Election day wrap-up. The FBI issues a warning about cybercriminals selling government email credentials. Google issues an emergency update for Chrome. An Interpol operation nets dozens of arrests and IP takedowns. Microchip Technology disclosed $21.4 million in expenses related to a cybersecurity breach. Ransomware makes a Georgia hospital revert to paper records. South Korea fines Meta $15 million over privacy violations. A cyberattack disables panic alarms on British prison vans. A small city in Kansas recovers from a devastating pig butchering scheme. Our guest today is Javed Hasan, CEO and Co-Founder of Lineaje, discussing the growing risks within open source ecosystems. Sending data down the compressed air superhighway.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Javed Hasan, CEO and Co-Founder of Lineaje, discussing the growing risks within open source ecosystems.

Selected Reading

Top US cyber official says 'no evidence of malicious activity' impacting election (The Record)

FBI Warns Gmail, Outlook Users Of $100 Government Emergency Data Email Hack (Forbes)

Chrome Security Update: Patch for Multiple High Severity Vulnerabilities (Cyber Security News)

Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41 (Bleeping Computer)

Microchip Technology Reports $21.4 Million Cost From Ransomware Attack (SecurityWeek)

Ransomware Attack Disrupts Georgia Hospital's Access to Health Records (SecurityWeek)

South Korea Fines Meta $15 Million for Illegal Data Collection on Facebook Users (CEO Today)

Cyberattack disables tracking systems and panic alarms on British prison vans (The Record)

FBI recovers just $8M after crypto scam crashes Kansas bank (The Register)

The bizarre reason pneumatic tubes are coming back (BBC Science Focus)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Google claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management.  I spy air fry?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of the Threat Vector podcast, host David Moulton sits down with Christopher Scott, Managing Partner at Unit 42 by Palo Alto Networks, to explore the essentials of crisis leadership and management in cybersecurity. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. 

Selected Reading

In final check-in before Election Day, CISA cites low-level threats, and not much else (The Record)

Joint ODNI, FBI, and CISA Statement (FBI Federal Bureau of Investigation)

Exclusive: Nakasone says all the news about influence campaigns ahead of Election Day is actually 'a sign of success' (The Record)

Virginia Company and Two Senior Executives Charged with Illegally Exporting Millions of Dollars of U.S. Technology to Russia (United States Department of Justice)

Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late (Forbes)

Mandatory MFA is coming to Google Cloud. Here’s what you need to know (Google Cloud)

Schneider Electric says hackers accessed internal project execution tracking platform (The Record)

Google claims AI first after SQLite security bug discovered (The Register)

Suspected Snowflake Hacker Arrested in Canada (404 Media)

Is your air fryer spying on you? Concerns over ‘excessive’ surveillance in smart devices (The Guardian) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI flags fake videos claiming to be from the agency. Okta patches an authentication bypass vulnerability. Microsoft confirms Windows Server 2025 Blue Screen of Death issues. Scammers exploit DocuSign’s APIs to send fake invoices that bypass spam filters. Hackers use smart contracts for command and control. ICS suppliers face challenges convincing customers to secure their environments. Barracuda tracks a phishing campaign impersonating OpenAI. X-Twitter makes controversial changes to its block feature. A Nigerian man gets 26 years in prison for email fraud. On our Solution Spotlight, N2K's Simone Petrella interviews Alex Stamos, CISO at SentinelOne, at the ISC2 Security Congress 2024 about lessons learned in 2024 and what that means for 2025. For a South Dakota plastic surgeon, ransomware was just the beginning of his financial woes.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Solution Spotlight, N2K's Simone Petrella interviews Alex Stamos, CISO at SentinelOne, at the ISC2 Security Congress 2024 about lessons learned in 2024 and what that means for 2025.

Selected Reading

FBI flags false videos impersonating agency, claiming Democratic ballot fraud (CyberScoop)

Okta security bug affects those with really long usernames (The Register)

Microsoft confirms Windows Server 2025 blue screen, install issues (Bleeping Computer)

Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices (Hackread)

magazine.com/news/supply-chain-attack-smart/">Supply Chain Attack Uses Smart Contracts for C2 Ops (Infosecurity Magazine)

Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation (SecurityWeek)

Cybercriminals impersonate OpenAI in large-scale phishing attack (Barracuda)

X updates block feature, letting blocked users see your public posts (TechCrunch)

US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing (SecurityWeek)

Doctor Hit With $500K HIPAA Fine: Feds Worse Than Hacker (GovInfo Security) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to William MacMillan, the Chief Product Officer at Andesite, to discuss the Cybersecurity First Principle of automation: current state and what happens now with AI as it applies to SOC Operations.

For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.

Check out Rick's 3-part election mini-series:

Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging.

Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

References:

top-challenges-of-security-tool-integration.html">Bob Violino, 2022. 7 top challenges of security tool integration [Analysis]. CSO Online.

Bruce Japsen, 2024. UnitedHealth Group Cyberattack Costs To Hit $2.3 Billion This Year [News]. Forbes.

Clay Chun, 2019. JOHN BOYD AND THE “OODA” LOOP (GREAT STRATEGISTS) [Explainer]. War Room - U.S. Army War College.

Michael Cobb, 2023. The history, evolution and current state of SIEM [Explainer]. TechTarget.

Rick Howard, 2022. History of Infosec: a primer. [Podcast and essay]. The CyberWire - CSO Perspectives.

Rick Howard, 2020. Security operations centers: a first principle idea. [Podcast and Essay]. The CyberWire.

Rick Howard, 2020. SOAR – a first principle idea. [Podcast and Essay]. The CyberWire - CSO Perspectives.

Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. The CyberWire - CSO Perspectives.

Robert Lemos, 2024. SOAR Is Dead, Long Live SOAR [Analysis]. Dark Reading.

Timbuk 3, 1986. The Future’s So Bright, I Gotta Wear Shades [Song]. Genius.

Timbuk3VEVO, 2009. Timbuk 3 - The Future’s So Bright [Music Video]. YouTube.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore episode, where we are joined by VP of R&D at Arctic Wolf Networks Dinah Davis, as she shares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in joining the field to go for what they believe in. And, we thank Dinah for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by, Amnon Kushnir from Sygnia, who is sharing their work on "China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches." In early 2024, Sygnia observed the ‘Velvet Ant’ threat group exploiting a zero-day vulnerability (CVE-2024-20399) to infiltrate Cisco Switch appliances and operate undetected within enterprise networks.

This attack enables threat actors to escape Cisco’s command interface and install malware directly on the device’s OS, bypassing standard security tools. The incident underscores the risks posed by third-party appliances and the importance of enhanced monitoring and threat detection to counter advanced persistent threats.

The research can be found here:

• China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches

Learn more about your ad choices. Visit megaphone.fm/adchoices

Georgia’s Secretary of State Pushes Social Media to Remove Russian Disinformation. CISA introduces its first international strategic plan. Microsoft issues a warning about the Quad7 botnet. Researchers uncover a zero-click vulnerability in Synology devices. CISA warns of critical ICS vulnerabilities. The U.S.and Israel outline the latest cyber activities of an Iranian threat group. Researchers track an online shopping scam operation called “Phish ‘n’ Ships.” A Colorado Pathology lab notifies 1.8 million patients of a data breach. Our guest is Gary Barlet, Public Sector CTO at Illumio, with a timely look at election security. Packing a custom PC full of meth. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Gary Barlet, Public Sector CTO at Illumio, discussing where elections are most vulnerable and the potential dangers beyond national elections.

Selected Reading

Georgia official asks social media sites to take down Russian disinformation video (The Record)

CISA Strategic Plan Targets Global Cooperation on Cybersecurity (Security Boulevard)

Microsoft: Chinese hackers use Quad7 botnet to steal credentials (Bleeping Computer)

Microsoft delays Windows Recall again, now by December (Bleeping Computer)

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack (WIRED)

magazine.com/news/cisa-critical-vulnerabilities-ics/">CISA Warns of Critical Software Vulnerabilities in Industrial Devices (Infosecurity Magazine)

US, Israel Describe Iranian Hackers' Targeting of Olympics, Surveillance Cameras (SecurityWeek)

Fake product listings on real shopping sites lead to stolen payment information (SC Media)

Medusa Ransomware Hack of Pathology Lab Affects 1.8 Million (BankInfo Security)

someone-tried-smuggle-100kg-synthetic-drugs-australia-inside.html">Someone tried to smuggle 100kg of synthetic drugs into Australia inside a bunch of PC cases (TechSpot)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText’s NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta’s ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Be afraid of spooky data.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure.

Selected Reading

CISA Opens Election War Room to Combat Escalating Threats (GovInfo Security)

Agencies face ‘inflection point’ ahead of looming zero-trust deadline, CISA official says (CyberScoop)

Microsoft Provided Gender Detection AI on Accident (404 Media)

Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution (SecurityWeek)

QNAP patches critical SQLi flaw (Beyond Machines)

EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files (Sysdig)

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer (Hackread)

Exclusive: Senator calls on Commerce to tighten proposed rules on exporting surveillance, hacking tech to problematic nations (CyberScoop)

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI (GreyNoise) 

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices (WIRED)

Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats (Sophos News)

Spooky Data at a Distance (LinkedIn)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Happy Halloween from the team at N2K Networks!

We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here.

Lyrics

I was coding in the lab late one night

when my eyes beheld an eerie sight 

for my malware threat score began to rise 

and suddenly to my surprise...

It did the Mash 

It did the Malware Mash 

The Malware Mash 

It was a botnet smash 

It did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

It did the Malware Mash

From the Stuxnet worm squirming toward the near east 

to the dark web souqs where the script kiddies feast 

the APTs left their humble abodes 

to get installed from rootkit payloads. 

They did the Mash 

They did the Malware Mash 

The Malware Mash 

It was an adware smash 

They did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

They did the Malware Mash

The botnets were having fun 

The DDoS had just begun 

The viruses hit the darknet, 

with ransomware yet to come. 

The keys were logging, phishing emails abound, 

Snowden on chains, backed by his Russian hounds. 

The Shadow Brokers were about to arrive 

with their vocal group, "The NotPetya Five."

They did the Mash 

They played the Malware Mash

The Malware Mash 

It was a botnet smash 

They did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

They played the Malware Mash

Somewhere in Moscow Vlad's voice did ring 

Seems he was troubled by just one thing. 

He opened a shell then shook his fist 

and said, "Whatever happened to my Turla Trojan twist." 

It's now the Mash 

It's now the Malware Mash 

The Malware Mash 

And it's a botnet smash 

It's now the Mash 

It caught on 'cause of Flash 

The Malware Mash 

It's now the Malware Mash

Now everything's cool, Vlad's a part of the band 

And the Malware Mash is the hit of the land. 

For you, defenders, this mash was meant to 

when you get to my door, tell them Creeper sent you.

Then you can Mash 

Then you can Malware Mash 

The Malware Mash 

And be a botnet smash 

It is the Mash 

Don't you dare download Flash 

The Malware Mash 

Just do the Malware Mash

Learn more about your ad choices. Visit megaphone.fm/adchoices

Colorado election officials downplay a partial password leak. Over 22,000 CyberPanel instances were targeted in a ransomware attack. Google issues a critical security update for Chrome. Microsoft says Russia’s SVR is conducting a wide-ranging phishing campaign. The FakeCall Android banking trojan gains advanced evasion and espionage capabilities. A New 0patch Fix Blocks Malicious Theme Files. iOS malware LightSpy adds destructive features. LinkedIn faces class-action lawsuits over alleged privacy violations. The U.S. charges a Russian national as part of Operation Magnus. On this week’s CertByte segment, Chris Hare is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification. An Ex-Disney Staffer Allegedly Adds a Side of Sabotage to Park Menus. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

In this segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Certified Associate in Project Management (CAPM®) Practice Test.

If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional sources: The 9 Most In-Demand Professional Certifications You Can Get Right Now

Selected Reading

election-passwords-breach.html">Partial Breach of Election Machine Passwords in Colorado Poses No Risk, State Says (The New York Times)

Election Threats Escalating as US Voters Flock to the Polls (BankInfo Security)

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (Bleeping Computer)

Critical Chrome Security Update: Patch for Out-of-Bounds & WebRTC Vulnerability (Cyber Security News)

Russian spies use remote desktop protocol files in unusual mass phishing drive (The Register)

FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities (SecurityWeek)

patched-cve-2024-38030-found-another.html">0patch Blog: We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day) (0patch)

Recent Version of LightSpy iOS Malware Packs Destructive Capabilities (SecurityWeek)

Lawsuits Accuse LinkedIn of Tracking Users' Health Info (GovInfo Security)

Feds name a Russian accused of developing Redline (The Register)

Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information (404 Media)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices