Election day wrap-up. The FBI issues a warning about cybercriminals selling government email credentials. Google issues an emergency update for Chrome. An Interpol operation nets dozens of arrests and IP takedowns. Microchip Technology disclosed $21.4 million in expenses related to a cybersecurity breach. Ransomware makes a Georgia hospital revert to paper records. South Korea fines Meta $15 million over privacy violations. A cyberattack disables panic alarms on British prison vans. A small city in Kansas recovers from a devastating pig butchering scheme. Our guest today is Javed Hasan, CEO and Co-Founder of Lineaje, discussing the growing risks within open source ecosystems. Sending data down the compressed air superhighway.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Javed Hasan, CEO and Co-Founder of Lineaje, discussing the growing risks within open source ecosystems.

Selected Reading

Top US cyber official says 'no evidence of malicious activity' impacting election (The Record)

FBI Warns Gmail, Outlook Users Of $100 Government Emergency Data Email Hack (Forbes)

Chrome Security Update: Patch for Multiple High Severity Vulnerabilities (Cyber Security News)

Interpol disrupts cybercrime activity on 22,000 IP addresses, arrests 41 (Bleeping Computer)

Microchip Technology Reports $21.4 Million Cost From Ransomware Attack (SecurityWeek)

Ransomware Attack Disrupts Georgia Hospital's Access to Health Records (SecurityWeek)

South Korea Fines Meta $15 Million for Illegal Data Collection on Facebook Users (CEO Today)

Cyberattack disables tracking systems and panic alarms on British prison vans (The Record)

FBI recovers just $8M after crypto scam crashes Kansas bank (The Register)

The bizarre reason pneumatic tubes are coming back (BBC Science Focus)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

On election day U.S. officials express confidence. A Virginia company is charged with violating U.S. export restrictions on technology bound for Russia. Backing up your GMail. Google mandates MFA. Google claims an AI-powered vulnerability detection breakthrough. Schneider Electric investigates a cyberattack on its internal project tracking platform. A Canadian man suspected in the Snowflake-related data breaches has been arrested. On our Threat Vector segment, David Moulton sits down with Christopher Scott, from Unit 42 to explore the essentials of crisis leadership and management.  I spy air fry?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of the Threat Vector podcast, host David Moulton sits down with Christopher Scott, Managing Partner at Unit 42 by Palo Alto Networks, to explore the essentials of crisis leadership and management in cybersecurity. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. 

Selected Reading

In final check-in before Election Day, CISA cites low-level threats, and not much else (The Record)

Joint ODNI, FBI, and CISA Statement (FBI Federal Bureau of Investigation)

Exclusive: Nakasone says all the news about influence campaigns ahead of Election Day is actually 'a sign of success' (The Record)

Virginia Company and Two Senior Executives Charged with Illegally Exporting Millions of Dollars of U.S. Technology to Russia (United States Department of Justice)

Gmail 2FA Cyber Attacks—Open Another Account Before It’s Too Late (Forbes)

Mandatory MFA is coming to Google Cloud. Here’s what you need to know (Google Cloud)

Schneider Electric says hackers accessed internal project execution tracking platform (The Record)

Google claims AI first after SQLite security bug discovered (The Register)

Suspected Snowflake Hacker Arrested in Canada (404 Media)

Is your air fryer spying on you? Concerns over ‘excessive’ surveillance in smart devices (The Guardian) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI flags fake videos claiming to be from the agency. Okta patches an authentication bypass vulnerability. Microsoft confirms Windows Server 2025 Blue Screen of Death issues. Scammers exploit DocuSign’s APIs to send fake invoices that bypass spam filters. Hackers use smart contracts for command and control. ICS suppliers face challenges convincing customers to secure their environments. Barracuda tracks a phishing campaign impersonating OpenAI. X-Twitter makes controversial changes to its block feature. A Nigerian man gets 26 years in prison for email fraud. On our Solution Spotlight, N2K's Simone Petrella interviews Alex Stamos, CISO at SentinelOne, at the ISC2 Security Congress 2024 about lessons learned in 2024 and what that means for 2025. For a South Dakota plastic surgeon, ransomware was just the beginning of his financial woes.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Solution Spotlight, N2K's Simone Petrella interviews Alex Stamos, CISO at SentinelOne, at the ISC2 Security Congress 2024 about lessons learned in 2024 and what that means for 2025.

Selected Reading

FBI flags false videos impersonating agency, claiming Democratic ballot fraud (CyberScoop)

Okta security bug affects those with really long usernames (The Register)

Microsoft confirms Windows Server 2025 blue screen, install issues (Bleeping Computer)

Scammers Use DocuSign API to Evade Spam Filters with Phishing Invoices (Hackread)

magazine.com/news/supply-chain-attack-smart/">Supply Chain Attack Uses Smart Contracts for C2 Ops (Infosecurity Magazine)

Siemens and Rockwell Tackle Industrial Cybersecurity, but Face Customer Hesitation (SecurityWeek)

Cybercriminals impersonate OpenAI in large-scale phishing attack (Barracuda)

X updates block feature, letting blocked users see your public posts (TechCrunch)

US Sentences Nigerian to 26 Years in Prison for Stealing Millions Through Phishing (SecurityWeek)

Doctor Hit With $500K HIPAA Fine: Feds Worse Than Hacker (GovInfo Security) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to William MacMillan, the Chief Product Officer at Andesite, to discuss the Cybersecurity First Principle of automation: current state and what happens now with AI as it applies to SOC Operations.

For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.

Check out Rick's 3-part election mini-series:

Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging.

Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

References:

top-challenges-of-security-tool-integration.html">Bob Violino, 2022. 7 top challenges of security tool integration [Analysis]. CSO Online.

Bruce Japsen, 2024. UnitedHealth Group Cyberattack Costs To Hit $2.3 Billion This Year [News]. Forbes.

Clay Chun, 2019. JOHN BOYD AND THE “OODA” LOOP (GREAT STRATEGISTS) [Explainer]. War Room - U.S. Army War College.

Michael Cobb, 2023. The history, evolution and current state of SIEM [Explainer]. TechTarget.

Rick Howard, 2022. History of Infosec: a primer. [Podcast and essay]. The CyberWire - CSO Perspectives.

Rick Howard, 2020. Security operations centers: a first principle idea. [Podcast and Essay]. The CyberWire.

Rick Howard, 2020. SOAR – a first principle idea. [Podcast and Essay]. The CyberWire - CSO Perspectives.

Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. The CyberWire - CSO Perspectives.

Robert Lemos, 2024. SOAR Is Dead, Long Live SOAR [Analysis]. Dark Reading.

Timbuk 3, 1986. The Future’s So Bright, I Gotta Wear Shades [Song]. Genius.

Timbuk3VEVO, 2009. Timbuk 3 - The Future’s So Bright [Music Video]. YouTube.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore episode, where we are joined by VP of R&D at Arctic Wolf Networks Dinah Davis, as she shares how she arrived in the cybersecurity industry after finding her niche. Dinah recalls how at a time of indecision, a computer course at university and a job with the Canadian government helped to solidify her career direction. Dinah mentions how "security and cryptography specifically was this perfect mix of real world problem solving and mathematics and computer science all combined into one ball of happiness." Networking played a key role in Dinah's journey. She recommends that those interested in joining the field to go for what they believe in. And, we thank Dinah for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by, Amnon Kushnir from Sygnia, who is sharing their work on "China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches." In early 2024, Sygnia observed the ‘Velvet Ant’ threat group exploiting a zero-day vulnerability (CVE-2024-20399) to infiltrate Cisco Switch appliances and operate undetected within enterprise networks.

This attack enables threat actors to escape Cisco’s command interface and install malware directly on the device’s OS, bypassing standard security tools. The incident underscores the risks posed by third-party appliances and the importance of enhanced monitoring and threat detection to counter advanced persistent threats.

The research can be found here:

• China-Nexus Threat Group ‘Velvet Ant’ Leverages a Zero-Day to Deploy Malware on Cisco Nexus Switches

Learn more about your ad choices. Visit megaphone.fm/adchoices

Georgia’s Secretary of State Pushes Social Media to Remove Russian Disinformation. CISA introduces its first international strategic plan. Microsoft issues a warning about the Quad7 botnet. Researchers uncover a zero-click vulnerability in Synology devices. CISA warns of critical ICS vulnerabilities. The U.S.and Israel outline the latest cyber activities of an Iranian threat group. Researchers track an online shopping scam operation called “Phish ‘n’ Ships.” A Colorado Pathology lab notifies 1.8 million patients of a data breach. Our guest is Gary Barlet, Public Sector CTO at Illumio, with a timely look at election security. Packing a custom PC full of meth. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Gary Barlet, Public Sector CTO at Illumio, discussing where elections are most vulnerable and the potential dangers beyond national elections.

Selected Reading

Georgia official asks social media sites to take down Russian disinformation video (The Record)

CISA Strategic Plan Targets Global Cooperation on Cybersecurity (Security Boulevard)

Microsoft: Chinese hackers use Quad7 botnet to steal credentials (Bleeping Computer)

Microsoft delays Windows Recall again, now by December (Bleeping Computer)

Zero-Click Flaw Exposes Potentially Millions of Popular Storage Devices to Attack (WIRED)

magazine.com/news/cisa-critical-vulnerabilities-ics/">CISA Warns of Critical Software Vulnerabilities in Industrial Devices (Infosecurity Magazine)

US, Israel Describe Iranian Hackers' Targeting of Olympics, Surveillance Cameras (SecurityWeek)

Fake product listings on real shopping sites lead to stolen payment information (SC Media)

Medusa Ransomware Hack of Pathology Lab Affects 1.8 Million (BankInfo Security)

someone-tried-smuggle-100kg-synthetic-drugs-australia-inside.html">Someone tried to smuggle 100kg of synthetic drugs into Australia inside a bunch of PC cases (TechSpot)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA spins up an election operations war room. Microsoft neglected to restrict access to gender-detecting AI. Yahoo uncovers vulnerabilities in OpenText’s NetIQ iManager. QNAP issues urgent patches for its NAS devices. Sysdig uncovers Emerald Whale. A malvertising campaign exploits Meta’s ad platform to spread the SYS01 infostealer. Senator Ron Wyden wants to tighten rules aimed at preventing U.S. technologies from reaching repressive regimes. Researchers use AI to uncover an IoT zero-day. Sophos reveals a five year battle with firewall hackers. Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure. Be afraid of spooky data.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Frederico Hakamine, Technology Evangelist from Axonius, talking about how threats both overlap and differ across individuals and critical infrastructure.

Selected Reading

CISA Opens Election War Room to Combat Escalating Threats (GovInfo Security)

Agencies face ‘inflection point’ ahead of looming zero-trust deadline, CISA official says (CyberScoop)

Microsoft Provided Gender Detection AI on Accident (404 Media)

Yahoo Discloses NetIQ iManager Flaws Allowing Remote Code Execution (SecurityWeek)

QNAP patches critical SQLi flaw (Beyond Machines)

EMERALDWHALE: 15k Cloud Credentials Stolen in Operation Targeting Exposed Git Config Files (Sysdig)

Fake Meta Ads Hijacking Facebook Accounts to Spread SYS01 Infostealer (Hackread)

Exclusive: Senator calls on Commerce to tighten proposed rules on exporting surveillance, hacking tech to problematic nations (CyberScoop)

GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI (GreyNoise) 

Inside Sophos' 5-Year War With the Chinese Hackers Hijacking Its Devices (WIRED)

Pacific Rim: Inside the Counter-Offensive—The TTPs Used to Neutralize China-Based Threats (Sophos News)

Spooky Data at a Distance (LinkedIn)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Happy Halloween from the team at N2K Networks!

We hope you share in our Halloween tradition of listening to the Malware Mash. You can check out our video here.

Lyrics

I was coding in the lab late one night

when my eyes beheld an eerie sight 

for my malware threat score began to rise 

and suddenly to my surprise...

It did the Mash 

It did the Malware Mash 

The Malware Mash 

It was a botnet smash 

It did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

It did the Malware Mash

From the Stuxnet worm squirming toward the near east 

to the dark web souqs where the script kiddies feast 

the APTs left their humble abodes 

to get installed from rootkit payloads. 

They did the Mash 

They did the Malware Mash 

The Malware Mash 

It was an adware smash 

They did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

They did the Malware Mash

The botnets were having fun 

The DDoS had just begun 

The viruses hit the darknet, 

with ransomware yet to come. 

The keys were logging, phishing emails abound, 

Snowden on chains, backed by his Russian hounds. 

The Shadow Brokers were about to arrive 

with their vocal group, "The NotPetya Five."

They did the Mash 

They played the Malware Mash

The Malware Mash 

It was a botnet smash 

They did the Mash 

It caught on 'cause of Flash 

The Malware Mash 

They played the Malware Mash

Somewhere in Moscow Vlad's voice did ring 

Seems he was troubled by just one thing. 

He opened a shell then shook his fist 

and said, "Whatever happened to my Turla Trojan twist." 

It's now the Mash 

It's now the Malware Mash 

The Malware Mash 

And it's a botnet smash 

It's now the Mash 

It caught on 'cause of Flash 

The Malware Mash 

It's now the Malware Mash

Now everything's cool, Vlad's a part of the band 

And the Malware Mash is the hit of the land. 

For you, defenders, this mash was meant to 

when you get to my door, tell them Creeper sent you.

Then you can Mash 

Then you can Malware Mash 

The Malware Mash 

And be a botnet smash 

It is the Mash 

Don't you dare download Flash 

The Malware Mash 

Just do the Malware Mash

Learn more about your ad choices. Visit megaphone.fm/adchoices

Colorado election officials downplay a partial password leak. Over 22,000 CyberPanel instances were targeted in a ransomware attack. Google issues a critical security update for Chrome. Microsoft says Russia’s SVR is conducting a wide-ranging phishing campaign. The FakeCall Android banking trojan gains advanced evasion and espionage capabilities. A New 0patch Fix Blocks Malicious Theme Files. iOS malware LightSpy adds destructive features. LinkedIn faces class-action lawsuits over alleged privacy violations. The U.S. charges a Russian national as part of Operation Magnus. On this week’s CertByte segment, Chris Hare is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification. An Ex-Disney Staffer Allegedly Adds a Side of Sabotage to Park Menus. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

In this segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Neville to break down a question targeting the Certified Associate in Project Management (CAPM)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Certified Associate in Project Management (CAPM®) Practice Test.

If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional sources: The 9 Most In-Demand Professional Certifications You Can Get Right Now

Selected Reading

election-passwords-breach.html">Partial Breach of Election Machine Passwords in Colorado Poses No Risk, State Says (The New York Times)

Election Threats Escalating as US Voters Flock to the Polls (BankInfo Security)

Massive PSAUX ransomware attack targets 22,000 CyberPanel instances (Bleeping Computer)

Critical Chrome Security Update: Patch for Out-of-Bounds & WebRTC Vulnerability (Cyber Security News)

Russian spies use remote desktop protocol files in unusual mass phishing drive (The Register)

FakeCall Android Trojan Evolves with New Evasion Tactics and Expanded Espionage Capabilities (SecurityWeek)

patched-cve-2024-38030-found-another.html">0patch Blog: We Patched CVE-2024-38030, Found Another Windows Themes Spoofing Vulnerability (0day) (0patch)

Recent Version of LightSpy iOS Malware Packs Destructive Capabilities (SecurityWeek)

Lawsuits Accuse LinkedIn of Tracking Users' Health Info (GovInfo Security)

Feds name a Russian accused of developing Redline (The Register)

Fired Employee Allegedly Hacked Disney World's Menu System to Alter Peanut Allergy Information (404 Media)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this Solution Spotlight episode, our very own Simone Petrella sits down with Chris Porter, the Chief Information Security Officer at Fannie Mae. As a seasoned expert in the financial and cybersecurity sectors, Chris shares insights into how Fannie Mae navigates the complexities of securing one of the nation's most critical financial institutions.

Together, they discuss Fannie Mae's evolving cybersecurity posture, balancing innovation with risk management, and the critical strategies employed to protect sensitive data in an increasingly digital and interconnected world. Chris also delves into the importance of collaboration across the industry, highlighting partnerships and intelligence-sharing as vital components in mitigating cyber threats.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese hacking into US telecoms draws federal scrutiny. ESET examines Evasive Panda’s CloudScout toolset. A new ChatGPT jailbreak bypassed security safeguards. Nintendo warns users of a phishing scam. The Five Eyes launch the Secure Innovation initiative for startups. CISA releases “Product Security Bad Practices” guidelines. Apple’s new bug bounty program offers a million bucks for critical vulnerabilities. The City of Columbus drops its suit of a cybersecurity researcher. On our Solution Spotlight today, N2K’s Simone Petrella speaks with Chris Porter, CISO at Fannie Mae, on cultivating cybersecurity culture and talent. Spooky spam is back.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Solution Spotlight today, N2K’s Simone Petrella speaks with Chris Porter, CISO at Fannie Mae, on cultivating cybersecurity culture and talent. You can hear Simone’s and Chris’ full conversation in this special edition podcast.

Selected Reading

Key Federal Cyber Panel to Probe Chinese Telecoms Hacking (Bank Info Security)

CloudScout: Evasive Panda scouting cloud services (We Live Security)

ChatGPT Jailbreak: Researchers Bypass AI Safeguards Using Hexadecimal Encoding and Emojis (SecurityWeek)

Nintendo Warns of Phishing Attack Mimics Company Email Address (gbhackers)

magazine.com/news/five-eyes-agencies-startup/">Five Eyes Agencies Launch Startup Security Initiative (Infosecurity magazine)

CISA sees elimination of ‘bad practices’ as next secure-by-design step (CyberScoop)

Apple Launches 'Apple Intelligence' and Offers $1M Bug Bounty for Security (Hackread)

Columbus drops lawsuit against data leak whistleblower Connor Goodwolf, but with a catch (NBC)

Spooky Spam, Scary Scams: Halloween Threats Rise (Security Boulevard)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Operation Magnus disrupts notorious infostealers. Pennsylvania officials debunk election disinformation attributed to Russia. TeamTNT targets Docker daemons. Delta sues CrowdStrike. NVIDIA released a critical GPU Display Driver update. Fog and Akira ransomware exploit SonicWall VPNs. A researcher demonstrates Downgrade attacks against Windows systems. Qilin ransomware grows more evasive and disruptive. Pwn2Own Ireland awards over $1 million for more than 70 zero-day vulnerabilities. Our guest is Grant Geyer, Chief Strategy Officer at Claroty, talking about safeguarding our nation's critical food infrastructure. At long last, it’s legal to fix your McFlurry. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Grant Geyer, Chief Strategy Officer at Claroty, talking about safeguarding our nation's critical food infrastructure. The FBI recently held an Agriculture Threats Symposium in Nebraska, spotlighting growing concerns over the security of the nation's critical food infrastructure amid rising threats. As cyberattacks and bioterrorism increasingly target agriculture, the event highlighted urgent calls for stronger safety measures to protect the food supply chain. 

Selected Reading

Operation Magnus Disrupted Redline and Meta Infostealer Malware (Cyber Security News)

Pennsylvania officials rebut false voter fraud claims from home and abroad (CyberScoop)

TeamTNT Exploits 16 Million IPs in Malware Attack on Docker Clusters (Hackread)

crowdstrike-lawsuit-airline-cancelations-b2636227.html">Delta sues CrowdStrike for $500 million in damages caused by massive airline cancelations (The Independent)

NVIDIA GPU Vulnerabilities Allow Attackers To Execute Remote Code on Windows & Linux (Cyber Security News)

Fog ransomware targets SonicWall VPNs to breach corporate networks (Bleeping Computer)

New Windows Driver Signature bypass allows kernel rootkit installs (Bleeping Computer)

Updated Qilin Ransomware Escalates Encryption and Evasion (BankInfo Security)

magazine.com/news/researchers-70-zeroday-bugspwn/">Researchers Discover Over 70 Zero-Day Bugs at Pwn2Own Ireland (Infosecurity Magazine)

It Is Now Legal to Hack McFlurry Machines (and Medical Devices) to Fix Them (404 Media)

DisMis: Explore our 3-part series on election propaganda. (N2K)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Dr. Rebecca Wynn, the Click Solutions Group Global Chief Security Strategist & CISO. She interviews Justin Daniels, a Baker Donelson lawyer and podcast host with expertise in cyber operations, M&A, and investment capital transactions, on the current state of cyber law and compliance.

Check out Rick's 3-part election mini-series:

Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging.

Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

References:

Tatiana Rice, Keir Lamont, Jordan Francis, 2024. The Colorado Artificial Intelligence Act: An FPF U.S. Legislation Policy Brief [Explainer]. Colorado General Assembly.

Dr Rebecca Wynn. Soulful CXO [Podcast]. Soulful CXO.

Jodi Daniels, Justin Daniels. She Said Privacy/He Said Security [Podcast]. Apple Podcasts.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, N2K's Brandon Karpf interviews Pete Newell, CEO and Founder of BMNT, about the challenges facing technology adoption within the Department of Defense (DoD). They discuss the concept of “mission acceleration,” focusing on the DoD’s struggle to keep pace with rapid changes on the battlefield and the importance of a human-centered approach to technology adaptation. Newell emphasizes that true innovation in defense is more of a "people problem" than a technology issue, requiring shifts in organizational culture and internal education. Tune in to hear insights on accelerating change in defense through better problem articulation and training.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode where we are joined by Army Cyber Institute Technical Director and Chief of Staff Colonel Stephen Hamilton, as he takes us on his computer science journey. Fascinated with computers since the second grade, Stephen chose West Point after high school to study computer science. Following graduation he moved into the signal branch as it most closely matched his interest in ham radio as no branch related directly to computing. He was pulled from the motor pool to help with another area's computing needs and then worked his way to teaching computer science at. West Point and US Cyber Command. Stephen recommends coding it first to help realize the nuances, and then code it again. We thank Stephen for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are pleased to be joined by Mick Baccio, global security advisor for Splunk SURGe, sharing their research on "LLM Security: Splunk & OWASP Top 10 for LLM-based Applications." The research dives into the rapid rise of AI and Large Language Models (LLMs) that initially seem magical, but behind the scenes, they are sophisticated systems built by humans. Despite their impressive capabilities, these systems are vulnerable to numerous cyber threats.

Splunk's research explores the OWASP Top 10 for LLM Applications, a framework that highlights key vulnerabilities such as prompt injection, training data poisoning, and sensitive information disclosure.

The research can be found here:

• defense-owasp-top-10.html">LLM Security: Splunk & OWASP Top 10 for LLM-based Applications

Learn more about your ad choices. Visit megaphone.fm/adchoices

UnitedHealth confirms breach numbers. Patient privacy pains. Amazon vs. APT29. CDK vulnerability threatens user security. Fog and Akira take aim at SonicWall. Level up or log off. LinkedIn in hot water. Open source, closed doors.  Watt's the risk? Today, we are joined by Itzik Alvas, Entro Security’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. And Muni Metro hits Ctrl+Alt+Delete on floppy disks!

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we are joined by Itzik Alvas, Entro Security’s CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. You can learn more here. 

Selected Reading

UnitedHealth: 100 Million Individuals Affected by the Change Healthcare Data Breach (Heimdal)

patient-care-data-breach.html">OnePoint Patient Care data breach impacted 795916 individuals (Security Affairs)

Amazon identified internet domains abused by APT29 (AWS Security Blog) 

RDP configuration files as a means of obtaining remote access to a computer or "Rogue RDP" (CERT-UA#11690) (CERT-UA) 

AWS Cloud Development Kit flaw exposed accounts to full takeover (The Register) 

Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN (Arctic Wolf) 

Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game (Hackread) 

LinkedIn hit with $335 million fine for using member data for ad targeting without consent (The Record) 

Linux creator approves de-listing of several kernel maintainers associated with Russia (The Record) 

s-cisa-adds-cisco-asa-and-ftd-and-roundcube-webmail-bugs-to-its-known-exploited-vulnerabilities-catalog.html">U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog (Security Affairs)

Cybersecurity Isn't Easy When You're Trying to Be Green (Dark Reading) 

goodbye-floppies-san-francisco-pays-hitachi-212-million.html">Goodbye, floppies - San Francisco pays Hitachi $212 million to remove 5.25-inch disks from its light rail service (TechSpot)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet confirms a recently rumored zero-day. Officials investigate how restricted chips ended up in products from Huawei. The White House unveils a coordinated AI strategy for national security. Researchers jailbreak LLMs with Deceptive Delight. A new ransomware group exploits vulnerable device drivers. Sensitive documents from a UN trust fund are leaked online. Penn State pays over a millions dollars to settle allegations of inadequate security in government contracts. CISA adds a SharePoint vulnerability to its Known Exploited Vulnerabilities Catalog. A Microsoft report warns of growing election disinformation. On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience.  China is shocked - shocked! - that its space program has drawn the attention of foreign spies. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our industry voices segment, Eric Herzog, CMO of Infinidat, discusses merging cybersecurity and cyber storage resilience. 

Selected Reading

Mandiant says new Fortinet flaw has been exploited since June (Bleeping Computer)

TSMC Cuts Off Client After Discovering Chips Sent to Huawei (Bloomberg)

White House unveils plan for US government to keep its edge on AI development (The Record)

FACT SHEET: Biden-Harris Administration Outlines Coordinated Approach to Harness Power of AI for U.S. National Security (The White House)

New LLM jailbreak method with 65% success rate developed by researchers (SC Media)

Embargo Ransomware Disables Security Defenses (GovInfo Security)

Misconfigured UN Database Exposes 228GB of Gender Violence Victims' Data (Hackread)

Penn State Settles for $1.25M Over Failure to Comply With DoD, NASA Cybersecurity Requirements (SecurityWeek)

CISA Warns Active Exploitation of Microsoft SharePoint Vulnerability (Cyber Security News)

disinformation.html">As Election Looms, Disinformation ‘Has Never Been Worse’ (The New York Times) 

Microsoft Warns Foreign Disinformation Is Hitting the US Election From All Directions (WIRED)

China’s space programme targeted by ‘audacity’ of foreign agents, anti-spy agency warns (South China Morning Post) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

NotLockBit mimics its namesake while targeting macOS. Symantec uncovers popular mobile apps with hardcoded credentials. Avast releases a Mallox ransomware decryptor. Akira ransomware reverts to tactics tried and true. Lawmakers ask the DOJ to prosecute tax prep firms for privacy violations. The SEC levies fines for misleading disclosures following the SolarWinds breach. Software liability remains a sticky issue. Updated guidance reiterates the feds’ commitment to the Traffic Light Protocol. A task force has cybersecurity recommendations for the next U.S. president. Today’s guest is Jérôme Segura, Sr. Director of Research at Malwarebytes, sharing their work on "Scammers advertise fake AppleCare+ service via GitHub repos." Warrantless surveillance, powered by your favorite apps. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Jérôme Segura, Sr. Director of Research at Malwarebytes, sharing their work on "Scammers advertise fake AppleCare+ service via GitHub repos." You can learn more about this research here. 

Selected Reading

NotLockBit Ransomware Can Target macOS Devices (SecurityWeek)

Millions of iOS and Android Users at Risk as Popular Apps Expose Cloud Keys (Hackread)

Mallox Ransomware Flaw Let Victims Recover Files Without Ransom Payment (Cyber Security News)

Akira ransomware pivots back to double extortion, C++ code (SC Media)

Lawmakers ask DOJ to prosecute tax prep firms for sharing customer data with big tech (The Record)

SEC fines four companies $7M for 'misleading cyber disclosures' regarding SolarWinds hack (TechCrunch)

The struggle for software liability: Inside a ‘very, very, very hard problem’ (The Record)

magazine.com/news/us-government-threat-sharing-tlp/">US Government Pledges to Cyber Threat Sharing Via TLP Protocol (Infosecurity Magazine)

Task force unveils cyber recommendations for the next president (CyberScoop)

The Global Surveillance Free-for-All in Mobile Ad Data (Krebs on Security)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A zero-day affects Samsung mobile processors. A critical vulnerability is discovered in the OneDev DevOps platform. German authorities warn against vulnerable industrial routers. The Bumblebee loader buzzes around corporate networks. Ghostpulse hides payloads in PNG files. A Michigan chain of dental centers agrees to a multimillion dollar data breach settlement. A White House proposal tamps down international data sharing. Fortinet is reportedly patching an as-yet undisclosed severe vulnerability. In our Threat Vector segment, host David Moulton speaks with Nathaniel Quist about cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. Russian deepfakes spread election misinformation. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of the Threat Vector podcast, host David Moulton, Director of Thought Leadership at Palo Alto Networks, speaks with Nathaniel Quist, Manager of Cloud Threat Intelligence at Cortex & Unit 42. David and Nathaniel discuss recent cloud extortion operations, the rise of ransomware attacks, and the challenges businesses face in securing public cloud environments. You can hear the full discussion here and catch new episodes of Threat Vector every Thursday on your favorite podcast app. 

Selected Reading

Google Warns of Samsung Zero-Day Exploited in the Wild (SecurityWeek)

Critical OneDev DevOps Platform Vulnerability Let Attacker Read Sensitive Data (Cyber Security News)

Critical Vulnerabilities Expose mbNET.mini, Helmholz Industrial Routers to Attacks (SecurityWeek)

Hackers Use Bumblebee Malware to Gain Access to Corporate Networks (GB Hackers)

CISA Adds Sciencelogic SL1 Unspecified Vulnerability to KEV Catalog (Cyber Security News)

Pixel perfect Ghostpulse malware loader hides inside PNG image files (The Register)

Dental Center Chain Settles Data Breach Lawsuit for $2.7M (BankInfo Security)

Biden administration proposes new rules governing data transfers to adversarial nations (The Record)

Fortinet issues private notifications to FortiManager customers to patch an undisclosed flaw (Beyond Machines)

Russian Propaganda Unit Appears to Be Behind Spread of False Tim Walz Sexual Abuse Claims (WIRED)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

An alleged Australian scammer wanted by the FBI gets nabbed in Italy. The Internet Archive has been breached again. Researchers discover vulnerabilities in encrypted cloud storage platforms. Cisco confirms stolen files but insists it’s not a data breach.  A Chinese disinformation group targets Senator Marco Rubio. Malicious chatbot prompts can hide inside harmless ones. The DoD wants to offer senior cyber executives part-time roles as military reservists. Six years out, the specter of Spectre remains. Russian prosecutors seek prison for REvil operators. Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD. Microsoft uses clever deception to reel in phishers. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Guest Pete Newell, Founder and CEO of BMNT, talks with N2K's Brandon Karpf about challenges associated with technology adoption and change in the DoD.

Selected Reading

wanted-by-fbi-over-alleged-46-million-scam-arrested-in-italy-20241020-p5kjpu.html">Australian wanted by FBI over alleged $46 million scam arrested in Italy (The Sydney Morning Herald)

Internet Archive breached again through stolen access tokens (Bleeping Computer)

Severe flaws in E2EE cloud storage platforms used by millions (Bleeping Computer)

Cisco Confirms Security Incident After Hacker Offers to Sell Data (SecurityWeek)

Report: China’s Spamouflage disinformation campaign testing techniques on Sen. Marco Rubio (The Record)

This Prompt Can Make an AI Chatbot Identify and Extract Personal Details From Your Chats (WIRED)

Wanted: Weekend Warriors in Tech (Wall Street Journal)

Spectre flaws continue to haunt Intel and AMD (The Register)

Russia's case against REvil hackers proceeds as government recommends 6.5-year sentences (The Record)

Microsoft creates fake Azure tenants to pull phishers into honeypots (Bleeping Computer)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Kim Jones, the Managing Director at Ursus Security Consulting. He takes a first principles look at the idea of identity.

Check out Rick's 3-part election mini-series:

Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging.

Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

Part 3: Election Propaganda: Part 3: Efforts to reduce the impact of future elections. Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

References:

Olivia Gulin, Tomberry., Peter Steiner, Alan David Perkins, 2012. On the Internet, Nobody Knows You’re a Dog [History]. Know Your Meme.

Staff, 2019. US Patent for Mutual authentication of computer systems over an insecure network Patent Patent]. Justia Patents Search.

Staff, 2023. Federal Bureau of Investigation: Internet Crime Report [Report]. Internet Crime Complaint Center (IC3).

Staff, 2024. Data Breach Investigations Report [Report]. Verizon Business.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode where we are joined by the Head of Product for IBM Security Aarti Borkar, who shares her journey which included going after her lifelong love of math rather than following in her parents' footsteps in the medical field. In following her passions, Aarti found herself studying computer engineering and computer science, and upon taking a pause from her studies, she found a niche working at IBM in a mix of databases and networking. In her current position, Aarti describes her favorite discussion topics very often involve being around the use of AI for converting security into predictive domains. Aarti reminds us that you should pause and see if you are on the right path. Staying on a path just because you started there can be a bad idea. And, we thank Aarti for sharing her story.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by Chester Wisniewski, Global Field CTO from Sophos X-Ops team, to discuss their work on "Crimson Palace returns: New Tools, Tactics, and Targets." Sophos X-Ops has observed a resurgence in cyberespionage activity, tracked as Operation Crimson Palace, targeting Southeast Asian government organizations.

After a brief lull, Cluster Charlie resumed operations in September 2023, using new tactics such as web shells and open-source tools to bypass detection, re-establish access, and map target network infrastructure, demonstrating ongoing efforts to exfiltrate data and expand their foothold.

The research can be found here:

• Crimson Palace returns: New Tools, Tactics, and Targets 

Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft describes a macOS vulnerability. A trio of healthcare organizations reveal data breaches affecting nearly three quarters a million patients. Group-IB infiltrates a ransomware as a service operation. Instagram rolls out new measures to combat sextortion schemes. Updates from Bitdfender address Man-in-the-Middle attacks. An Alabama man is arrested for allegedly hacking the SEC. In our Industry Voices segment, Gerry Gebel, VP of Strata Identity, describes how to ensure identity continuity during IDP disrupted, disconnected and diminished environments. CISOs want to see their role split into two positions. Game Freak’s Servers Take Critical Hit.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we have our Industry Voices segment with Gerry Gebel, VP of Products and Standards at Strata Identity, discussing how to ensure identity continuity during IDP disrupted, disconnected and diminished environments.

Resources to learn more: 

• Identity Continuity™: How to have uninterrupted IDP access
• Resilience in extreme conditions: Why DDIL environments need continuous identity access

Selected Reading

magazine.com/news/microsoft-macos-vulnerability/">macOS Vulnerability Could Expose User Data, Microsoft Warns (Infosecurity Magazine)

Microsoft warns it lost some customer's security logs for a month (Bleeping Computer)

3 Longtime Health Centers Report Hacks Affecting 740,000 (GovInfo Security)

Cicada3301 ransomware affiliate program infiltrated by security researchers (SC Media)

magazine.com/news/instagram-sextortion-protection/">Instagram Rolls Out New Sextortion Protection Measures (Infosecurity Magazine)

Bitdefender Total Security Vulnerability Exposes Users to Man-in-the-Middle Attacks (Cyber Security News)

Alabama Man Arrested in SEC Social Media Account Hack That Led the Price of Bitcoin to Spike (SecurityWeek)

CISOs Concerned Over Growing Demands of Role (Security Boulevard)

Pokémon video game developer confirms its systems were breached by hackers (The Record)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Brazilian authorities arrest the alleged “USDoD” hacker. The DoJ indicts the alleged operators of Anonymous Sudan. CISA and its partners warn of Iranian brute force password attempts. A new report questions online platforms’ ability to detect election disinformation. Recent security patches address critical vulnerabilities in widely-used platforms. North Korean threat actors escalate their fake IT worker schemes. CISA seeks comment on Product Security Bad Practices. Dealing effectively with post-breach stress. Tim Starks, Senior Reporter at CyberScoop, joins us to discuss “What’s new from this year’s Counter Ransomware Initiative summit.” Redbox DVD rental machines get a reboot. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We welcome back Tim Starks, Senior Reporter at CyberScoop, to discuss “What’s new from this year’s Counter Ransomware Initiative summit, and what’s next.”

Selected Reading

Hacker allegedly behind attacks on FBI, Airbus, National Public Data arrested in Brazil (The Record)

Two Sudanese Nationals Indicted for Alleged Role in Anonymous Sudan Cyberattacks on Hospitals, Government Facilities, and Other Critical Infrastructure in Los Angeles and Around the World (US Department of Justice)

Iranian Hackers Using Brute Force on Critical Infrastructure (GovInfo Security)

Before US election, TikTok and Facebook fail to block harmful disinformation. YouTube succeeds (Global Witness)

F5 BIG-IP Updates Patch High-Severity Elevation of Privilege Vulnerability (Security Week)

Cisco Patches High-Severity Vulnerabilities in Analog Telephone Adapters (Security Week)

GitHub patches critical vulnerability in its Enterprise Servers (CyberScoop)

magazine.com/news/north-korea-it-worker-extort/">North Korea Escalates Fake IT Worker Schemes to Extort Employers (Infosecurity Magazine)

magazine.com/news/cisa-product-security-flaws/">CISA Seeks Feedback on Upcoming Product Security Flaws Guidance (Infosecurity Magazine)

Helping Your Team Cope With the Stress of a Cyber Incident (BankInfo Security)

Tinkerers Are Taking Old Redbox Kiosks Home and Reverse Engineering Them (404 Media)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Authorities arrest over 200 Chinese nationals in Sri Lanka over financial scams. Officials in Finland take down an online drug market. Cisco investigates an alleged data breach.  A major apparel provider suffers a data breach. Oracle’s latest patch update includes 35 critical issues. Microsoft has patched several high-severity vulnerabilities. The NCSC’s new boss calls for global collaboration to fight cybercrime. CISA warns of critical vulnerabilities affecting software from Microsoft, Mozilla, and SolarWinds.Hackers steal data from Verizon’s push-to-talk (PTT) system. On our CertByte segment, Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test. Robot vacuums go rogue.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K's Microsoft Azure Administrator (AZ-104) Practice Test.

Candidates for the Microsoft Azure Administrator exam are Azure Administrators who manage cloud services that span storage, security, networking, and compute cloud capabilities. Candidates should be proficient in using PowerShell, the Command Line Interface, Azure Portal, ARM templates, operating systems, virtualization, cloud infrastructure, storage structures, and networking.

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.

Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers.

Reference:

Microsoft Azure Blog > Virtual Machines > Gain business insights using Power BI reports for Azure Backup

Selected Reading

Sri Lankan Police Arrest Over 200 Chinese Scammers (BankInfo Security)

Finnish Customs closed down the Sipulitie marketplace on the encrypted Tor network (Finnish Customs)

Cisco investigates breach after stolen data for sale on hacking forum (Bleeping Computer)

Varsity Brands Data Breach Impacts 65,000 People (SecurityWeek)

Oracle October 2024 Critical Patch Update Addresses 198 CVEs (Security Boulevard)

Microsoft Patches Vulnerabilities in Power Platform, Imagine Cup Site (SecurityWeek)

'Nationally significant' cyberattacks are surging, warns the UK's new cyber chief (The Record)

CISA Warns of Three Vulnerabilities Actively Exploited in the Wild (Cyber Security News)

Hackers Advertise Stolen Verizon Push-to-Talk ‘Call Logs’ (404 Media)

Hackers took over robovacs to chase pets and yell slurs (The Verge)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Thinking past the US 2024 Presidential Election, In part three of the series, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses reducing the impact of propaganda in the future elections with Perry Carpenter, Chief Human Risk Management Strategist at KnowBe4 and host of the 8th Layer Insights Podcast, Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project, and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

Check out Part 1 & 2!

Part 1: Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging.

Part 2: Election Propaganda: Part 2: Modern propaganda efforts. In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

References:

Rick Howard, 2024. Election Propaganda Part 1: How does election propaganda work? [3 Part Podcast Series]. The CyberWire.

Rick Howard, 2024. Election Propaganda: Part 2: Modern propaganda efforts. [3 Part Podcast Series]. The CyberWire.

Christopher Chabris, Daniel Simons, 2010. The Invisible Gorilla: And Other Ways Our Intuitions Deceive Us [Book]. Goodreads.

Chris Palmer, 2010. TFL Viral - Awareness Test (Moonwalking Bear) [Explainer]. YouTube.

David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle.

Eli Pariser, 2011. The Filter Bubble: What the Internet is Hiding From You [Book]. Goodreads.

Kara Swisher, Julia Davis, Alex Stamos, Brandy Zadrozny, 2024. Useful Idiots? How Right-Wing Influencers Got $ to Spread Russian Propaganda [Podcast]. On with Kara Swisher.

Nate Silver, 2024. What’s behind Trump’s surge in prediction markets? [Analysis]. Silver Bulletin.

Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post.

Nilay Patel, 2024. The AI election deepfakes have arrived [Podcast]. Decoder.

Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads.

Perry Carpenter, 2024. FAIK: A Practical Guide to Living in a World of Deepfakes, Disinformation, and AI-Generated Deceptions [Book]. Goodreads.

Perry Carpenter, 2021. Meatloaf Recipes Cookbook: Easy Recipes For Preparing Tasty Meals For Weight Loss And Healthy Lifestyle All Year Round [Book]. Goodreads.

Perry Carpenter, n.d. 8th Layer Insights [Podcast]. N2K CyberWire.

Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads.

Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post.

Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post.

Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber.

Staff, n.d. Overview: Coalition for Content Provenance and Authenticity [Website]. C2PA.

declass-16MAR21.pdf">Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI.

wing-misinformation-conspiracy-theories.html">Staff, n.d. Project Origin [Website]. OriginProject. URL https://www.originproject.info/

wing-misinformation-conspiracy-theories.html">Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis] The New York Times.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA adds a Fortinet flaw to its “must patch” list. Splunk releases fixes for 11 vulnerabilities in Splunk Enterprise. ErrorFather is a new malicious Android banking trojan. New evidence backs secure-by-design practices. CISA warns that threat actors are exploiting unencrypted persistent cookies. The FIDO Alliance standardizes passkey portability. Cybercriminals linger on Telegram. On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse. We mark the passing of the co creator of the BBS.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment today, our guest is Matt Radolec, Vice President, Incident Response and Cloud Operations at Varonis, discussing how AI amplifies the need for data privacy regulation and opens doors for abuse.

Selected Reading

Tens of thousands of IPs vulnerable to Fortinet flaw dubbed 'must patch' by feds (CyberScoop)

Fortinet FortiGuard Labs Observes Darknet Activity Targeting the 2024 United States Presidential Election (Fortinet)

Splunk Enterprise Update Patches Remote Code Execution Vulnerabilities (SecurityWeek)

magazine.com/news/cerberus-android-banking-trojan/">Cerberus Android Banking Trojan Deployed in New Multi-Stage Malicious Campaign (Infosecurity Magazine)

Organizations can substantially lower vulnerabilities with secure-by-design practices, report finds (CyberScoop)

magazine.com/news/eight-million-download-200-mal/">Eight Million Users Download 200+ Malicious Apps from Google Play (Infosecurity Magazine)

TrickMo malware steals Android PINs using fake lock screen (Bleeping Computer)

CISA: Hackers abuse F5 BIG-IP cookies to map internal servers (Bleeping Computer)

FIDO Alliance is Standardizing Passkey Portability (Thurrott)

So far, cybercriminals appear to be just shopping around for a Telegram alternative (The Record)

Ward Christensen, BBS inventor and architect of our online age, dies at age 78 (Ars Technica)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of Solution Spotlight, join us for an exclusive conversation between ISC2's Executive Vice President of Corporate Affairs, Andy Woolnough, and N2K's Simone Petrella. Together, they take a deep dive into ISC2's 2024 Cybersecurity Workforce Study, offering a first look at the most pressing findings.

Discover insights from a survey of 15,852 cybersecurity professionals and decision-makers across the globe, including the size of the current workforce, the demand for more professionals, and alarming trends around layoffs, budget cuts, and skills shortages. Andy and Simone also explore the growing disconnect between the skills in high demand by hiring managers and those that cybersecurity pros are prioritizing. Learn why organizations must take immediate action to foster talent and bridge these skills gaps to meet the industry's evolving needs.

Plus, today marks the start of the ISC2 Security Congress 2024! Whether attending in person or virtually, this event is packed with opportunities to engage with industry experts and further your knowledge in cybersecurity.

Tune in for actionable insights and exclusive details on the state of the cybersecurity workforce and how your organization can stay ahead.

For more information on ISC2 Security Congress 2024, visit the event page here.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode, where we are joined by a High Performance Computing Systems Administrator at Brigham Young University. Billy Wilson tells his cybersecurity career story translating language skills to technical skills. According to Billy's employer, moving to a technical position at his alma mater occurred because Billy showed this potential and a thirst for learning. He is currently pursuing his master's degree from SANS Technology Institute for Information Security Engineering while working to secure BYU's data for their computationally-intensive research. Billy notes that not everyone has one overarching passion which gives him variety in his work. And, we thank Billy for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Trevor Hilligoss, VP of SpyCloud Labs at SpyCloud, discusses the increasing threat of ransomware, emphasizing the role of infostealer malware in facilitating these attacks. He draws from SpyCloud's 2024 Malware and Ransomware Defense Report, highlighting how compromised identity data from infostealers creates opportunities for ransomware operators.

With 75% of organizations experiencing multiple ransomware attacks in the past year, Trevor explores findings from over 500 security leaders in the US and UK, discussing the challenges businesses face and how they can use insights from this research to defend against ransomware and other cybercrimes.

The research can be found here:

• MALWARE AND RANSOMWARE DEFENSE REPORT

Learn more about your ad choices. Visit megaphone.fm/adchoices

A Colorado health system’s patient portal has been compromised. Malicious uploads to open-source repositories surge over the past year. Octo2 malware targets Android devices. A critical vulnerability in Veeam Backup & Replication software is being exploited. The U.S. and U.K. team up for kids online safety. The European Council adopts the Cyber Resilience Act. New York State adopts new cyber regulations for hospitals. The FBI created its own cryptocurrency to help thwart fraudsters. Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters." Getting dumped via AI.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest Dr. Bilyana Lilly joins us to talk about her new novel "Digital Mindhunters."

Selected Reading

Cyberattack targets healthcare nonprofit overseeing 13 Colorado facilities (The Record)

Malicious packages in open-source repositories are surging (CyberScoop)

Octo2 Malware Uses Fake NordVPN, Chrome Apps to Infect Android Devices (HackRead)

Hackers Exploiting Veeam RCE Vulnerability to Deploy Ransomware (Cybersecuritynews)

Britain, US set up working group to improve children’s online safety (Reuters)

European Council Adopts Cyber Resilience Act (BankInfoSecurity)

New York State Enacts New Cyber Requirements for Hospitals (BankInfoSecurity)

FBI created a crypto token so it could watch it being abused (The Register)

Man learns he’s being dumped via “dystopian” AI summary of texts (Ars Technica)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Internet Archive gets breached and DDoSed. Dutch police arrest the alleged proprietors of an illicit online market. Fidelity Investments confirms a data breach. Marriott settles for $52 million over a multi-year data breach. Critical updates from Mozilla, FortiNet, Palo Alto Networks, VMWare, and Apple. Mongolian Skimmer targets Magento installations. On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations." Bankruptcy pulls back the curtain on a data brokerage firm. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, we speak with Ben April, Chief Technology Officer at Maltego Technologies GMBH, about "Overcoming information overload: Challenges in social media investigations." 

Selected Reading

Internet Archive Breach Exposes 31 Million Users (WIRED)

Dutch cops reveal takedown of 'largest dark web market' 

Fidelity says data breach exposed personal data of 77,000 customers (TechCrunch)

magazine.com/news/marriott-settlement-massive-data/">Marriott Agrees $52m Settlement for Massive Data Breach (Infosecurity Magazine)

Mozilla releases patches for actively exploited Firefox bug (The Register)

CISA says critical Fortinet RCE flaw now exploited in attacks (Bleeping Computer)

Palo Alto Warns of Critical Flaw That Let Attackers Takeover Firewalls (Cyber Security News)

VMware NSX Vulnerabilities Allow Hackers To Execute Arbitrary Commands (Cyber Security News)

iTunes Local Privilege Escalation (CVE-2024-44193) Vulnerability Analysis and Exploitation (CYFIRMA) 

The Mongolian Skimmer (Jscrambler)

National Public Data files for bankruptcy after info leak (The Register)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hackers target Russia’s court information system. Patch Tuesday rundown. GoldenJackal targets government and diplomatic entities in Europe, the Middle East, and South Asia.Cybercriminals are exploiting Florida’s disaster relief efforts. Australia introduced its first standalone cybersecurity law. CISA and the FBI issue guidance against Iranian threat actors. Mamba 2FA targets Microsoft 365 accounts. Casio reports a data breach. On our Solution Spotlight, Simone Petrella speaks with Andy Woolnough from ISC2's about their 2024 Cybersecurity Workforce Study.  Keeping the AI slop off Wikipedia. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Solution Spotlight today, our guest is Andy Woolnough, ISC2's Executive Vice President Corporate Affairs Executive Vice President Corporate Affairs. Andy shares a first look at ISC2's 2024 Cybersecurity Workforce Study with N2K's Simone Petrella. You can catch Simone and Andy’s full conversation on Monday, October 14th in our CyberWire Daily feed. That is also the day the ISC2 Security Congress 2024 kicks off. You can find out more about the event that has a virtual option here.  

Selected Reading

For a second day, Ukrainian hackers hit Russian institutions (Washington Post)

Microsoft October 2024 Patch Tuesday fixes 5 zero-days, 118 flaws (Bleeping Computer)

GoldenJackal APT Group Breached Air-Gapped European Government Systems (The Cyber Express)

Scammers Hit Florida Hurricane Victims with Fake FEMA Claims, Malware Files (Hackread)

magazine.com/news/australia-introduces-cybersecurity/">Australia Introduces First Standalone Cybersecurity Law (Infosecurity Magazine)

CISA Issues Guidance to Counter Iran's Election Interference (BankInfo Security)

New Mamba 2FA bypass service targets Microsoft 365 accounts (Bleeping Computer)

Casio says recent cyberattack 'caused system failure' (The Record)

The Editors Protecting Wikipedia from AI Hoaxes (404 Media)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In preparation for the US 2024 Presidential Election, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses recent international propaganda efforts in the form of nation state interference and influence operations as well as domestic campaigns designed to split the target country into opposing camps. Guests include Nina Jankowicz, Co-Founder and CEO of the The American Sunlight Project and Scott Small, Director of Cyber Threat Intelligence at Tidal Cyber.

Check out Part 1!

Make sure to check out Election Propaganda Part 1: How Does Election Propaganda Work? In this episode, Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that every citizen can take—regardless of political philosophy—to resist the influence of propaganda. This foundational episode is essential for understanding how to navigate the complex landscape of election messaging.

References:

Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber.

Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads.

Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Western authorities I.D. a key member of Evil Corp. A major U.S. water utility suffers a cyberattack. ODNI warns of influence campaigns targeting presidential and congressional races. A California deepfakes law gets blocked. Europol leads a global effort against human trafficking. Trinity ransomware targets the healthcare industry. Qualcomm patches a critical zero-day in its DSP service. ADT discloses a breach of encrypted employee data. North Korean hackers use stealthy Powershell exploits. On our Threat Vector segment, David Moulton and his guests tackle the pressing challenges of securing Operational Technology (OT) environments.  Machine Learning pioneers win the Nobel Prize. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Palo Alto Networks, hosts cybersecurity experts Qiang Huang Chung hwang, Palo Alto Networks VP of Product Management for Cloud Delivered Security Services, and Michela Menting, Senior Research Director in Digital Security at ABI Research, discuss the pressing challenges of securing Operational Technology (OT) environments. 

Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David, Michela and Qiang’s full discussion, check it out here. 

Selected Reading

Police unmask Aleksandr Ryzhenkov as Evil Corp member and LockBit affiliate (The Record)

American Water, the largest water utility in US, is targeted by a cyberattack (Associated Press)

magazine.com/news/us-foreign-interference-congress/">US Warns of Foreign Interference in Congressional Races (Infosecurity Magazine)

US Judge Blocks California's Law Curbing Election Deepfakes (BankInfo Security)

magazine.com/news/global-police-human-traffickers/">Global Police Track Human Traffickers in Online Crackdown (Infosecurity Magazine)

Recently spotted Trinity ransomware spurs federal warning to healthcare industry (The Record)

Qualcomm patches high-severity zero-day exploited in attacks (Bleeping Computer)

ADT says hacker stole encrypted internal employee data after compromising business partner (The Record)

North Korean Hackers Employ PowerShell-Based Malware With Serious Evasion Techniques (Cyber Security News)

‘Godfather of AI’ shares Nobel Prize in physics for work on machine learning (CNN)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Chinese hackers breach U.S. telecom wiretap systems. A third-party debt collection provider exposes sensitive information of Comcast customers. Homeland Security’s cybercrime division chronicles their success. Google removes Kaspersky antivirus from the Play store. Ukrainian hackers take down Russian TV and Radio channels. A crypto-thief pleads guilty to wire fraud and money laundering. A pig-butchering victim gets his money back. On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in. AI knows - the truth is out there. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Voices segment, Jeff Reed, Chief Product Officer at Vectra AI, joins us to talk about how modern attackers don't hack in, they log in.

Selected Reading

Chinese hackers breached US court wiretap systems, WSJ reports (Reuters)

Comcast says customer data stolen in ransomware attack on debt collection agency (TechCrunch)

Cyber Cops Stopped 500 Ransomware Hacks Since 2021, DHS Says (Bloomberg)

Google removes Kaspersky's antivirus software from Play Store (Bleeping Computer)

Ukraine Claims Cyberattack Blocked Russian State TV Online on Putin’s Birthday (Bloomberg)

Crypto Hacker Pleads Guilty for Stealing Over $37 Million in Cryptocurrency (Cyber Security News)

A victim of a crypto ‘pig butchering’ scam just got his $140,000 back (NPR)

How chatbots can win over crackpots (Fast Company)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, has a free-wheeling conversation with Merritt Baer, Reco AI’s CISO, about how infosec professionals should think about AI, Machine Learning, and Large Language Models (LLMs).

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this encore episode where we are joined by Co-founder and socio-technical lead at Cygenta, Dr. Jessica Barker, as she shares her story from childhood career aspirations of becoming a farmer to her accidental pivot to working in cybersecurity. With a PhD in civic design, Jessica looked at the creation of social and civic places until she was approached by a cybersecurity consultancy interested in the human side of cybersecurity. She jumped in and the rest is history. Having experienced some negativity as a woman in cybersecurity, Jessica is a strong proponent of diversity in the field. She suggests that newcomers to the industry follow what interests them and jump in. And, we thank Jessica for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Joshua Miller from Proofpoint is discussing their work on "Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset." Proofpoint identified Iranian threat actor TA453 targeting a prominent Jewish figure with a fake podcast interview invitation, using a benign email to build trust before sending a malicious link.

The attack attempted to deliver new malware called BlackSmith, containing a PowerShell trojan dubbed AnvilEcho, designed for intelligence gathering and exfiltration. This malware consolidates all of TA453's known capabilities into a single script rather than the previously used modular approach.

The research can be found here:

• Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset

Learn more about your ad choices. Visit megaphone.fm/adchoices

Interpol arrests eight in an international cybercrime crackdown. A MedusaLocker variant targets financial organizations. Cloudflare mitigates a record DDoS attempt. Insights from the Counter Ransomware Initiative summit. Fin7 uses deepnudes as a lure for malware. Researchers discovered critical vulnerabilities in DrayTek routers. CISA issues urgent alerts for products from Synacor and Ivanti. A former election official gets nine years in prison for a voting system data breach. Microsoft and the DOJ seize domains used by Russia’s ColdRiver hacking group. On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. to learn how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. Harvard students demonstrate glasses that can see through your privacy. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices Segment

On our Industry Voices segment, we are joined by Eric Olden, Founder and CEO of Strata Identity. Eric talks about how the modern enterprise can orchestrate the 7 A's of identity security to achieve zero trust. You can check out Strata’s blog on “Understanding the 7 A’s of IAM” and their book on “Identity Orchestration for Dummies”. 

Selected Reading

International police dismantle cybercrime group in West Africa (The Record)

magazine.com/news/medusalocker-ransomware-deployed/">New MedusaLocker Ransomware Variant Deployed by Threat Actor (Infosecurity Magazine)

Cloudflare Mitigates Record Breaking 3.8 Tbps DDoS Attack (Hackread)

Recently patched CUPS flaw can be used to amplify DDoS attacks (Bleeping Computer)

More frequent disruption operations needed to dent ransomware gangs, officials say (CyberScoop)

FIN7 hackers launch deepfake nude “generator” sites to spread malware (Bleeping Computer)

routers-flaws-impacts-700000-devices.html">14 New DrayTek routers' flaws impacts over 700,000 devices in 168 countries (Security Affairs)

CISA Warns Active Exploitation of Zimbra & Ivanti Endpoint Manager Vulnerability (Cyber Security News)

Former Mesa County clerk sentenced to 9 years for 2020 voting system breach (CyberScoop)

Microsoft and DOJ disrupt Russian FSB hackers' attack infrastructure (Bleeping Computer)

Someone Put Facial Recognition Tech onto Meta's Smart Glasses to Instantly Dox Strangers (404 Media)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Dmitri Alperovitch discusses his book World on the Brink: How America Can Beat China in the Race for the Twenty-First Century with host Ben Yelin. Alperovitch highlights the rising tensions between the U.S. and China, focusing on Taiwan as a critical flashpoint that could ignite a new Cold War. He shares insights on the strategies America must adopt to maintain its status as the world’s leading superpower while addressing the challenges posed by China. By examining both strengths and weaknesses, as well as providing a timely blueprint for navigating the complexities of global relations in the 21st century.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, discusses personal defensive measures that an average citizen, regardless of political philosophy, can take in order to not succumb to propaganda.

References:

David Ehl, 2024. Why Meta is now banning Russian propaganda [News]. Deutsche Welle.

Jeff Berman, Renée DiResta, 2023. Disinformation & How To Combat It [Interview]. Youtube.

Niha Masih, 2024. Meta bans Russian state media outlet RT for acts of ‘foreign interference’ [News]. The Washington Post.

Quentin Hardy, Renée DiResta, 2024. The Invisible Rulers Turning Lies Into Reality [Interview]. YouTube.

Rob Tracinski, Renée DiResta, 2024.  The Internet Rumor Mill [Interview]. YouTube.

Robin Stern, Marc Brackett, 2024. 5 Ways to Recognize and Avoid Political Gaslighting [Explainer]. The Washington Post.

Sarah Ellison, Amy Gardner, Clara Ence Morse, 2024. Elon Musk’s misleading election claims reach millions and alarm election officials [News]. The Washington Post.

Scott Small, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal Cyber.

declass-16MAR21.pdf">Staff, 2021. Foreign Threats to the 2020 US Federal Elections [Intelligence Community Assessment]. DNI.

Staff, 2024. Election Cyber Interference Threats & Defenses: A Data-Driven Study [White Paper]. Tidal.

wing-misinformation-conspiracy-theories.html">Stuart A. Thompson, Tiffany Hsu, 2024. Left-Wing Misinformation Is Having a Moment [Analysis. The New York Times.

musk-x-posts.html">Stuart A. Thompson, 2024. Elon Musk’s Week on X: Deepfakes, Falsehoods and Lots of Memes [News]. The New York Times.

Will Oremus, 2024. Zuckerberg expresses regrets over covid misinformation crackdown [News]. The Washington Post.

Yascha Mounk, Renée DiResta, 2022. How (Not) to Fix Social Media [Interview]. YouTube.

Renee DiResta, 2024. Invisible Rulers: The People Who Turn Lies into Reality [Book]. Goodreads.

Nina Jankowicz, 2020. How to Lose the Information War: Russia, Fake News and the Future of Conflict [Book]. Goodreads.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A global news agency suffers a cyberattack. CISA and the FBI provide guidance on cross site scripting attacks. A Texas health system diverts patients following a ransomware attack. Western Digital patches a critical vulnerability in network attached storage devices. California passes a law protecting domestic abuse survivors from being tracked. Verizon and PlayStation each suffer outages. CISA responds to critiques from the OIG. T-Mobile settles with the FCC over multiple data breaches. The DOJ indicts a Minnesota man on charges of selling counterfeit software license keys. On our Industry Voices segment kicking off Cybersecurity Awareness Month, we are joined by Chad Raduege, Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives. A Crypto Criminal Stretches His Limits—And His Legs.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices Segment

On our Industry Voices segment kicks off Cybersecurity Awareness Month, we are joined by Chad Raduege, Executive Director of the Oklahoma Cyber Innovation Institute at The University of Tulsa, discussing the Institute’s K-12 outreach initiatives. 

Selected Reading

AFP News Agency's Content Delivery Systems Hit by Cyberattack (Hackread)

CISA and FBI Issue Alert on XSS Vulnerabilities (Security Boulevard)

UMC Health System Diverts Patients Following Ransomware Attack (SecurityWeek)

Western Digital My Cloud Devices Flaw Let Attackers Execute Arbitrary Code (CyberSecurity News)

California passes car data privacy law to protect domestic abuse survivors (The Record)

The Playstation Network is down in a global outage (Bleeping Computer)

mobile-outages-us.html">Verizon Mobile Outages Reported Across the U.S. (The New York Times)

DoJ audit finds CISA faces challenges in cyber threat information sharing, as participation hits record low (Industrial Cyber)

T-Mobile pays $31.5 million FCC settlement over 4 data breaches (Bleeping Computer)

Man charged for selling forged license keys for network switches (Bleeping Computer)

Crooked Cops, Stolen Laptops & the Ghost of UGNazi (Krebs on Security)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical vulnerability has been discovered in the NVIDIA Container Toolkit. Representatives from around the world are meeting in Washington to address ransomware.  The Pentagon shoots down the notion of a separate cyber service. A genetic testing company leaves sensitive information in an unsecured folder. A public accounting firm breach affects 127,000 individuals. The DOJ charges a British national with hacking U.S. companies. California’s Governor vetoes an AI safety bill. CISOs deserve a seat at the table. Tim Starks from CyberScoop describes the House Homeland Security chair’s proposed cyber workforce bill. Password laziness leaves routers vulnerable. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Tim Starks from CyberScoop talking about the House Homeland Security chair releasing and pushing forth a cyber workforce bill. Read more in Tim’s article. 

Selected Reading

Critical flaw in NVIDIA Container Toolkit allows full host takeover (Bleeping Computer)

Here's what to expect from the Counter Ransomware Initiative meeting this week (The Record)

Pentagon asks lawmakers to kill third-party look at an independent cyber force (Breaking Defense)

Facial DNA provider leaks biometric data via WordPress folder (Hackread)

Accounting Firm WMDDH Discloses Data Breach Impacting 127,000 (SecurityWeek)

British National Arrested, Charged for Hacking US Companies (SecurityWeek)

California Gov. Newsom Vetoes Hotly Debated AI Safety Bill (BankInfo Security)

magazine.com/news/pwc-boards-cisos-seat-table/">PwC Urges Boards to Give CISOs a Seat at the Table (Infosecurity Magazine)

New Critical Password Warning—86% Of All Router Users Need To Act Now (Forbes)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Rick Doten, the VP of Information Security at Centene and one of the original contributors to the N2K CyberWire Hash Table.  He makes the case to invigorate the automation first principle cybersecurity strategy. In this case, he is specifically addressing remediation automation.

References:

Staff, n.d. National Pie Championships [Website]. American Pie Council.

Rick Doten. Rick’s Cybersecurity Videos [Youtube Channel]. YouTube.

Joe, 2020. The Unbearable Frequency of PewPew Maps [Explainer]. Stranded on Pylos.

Aanchal Gupta, 2022. Celebrating 20 Years of Trustworthy Computing [Explainer]. Microsoft Security Blog.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption.

Listen to part 1 here.

In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption.

For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.”

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this encore episode where we are joined by the Chief strategy officer and chief security officer for Netskope, Jason Clark, shares his journey as he challenges the status quo and works to expand diversity in cybersecurity. Jason started his career by breaking the mold and heading to the Air Force rather than his family legacy of Army service. Following his military service, he became a CISO for the New York Times at age 26 and kept building from there. Jason advises, "You should always be seeking out jobs you're actually not qualified for. I think that's how you grow. If you know you could do the job, and you've got half the skills, go for it." Jason aspires to a legacy of increasing diversity in the cybersecurity industry and founded a non-profit to do just that. And, we thank Jason for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

We are joined by Yves Younan, Senior Manager, Talos Vulnerability Discovery and Research from Cisco, discussing their work on "How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions." Cisco Talos has uncovered eight vulnerabilities in Microsoft applications for macOS that could allow attackers to exploit the system's permission model by injecting malicious libraries.

By leveraging permissions already granted to these apps, attackers could gain access to sensitive resources like the microphone, camera, and screen recording without user consent. While Microsoft considers these issues low risk and has declined to fix them, the vulnerabilities pose a potential threat to user privacy and security.

The research can be found here:

• How multiple vulnerabilities in Microsoft apps for macOS pave the way to stealing permissions

Learn more about your ad choices. Visit megaphone.fm/adchoices

International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users’ passwords in plaintext. Delaware’s public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant at GuidePoint Security discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." Having the wisdom to admit you just don’t know. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Mark Lance, Vice President DFIR and Threat Intelligence at GuidePoint Security, discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." 

Selected Reading

US-led operation disrupts crypto exchanges linked to Russian cybercrime (The Record)

Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected (SecurityWeek)

Criminal charges coming in alleged Iranian hack of Trump campaign emails: Sources (ABC News)

Meta fined $101 million for storing hundreds of millions of passwords in plaintext (The Record)

Hackers attack Delaware libraries, seek ransom. Here's what we know (Delaware Online)

Tor Merges With Security-Focused OS Tails (SecurityWeek)

Progress urges admins to patch critical WhatsUp Gold bugs ASAP (Bleeping Computer)

VLC Player Vulnerability Let Attackers Execute Malicious Code, Update Now (Cyber Security News)

Bigger AI chatbots more inclined to spew nonsense — and people don't always realize (Nature)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Salt Typhoon infiltrates US ISPs. Researchers hack the connected features in Kia vehicles.WiFi portals in UK train stations suffer Islamophobic graffiti. International partners release a joint guide for protecting Active Directory. A key house committee approves an AI vulnerability reporting bill. India’s largest health insurer sues Telegram over leaked data. HPE Aruba Networking patches three critical vulnerabilities in its Aruba Access Points. OpenAI plans to restructure into a for-profit business. CISA raises the red flag on Hurricane Helene scams. Our guest is Ashley Rose, Founder & CEO at Living Security, on the creation of Forrester’s newest cybersecurity category, Human Risk Management. The FTC says “Objection!” to the world’s first self-proclaimed robot lawyer.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Ashley Rose, Living Security’s Founder & CEO, talking about the creation of Forrester’s newest cybersecurity category, Human Risk Management. Read Ashley’s blog. Learn more on The Forrester Wave™: Human Risk Management Solutions, Q3 2024.  

Selected Reading

China-Backed Salt Typhoon Targets U.S. Internet Providers: Report (Security Boulevard)

Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug (WIRED)

Public Wi-Fi operator investigating cyberattack at UK's busiest train stations (The Rgister)

ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises (CISA)

House panel moves bill that adds AI systems to National Vulnerability Database (CyberScoop)

India's Star Health sues Telegram after hacker uses app's chatbots to leak data (Reuters)

HPE Aruba Networking fixes critical flaws impacting Access Points (Bleeping Computer)

Exclusive: OpenAI to remove non-profit control and give Sam Altman equity (Reuters)

OpenAI's technology chief Mira Murati, two other research executives to leave (Reuters)

CISA Warns of Hurricane-Related Scams (CISA)

DoNotPay must pay $193,000 to settle false claim charges from FTC. (The Verge)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CrowdStrike’s Adam Meyers testifies before congress. The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity. Foreign adversaries claim ongoing access to presidential campaign documents. Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than ten minutes. Exploiting ChatGPT’s long-term memory. Politicians and staffers find personal data exposed on the dark web. A critical vulnerability in Ivanti’s Virtual Traffic Manager is being actively exploited. On our CertByte segment,  Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ Practice Test. Don’t click the PDiddy links.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ (PK0-005) Practice Test.

This exam is targeted for candidates who have about 1-2 years of project management experience. This is not an actual test question, but an example of one that covers an objective for the 5th version of the exam, which came out in November 2022.

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Selected Reading

magazine.com/news/crowdstrike-apologizes-outage/">CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access (Infosecurity Magazine)

Exclusive: State Department cyber bureau preps funding blitz aimed at boosting allies' defenses (The Record)

Iranian-linked election interference operation shows signs of recent access (CyberScoop)

FEC expands campaign spending rules to allow for physical, cybersecurity purchases (CyberScoop)

Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities (SecurityWeek)

New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 Minutes (Forbes)

Hacker plants false memories in ChatGPT to steal user data in perpetuity (Ars Technica)

Proton warns that data of thousands politicians leaked on the dark web (Beyond Machines)

Third Recent Ivanti Vulnerability Exploited in the Wild (SecurityWeek)

PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts (Hackread)

Diddy Do It? Or Did Cybercriminals? How Hackers Are Turning Scandals Into Cyber Attacks (Veriti)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybersecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on  prevention, response, and recovery. In this week’s Threat Vector, host David Moulton is joined by Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, to explore the seismic shifts in cybersecurity brought about by AI technologies.  A lavish lifestyle exposes the duo behind a $230M crypto scam.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, explore the seismic shifts in cybersecurity brought about by AI technologies. 

Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David and Daniel’s full discussion, check it out here. 

Selected Reading

Exclusive: House Homeland Security chair releases, pushes forth cyber workforce bill (CyberScoop)

Google Announces New Gmail Security Move For Millions (Forbes)

Telegram will now provide some user data to authorities (BBC)

Microsoft CEO to Cyber Team: Don’t Tell Me How Great Everything Is (Bloomberg)

Kansas Water Facility Switches to Manual Operations Following Cyberattack (SecurityWeek)

MoneyGram says cyber incident causing network outages (The Record)

Kaspersky Users in US Find Antivirus Software Automatically Replaced (Cyber Security News)

Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report (The Record)

magazine.com/news/zero-failure-tolerance/">Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organization (Infosecurity Magazine)

Two men arrested one month after $230 million of cryptocurrency stolen from a single victim (Bitdefender) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The US is set to propose a ban on Chinese software and hardware in connected cars. Dell investigates a breach of employee data. Unit 42 uncovers a North Korean PondRAT and a red team tool called Splinter. Marko Polo malware targets cryptocurrency influencers, gamers, and developers. An Iranian state-sponsored threat group targets Middle Eastern governments and telecommunications.The alleged Snowflake hacker remains active and at large. German officials quantify fallout from the CrowdStrike incident. Apple’s latest macOS update has led to widespread issues with cybersecurity software and network connectivity. Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Supercharging your graphing calculator. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Read their blog "Surging Hype: An Update on the Rising Abuse of GenAI" here. 

Selected Reading

Exclusive: US to propose ban on Chinese software, hardware in connected vehicles (Reuters)

Dell investigates data breach claims after hacker leaks employee info (Bleeping Computer)

pisces-malicious-python-packages.html">North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages (Security Affairs)

Global infostealer malware operation targets crypto users, gamers (Bleeping Computer)

Iranian-Linked Group Facilitates APT Attacks on Middle East Networks (Security Boulevard)

Hacker behind Snowflake customer data breaches remains active (CyberScoop)

Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool (Palo Alto Networks)

Organizations are changing cybersecurity providers in wake of Crowdstrike outage (Help Net Security)

Cybersecurity Products Conking Out After macOS Sequoia Update (SecurityWeek)

Secret calculator hack brings ChatGPT to the TI-84, enabling easy cheating (Ars Technica)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Roselle Safran, the CEO and Founder of KeyCaliber and one of the original contributors to the N2K CyberWire Hash Table. She interviews Tia Hopkins, the eSentire Chief Cyber Resilience Officer, to make the business case for why resilience might be the most important cyber strategy.

References:

Black Women in Cyber Collective, 2024. Securing Our Future: Embracing The Resilience and Brilliance of Black Women in Cyber [Book]. Goodreads.

Ken Underhill, Christophe Foulon, Tia Hopkins, Mari Galloway, 2022. Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career [Book]. Goodreads.

Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid, 2021. SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach [Guidance]. CSRC.

Roselle Safran, 2024. Who Does the CISO Work for? [Social Media Post]. LinkedIn.

Staff, n.d. Empow(H)er Cyber Home [Website].

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode, where we are jjoined by Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption.

In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption.

For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.”

Learn more about your ad choices. Visit megaphone.fm/adchoices

Jonathan Tanner, Senior Security Researcher from Barracuda, discussing their work on "Stealthy phishing attack uses advanced infostealer for data exfiltration." The recent phishing attack, detailed by Barracuda, uses a sophisticated infostealer malware to exfiltrate a wide array of sensitive data.

The attack begins with a phishing email containing an ISO file with an HTA payload, which downloads and executes obfuscated scripts to extract and transmit browser information, saved files, and credentials to remote servers. This advanced infostealer is notable for its extensive data collection capabilities and complex exfiltration methods, highlighting the increasing sophistication of cyber threats.

The research can be found here:

• Stealthy phishing attack uses advanced infostealer for data exfiltration

Learn more about your ad choices. Visit megaphone.fm/adchoices

An FTC report confirms online surveillance and privacy concerns. Ukraine bans Telegram for state and security officials. Sensitive customer data from India’s largest health insurer is leaked. German law enforcement shuts down multiple cryptocurrency exchange services. HZ RAT sets its sights on macOS systems. Stolen VPN passwords remain a growing threat. Law enforcement dismantles the iServer phishing-as-a-service platform. Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. CISA’s boss pushes for accountability. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.”

To listen to Brandon and Steve’s full conversation, check out our Special Edition series that will run over the next two Sundays in our CyberWire Daily podcast feed. 

Selected Reading

FTC Staff Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens (Federal Trade Commission)

Ukraine bans Telegram on state and military devices (The Record)

selling-7-tb-of-star-health-insurances-customer-data-using-telegram.html">Hacker selling 7 TB of Star Health Insurance’s customer data using Telegram (CSO Online)

German Government Shuts Down 47 Exchanges, Says They're Tied To ‘Illegal Activity’ (CoinDesk)

New MacOS Malware Let Attackers Control The Device Remotely (Cyber Security News)

More Than Two Million Stolen VPN Passwords Discovered (Security Boulevard)

High-risk vulnerabilities in common enterprise technologies (Rapid7 Blog)

Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones (SecurityWeek)

Insecure software makers are the real cyber villains – CISA (The Register) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The US government disrupts China’s Raptor Train botnet. A phishing campaign abuses GitHub repositories to distribute malware.Ransomware group Vanilla Tempest targets U.S. healthcare providers.Hackers demand $6 million for stolen airport data. The FCC opens applications for a $200 million cybersecurity grant program. GreyNoise Intelligence tracks mysterious online “Noise Storms”. Scammers threaten Walmart shoppers with arrest. CISA adds five critical items to its known exploited vulnerabilities list. Craigslist founder will donate $100 million to strengthen US cybersecurity. Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking about space security and stability. Cybercriminals fall prey to very infostealers they rely on.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Victoria Samson, Chief Director at Secure World Foundation, talking with N2K’s T-Minus Space Daily podcast host Maria Varmazis about space security and stability. For some additional detail about space sustainability, visit Secure World Foundation’s Space Sustainability 101.  

Selected Reading

US Disrupts 'Raptor Train' Botnet of Chinese APT Flax Typhoon (SecurityWeek)

Clever 'GitHub Scanner' campaign abusing repos to push malware (Bleeping Computer)

warns-of-ransomware-attacks-on-us-healthcare.html">Microsoft warns of ransomware attacks on US healthcare (CSO Online)

Sea-Tac refuses to pay 100-bitcoin ransom after August cyberattack (The Seattle Times)

magazine.com/news/fcc-cyber-grant-applications/">FCC $200m Cyber Grant Pilot Opens Applications for Schools and Libraries (Infosecurity Magazine)

GreyNoise Reveals New Internet Noise Storm: Secret Messages and the China Connection (GreyNoise)

Walmart customers scammed via fake shopping lists, threatened with arrest (Malwarebytes)

CISA Warns of Five Vulnerabilities Actively Exploited in the Wild (Cyber Security News)

Craigslist Founder Pledges $100 Million to Boost U.S. Cybersecurity (Wall Street Journal)

Criminals Keep Hacking Themselves, Letting Researchers Unmask Them (404 Media) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Exploding pagers in Lebanon are not a cyberattack. Europol leads an international effort to shut down the encrypted communications app Ghost. Microsoft IDs Russian propaganda groups’ disinformation campaigns. California’s Governor signs bills regulating AI in political ads. A multi-step zero-click macOS Calendar vulnerability is documented. A new phishing campaign targets Apple ID credentials.The US Cyber Ambassador emphasizes deterrence. Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work on maintaining security support at all levels of cyber maturity. AI tries to out-Buffett Warren Buffett.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Linda Betz, Executive Vice President of Global Community Engagement at the FS-ISAC, sharing their work and the recently-published guide on maintaining security support at all levels of cyber maturity. You can check out their guide “Cyber Fundamentals: Critical baseline security practices for today’s threat landscape” here. 

Selected Reading

hezbollah-pagers-explosives.html?unlocked_article_code=1.LU4.vFSx.5aHyBXwQ_7U7&smid=nytcore-ios-share&referringSource=articleShare">Israel Planted Explosives in Pagers Sold to Hezbollah, Officials Say (The New York Times)

Criminal-favored Ghost messaging app busted, owners arrested (Cybernews)

Russians made videos falsely accusing Harris of hit-and-run, Microsoft says (The Washington Post)

California governor signs laws to crack down on election deepfakes created by AI (Associated Press)

Researcher chains multiple old macOS flaws to compromise iCloud with no user interaction (Beyond Machines)

iPhone Users Warned As New Email Password-Stealing Attacks Reported (Forbes)

Deterrence in cyberspace is possible — and ‘urgent’ — amid ‘alarming’ hybrid attacks, State cyber ambassador says (CyberScoop)

New Chatbot ETF Promises to Mimic Warren Buffett, David Tepper (Bloomberg)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The US charges a Chinese national for spear-phishing government employees. The feds impose new sanctions on the makers of Predator spyware. Dealing with fake data breaches. Researchers discover a critical vulnerability in Google Cloud Platform. D-Link has patched critical vulnerabilities in three popular wireless router models. Snowflake ups their authentication game. A US mining company confirms a cyberattack. Researchers identify critical threats targeting construction industry accounting software. Tim Starks from CyberScoop joins us with his reporting on the US Postal Service’s ability to meet the challenges of the upcoming election. Cisco’s second round of layoffs hit hard. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest today is Tim Starks, Senior Reporter from CyberScoop, joining us to discuss his piece on "Election officials say U.S. Postal Service woes place election mail at risk." 

Selected Reading

DoJ: Chinese Man Used Spear-Phishing to Obtain Software From NASA, Military (SecurityWeek)

magazine.com/news/us-ramps-up-sanctions-spywaremaker/">US Ramps Up Sanctions on Spyware-Maker Intellexa (Infosecurity Magazine)

All Smoke, no Fire: The Bizarre Trend of Fake Data Breaches and How to Protect Against Them (Security Boulevard)

Google Cloud Platform RCE Flaw Let Attackers Execute Code on Millions of Google Servers (Cyber Security News) 

D-Link fixes critical RCE, hardcoded password flaws in WiFi 6 routers (Bleeping Computer)

Breach-Weary Snowflake Moves to MFA, 14-Character Passwords (GovInfo Security)

Owner of only US platinum mine confirms data breach after ransomware claims (The Record)

Cracks in the Foundation: Intrusions of FOUNDATION Accounting Software (Huntress)

Cisco's second layoff of 2024 affects thousands of employees (TechCrunch)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI and CISA dismiss false claims of compromised voter registration data. The State Department accuses RT of running global covert influence operations. Chinese hackers are suspected of targeting a Pacific Islands diplomatic organization. A look at Apple’s Private Cloud Compute system. 23andMe will pay $30 million to settle a lawsuit over a 2023 data breach.  SolarWinds releases patches for vulnerabilities in its Access Rights Manager. Browser kiosk mode frustrates users into giving up credentials. Brian Krebs reveals the threat of growing online “harm communities.” Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on prompt injection attacks. How theoretical is the Dead Internet Theory?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Elliot Ward, Senior Security Researcher at Snyk, sharing insights on their recent work "Agent Hijacking: the true impact of prompt injection attacks." 

Selected Reading

FBI tells public to ignore false claims of hacked voter data (Bleeping Computer)

Russia’s RT news agency has ‘cyber operational capabilities,’ assists in military procurement, State Dept says (The Record)

The Dark Nexus Between Harm Groups and ‘The Com’ (Krebs on Security)

China suspected of hacking diplomatic body for Pacific islands region (The Record)

Apple Intelligence Promises Better AI Privacy. Here’s How It Actually Works (WIRED)

Apple seeks to drop its lawsuit against Israeli spyware pioneer NSO (Washington Post)

23andMe settles data breach lawsuit for $30 million (Reuters)

SolarWinds Patches Critical Vulnerability in Access Rights Manager (SecurityWeek)

Malware locks browser in kiosk mode to steal Google credentials (Bleeping Computer)

Is anyone out there? (Prospect Magazine) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Errol Weiss, the Chief Security Officer (CSO) of the HEALTH-ISAC and one of the original contributors to the N2K CyberWire Hash Table. He will make the business case for information sharing.

References:

White and Williams LLP, Staff Osborne Clarke LLP , 2018. Threat Information Sharing and GDPR [Legal Review]. FS-ISAC.

Senator Richard Burr (R-NC), 2015. S.754 - 114th Congress (2015-2016): To improve cybersecurity in the United States through enhanced sharing of information about cybersecurity threats, and for other purposes [Law]. Library of Congress.

Staff, n.d. National Council of ISACs [Website]. NCI.

Staff, 2020. Guidance to Assist Non-Federal Entities to Share Cyber Threat Indicators and Defensive Measures with Federal Entities under the Cybersecurity Information Sharing Act of 2015 [Guidance]. CISA.

isac.org/h-isac-information-sharing-best-practices/">Staff, 2023. Information Sharing Best Practices [White paper]. Health-ISAC.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this encore of Carerr Notes, where the Program Director for Public Policy and External Affairs at the University of Maryland's Center for Health and Homeland Security Ben Yelin shares his journey from political junkie to Fourth Amendment specialist. Several significant life defining political developments like the disputed 2000 election, 9/11, and the Iraqi war occurred during his formative years that shaped Ben's interest in public policy and his desire to pursue a degree in law. An opportunity to be a teaching assistant turned out to be one of those sliding door scenarios that led Ben to where he is now, a lawyer in the academic and consulting worlds specializing in cybersecurity and digital privacy issues. Through his work, Ben hopes to elevate the course of the debate on these very important issues. And, we thank Ben for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Alex Delamotte, Threat Researcher from SentinelOne Labs, joins to share their work on "Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials." SentinelOne’s Labs team has uncovered new research on Xeon Sender, a cloud hacktool used to launch SMS spam attacks via legitimate APIs like Amazon SNS.

First seen in 2022, this tool has been repurposed by multiple threat actors and distributed on underground forums, highlighting the ongoing trend of SMS spam through cloud services and SaaS.

The research can be found here:

• Xeon Sender | SMS Spam Shipping Multi-Tool Targeting SaaS Credentials

Learn more about your ad choices. Visit megaphone.fm/adchoices

Fortinet reveals a data breach. The feds sanction a Cambodian senator for forced labor scams. UK police arrest a teen linked to the Transport for London cyberattack. New Linux malware targets Oracle WebLogic. Citrix patches critical Workspace app flaws. Microsoft unveils updates to prevent outages like the CrowdStrike incident. U.S. Space Systems invests in secure communications. Illegal gun-conversion sites get taken down. Tim Starks of CyberScoop tracks Russian hackers mimicking spyware vendors. Cybersecurity hiring gaps persist. Hackers use eye-tracking to steal passwords.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today, we welcome back Tim Starks, senior reporter from CyberScoop, to discuss “Google: apparent Russian hackers play copycat to commercial spyware vendors.” You can read the article Tim refers to here. 

Selected Reading

Fortinet Data Breach: What We Know So Far (SOCRadar)

Cambodian senator sanctioned by US over cyber-scams (The Register)

nca-arrested-teenager-transport-for-london-attack.html">UK NCA arrested a teenager linked to the attack on Transport for London (Security Affairs)

New 'Hadooken' Linux Malware Targets WebLogic Servers (SecurityWeek)

Citrix Workspace App Vulnerabilities Allow Privilege Escalation Attacks (Cyber Security News)

magazine.com/news/microsoft-prevent-crowdstrike/">Microsoft Vows to Prevent Future CrowdStrike-Like Outages (Infosecurity Magazine)

Space Systems Command Awards $188M Contract for meshONE-T Follow-on (Space Systems Command)

Domains seized for allegedly importing Chinese gun switches (The Register)

Why Breaking into Cybersecurity Isn’t as Easy as You Think (Security Boulevard)

Apple Vision Pro’s Eye Tracking Exposed What People Type (WIRED)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The UK designates data centers as Critical National Infrastructure. Cisco releases patches for multiple vulnerabilities in its IOS XR network operating system. BYOD is a growing security risk. A Pennsylvania healthcare network has agreed to a $65 million settlement stemming from a 2023 data breach.Google Cloud introduces air-gapped backup vaults. TrickMo is a newly discovered Android banking malware. GitLab has released a critical security update. A $20 domain purchase highlights concerns over WHOIS trust and security. Our guest is Jon France, CISO at ISC2, with insights on Communicating Cyber Risk of New Technology to the Board. And, could Pikachu be a double-agent for Western intelligence agencies?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Jon France, CISO at ISC2, sharing his take on "All on "Board" for AI – Communicating Cyber Risk of New Technology to the Board." This is a session Jon presented at Black Hat USA 2024. You can check out his session’s abstract. Also, N2K CyberWire is a partner of ISC2’s Security Congress 2024. Learn more about the in-person and virtual event here. 

Selected Reading

magazine.com/news/uk-data-centers-critical-national/">UK Recognizes Data Centers as Critical National Infrastructure (Infosecurity Magazine)

Cisco Patches High-Severity Vulnerabilities in Network Operating System (SecurityWeek)

BYOD Policies Fueling Security Risks (Security Boulevard)

Healthcare Provider to Pay $65M Settlement Following Ransomware Attack (SecurityWeek)

Google Unveils Air-gapped Backup Vaults to Protect Data from Ransomware Attacks (Cyber Security News)

New Android Banking Malware TrickMo Attacking Users To Steal Login Credentials (Cyber Security News)

GitLab Releases Critical Security Update, Urges Users to Patch Immediately (Cyber Security News)

Rogue WHOIS server gives researcher superpowers no one should ever have (Ars Technica)

Pokémon GO was an intelligence tool, claims Belarus military official (The Register) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential security leaders in the industry. Learn more about our network sponsorship opportunities and build your brand where industry leaders get their daily news.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Tuesday rundown. Microsoft integrates post-quantum cryptography (PQC) algorithms into its SymCrypt cryptographic library.The FTC finalizes rules to combat fake reviews and testimonials. A payment card thief pleads guilty. On our latest CertByte segment, N2K’s Chris Hare and George Monsalvatge share questions and study tips from the Microsoft Azure Fundamentals (AZ-900) Practice Test.  Hard Drive Heaven: How Iconic Music Sessions Are Disappearing. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s Microsoft Azure Fundamentals (AZ-900) Practice Test.

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.

Reference:

What is public cloud? (RedHat)

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Remembering 9/11

In today’s episode, we pause to honor and remember the lives lost on September 11, 2001. We pay tribute to the courageous first responders, the resilient survivors, and the families whose lives were forever altered by that tragic day. Amidst the profound loss, the spirit of unity and compassion shone brightly, reminding us of our shared humanity.

Additionally, you can check out our special segment featuring personal remembrances from N2K CyberWire’s very own Rick Howard, who was in the Pentagon on that fateful day. His reflections provide a heartfelt perspective on the events and are well worth your time. Tune in to hear his poignant insights.

Special Edition Podcast

In today’s special edition of Solution Spotlight, we welcome Mary Haigh, Global CISO of BAE Systems, as she sits down with N2K’s Simone Petrella. Together, they discuss moving beyond the technical aspects of cybersecurity to build and lead a high-performing security team.

Selected Reading

magazine.com/news/microsoft-fixes-four-actively/">Microsoft Fixes Four Actively Exploited Zero-Days (Infosecurity Magazine)

Adobe releases september 2024 patches for flaws in multiple products, including critical (Beyond Machines)

Chrome 128 Update Resolves High-Severity Vulnerabilities (SecurityWeek)

ICS Patch Tuesday: Advisories Published by Siemens, Schneider, ABB, CISA (SecurityWeek)

Ivanti fixes maximum severity RCE bug in Endpoint Management software (Bleeping Computer)

Microsoft Adds Support for Post-Quantum Algorithms in SymCrypt Library (SecurityWeek)

Federal Trade Commission Announces Final Rule Banning Fake Reviews and Testimonials (Federal Trade Commission)

Hacker pleads guilty after arriving on plane from Ukraine with a laptop crammed full of stolen credit card details (Bitdefender)

Inside Iron Mountain: It’s Time to Talk About Hard Drives (Mixonline)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach top security leaders. Explore our network sponsorship opportunities and build your brand where industry leaders get their daily news.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

For the 20th anniversary of 9/11 in 2021, Rick Howard, the CyberWire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center.

Read Rick's related essay and check out his original notes of 9/11/01 written in the weeks following the attacks.

Learn more about your ad choices. Visit megaphone.fm/adchoices

On this Solution Spotlight, guest Dr. Mary Haigh, Global CISO of BAE Systems, speaks with N2K President Simone Petrella about moving beyond the technical to build a cybersecurity team.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Crimson Palace targets Asian organizations on behalf of the PRC. Europe’s AI Convention has lofty goals and legal loopholes. The NoName ransomware gang may be working as a RansomHub affiliate. Wisconsin Physicians Service Insurance Corporation, SLIM CD, and Acadian Ambulance Service each suffer significant data breaches. CISA adds three vulnerabilities to its Known Exploited Vulnerabilities Catalog. Researchers from Ben-Gurion University in Israel develop new techniques to exfiltrate data from air-gapped computers. In our latest Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Sextortion scammers have gone to the dogs. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, sits down with Ryan Barger, Director of Offensive Security Services, to explore how AI is revolutionizing offensive security. Ryan delves into the practical applications of AI in tasks such as OSINT analysis, payload development, and evading endpoint detection systems. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network. 

Selected Reading

Chinese Tag Team APTs Keep Stealing Asian Gov't Secrets (Dark Reading)

The AI Convention: Lofty Goals, Legal Loopholes, and National Security Caveats (SecurityWeek)

NoName ransomware gang deploying RansomHub malware in recent attacks (Bleeping Computer)

Wisconsin Insurer Discloses Data Breach Impacting 950,000 Individuals (SecurityWeek)

Payment Gateway SLIM CD Data Breach: 1.7 Million Users Impacted (HACKREAD)

Acadian Ambulance service is reporting data breach, exposing almost 3 Million people (Beyond Machines)

CISA Warns of Three Vulnerabilities That Are Actively Exploited in the Wild (Cyber Security News)

Researchers Detail Attacks on Air-Gapped Computers to Steal Data (Cyber Security News)

Sextortion scams now use your "cheating" spouse’s name as a lure (Bleeping Computer) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Patch Now alerts come from Progress Software and Veeam Backup & Restoration. Car rental giant Avis notifies nearly 300,000 customers of a data breach. The UK’s National Crime Agency struggles to retain top cyber talent. Two Nigerian brothers get prison time for their roles in a deadly sextortion scheme. SpyAgent malware uses OCR to steal cryptocurrency. A Seattle area school district suffers a cybercrime snow day. Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and go seek -  the emergence of shadow data. A crypto leader resigns after being held at gunpoint. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Amer Deeba, CEO of Normalyze, discussing data’s version of hide and go seek, or the emergence of shadow data.

Selected Reading

Progress LoadMaster vulnerable to 10/10 severity RCE flaw (Bleeping Computer)

New Veeam Vulnerability Puts Thousands of Backup Servers at Risk – PATCH NOW! (HACKREAD)

Thousands of Avis car rental customers had personal data stolen in cyberattack (TechCrunch)

UK National Crime Agency, responsible for fighting cybercrime, ‘on its knees,’ warns report (The Record)

brothers-sentence-sex-extortion.html">2 Brothers Sentenced to More Than 17 Years in Prison in Sextortion Scheme (The New York Times)

SpyAgent Android malware steals your crypto recovery phrases from images (Bleeping Computer)

Highline schools closing Monday because of cyberattack (Seattle Times)

Crypto Firm CEO Resigns Following Armed Robbery of Company Funds (Blockonomi)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode where we are joined by, Microsoft's Corporate Vice President of Cybersecurity Business Development Ann Johnson brings us on her career journey from aspiring lawyer to cybersecurity executive. After pivoting from studying law, Ann started working with computers and found she had a deep technical aptitude for technology and started earning certifications landing in cybersecurity because she found an interest in PKI. At Microsoft, Ann says she solves some of the hardest problems every day. She recommends getting a mentor and finding your area of expertise. She leaves us with three dimensions she hopes to be her legacy: 1. diversity in more than just gender, 2. bringing a human aspect to the industry, and 3. being empathetic to the user experience. We thank Ann for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, N2K's very own Brandon Karpf sits down with Kevin Lentz, Team Leader of the Cyber Pacific Project at the Global Disinformation Lab, and they discuss the recent threatcasting report "Cyber Competition in the Indo-Pacific Gray Zone 2035." This report, developed using the Threatcasting Method, examines how the U.S. and Indo-Pacific allies can coordinate their cyber defense efforts in response to future competition with China.

It presents findings, trends, and recommendations based on twenty-five scenarios simulated by a cross-functional group of experts to anticipate and address emerging threats over the next decade.

The research can be found here:

• Cyber Competition in the Indo-Pacific Gray Zone 2035

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cadet Blizzard is part of Russia’s elite GRU Unit. Apache releases a security update for its open-source ERP system. SonicWall has issued an urgent advisory for a critical vulnerability. Researchers uncover a novel technique exploiting Linux’s Pluggable Authentication Modules. Google’s kCTF team has discloses a critical security vulnerability affecting the Linux kernel’s netfilter component. Predator spyware has resurfaced.  US health care firm Confidant Health exposes 5.3 terabytes of sensitive health information. Dealing with the National Public Data breach. On our Solution Spotlight: Mary Haigh, Global CISO of BAE Systems, speaks with N2K's Simone Petrella about moving beyond the technical to build an effective cybersecurity team. An AI music streaming scheme strikes a sour note. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Solution Spotlight segment, Mary Haigh, Global CISO of BAE Systems, speaks with N2K President Simone Petrella about moving beyond the technical to build a cybersecurity team.

Selected Reading

Russia’s Most Notorious Special Forces Unit Now Has Its Own Cyber Warfare Team (WIRED)

Apache Makes Another Attempt at Patching Exploited RCE in OFBiz (SecurityWeek)

SonicWall Access Control Vulnerability Exploited in the Wild (GB Hackers)

Linux Pluggable Authentication Modules Abused to Create Backdoors (Cyber Security News)

PoC Exploit Released for Linux Kernel Vulnerability that Allows Root Access (Cyber Security News)

Predator spyware resurfaces with signs of activity, Recorded Future says (CyberScoop)

Therapy Sessions Exposed by Mental Health Care Firm’s Unsecured Database (WIRED)

Frustration Trying to Opt-Out After the National Public Data Breach (Security Boulevard)

Musician charged with $10M streaming royalties fraud using AI and bots (Bleeping Computer)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ disrupts Russia’s Doppelganger. NSA boasts over 1,000 public and private partners. The FBI warns of North Korean operatives launching “complex and elaborate” social engineering attacks. Iran pays the ransom to sure up their banking system. Cisco has disclosed two critical vulnerabilities in its Smart Licensing Utility. A Nigerian man gets five years in prison for Business Email Compromise schemes. Planned Parenthood confirms a cyberattack. Our guests are Sara Siegle and Cam Potts from NSA, Co-Hosts of the new show, No Such Podcast. OnlyFans hackers get more than they bargained for. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guests are Sara Siegle, Chief, Strategic Communications and Cam Potts, Co-Host, from NSA sharing their new podcast, No Such Podcast. The NSA launched the first two episodes of their new weekly podcast today. You can catch their trailer here. Visit their show on Libsyn. 

Selected Reading

US Targets Russian Media and Hackers Over Election Meddling (BankInfoSecurity)

NSA Eyes Global Partnerships to Combat Chinese Cyberthreats (BankInfoSecurity)

North Korean scammers prep stealth attacks on crypto outfits (The Register)

Iran pays millions in ransom to end massive cyberattack on banks, officials say (Politico)

DrayTek Vulnerabilities Added to CISA KEV Catalog Exploited in Global Campaign (SecurityWeek)

Critical Cisco Smart Licensing Vulnerabilities Let Attackers Take Over System (Cyber Security News)

Nigerian man sentenced to 5 years for role in BEC operation (CyberScoop)

Planned Parenthood confirms cyberattack as RansomHub claims breach (Bleeping Computer)

Fake OnlyFans cybercrime tool infects hackers with malware (Bleeping Computer)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Researchers find Yubikeys vulnerable to cloning. Google warns of a serious zero-day Android vulnerability. Zyxel releases patches for multiple vulnerabilities. D-Link urges customers to retire unsupported vulnerable routers. Hackers linked to Russia and Belarus target Latvian websites. The Federal Trade Commission (FTC) reports a sharp rise in Bitcoin ATM-related scams. Dutch authorities fine Clearview AI over thirty million Euros over GDPR violations. Threat actors are misusing the MacroPack red team tool to deploy malware. CISA shies away from influencing content moderation. Our guest is George Barnes, Cyber Practice President at Red Cell Partners and Fmr. Deputy Director of NSA discussing his experience at the agency and now in the VC world. Unauthorized Wi-Fi on a Navy warship Leads to Court-Martial. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is George Barnes, Cyber Practice President and Partner at Red Cell Partners and judge at the 2024 DataTribe Challenge, discussing his experience on both sides, having been at NSA and now in the VC world. Submit your startup to potentially be selected to be part of a startup competition like no other by September 27, 2024.

Selected Reading

YubiKeys are vulnerable to cloning attacks thanks to newly discovered side channel (Ars Technica)

Google Issues Android Under Attack Warning As 0-Day Threat Hits Users (Forbes)

Zyxel Patches Critical Vulnerabilities in Networking Devices (SecurityWeek)

D-Link says it is not fixing four RCE flaws in DIR-846W routers (Bleeping Computer)

Hackers linked to Russia and Belarus increasingly target Latvian websites, officials say (The Record)

New FTC Data Shows Massive Increase in Losses to Bitcoin ATM Scams (FTC)

Dutch DPA imposes a fine on Clearview because of illegal data collection for facial recognition | Autoriteit Persoonsgegevens (Autoriteit Persoonsgegevens)

magazine.com/news/red-teaming-tool-abused-malware/">Red Teaming Tool Abused for Malware Deployment (Infosecurity Magazine)

CISA moves away from trying to influence content moderation decisions on election disinformation (CyberScoop)

How Navy chiefs conspired to get themselves illegal warship Wi-Fi (Navy Times)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Brazil blocks access to X/Twitter. Transport for London has been hit with a cyberattack. Threat actors have poisoned GlobalProtect VPN software to deliver WikiLoader. “Voldemort” is a significant international cyber-espionage campaign. Researchers uncover an SQL injection flaw with implications for airport security. Three men plead guilty to running an MFA bypass service. The FTC has filed a complaint against security camera firm Verkada. CBIZ Benefits & Insurance Services disclosed a data breach affecting nearly 36,000. The cybersecurity implications of a second Trump term. On our Industry Insights segment, guest Caroline Wong, Chief Strategy Officer at Cobalt, discusses application security and artificial intelligence.  A Washington startup claims to revolutionize political lobbying with AI.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On our Industry Insights segment, guest Caroline Wong, Chief Strategy Officer at Cobalt, discusses application security and artificial intelligence. You can find out more from Cobalt’s The State of Pentesting Report 2024 here. 

Selected Reading

Brazil Suspends Access to Elon Musk's X, Including via VPNs (GovInfo Security)

Cyberattack hits agency responsible for London’s transport network (The Record)

Hacking Poisoning GlobalProtect VPN To Deliver WikiLoader Malware On Windows (Cyber Security News)

magazine.com/news/scores-organizations-voldemort/">Scores of Organizations Hit By Novel Voldemort Malware (Infosecurity Magazine)

Researchers find SQL injection to bypass airport TSA security checks (Bleeping Computer)

magazine.com/news/three-plead-guilty-running-mfa/">Three Plead Guilty to Running MFA Bypass Site (Infosecurity Magazine)

Verkada to Pay $2.95 Million Over FTC Probe Into Security Camera Hacking (SecurityWeek)

Business services giant CBIZ discloses customer data breach (Bleeping Computer)

Who would be the cyber pros in a second Trump term? (CyberScoop)

Convicted fraudsters launch AI lobbying firm using fake names (Politico)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

You can learn more about AWS in Orbit at space.n2k.com/aws.

Our guests today are Jason Aspiotis, Global Director, In-Space Data & Security at Axiom Space and Jay Naves, Sr. Solutions Architect at AWS Aerospace & Satellite Solutions.

AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram.

Selected Reading

AWS Aerospace and Satellite

Audience Survey

We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info.

Want to join us for an interview?

Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal.

T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this encore episode with Vice President of Security and Support Operations of Alert Logic Tom Gorup shares how his career path led him from tactics learned in Army infantry using machine guns and claymores to cybersecurity replacing the artillery with antivirus and firewalls. Tom built a security automation solution called the Grunt (in recollection of his role in the Army) that automated firewall blocks. He credits his experience in battle-planning for his expertise in applying strategic thinking to work in cybersecurity, noting that communication is key in both scenarios. Tom advises that those looking into a new career shouldn't shy away from failure as failure is just another opportunity to learn. We thank Tom for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Danielle Ruderman, Senior Manager for Wordwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M, about CISO Circles, security challenges faced in higher education, and fostering the culture of security.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Tim Peck, a Senior Threat Researcher at Securonix, is discussing their work on "Threat actors behind the DEV#POPPER campaign have retooled and are continuing to target software developers via social engineering." The DEV#POPPER campaign continues to evolve, now targeting developers with malware capable of operating on Linux, Windows, and macOS systems.

The threat actors, believed to be North Korean, employ sophisticated social engineering tactics, such as fake job interviews, to deliver stealthy malware that gathers sensitive information, including browser credentials and system data.

The research can be found here:

• Research Update: Threat Actors Behind the DEV#POPPER Campaign Have Retooled and are Continuing to Target Software Developers via Social Engineering

Learn more about your ad choices. Visit megaphone.fm/adchoices

AI regulations move forward in California. DDoS attacks are on the rise. CISA  releases a joint Cybersecurity Advisory on the RansomHub ransomware. A persistent malware campaign has been targeting Roblox developers. Two European men are indicted for orchestrating a widespread “swatting” campaign. Critical vulnerabilities in an enterprise network monitoring solution could lead to system compromise. An Ohio judge issues a restraining order against a cybersecurity expert following a ransomware attack. Our guest is Dr. Zulfikar Ramzan, Chief Scientist at Aura, sharing his take on AI's growing role with online criminals. Admiral Hopper's lost lecture is lost no more. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Dr. Zulfikar Ramzan, Chief Scientist at Aura, sharing his take on the RockYou2024 breach and AI's growing role with online criminals.

Selected Reading

California Advances Landmark Legislation to Regulate Large AI Models (SecurityWeek)

Radware Report Surfaces Increasing Waves of DDoS Attacks (Security Boulevard)

CISA and Partners Release Advisory on RansomHub Ransomware (CISA)

Year-Long Malware Campaign Exploits NPM to Attack Roblox Developers (HackRead)

2 Men From Europe Charged With 'Swatting' Plot Targeting Former US President and Members of Congress (SecurityWeek)

Critical Flaws in Progress Software WhatsUp Gold Expose Systems to Full Compromise (SecurityWeek)

Ahead of mandatory rules, CISA unveils new cyber incident reporting portal (Federal News Network)

Franklin County judge grants city request to suppress cyber expert's efforts to warn public (The Columbus Dispatch)

grace-hoppers-1982-nsa-lecture-has-been-published.html">Adm. Grace Hopper’s 1982 NSA Lecture Has Been Published (Schneier on Security)

Capt. Grace Hopper on Future Possibilities: Data, Hardware, Software, and People (Part One, 1982) (YouTube)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

French authorities outline the allegations against Telegram’s CEO. Google finds familiar spyware in Mongolian government websites. The Mirai botnet leverages obsolete security cameras. Iran’s Peach Sandstorm targets the space industry. A federal appeals court says platforms may be liable to algorithmically recommended content. Scam cycles are getting shorter. McDonald’s officials are grimacing after hackers take over their Instagram account. Our guests today are Dave DeWalt, Founder and CEO of NightDragon, and Nicole Bucala, CEO and GM at DataBee, sharing their joint initiative which aims to propel future cybersecurity innovations. A would-be extortionist fails to cover his tracks.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guests today are Dave DeWalt, Founder and CEO of NightDragon, and Nicole Bucala, CEO and GM at DataBee, sharing their joint initiative to propel future cybersecurity innovations. Learn more. 

Selected Reading

French authorities charge Telegram's Durov in probe into organized crime on app (Reuters)

Russian government hackers found using exploits made by spyware companies NSO and Intellexa (TechCrunch)

Old CCTV cameras provide a fresh opportunity for a Mirai botnet variant (The Record)

Notorious Iranian Hackers Have Been Targeting the Space Industry With a New Backdoor (WIRED) 

Appeals court revives TikTok ‘blackout challenge’ death suit (The Register)

Online scam cycles are getting shorter and more effective, Chainalysis finds (CyberScoop)

Cisco Patches Multiple NX-OS Software Vulnerabilities (SecurityWeek)

Crypto scammers who hacked McDonald's Instagram account say they stole $700,000 (Bitdefender)

magazine.com/news/it-engineer-charged-extort-former/">IT Engineer Charged For Attempting to Extort Former Employer (Infosecurity Magazine)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Threat actors use a malicious Pidgin plugin to deliver malware. The BlackByte ransomware group is exploiting a recently patched VMware ESXi  vulnerability. The State Department offers a $2.5 million reward for a major malware distributor. A Swiss industrial manufacturer suffers a cyberattack. The U.S. Marshals Service (USMS) responds to claims of data theft by the Hunters International ransomware gang. Park’N Fly reports a data breach affecting 1 million customers. Black Lotus Labs documents the active exploitation of a zero-day vulnerability in Versa Director servers. Federal law enforcement agencies warn that Iran-based cyber actors continue to exploit U.S. and foreign organizations. We kick off our new educational CertByte segment with hosts Chris Hare and George Monsalvatge. Precrime detectives root out election related misinformation before it happens. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

On today’s show, our guests are N2K's Chris Hare and George Monsalvatge introducing our new bi-weekly CertByte segments that kick off today on the CyberWire Daily podcast.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by George Monsalvatge to break down a question targeting the Project Management Professional (PMP)® certification by the Project Management Institute®. Today’s question comes from N2K’s PMI® Project Management Professional (PMP®) Practice Test.

The PMP® is the global gold standard certification typically targeted for those who have about three to five years of project management experience. To learn more about this and other related topics under this objective, please refer to the following resource: Project Management Institute - Code of Ethics and Professional Conduct.

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Selected Reading

 Malware Delivered via Malicious Pidgin Plugin, Signal Fork (SecurityWeek)

BlackByte Hackers Exploiting VMware ESXi Auth Bypass Flaw to Deploy Ransomware (Cyber Security News)

US Offering $2.5 Million Reward for Belarusian Malware Distributor (SecurityWeek)

Services at Swiss manufacturer Schlatter disrupted in likely ransomware attack (SiliconANGLE)

US Marshals say data posted by ransomware gang not from 'new or undisclosed incident' (The Record)

Park’N Fly notifies 1 million customers of data breach (Bleeping Computer)

Taking the Crossroads: The Versa Director Zero-Day Exploitation (Lumen)

Iran-based Cyber Actors Enabling Ransomware Attacks on US Organizations (CISA)

Hundreds of 'PreCrime' Election-Related Fraud Sites Spotted (Metacurity)

Learn more about your ad choices. Visit megaphone.fm/adchoices

Hacktivists respond to the arrest of Telegram’s CEO in France. Stealthy Linux malware stayed undetected for two years. Versa Networks patches a zero-day vulnerability. Google has patched its tenth zero-day vulnerability of 2024. Researchers at Arkose labs document Greasy Opal. A flaw in Microsoft 365 Copilot allowed attackers to exfiltrate sensitive user data. Gafgyt targets crypto mining in cloud native environments. Microsoft investigates an Exchange Online message quarantine issue. Our guest is Bar Kaduri, research team leader at Orca Security talking about AI Goat, the first open source AI security learning environment based on the OWASP top 10 ML risks. Kentucky Prisoners Trick Tablets to Generate Fake Money. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest is Bar Kaduri, research team leader at Orca Security talking about AI Goat, the first open source AI security learning environment based on the OWASP top 10 ML risks. Available on GitHub, AI Goat is an intentionally vulnerable AI environment built in Terraform that includes numerous threats and vulnerabilities for testing and learning purposes. Learn more. 

Selected Reading

Arrest of Telegram CEO sparks cyberattacks against French websites (SC Media)

Unveiling sedexp: A Stealthy Linux Malware Exploiting udev Rules (AON)

Stealthy 'sedexp' Linux malware evaded detection for two years (Bleeping Computer)

Google tags a tenth Chrome zero-day as exploited this year (Bleeping Computer)

Versa fixes Director zero-day vulnerability exploited in attacks (Bleeping Computer)

Greasy Opal: Greasing the Skids for Cybercrime (Arkose Labs)

Microsoft Copilot Prompt Injection Vulnerability Let Hackers Exfiltrate Personal Data (Cyber Security News)

Gafgyt Botnet: Weak SSH Passwords Targeted For GPU Mining (Security Boulevard)

Microsoft: Exchange Online mistakenly tags emails as malware (Bleeping Computer)

bulletin.com/news/national/kentucky-prisoners-hack-state-issued-computer-tablets-to-digitally-create-1m-how-d-they-do/article_f28eb222-c372-5a3c-bd43-102dd1a1f282.html">Kentucky prisoners hack state-issued computer tablets to digitally create $1M. How’d they do it? (Union Bulletin)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Telegram’s CEO is arrested by French police, presumably over moderation failures. A cyberattack disrupted services at Seattle-Tacoma International Airport and the Port of Seattle. SonicWall has warned customers of a critical vulnerability that could lead to unauthorized access or a firewall crash. Dutch and French regulators fined Uber €290 million for failing to protect the privacy of EU drivers. Microsoft will host a cybersecurity conference next month in response to the disastrous CrowdStrike software update. Radio Free Europe/Radio Liberty looks at Iran’s active attempts to interfere in the upcoming U.S. presidential election. Our guests are Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M. They spoke with N2K’s Brandon Karpf about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Pig Butchering devastates a small town bank. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guests are Danielle Ruderman, Senior Manager for Worldwide Security Specialists at AWS, and Adam Mikeal, CISO at Texas A&M. They spoke with N2K’s Brandon Karpf about CISO Circles, security challenges faced in higher education, and fostering the culture of security. Brandon spoke with Danielle and Adam at AWS’ re:Inforce 2024. 

Selected Reading

Telegram CEO Pavel Durov arrested at French airport (BBC)

Is Telegram really an encrypted messaging app? – A Few Thoughts on Cryptographic Engineering (Cryptography Engineering)

The Port of Seattle and Sea-Tac Airport say they’ve been hit by ‘possible cyberattack’ (TechCrunch)

Nearly 32 Million Documents, Invoices, Contracts, and Agreements Exposed Online by Global Field Service Management Provider (Website Planet)

SonicWall Patches Critical SonicOS Vulnerability (SecurityWeek)

Uber fined €290 million for sending drivers’ data outside Europe (Politico)

plans-september-cybersecurity-event-after-crowdstrike-outage.html">Microsoft plans September cybersecurity event to discuss changes after CrowdStrike outage (CNBC)

Iran Tries To 'Storm' U.S. Election With Russian-Style Disinformation Campaign (Radio Free Europe/Radio Liberty)

Audit finds notable security gaps in FBI's storage media management (Bleeping Computer)

shan-hanes-pig-butchering-scam.html">Cryptocurrency 'pig butchering' scam wrecks Kansas bank, sends ex-CEO to prison for 24 years (CNBC)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode, where we are joined by Vice President of Global Systems Engineering Ellen Sundra and she shares her career path from life as a college grad who found her niche by creating a training program to a leader in cybersecurity. She realized that training and educating people was her passion. Ellen sees her value in providing soft skills as a natural balance to her technical team at Forescout Technologies. Being a woman in a male-dominated world proved to be a challenge and gaining her confidence to share her unique point of view helped her excel in it. Ellen recommends keeping your eyes open for how your skill set fits into cybersecurity. Find your perspective and really embrace it! We thank Ellen for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

In this Special Edition podcast, N2K's Executive Editor Brandon Karpf speaks with Dustin Moody, mathematician at NIST, about their first 3 recently finalized post-quantum encryption standards.

NIST finalized a key set of encryption algorithms designed to protect against future cyberattacks from quantum computers, which operate in fundamentally different ways from traditional computers. Listen as Brandon and Dustin discuss these algorithms and how quantum computing will change the way we view encryption and cyber attacks in the future.

Resources:

NIST Releases First 3 Finalized Post-Quantum Encryption Standards (NIST)

• FIPS 203
• FIPS 204
• FIPS 205

What is Post Quantum Cryptography? (NIST)

National Cybersecurity Center of Excellence (NCCoE)

Post-Quantum Cryptography Standardization Project (NIST)

Need to know: NIST finalizes post-quantum encryption standards essential for cybersecurity. (N2K CyberWire)

Learn more about your ad choices. Visit megaphone.fm/adchoices

Robert Duncan, VP of Product Strategy from Netcraft, is discussing their work on "Mule-as-a-Service Infrastructure Exposed." Netcraft's new threat intelligence reveals the intricate connections within global fraud networks, showing how criminals use specialized services like Mule-as-a-Service (MaaS) to launder scam proceeds.

By mapping the cyber and financial infrastructure, including bank accounts, crypto wallets, and phone numbers, Netcraft exposes how different scams are interconnected and identifies weak points that can be targeted to disrupt these operations. This insight provides an opportunity to prevent fraud and protect against financial crimes like pig butchering, investment scams, and romance fraud.

The research can be found here:

• Mule-as-a-Service Infrastructure Exposed

Learn more about your ad choices. Visit megaphone.fm/adchoices

The exploitation of the LiteSpeed Cache Wordpress plugin has begun. Halliburton confirms a cyberattack. Velvet Ant targets Cisco Switch appliances. The Qilin ransomware group harvests credentials stored in Google Chrome. Ham radio enthusiasts pay a million dollar ransom. SolarWinds releases a hotfix to fix a hotfix. A telecom company will pay a million dollar fine over President Biden deepfakes. The Justice Department is suing the Georgia Institute of Technology and an affiliated company for allegedly failing to meet required cybersecurity standards for Pentagon contracts. Today’s guest is Dustin Moody, mathematician at NIST, speaking with N2K's Brandon Karpf about post-quantum encryption standards.  When it comes to phishing simulations, sometimes the cure is scarier than the disease.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Today’s guest Dustin Moody, mathematician at NIST, talks with N2K's Brandon Karpf about their first 3 finalized post-quantum encryption standards. You can hear more of Brandon and Dustin’s conversation as they go into more detail on the individual standards on Sunday in our Special Edition podcast. Stay tuned. 

You can read more on the newly-released standards here. Want to learn more about what post-quantum cryptography is? Check out this resource from NICE. 

Selected Reading

Hackers are exploiting critical bug in LiteSpeed Cache plugin (Bleeping Computer)

Oil industry giant Halliburton confirms 'issue' following reported cyberattack (The Record)

China-Nexus Threat Group ‘Velvet Ant’ Exploits Zero-Day on Cisco Nexus Switches (Sygnia)

Qilin ransomware now steals credentials from Chrome browsers (Bleeping Computer)

ARRL IT Security Incident - Report to Members (ARRL: The National Association for Amateur Radio)

SolarWinds Leaks Credentials in Hotfix for Exploited Web Help Desk Flaw (SecurityWeek)

Telecom company hit with $1 million penalty over AI-generated fake Biden robocalls (The Record)

DOJ sues Georgia Tech over allegedly failing to meet cyber requirements for DOD contracts (CyberScoop)

Uni phishing test based on fake Ebola scare prompts apology (The Register)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart cards could be easily backdoored. The FAA proposes new cybersecurity rules for airplanes, engines, and propellers. A member of the Russian Karakurt ransomware group faces charges in the U.S. The Five Eyes release a guide on Best Practices for Event Logging and Threat Detection. The Kremlin claims widespread online outages are due to DDoS, but experts think otherwise. In our Threat Vector segment, guest host Michael Sikorski speaks with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. A deadbeat dad dodges debt through death. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this Threat Vector segment, guest host Michael Sikorski, CTO of Unit 42, engages in a thought-provoking conversation about the historical challenges and advances in cyber conflict with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network. 

Selected Reading

Critical Privilege Escalation in LiteSpeed Cache Plugin (Patchstack)

Google fixes ninth Chrome zero-day exploited in attacks this year (The Register)

Cisco Patches High-Severity Vulnerability Reported by NSA (SecurityWeek)

Slack AI can leak private data via prompt injection (The Register)

Major Backdoor in Millions of RFID Cards Allows Instant Cloning (SecurityWeek)

FAA proposes new cybersecurity rules for airplanes (The Record)

U.S. charges Karakurt extortion gang’s “cold case” negotiator (Bleeping Computer)

ASD’s ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat Detection (CISA)

Kremlin blames widespread website disruptions on DDoS attack; digital experts disagree (The Record)

Deadbeat dad faked his own death by hacking government sites (The Register)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A major American chipmaker discloses a cyberattack. Cybercriminals exploit Progressive Web Applications (PWAs) to bypass iOS and Android defenses. Mandiant uncovers a privilege escalation vulnerability in Microsoft Azure Kubernetes Services. ALBeast hits ALB. Microsoft’s latest security update has caused significant issues for dual-boot systems. The DOE’s new SolarSnitch program aims to sure up solar panel security. Researchers uncover LLM poisoning techniques. An Iranian-linked group uses a fake podcast to lure a target. Our guest is Parya Lotfi, CEO of DuckDuckGoose, discussing the increasing problem of deepfakes in the cybersecurity landscape. Return to sender - AirTag edition. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Our guest Parya Lotfi, CEO of DuckDuckGoose, discusses the increasing relevance of deepfakes in the cybersecurity landscape.

Selected Reading

Microchip Technology discloses cyberattack impacting operations (Bleeping Computer)

Android and iOS users targeted with novel banking app phishing campaign (Cybernews)

Azure Kubernetes Services Vulnerability Exposed Sensitive Information (SecurityWeek)

ALBeast: Misconfiguration Flaw Exposes 15,000 AWS Load Balancers to Risk (HACKREAD)

Microsoft’s latest security update has ruined dual-boot Windows and Linux PCs (The Verge)

DOE debuts SolarSnitch technology to boost cybersecurity in solar energy systems (Industrial Cyber)

Researchers Highlight How Poisoned LLMs Can Suggest Vulnerable Code (Dark Reading)

Best Laid Plans: TA453 Targets Religious Figure with Fake Podcast Invite Delivering New BlackSmith Malware Toolset | Proofpoint US (Proofpoint)

Serial mail thieves thwarted when victim sends herself an AirTag (Apple Insider) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Dem’s 2024 party platform touches on cybersecurity goals. The feds warn of increased Iranian influence operations. A severe security flaw has been discovered in a popular WordPress donation plugin. The Lazarus Group exploits a Windows zero-day to install a rootkit. Krebs on Security takes a closer look at the significant data breach at National Public Data. Toyota confirms a data breach after their data shows up on a hacking forum. A critical Jenkins vulnerability is added to CISA’s Known Exploited Vulnerabilities catalog. Cybercriminals steal credit card info from the Oregon Zoo. Guest CJ Moses, CISO at Amazon, discussing partnership and being a good custodian of the community in threat intel and information sharing. CISA gets new digs. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Guest CJ Moses, CISO at Amazon, speaks with N2K’s Brandon Karpf about partnership and being a good custodian of the community in threat intel and information sharing at re:Inforce 2024.

Selected Reading

Democratic Party Platform Contains Three Cyber Goals (Metacurity)

US warns of Iranian hackers escalating influence operations (Bleeping Computer)

Critical WordPress Plugin RCE Vulnerability Impacts 100k+ Sites (Cyber Security News)

Windows driver zero-day exploited by Lazarus hackers to install rootkit (Bleeping Computer)

National Public Data Published Its Own Passwords (Krebs on Security)

Toyota confirms breach after stolen data leaks on hacking forum (Bleeping Computer)

Critical Jenkins vulnerability added to CISA’s known vulnerabilities catalog (SC Media)

Cybercriminals siphon credit card numbers from Oregon Zoo website (The Record)

CISA to Get New $524 Million Headquarters in DC, Backed by Inflation Reduction Act Funding (SecurityWeek)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Cisco Talos discovers vulnerabilities in Microsoft applications for macOS. OpenAI disrupts an Iranian influence campaign. Jewish Home Lifecare discloses a data breach affecting over 100,000. Google tests an auto-redaction feature in Chrome for Android. Unicoin informs the SEC that it was locked out of G-Suite for four days. House lawmakers raise concerns over China-made WiFi routers. Moody’s likens the switch to post-quantum cryptography to the Y2K bug. Diversity focused tech nonprofits grapple with flagging support. Tim Starks of CyberScoop is back to discuss his investigation of a Russian hacking group targeting human rights groups. Smart phones get some street smarts.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We welcome Tim Starks of CyberScoop back to discuss his story "Russian hacking campaign targets rights groups, media, former US ambassador."

Selected Reading

Vulnerabilities in Microsoft’s macOS apps could help hackers access microphones and cameras (The Record)

chatgpt-iran-misinformation.html">OpenAI Disrupts Iranian Misinformation Campaign (The New York Times)

100,000 Impacted by Jewish Home Lifecare Data Breach (SecurityWeek)

Chrome will redact credit cards, passwords when you share Android screen (Bleeping Computer)

Crypto firm says hacker locked all employees out of Google products for four days (The Record)

House lawmakers push Commerce Department to probe Chinese Wi-Fi router company (CyberScoop)

Moody's sounds alarm on quantum computing risk, as transition to PQC ‘will be long and costly’ (Industrial Cyber)

The movement to diversify Silicon Valley is crumbling amid attacks on DEI (Washington Post)

Google’s Stunning New Android AI Feature Instantly Locks Phone Thieves Out (Forbes)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore with CEO and co-founder of Dragos Robert Lee, as he talks about how he came to cybersecurity through industrial control systems. Growing up with parents in the Air Force, Robert's father tried to steer him away from military service. Still Rob chose to attend the Air Force Academy where he had greater exposure to computers through ICS. Robert finds his interest lies in things that impact the physical world around us. In his work, Dragos focuses on identifying what people are doing bad and helping people understand how to defend against that. Rob describes the possibility of making a jump to control system security from another area recommending you bring something to the table. Rob talks about the world he would like to leave to his son and his hopes for the future. We thank Rob for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Snir Ben Shimol from ZEST Security on their work, "How we hacked a cloud production environment by exploiting Terraform providers." In this blog, ZEST discusses the security risks associated with Terraform providers, particularly those from community sources.

The research highlights the importance of carefully vetting providers, regular scanning, and following best practices like version pinning to mitigate potential vulnerabilities in cloud infrastructure management.

The research can be found here:

• The hidden risks of Terraform providers

Learn more about your ad choices. Visit megaphone.fm/adchoices