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity. Foreign adversaries claim ongoing access to presidential campaign documents. Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than ten minutes. Exploiting ChatGPT’s long-term memory. Politicians and staffers find personal data exposed on the dark web. A critical vulnerability in Ivanti’s Virtual Traffic Manager is being actively exploited. On our CertByte segment,  Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ Practice Test. Don’t click the PDiddy links. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ (PK0-005) Practice Test. This exam is targeted for candidates who have about 1-2 years of project management experience. This is not an actual test question, but an example of one that covers an objective for the 5th version of the exam, which came out in November 2022. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access (Infosecurity Magazine) Exclusive: State Department cyber bureau preps funding blitz aimed at boosting allies' defenses (The Record) Iranian-linked election interference operation shows signs of recent access (CyberScoop) FEC expands campaign spending rules to allow for physical, cybersecurity purchases (CyberScoop) Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities (SecurityWeek) New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 Minutes (Forbes) Hacker plants false memories in ChatGPT to steal user data in perpetuity (Ars Technica) Proton warns that data of thousands politicians leaked on the dark web (Beyond Machines) Third Recent Ivanti Vulnerability Exploited in the Wild (SecurityWeek) PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts (Hackread) Diddy Do It? Or Did Cybercriminals? How Hackers Are Turning Scandals Into Cyber Attacks (Veriti) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
25/09/2431m 7s

PIVOTT Act drafts the next wave of digital defenders.

The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybersecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on  prevention, response, and recovery. In this week’s Threat Vector, host David Moulton is joined by Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, to explore the seismic shifts in cybersecurity brought about by AI technologies.  A lavish lifestyle exposes the duo behind a $230M crypto scam. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, explore the seismic shifts in cybersecurity brought about by AI technologies.  Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David and Daniel’s full discussion, check it out here.  Selected Reading Exclusive: House Homeland Security chair releases, pushes forth cyber workforce bill (CyberScoop) Google Announces New Gmail Security Move For Millions (Forbes) Telegram will now provide some user data to authorities (BBC) Microsoft CEO to Cyber Team: Don’t Tell Me How Great Everything Is (Bloomberg) Kansas Water Facility Switches to Manual Operations Following Cyberattack (SecurityWeek) MoneyGram says cyber incident causing network outages (The Record) Kaspersky Users in US Find Antivirus Software Automatically Replaced (Cyber Security News) Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report (The Record) Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organization (Infosecurity Magazine) Two men arrested one month after $230 million of cryptocurrency stolen from a single victim (Bitdefender)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
24/09/2433m 47s

Can connected cars jeopardize national security?

The US is set to propose a ban on Chinese software and hardware in connected cars. Dell investigates a breach of employee data. Unit 42 uncovers a North Korean PondRAT and a red team tool called Splinter. Marko Polo malware targets cryptocurrency influencers, gamers, and developers. An Iranian state-sponsored threat group targets Middle Eastern governments and telecommunications.The alleged Snowflake hacker remains active and at large. German officials quantify fallout from the CrowdStrike incident. Apple’s latest macOS update has led to widespread issues with cybersecurity software and network connectivity. Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Supercharging your graphing calculator.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Read their blog "Surging Hype: An Update on the Rising Abuse of GenAI" here.  Selected Reading Exclusive: US to propose ban on Chinese software, hardware in connected vehicles (Reuters) Dell investigates data breach claims after hacker leaks employee info (Bleeping Computer) North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages (Security Affairs) Global infostealer malware operation targets crypto users, gamers (Bleeping Computer) Iranian-Linked Group Facilitates APT Attacks on Middle East Networks (Security Boulevard) Hacker behind Snowflake customer data breaches remains active (CyberScoop) Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool (Palo Alto Networks) Organizations are changing cybersecurity providers in wake of Crowdstrike outage (Help Net Security) Cybersecurity Products Conking Out After macOS Sequoia Update (SecurityWeek) Secret calculator hack brings ChatGPT to the TI-84, enabling easy cheating (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/09/2437m 5s

Resilience. (CSO Perspectives)

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Roselle Safran, the CEO and Founder of KeyCaliber and one of the original contributors to the N2K CyberWire Hash Table. She interviews Tia Hopkins, the eSentire Chief Cyber Resilience Officer, to make the business case for why resilience might be the most important cyber strategy. References: Black Women in Cyber Collective, 2024. Securing Our Future: Embracing The Resilience and Brilliance of Black Women in Cyber [Book]. Goodreads. Ken Underhill, Christophe Foulon, Tia Hopkins, Mari Galloway, 2022. Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career [Book]. Goodreads. Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid, 2021. SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach [Guidance]. CSRC. Roselle Safran, 2024. Who Does the CISO Work for? [Social Media Post]. LinkedIn. Staff, n.d. Empow(H)er Cyber Home [Website]. Learn more about your ad choices. Visit megaphone.fm/adchoices
23/09/2426m 3s

Kyla Guru: You are a key piece to our national security. [Education] [Career Notes]

Enjoy this special encore episode, where we are jjoined by Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
22/09/247m 19s

Steve Blank, national security, and the dilemma of technology disruption. (Part 1 of 2)

In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” Learn more about your ad choices. Visit megaphone.fm/adchoices
22/09/2440m 25s

Hook, line, and sinker. [Research Saturday]

Jonathan Tanner, Senior Security Researcher from Barracuda, discussing their work on "Stealthy phishing attack uses advanced infostealer for data exfiltration." The recent phishing attack, detailed by Barracuda, uses a sophisticated infostealer malware to exfiltrate a wide array of sensitive data. The attack begins with a phishing email containing an ISO file with an HTA payload, which downloads and executes obfuscated scripts to extract and transmit browser information, saved files, and credentials to remote servers. This advanced infostealer is notable for its extensive data collection capabilities and complex exfiltration methods, highlighting the increasing sophistication of cyber threats. The research can be found here: Stealthy phishing attack uses advanced infostealer for data exfiltration Learn more about your ad choices. Visit megaphone.fm/adchoices
21/09/2422m 42s

They really are watching what we watch.

An FTC report confirms online surveillance and privacy concerns. Ukraine bans Telegram for state and security officials. Sensitive customer data from India’s largest health insurer is leaked. German law enforcement shuts down multiple cryptocurrency exchange services. HZ RAT sets its sights on macOS systems. Stolen VPN passwords remain a growing threat. Law enforcement dismantles the iServer phishing-as-a-service platform. Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. CISA’s boss pushes for accountability.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” To listen to Brandon and Steve’s full conversation, check out our Special Edition series that will run over the next two Sundays in our CyberWire Daily podcast feed.  Selected Reading FTC Staff Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens (Federal Trade Commission) Ukraine bans Telegram on state and military devices (The Record) Hacker selling 7 TB of Star Health Insurance’s customer data using Telegram (CSO Online) German Government Shuts Down 47 Exchanges, Says They're Tied To ‘Illegal Activity’ (CoinDesk) New MacOS Malware Let Attackers Control The Device Remotely (Cyber Security News) More Than Two Million Stolen VPN Passwords Discovered (Security Boulevard) High-risk vulnerabilities in common enterprise technologies (Rapid7 Blog) Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones (SecurityWeek) Insecure software makers are the real cyber villains – CISA (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
20/09/2433m 58s

Derailing the Raptor Train botnet.

The US government disrupts China’s Raptor Train botnet. A phishing campaign abuses GitHub repositories to distribute malware.Ransomware group Vanilla Tempest targets U.S. healthcare providers.Hackers demand $6 million for stolen airport data. The FCC opens applications for a $200 million cybersecurity grant program. GreyNoise Intelligence tracks mysterious online “Noise Storms”. Scammers threaten Walmart shoppers with arrest. CISA adds five critical items to its known exploited vulnerabilities list. Craigslist founder will donate $100 million to strengthen US cybersecurity. Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking about space security and stability. Cybercriminals fall prey to very infostealers they rely on. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking with N2K’s T-Minus Space Daily podcast host Maria Varmazis about space security and stability. For some additional detail about space sustainability, visit Secure World Foundation’s Space Sustainability 101.   Selected Reading US Disrupts 'Raptor Train' Botnet of Chinese APT Flax Typhoon (SecurityWeek) Clever 'GitHub Scanner' campaign abusing repos to push malware (Bleeping Computer) Microsoft warns of ransomware attacks on US healthcare (CSO Online) Sea-Tac refuses to pay 100-bitcoin ransom after August cyberattack (The Seattle Times) FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries (Infosecurity Magazine) GreyNoise Reveals New Internet Noise Storm: Secret Messages and the China Connection (GreyNoise) Walmart customers scammed via fake shopping lists, threatened with arrest (Malwarebytes) CISA Warns of Five Vulnerabilities Actively Exploited in the Wild (Cyber Security News) Craigslist Founder Pledges $100 Million to Boost U.S. Cybersecurity (Wall Street Journal) Criminals Keep Hacking Themselves, Letting Researchers Unmask Them (404 Media)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
19/09/2438m 9s

High-stakes sabotage.

Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups’ disinformation campaigns. California’s Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work and the recently-published guide on maintaining security support at all levels of cyber maturity. You can check out their guide “Cyber Fundamentals: Critical baseline security practices for today’s threat landscape” here.  Selected Reading Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (The New York Times) Criminal-favored Ghost messaging app busted, owners arrested (Cybernews) Russians made videos falsely accusing Harris of hit-and-run, Microsoft says (The Washington Post) California governor signs laws to crack down on election deepfakes created by AI (Associated Press) Researcher chains multiple old macOS flaws to compromise iCloud with no user interaction (Beyond Machines) iPhone Users Warned As New Email Password-Stealing Attacks Reported (Forbes) Deterrence in cyberspace is possible — and ‘urgent’ — amid ‘alarming’ hybrid attacks, State cyber ambassador says (CyberScoop) New Chatbot ETF Promises to Mimic Warren Buffett, David Tepper (Bloomberg) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
18/09/2430m 27s

One small step for scammers.

The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Service’s ability to meet the challenges of the upcoming election. Cisco’s second round of layoffs hit hard.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Tim Starks, Senior Reporter from CyberScoop, joining us to discuss his piece on "Election officials say U.S. Postal Service woes place election mail at risk."  Selected Reading DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military (SecurityWeek) US Ramps Up Sanctions on Spyware-Maker Intellexa (Infosecurity Magazine) All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them (Security Boulevard) Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers (Cyber Security News)  D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (Bleeping Computer) Breach-Weary Snowflake Moves to MFA, 14-Character Passwords (GovInfo Security) Owner of only US platinum mine confirms data breach after ransomware claims (The Record) Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software (Huntress) Cisco's second layoff of 2024 affects thousands of employees (TechCrunch) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
17/09/2430m 59s

Agencies warn of voter data deception.

The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apple’s Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach.  SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up credentials. Brian Krebs reveals the threat of growing online “harm communities.” Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on prompt injection attacks. How theoretical is the Dead Internet Theory? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on their recent work "Agent Hijacking: the true impact of prompt injection attacks."  Selected Reading FBI tells public to ignore false claims of hacked voter data (Bleeping Computer) Russia’s RT news agency has ‘cyber operational capabilities,’ assists in military procurement, State Dept says (The Record) The Dark Nexus Between Harm Groups and ‘The Com’ (Krebs on Security) China suspected of hacking diplomatic body for Pacific islands region (The Record) Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works (WIRED) Apple seeks to drop its lawsuit against Israeli spyware pioneer NSO (Washington Post) 23andMe settles data breach lawsuit for $30 million (Reuters) SolarWinds Patches Critical Vulnerability in Access Rights Manager (SecurityWeek) Malware locks browser in kiosk mode to steal Google credentials (Bleeping Computer) Is anyone out there? (Prospect Magazine)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/09/2437m 42s

Breaking the information sharing barrier.

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing. References: White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC. Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes [Law]. Library of Congress. Staff, n.d. National Council of ISACs [Website]. NCI. Staff, 2020. Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 [Guidance]. CISA. Staff, 2023. Information Sharing Best Practices [White paper]. Health-ISAC. Learn more about your ad choices. Visit megaphone.fm/adchoices
16/09/2424m 45s

Ben Yelin: A detour could be a sliding door moment. [Policy] [Career Notes]

Enjoy this encore of Carerr Notes, where the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An opportunity to be a teaching assistant turned out to be one of those sliding door scenarios that led Ben to where he is now, a lawyer in the academic and consulting worlds specializing in cybersecurity and digital privacy issues. Through his work, Ben hopes to elevate the course of the debate on these very important issues. And, we thank Ben for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices
15/09/247m 21s

Spamageddon: Xeon Sender’s cloudy SMS attack revealed! [Research Saturday]

Alex Delamotte, Threat Researcher from SentinelOne Labs, joins to share their work on "Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials." SentinelOne’s Labs team has uncovered new research on Xeon Sender, a cloud hacktool used to launch SMS spam attacks via legitimate APIs like Amazon SNS. First seen in 2022, this tool has been repurposed by multiple threat actors and distributed on underground forums, highlighting the ongoing trend of SMS spam through cloud services and SaaS. The research can be found here: Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials Learn more about your ad choices. Visit megaphone.fm/adchoices
14/09/2418m 57s

Mini-breach, mega-hype.

Fortinet reveals a data breach. The feds sanction a Cambodian senator for forced labor scams. UK police arrest a teen linked to the Transport for London cyberattack. New Linux malware targets Oracle WebLogic. Citrix patches critical Workspace app flaws. Microsoft unveils updates to prevent outages like the CrowdStrike incident. U.S. Space Systems invests in secure communications. Illegal gun-conversion sites get taken down. Tim Starks of CyberScoop tracks Russian hackers mimicking spyware vendors. Cybersecurity hiring gaps persist. Hackers use eye-tracking to steal passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we welcome back Tim Starks, senior reporter from CyberScoop, to discuss “Google: apparent Russian hackers play copycat to commercial spyware vendors.” You can read the article Tim refers to here.  Selected Reading Fortinet Data Breach: What We Know So Far (SOCRadar) Cambodian senator sanctioned by US over cyber-scams (The Register) UK NCA arrested a teenager linked to the attack on Transport for London (Security Affairs) New 'Hadooken' Linux Malware Targets WebLogic Servers (SecurityWeek) Citrix Workspace App Vulnerabilities Allow Privilege Escalation Attacks (Cyber Security News) Microsoft Vows to Prevent Future CrowdStrike-Like Outages (Infosecurity Magazine) Space Systems Command Awards $188M Contract for meshONE-T Follow-on (Space Systems Command) Domains seized for allegedly importing Chinese gun switches (The Register) Why Breaking into Cybersecurity Isn’t as Easy as You Think (Security Boulevard) Apple Vision Pro’s Eye Tracking Exposed What People Type (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
13/09/2431m 34s

UK’s newest cybersecurity MVPs.

The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over WHOIS trust and security. Our guest is Jon France, CISO at ISC2, with insights on Communicating Cyber Risk of New Technology to the Board. And, could Pikachu be a double-agent for Western intellig