CyberWire Daily

Rashmi Bharathan, an Information Technology Internal Auditor from Wintrust Financial Corporation sits down to share her story as a woman with 10 years in the IT industry and how she got her start. From childhood Rashmi always wanted to be a good leader, helping those around her, now she shares how helping people is a passion of hers and spends a lot of her time volunteering to help those coming into this industry. She says "It's all about, you should know your connections. That is more important. So I would say that networking and volunteering is really going to help you to grow in your career," sharing that community is the key to her success and working hard to network has been a great help to her to get her where she is today. We thank Rashmi for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by Tim Miller, Technical Marketing Engineer for Panoptica, Cisco's Cloud Application Security solution, (Panoptica is the result of Cisco's incubation engine (Outshift) for new products and markets), and Kevin Ford, Esri’s CISO. They discuss the complexity reduction need that Cloud-Native Application Protection Platforms (CNAPPs) provide. Outshift by Cisco is our CyberWire-X episode sponsor. To learn more about Cloud-Native Application Protection Platforms, check out Panoptica’s website at https://panoptica.app and consider attending the Cisco Live EMEA in Amsterdam, February 5-8, 2024. Learn more about your ad choices. Visit megaphone.fm/adchoices

Jaron Bradley from Jamf Threat Labs is sharing their work on "Jamf Threat Labs discovers new malware embedded in pirated applications." Jamf Threat Labs has detected a series of pirated macOS applications that have been modified to communicate to attacker infrastructure. The research states "These applications are being hosted on Chinese pirating websites in order to gain victims." The discovery marks new and advanced malware, similar to the ZuRu malware, first discovered by Objective-See in 2021 within the iTerm2 application. The research can be found here: Jamf Threat Labs discovers new malware embedded in pirated applications Learn more about your ad choices. Visit megaphone.fm/adchoices

Senator Wyden calls out the NSA for purchasing American’s internet records. Senators look to add IT and ICS environments to federal employee cyber competitions. The FTC asks big tech about their investments in AI. Turns out the GSA bought a bunch of Chinese security cameras. Akira ransomware claims a breach of Lush cosmetics. ESET reports on the Blackwood cyberespionage group. Wired looks at Predatory Sparrow. The U.S. stands firm on the United Nations Cybercrime Treaty. Our guest is Tony Surak, CMO & Operating Partner from DataTribe, with insights on the state of venture capital in cyber. And a Trickbot gang member will be doing some time. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Tony Surak from DataTribe joins us to share his take on the state of the VC cyber market. Selected Reading Wyden Releases Documents Confirming the NSA Buys Americans’ Internet Browsing Records; Calls on Intelligence Community to Stop Buying U.S. Data Obtained Unlawfully From Data Brokers, Violating Recent FTC Order Senate Committee debuts bipartisan bill to add OT, ICS environments to federal employee cyber competition FTC officially asks Big Tech about their AI deals | Cybernews GSA Sparks Security Fears After Buying Risky Chinese Cameras Akira ransomware gang says it stole passport scans from Lush • The Register Elusive Chinese Cyberspy Group Hijacks Software Updates to Deliver Malware - SecurityWeek How a Group of Israel-Linked Hackers Has Pushed the Limits of Cyberwar | WIRED On eve of final negotiations, US says consensus growing around ‘narrow’ UN cybercrime treaty Trickbot malware developer sentenced to 5 years behind bars • The Register Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cozy Bear breaches Hewlett Packard Enterprise. An investigation reveals global surveillance based on digital advertising. Cisco patches critical vulnerabilities. Meta aims to enhance the online safety of minors. iOS notifications are exploited for tracking. EquiLend’s systems go offline after a cyberattack. A DC theater faced financial crisis after seeing their bank account drained. Critical infrastructure is targeted in Ukraine. The latest insights on ransomware. Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. And Teslas get POwned in Tokyo. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Lance Hood joins us from TransUnion to share how fraud attacks on financial industry call centers are rising. Selected Reading Hewlett Packard Enterprise tells SEC it was breached by Russia’s 'Cozy Bear' hackers (The Record) Inside a Global Phone Spy Tool Monitoring Billions (404 Media) Cisco Patches Critical Vulnerability in Enterprise Collaboration Products (SecurityWeek) Instagram and Facebook will now prevent strangers from messaging minors by default (The Verge) Research Reveals How iPhone Push Notifications Leak User Data (MacRumors) Financial tech firm EquiLend says recovery after cyberattack ‘may take several days’ (The Record) 'No gift is too small' | GALA Hispanic Theater asking for donations after hackers drain bank accounts (WUSA9) Ukrainian energy giant, postal service, transportation agencies hit by cyberattacks (The Record) The 2024 Ransomware Threat Landscape (Symantec Enterprise Blogs) Who pays, and why: A researcher examines the ransomware victim’s mindset (The Record) Tesla Hack Earns Researchers $100,000 at Pwn2Own Automotive - SecurityWeek (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Biden prepares executive order on foreign access to data. Britain’s NCSC warns of a significant ransomware increase. Cisco Talos confirms ransomware surge. BuyGoods.com leaks PII and KYC data. Fortra faces scrutiny over slow disclosure. AI fights financial fraud. Intel471 highlights bulletproof hosting. NSO Group lobbies to revamp their image. Tussling in Missouri over election security. Integrating cyber education. Our guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking about a new partnership for a comprehensive Cyber Talent Study. And the moral panic of Furbies. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guests are N2K President Simone Petrella and WiCyS Executive Director Lynn Dohm talking with Dave Bittner about a new partnership for a comprehensive Cyber Talent Study to deepen the collective understanding of cybersecurity competencies within the industry. Selected Reading Biden Seeks to Stop Countries From Exploiting Americans’ Data for Espionage (Bloomberg) British intelligence warns AI will cause surge in ransomware volume and impact (The Record) Significant increase in ransomware activity found in Talos IR engagements, while education remains one of the most-targeted sectors (Talos) Global Retailer BuyGoods.com Leaks 198GB of Internal and User PII, KYC data (HACKREAD) Fortra blasted over slow response to critical GoAnywhere file transfer bug (SC Media) Gen AI Expected to Bring Big Changes to Banking Sector (GovInfo Security) Why Bulletproof Hosting is Key to Cybercrime-as-a-Service (Infosecurity Magazine) Notorious Spyware Maker NSO Group Is Quietly Plotting a Comeback (WIRED) Missouri secretary of state accused of withholding cybersecurity reviews of election authorities (StateScoop) Cybersecurity education from childhood is a vital tool: 72% of children worldwide have experienced at least one type of cyber threat (Check Point) These Are the Notorious NSA Furby Documents Showing Spy Agency Freaking Out About Embedded AI in Children's Toy (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The mother of all data breaches. CISA director Easterly is the victim of a swatting incident. An AI robocall in New Hampshire seeks to sway the election. Australia sanctions an alleged Russian cyber-crime operator. Atlassian Confluence servers are under active exploitation. Apple patches a webkit zero-day. Black Basta hits a major UK water provider. Hackers who targeted an Indian ISP launch and online search portal. A Massachusetts hospital suffered a Christmas day ransomware attack. Ann Johnson host of the Afternoon Cyber Tea podcast, speaks with Caitlin Sarian, known to many as Cybersecurity Girl. And HP claims bricked printers are a security feature, not a bug. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Microsoft Security’s Afternoon Cyber Tea podcast host, Ann Johnson, speaks with Caitlin Sarian, known to many as Cybersecurity Girl, a leading influencer with a cybersecurity-focused social presence. Listen to the full interview here. Selected Reading Mother of All Breaches: ​a Historic Data Leak Reveals 26 Billion Records (Cybernews) CISA’s Easterly the target of ‘harrowing’ swatting incident (The Record) AI robocalls impersonate President Biden in an apparent attempt to suppress votes in New Hampshire (PBS NewsHour) Hear fake Biden robocall urging voters not to vote in New Hampshire (YouTube) Medibank hack: Russian sanctioned over Australia's worst data breach (BBC) Hackers start exploiting critical Atlassian Confluence RCE flaw (BleepingComputer) iOS 17.3 and macOS Sonoma 14.3 Patch WebKit Vulnerability That May Have Been Exploited (MacRumors) UK water company that serves millions confirms system attackIndian ISP Hathway Data Breach (The Record) Hacker Leaks 4 Million Users, KYC Data (HACKREAD) Massachusetts hospital claimed to be targeted by Money Message ransomware (SC Media) HP's CEO spells it out: You're a 'bad investment' if you don't buy HP supplies (The Register) HP CEO evokes James Bond-style hack via ink cartridges (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian state hackers breach Microsoft. LockBit claims Subway restaurants hack. A Swedish datacenter is hit with ransomware. VMware patches a vulnerability targeted by Chinese espionage groups. Sentinel Labs warns of North Korean APTs focus on cybersecurity pros. FTC order another data broker to restrict location data. US Feds release security guidance for water and wastewater sectors. Senators question the DOJ on facial recognition technology. Ukraine’s Monobank gets DDoSed. N2K’s CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast. The passing of a Time Lord. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s CSO Rick Howard joins us to share some insight into what he and the Hash Table are cooking up for the upcoming season of his CSO Perspectives podcast launching next month. Selected Reading Microsoft: Russian Hackers Had Access to Executives' Emails (GovInfo Security) LockBit ransomware gang claims the attack on the sandwich chain Subway (Security Affairs) Ransomware hits cloud service Tietoevry; numerous Swedish customers affected (The Record) Chinese Espionage Group UNC3886 Found Exploiting CVE-2023-34048 Since Late 2021 (Mandiant) North Korea’s ScarCruft APT group targets infosec pros (CSO Online) FTC Order Will Ban InMarket from Selling Precise Consumer Location Data (Federal Trade Commission) US Gov Publishes Cybersecurity Guidance for Water and Wastewater Utilities (SecurityWeek) Ukraine’s Monobank hit with massive DDoS attack (Silicon Republic) Senators ask DOJ to investigate whether facial recognition tech violates Civil Rights Act (The Record) RIP, Internet’s Time Lord (On My Om) Network Time Protocol (NTP) attack (noun) (Word Notes podcast) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CEO, Matt Devost, describes many firsts in his career including hacking into systems on an aircraft carrier at sea. He shares how he enjoys solving hard problems and the red teamer perspective, and how he was able to translate those into a career. For those interested in cybersecurity, Matt advises opportunities for self-directed learning including heading down to your basement and building your own lab. Our thanks to Matt for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Earlier this month, the White House released the National Cybersecurity Strategy, the first issued since 2018. The strategy refocuses roles, responsibilities, and resource allocations in the digital ecosystem, with a five pillar approach. Those pillars are: defending critical infrastructure, disrupting threat actors, shaping market forces to drive security and resilience, investing in a resilient future, and forging international partnerships. We wanted to delve into the strategy and its intended effects further, so Dave Bittner spoke with representatives from industry and inside government. Dave first speaks with Adam Isles, Principal and Head of Cybersecurity Practice at The Chertoff Group, sharing industry's take on the strategy. Following that conversation, Dave had a discussion with Steve Kelly, Special Assistant to the President and Senior Director for Cybersecurity and Emerging Technology at the National Security Council, for a look at the strategy from inside the White House. Links to resources: Point of View: 2023 National Cybersecurity Strategy The Chertoff Group's blog National Cybersecurity Strategy 2023 Learn more about your ad choices. Visit megaphone.fm/adchoices

Jon Williams from Bishop Fox is sharing their research on "It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. The research can be found here: It’s 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft warns of an Iranian cyberespionage group. The CyberSafety Review Board receives critical reviews of its own. VMWare warns of active product exploitation. Tax info gets leaked in accounting firm breach. Kansas State University reports a cyber incident. CISA adds Citrix Netscaler vulnerabilities to its Known Exploited Vulnerabilities catalog. Councils in the UK suffer online disruptions. Cyber insurance can be a double edged sword. More email security breaches lead to firings. In our Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service With an update on the Cybersecurity Talent Initiative. And it’s shields up for Generation Z. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Solution Spotlight, N2K President Simone Petrella speaks with Michelle Amante of the Partnership for Public Service sharing an update on the Cybersecurity Talent Initiative and how federal agencies and early career existing talent that may be interested in the program’s offerings. Selected Reading Microsoft: Iranian hackers target researchers with new MediaPl malware (Bleeping Computer) Cyber Safety Review Board needs stronger authorities, more independence, experts say (Cyberscoop) VMware vCenter Server Vulnerability Exploited in Wild (SecurityWeek) ELO accounting data breach sparks tax fraud (Cybernews) Cyber attacks on Kent councils disrupt online services (BBC) Kansas State University suffered a serious cybersecurity incident (SecurityAffairs) CISA urges urgent patching of two actively exploited Citrix NetScaler vulnerabilities (Malwarebytes) Cyber Insurance in the Age of Ransomware: Protection or Provocation? (SOCRadar) Four-in-ten employees sacked over email security breaches as firms tackle “truly staggering” increase in attacks (IT Pro) Think boomers are most vulnerable to cybersecurity attacks? Wrong. It's actually Gen Z (CBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2024 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A massive credential dump hits the online underground. CISA and the FBI issue joint guidance on drones. TensorFlow frameworks are prone to misconfigurations. Swiss federal agencies are targets of nuisance DDoS. Cybercriminals hit vulnerable Docker servers. Quarkslab identifies PixieFAIL in UEFI implementations. Google patches Chrome zero-day. The Bigpanzi botnet infects smart TVs. Proofpoint notes the return of TA866. In our Threat Vector segment, David Moulton dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. And we are shocked- SHOCKED! - to learn that Facebook is tracking us. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest This segment of Threat Vector dives into the evolving world of AI in cybersecurity with Kyle Wilhoit, director of threat research at Unit 42. This thought-provoking discussion, hosted by David Moulton, director of thought leadership at Unit 42, ffocuses on the current state and future trends of AI in cyberthreats. Discover how AI is reshaping the landscape of cyberattacks, the role of generative AI in threat actor tactics, and the challenges of attribution in AI-driven cyberattacks. Visit Unit 42 by Palo Alto Networks to learn more. Check out the Threat Vector podcast and follow it on your favorite podcast app. Selected Reading Researcher uncovers one of the biggest password dumps in recent history (Ars Technica) Troy Hunt: Inside the Massive Naz.API Credential Stuffing List (Troy Hunt) Feds warn China-made drones pose risk to US critical infrastructure (SC Media) TensorFlow CI/CD Flaw Exposed Supply Chain to Poisoning Attacks (The Hacker News) Swiss Government Reports Nuisance-Level DDoS Disruptions (Data Breach Today) Malware Exploits 9Hits, Turns Docker Servers into Traffic Boosted Crypto Miners (HACKREAD) PixieFail: Nine flaws in UEFI open-source reference implementation (Security Affairs) Update Chrome! Google patches actively exploited zero-day vulnerability (Malwarebytes) Cybercrime crew infects 172,000 smart TVs and set-top boxes (Risky Biz News) Russian threat group COLDRIVER expands its targeting of Western officials to include the use of malware (Google Threat Analysis Group) Security Brief: TA866 Returns with a Large Email Campaign (Proofpoint) Each Facebook User Is Monitored by Thousands of Companies (Consumer Reports) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Bryce Kennedy, President of the Association of Commercial Space Professionals (ACSP), is sharing what is on horizon in space law. Bryce is also a space lawyer and a regular contributor to our T-Minus daily space podcast right here on the N2K podcast network. You can hear more from the T-Minus space daily show here. While this show covers legal topics, and Ben is a lawyer, the views expressed do not constitute legal advice. For official legal advice on any of the topics we cover, please contact your attorney. Caveat Briefing A companion weekly newsletter is available CyberWire Pro members on the CyberWire's website. If you are a member, make sure you subscribe to receive our weekly wrap-up of privacy, policy, and research news, focused on incidents, techniques, tips, compliance, rights, trends, threats, policy, and influence ops delivered to you inbox each Thursday. Got a question you'd like us to answer on our show? You can send your audio file to [email protected]. Hope to hear from you. Learn more about your ad choices. Visit megaphone.fm/adchoices

Atlassian issues critical updates. CISA and the FBI warn of AndroxGh0st. A GPU vulnerability hits major manufacturers. A Foxconn subsidiary in Taiwan gets hacked. Australians suffer breached credit cards through credential stuffing. A parade of horrible hackers and scammers. CISO accountability is highlighted at ShmooCon. Cybersecurity VC funding plummets. On the Learning Layer, N2K’s Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session. Don’t ask ChatGPT to handle your Amazon product listings. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On the Learning Layer with N2K’s Executive Director of Product Innovation Sam Meisenberg lets us in on an A+ tutoring session he held with Jaden Dicks. Selected Reading Atlassian’s Confluence Data Center and Server Affected by Critical RCE Vulnerability, CVE-2023-22527: Patch Now (SOCRadar) FBI, CISA warn of AndroxGh0st botnet for victim identification and exploitation (Security Affairs) A new vulnerability affecting Apple, AMD, and Qualcomm GPUs could expose AI data (TechSpot) Taiwan’s Foxconn subsidiary faces cyberattack (Taiwan News) 15,000 Aussies Affected After Binge, The Iconic Hacked (Pedestrian) Hackers post disturbing videos to online forum used by UC Irvine students (ABC7) Heartless scammers prey on hundreds of lost pet owners, demanding ransoms or else… (Bitdefender) As hacks worsen, SEC turns up the heat on CISOs (TechCrunch) Cybersecurity Startup Funding Hits 5-Year Low, Drops 50% From 2022 (Crunchbase) Amazon Is Selling Products With AI-Generated Names Like "I Cannot Fulfill This Request It Goes Against OpenAI Use Policy" (Futurism) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ivanti products are under active zero-day exploitation. Phemedrone is a new open-source info-stealer. Bishop Fox finds exposed SonicWall firewalls. GitLab and VMware patch critical vulnerabilities. The Secret Service foils a phishing scam. Europol shuts down a cryptojacking campaign. Ransomware hits a Majorca municipality. RUSI looks at ransomware. Ben Yelin explains the New York Times going after OpenAI over the data scraping. And the sad case of an Ohio lottery winner. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest and partner Ben Yelin joins us today to discuss “The Most Critical Elements of the FTC’s Health Breach Rulemaking.” Ben is the Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and Co-Host of N2K’s Caveat Podcast. Selected Reading Ivanti Connect Secure zero-days now under mass exploitation (Bleeping Computer) Windows SmartScreen flaw exploited to drop Phemedrone malware (Bleeping Computer) Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (Security Affairs) GitLab Fixes Password Reset Bug That Allows Account Takeover (Security Boulevard) Patches Available for a Critical Vulnerability in VMware Aria Automation: CVE-2023-34063 (Malware News) US court docs expose fake antivirus renewal phishing tactics (Bleeping Computer) Hacker spins up 1 million virtual servers to illegally mine crypto (Bleeping Computer) Ransomware gang demands €10 million after attacking Spanish council (The Record) Ransomware: Victim Insights on Harms to Individuals, Organisations and Society (Royal United Services Institute) Cybersecurity incident delays payouts for big Ohio Lottery winners (Beacon Journal) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this special edition of Solution Spotlight, N2K President, Simone Petrella is talking with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding DE&I initiatives. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this encore episode of CyberWire-X, N2K’s CSO, Chief Analyst, and Senior Fellow, Rick Howard, is joined by guest Rohit Dhamankar, Fortra's Vice President of Product Strategy, and Hash Table member Steve Winterfeld, Akamai's Advisory CISO to discuss CISO initiatives such as vendor consolidation, automation, and attack surface management as a way to determine if it’s possible to achieve both increased security maturity and decreased operational load. This session covers common mistakes when adopting security technologies, including the pros and cons of AI, and how to better collaborate together. Learn more about your ad choices. Visit megaphone.fm/adchoices

Vice President of Marketing, Kathleen Booth, shares her career path from political science and international development to marketing for a cybersecurity company. Early dreams of acting morphed into goals of making the world a better place. Chief marketer and podcaster Kathleen is doing just that. She shares how proving your worth can lead to success. Listen for Kathleen's advice on getting your foot in the door. Our thanks to Kathleen for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Ryan Westman, Senior Manager, Threat Intelligence, eSentire's Threat Response Unit (TRU), is discussing their research "Two Russian-speaking cyber gangs attack employees from 23 different companies." They are using malicious Google ads, promoting popular business software such as Zoom, Slack, and Adobe. The customers targeted are companies in the manufacturing, software, legal, retail and healthcare industries. The attacking threat actors belong to the Russian-speaking Malware-as-a-Service (MaaS) groups called BatLoader and FakeBat. The research can be found here: Two Competing, Russian-Speaking Cybercrime Groups Attack Employees from 23 Companies in the Manufacturing, Software, Legal, Retail, and Healthcare Sectors Using Malicious Google Ads Learn more about your ad choices. Visit megaphone.fm/adchoices

The Feds look to cast a wider hiring net. Legislators focus on deepfakes. Cookie stealers bypass MFA on Google accounts. A Fast food hiring chat bot got hacked. Medusa casts her gaze toward extortion. Akira ransomware is active in Finland. GitLab patches critical vulnerabilities. Bosch thermostats are vulnerable to some hot firmware. CSAM vendors’ crypto sophistication grows. CISA released ICS advisories. On our Solution Spotlight, N2K’s Simone Petrella speaks with Kim Jones, Director of Intuit's CyberCRAFT team, about the SEC's heightened focus on cybersecurity. And a little listener feedback, Karaoke style. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K’s Simone Petrella discusses a possible hurdle with Kim Jones, Director of Intuit's CyberCRAFT team. They talk about the SEC's heightened focus on cybersecurity. Selected Reading An analysis of cyberattacks against Danish energy infrastructure. Cryptomining campaign targets weak SSH passwords. (CyberWire) White House moves to ease education requirements for federal cyber contracting jobs (CyberScoop) State Legislators Tighten A.I. Rules to Combat Deceptive Election Ads (New York Times) Info-stealers can steal cookies for permanent access to your Google account (Malwarebytes) Hackers Break into AI Hiring Chatbot, Could Hire and Reject Fast Food Applicants (404 Media) Medusa Ransomware Turning Your Files into Stone (Unit 42 by Palo Alto Networks) Akira ransomware attackers are wiping NAS and tape backups (Help Net Security) Urgent: GitLab Releases Patch for Critical Vulnerabilities - Update ASAP (The Hacker News) Vulnerability Puts Bosch Smart Thermostats at Risk of Compromise (Infosecurity Magazine) Child Abusers Are Getting Better at Using Crypto to Cover Their Tracks (WIRED) CISA Releases Nine Industrial Control Systems Advisories (CISA) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A zero-day hits Ivanti VPN customers. CISA highlights an active MS Sharepoint Server flaw. Cisco patches a critical vulnerability. Atomic Stealer gets updates. Sensitive school emergency planning documents are exposed online. The FCC reports on risky communications equipment. The White House will introduce new cybersecurity requirements for hospitals. Mandiant explains their X-Twitter hack. Our guest is Palo Alto Networks’ Unit 42’s David Moulton, host of the new Threat Vector podcast. And we are shocked - shocked! - to learn that an online sex for money scheme is a scam. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest David Moulton from Palo Alto Networks joins us to talk about Threat Vector. It’s Unit 42’s segment turned podcast on the N2K media network. Selected Reading Ivanti customers urged to patch vulnerabilities allegedly exploited by Chinese state hackers (The Record) CISA Urges Patching of Exploited SharePoint Server Vulnerability (SecurityWeek) Critical Cisco Unity Connection flaw gives attackers root privileges. Patch now! (CVE-2024-20272) (Help Net Security) Atomic Stealer Gets an Upgrade - Targeting Mac Users with Encrypted Payload (The Hacker News) FCC's Reimbursement Program shows progress in removing national security risks from communication networks (Industrial Cyber) After Barrage of Hacks, Hospitals Will Face New Federal Cybersecurity Rules Tied to Funding (The Messenger) US School Shooter Emergency Plans Exposed in a Highly Sensitive Database Leak (WIRED) Mandiant’s X Account Was Hacked in Brute-Force Password Attack (Infosecurity Magazine) Believing they would be paid a fortune for having sex with women, hundreds of Indian men scammed out of cash (Graham Cluely) Threat Vector Links. To get more information on Medusa ransomware, listen to this episode of Threat Vector. Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The World Economic Forum names AI a top global threat. The SEC suffers social media breach. The FTC settles with a data broker over location data sales. A massive data leak hits Brazil. Chinese researchers claim and AirDrop hack. A major real estate firm suffers data theft. Pikabot loader is seeing use by spammers. Ukraine’s Blackhit hits Russia’s M9 Telecom. Stuxnet methods are revealed. A Patch Tuesday rundown. Our guest is ​​Tim Eades from the Cyber Mentor Fund to discuss the growing prevalence of restoration as a part of incident response. And Hackers could screw up a wrench. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest ​​Tim Eades from Cyber Mentor Fund joins us to discuss the growing prevalence of restoration as a part of incident response. Selected Reading AI-powered misinformation is the world's biggest short-term threat, Davos report says (AP News) NSA: Benefits of generative AI in cyber security will outweigh the bad (IT Pro) SEC account on X ‘compromised’ and regulator has not approved bitcoin ETFs (MarketWatch) SEC did not have 2FA enabled: X safety team on fake Bitcoin ETF post (Cointelegraph) FTC Order Prohibits Data Broker X-Mode Social and Outlogic from Selling Sensitive Location Data (Federal Trade Commission) Entire population of Brazil possibly exposed in massive data leak (Security Affairs) China says state-backed experts crack Apple's AirDrop (Digital Journal) Fidelity National Financial says hackers stole data on 1.3 million customers (TechCrunch) Water Curupira Hackers Launch Pikabot Malware Attack on Windows Machine (GBHackers On Security) Ukrainian “Blackjack” Hackers Take Out Russian ISP (Infosecurity Magazine) Ukraine is on the front lines of global cyber security (Atlantic Council) Dutch Engineer Used Water Pump to Get Billion-Dollar Stuxnet Malware Into Iranian Nuclear Facility: Report (SecurityWeek) New research paper explores post-quantum cryptography for critical infrastructure cybersecurity (Industrial Cyber) AI Helps U.S. Intelligence Track Hackers Targeting Critical Infrastructure (Wall Street Journal) Hewlett Packard Enterprise nears $13 billion deal to buy Juniper Networks (Reuters) January Patch Tuesday: New year, more Windows bugs (The Register) Cybersecurity Advisory: Apache Struts Vulnerability CVE-2023-50164 (Uptycs) Hackers can infect network-connected wrenches to install ransomware (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Swatting is on the rise. LoanDepot, the Toronto Zoo and the World Council of Churches all confirm ransomware attacks. Iran-linked hackers target Albania. Sea Turtle focuses on espionage and information theft. Fake “security researchers” offer phony ransomware recovery services. Could AI make KYC EOL? Avast enhances Babuk decryption. Joe Carrigan looks at the human side of email security. And a group of midwives fail to deliver. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Joe Carrigan from JHU ISI on the human elements that impact email security Selected Reading Tanya Chutkan, the judge overseeing Trump's federal election interference case, appears to be victim of 'swatting' Special counsel Jack Smith was targeted by attempted swatting on Christmas Day LoanDepot Takes Systems Offline Following Ransomware Attack Toronto Zoo hit by ransomware attack | Cybernews Rhysida ransomware gang takes responsibility for attack on World Council of Churches Wiper malware found in analysis of Iran-linked attacks on Albanian institutions Turkish espionage campaigns in the Netherlands "Security researcher" offers to delete data stolen by ransomware attackers Gen AI could make KYC effectively useless | TechCrunch Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The DOJ concludes its xDedic Marketplace investigation. A cyberattack shuts down a major mortgage lender. The Swiss Air Force suffers third party breach. An update on SilverRAT. The Space Force emphasizes collaboration for effective cyber growth. The DOE announces cyber resilience funding. Merck reaches a settlement on NotPetya. NIST warns of AI threats. Our guest is Dragos CEO Robert M. Lee, with a look at intellectual property theft in manufacturing. And Chump Change fines for big tech. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Robert M. Lee, founder and CEO of Dragos, to discuss intellectual property theft in manufacturing. Selected Reading AsyncRAT campaign targets US infrastructure. (CyberWire) 19 Individuals Worldwide Charged In Transnational Cybercrime Investigation Of The xDedic Marketplace (US Department of Justice) Space Force is crafting in-house cyber teams but sees need for closer work with USCYBERCOM (Nextgov/FCW) Energy Department has cyber threats to infrastructure in mind with $70 million funding offer (FedScoop) Swiss Air Force documents exposed via cyber attack on third party (BeyondMachines.net) Major IT, Crypto Firms Exposed to Supply Chain Compromise via New Class of CI/CD Attack (SecurityWeek) Merck settles with insurers who denied $700 million NotPetya claim (The Record) Syrian Threat Group Peddles Destructive SilverRAT (DarkReading) NIST Warns of Security and Privacy Risks from Rapid AI System Deployment (The Hacker News) Mortgage firm loanDepot cyberattack impacts IT systems, payment portal (BleepingComputer) Big Tech has already made enough money in 2024 to pay all its 2023 fines (Proton) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Dean of Research, Johannes Ullrich, relays his experiences from studying the hard sciences to his career shift to cybersecurity. Basic principles, superhero origin stories, physics labs and radiation all figure in. And there’s a lot in common with network security best practices. Have a listen to what Johannes has learned and what he hopes to impart on his students. Our thanks to Johannes for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Guilherme Venere from Cisco Talos joins to discuss their research on "A deep dive into Phobos ransomware, recently deployed by 8Base group." Cisco Talos discovered that 8Base’s Phobos ransomware payload contains an embedded configuration, which is a significant difference between 8Base’s Phobos variant and other Phobos samples that have been observed in the wild since 2019. In this 2-part research series, Talos conducts a deep dive into the Phobos ransomware, including its affiliate structure, activity and capabilities, as well as the one private key that could enable decryption of all the samples analyzed. The research can be found here: A deep dive into Phobos ransomware, recently deployed by 8Base group Understanding the Phobos affiliate structure and activity Learn more about your ad choices. Visit megaphone.fm/adchoices

BGP attack disrupts Internet service. Data breach law firm breached. Remcos RAT returns. Poison packages in the PyPI repository. Hacktivist personae and GRU fronts. BreachForums impresario re-arrested. Cyber National Mission Force gets a new leader. On our Solution Spotlight, Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap. LinkedIn as a dating platform? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, N2K President Simone Petrella talks with ISC2 CEO Clar Rosso about putting a dent in the cybersecurity workforce gap through empowerment, breaking down barriers and expanding Diversity, Equity and Inclusion (DE&I) initiatives. Selected Reading BGP attack disrupts Internet service. Pirated Zeppelin ransomware source code for sale in a C2C souk. BreachForums impresario re-arrested. (CyberWire) Hacker hijacks Orange Spain RIPE account to cause BGP havoc (Bleeping Computer) RIPE Account Hacking Leads to Major Internet Outage at Orange Spain (SecurityWeek) Law firm that handles data breaches was hit by data breach (TechCrunch) UAC-0050 Group Using New Phishing Tactics to Distribute Remcos RAT (The Hacker News) EXPERTS FOUND 3 MALICIOUS PACKAGES HIDING CRYPTO MINERS IN PYPI REPOSITORY (SecurityAffairs) BreachForums administrator detained after violating parole (The Record) Russian hackers wiped thousands of systems in KyivStar attack (Bleeping Computer) US military’s Cyber National Mission Force gets a new chief (The Record) The Hottest New Dating Site: LinkedIn (Business Insider) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Sandworm was in Kyivstar's networks for months. Museums face online outages. Emsisoft suggests a ransomware payment ban. An ambulance service suffers a data breach. Mandiant’s social media gets hacked. GXC Team's latest offerings in the C2C underground market. 23andMe blames their breach on password reuse. Lawyers are using outdated encryption. On today’s Threat Vector segment, David Moulton chats with Garrett Boyd, senior consultant at Palo Alto Networks Unit 42 about the importance of internal training and mentorship in cybersecurity. And in Russia, holiday cheers turn to political jeers. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Threat Vector segment with David Moulton features Garrett Boyd, a senior consultant at Unit 42 by Palo Alto Networks with a background as a Marine and professor, discusses the importance of internal training and mentorship in cybersecurity. He provides insights into how training prepares professionals for industry challenges and how mentorship fosters professional growth and innovation. Garrett emphasizes the need for a mentorship culture in organizations and the responsibility of both mentors and mentees in this dynamic. The episode highlights the transformative impact of mentorship through personal experiences and concludes with an invitation for listeners to share their stories and a reminder to stay vigilant in the digital world. Threat Vector To learn what is top of mind each month from the experts at Unit 42 sign up for their Threat Intel Bulletin. Selected Reading Compromised accounts and C2C markets. Cyberespionage and state-directed hacktivism. (CyberWire) Exclusive: Russian hackers were inside Ukraine telecoms giant for months (Reuters) Hackers linked to Russian spy agency claim cyberattack on Ukrainian cell network (reuters) Museum World Hit by Cyberattack on Widely Used Software (The New York Times) The State of Ransomware in the U.S.: Report and Statistics 2023 (Emsisoft) Nearly 1 million affected by ambulance service data breach (The Record) Mandiant’s account on X hacked to push cryptocurrency scam (Bleeping Computer) Cybercriminals Implemented Artificial Intelligence (AI) For Invoice Fraud (Resecurity) 23andMe tells victims it’s their fault that their data was breached (TechCrunch+) The Curious Case of MD5 (katelynsills) Firmware prank causes LED curtain in Russia to display ‘Slava Ukraini’ — police arrest apartment owner (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Cyber-kidnapping in Utah. Hospitals sue for data recovery. The US Department of Homeland Security assesses cyber threats to the US. Mac malware is on the rise. Cameras hacked by Russian intelligence services provide targeting information. Ransomware roundup. An NPM dependency campaign. Google recommends enhanced safe browsing. Rob Boyce from Accenture describes the Five Families and the trend of hacker collaboration. And the FTC wants to hear your cloned voice. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Rob Boyce from Accenture talking about the Five Families, the trend of hacker collaboration. Selected Reading Missing Riverdale foreign exchange student found near Brigham City in case of ‘cyber kidnapping’ (ABC4) What is ‘cyber kidnapping’ and what can you do to stay safe online? (Deseret News) Hospitals ask courts to force cloud storage firm to return stolen data (BleepingComputer) Homeland Threat Assessment (US Department of Homeland Security) The Mac Malware of 2023 (Objective-See) SBU blocks webcams that ‘flashed’ operation of air defense during missile attack on Kyiv on Jan 2 (Interfax-Ukraine) Ukraine says Russia hacked web cameras to spy on targets in Kyiv (The Record) Akumin radiology and oncology reports ransomware attack and data breach (beyondmachines) Coop supermarket chain hit by ransomware cyberattack (beyondmachines) When “Everything” Goes Wrong: NPM Dependency-Hell Campaign – 2024 Edition (Checkmarx) Accounts in danger: Google recommends enhanced safe browsing and extra care (cybernews) The FTC Voice Cloning Challenge (FTC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A zero-click exploit affects iPhones belonging to Kaspersky employees. A GRU cyber campaign incorporates novel malware. The Indian government targets Apple over hacking attempts. Microsoft disables App Installer. Australian courts’ AV is compromised. A BlackBasta decryptor is released. Cyber Toufan claims attacks against Israeli targets. Patients in Oklahoma face online extortion. LoanCare customers’ data is at risk. Google settles a private browsing lawsuit. Barracuda patches a zero-day. That Chinese spy balloon was making a local call. And then Caleb Barlow, a friend of our show, shares password security tips you should know. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Caleb Barlow, CEO of Cyberbit, joins us today to share helpful tips to remember those passwords. Selected Reading 4-year campaign backdoored iPhones using possibly the most advanced exploit ever (Ars Technica) New malware found in analysis of Russian hacks on Ukraine, Poland (The Record) Russian Military Intelligence Blamed for Blitzkrieg Hacks (GovInfo Security) India targets Apple over its phone hacking notifications (Washington Post) Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews) Microsoft disables App Installer after observing financially motivated threat actor activity (Cybernews) Cyber attack on Victoria's court system may have exposed recordings of sensitive cases (ABC News) New Black Basta decryptor exploits ransomware flaw to recover files (Bleeping Computer) Pro-Palestinian operation claims dozens of data breaches against Israeli firms (The Record) Integris Health patients get extortion emails after cyberattack (Bleeping Computer) AG: Corewell Health reports another data breach; affects 1 million patients (The Oakland Press) LoanCare Notifying 1.3 Million of Data Breach Following Cyberattack on Parent Company (Security Week) Google settles $5 billion consumer privacy lawsuit (Reuters) Barracuda fixed a new ESG zero-day exploited by Chinese group UNC4841 (Security Affairs) U.S. intelligence officials determined the Chinese spy balloon used a U.S. internet provider to communicate (NBC News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Microsoft Security EVP Charlie Bell joins Ann on this week's episode of Afternoon Cyber Tea. Charlie has over four decades in the tech industry, from developing space shuttle software to leading the creation of Amazon Web Services' decentralized engineering system and now leading Microsoft’s effort to make the digital world safe and secure for everyone on the planet. Ann and Charlie discuss AI, the Security ecosystem, and why he thinks speed and acceleration of problem-solving are so relevant today. Resources: View Charlie Bell on LinkedIn View Ann Johnson on LinkedIn Related Microsoft Podcasts: Listen to: Uncovering Hidden Risks Listen to: Security Unlocked Listen to: Security Unlocked: CISO Series with Bret Arsenault Discover and follow other Microsoft podcasts at microsoft.com/podcasts Afternoon Cyber Tea with Ann Johnson is produced by Microsoft and distributed as part of The CyberWire Network. Learn more about your ad choices. Visit megaphone.fm/adchoices

Financial firm CISO, Tom Quinn, takes us from his first experience with modern computers in the military to his current role as a Chief Information Security Officer. It's important to understand how the technology works, but it's also important to understand how people work. And, to make a difference. Our thanks to Tom for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Israel Barak, CISO from Cybereason, sits down with Dave to discuss their research, "Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation." Cybereason researchers recently found an attack lurking beneath the surface which was assessed to be the work of Chinese APT Winnti. Cybereason briefed the FBI and the DOJ on the investigation into the malicious campaign. The research states, "For years, the campaign had operated undetected, siphoning intellectual property and sensitive data." The team quickly made two reports on the campaign, one sharing an examination on the tactics and techniques. The second gives a detailed analysis of the malware and exploits used. The research can be found here: Operation CuckooBees: Cybereason Uncovers Massive Chinese Intellectual Property Theft Operation Learn more about your ad choices. Visit megaphone.fm/adchoices

Welcome to the T-Minus Overview Radio Show. In this program we’ll feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. In this episode we’re covering cybersecurity for space. What is it? What are the threats to space systems, why is there such an emphasis on it right now, and what are people doing about it? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Our first guest is Renee Wynn, former CIO of NASA. Our second guest is Matthieu Bailly, Vice President of Space at CYSEC, a cybersecurity company based in Lausanne, Switzerland. Our third guest speaking to T-Minus Producer Alice Carruth, is Steve Luczynski, Board Chairman of the Aerospace Village. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. Want to join us for an interview? Please send your pitch to [email protected] and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode, Marc catches up with Mimecast CEO and co-founder Peter Bauer. They cover Peter's CEO journey, including what it was like growing up in South Africa, why he opted out of attending university, highlights from Mimecast's 20-year history, and what Peter learned from taking the company public — and then private again. You'll also learn: When and how to raise capital, and how to manage meeting the board's expectations. How CEOs can overcome self-doubt and continuously reimagine their role to look at challenges with new eyes. How to view the company's history as a story with chapters and eras, and why it's important to always believe you're at the beginning of the book. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of the Retail & Hospitality ISAC podcast, host Luke Vander Linden is joined by John Scrimsher, chief information security officer (CISO) at Kontoor Brands, Inc., and Marcel Bucsescu, senior director of credentialing and strategic engagement at NACD, to expand upon the NACD Accelerate program. Then Ian Furr, security integration engineer at RH-ISAC, talks about his volunteer work with the Information Technology Disaster Resource Center (ITDRC) and the Fairfax County Fire and Rescue Department. Finally, Luke chats with Bidemi (Bid) Ologunde, intelligence analyst at Expedia Group, about his own podcast, The Bid Picture, background, and the trajectory of cybersecurity. Thank you to Fortinet for their sponsorship of the Retail & Hospitality ISAC podcast. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rockwell Stratix routers vulnerable to Cisco zero-day. SecurityWeek’s ICS Cyber Security Conference. Malware attacks against IoT devices increase by 400%. Nuclear power plant operator cited over cybersecurity plan. CISA’s ICS advisories. Guest Garrett Bladow, Distinguished Engineer at Dragos, joins us from the CyberCon 2023 event in Bismarck, North Dakota. Garrett discusses active visibility into OT systems. On the Learning Lab, Mark Urban shares the second part of his conversation about cyber threat intelligence with Paul Lukoskie, who is Dragos’ Director of Intelligence Services. Control Loop News Brief. Rockwell Stratix routers vulnerable to Cisco zero-day. PN1653 | Stratix® 5800 & 5200 vulnerable to Cisco IOS XE Web UI Privilege Escalation (Active Exploit) (Rockwell Automation) SecurityWeek’s ICS Cyber Security Conference. 2023 ICS Cybersecurity Conference (SecurityWeek) Malware attacks against IoT devices increase by 400%. Zscaler ThreatLabz 2023 Enterprise IoT and OT Threat Report (Zscaler) Nuclear power plant operator cited over cybersecurity plan. UK Cites Nuclear Plant Operator Over Cybersecurity Strategy (Silicon UK) Rockwell and Dragos announce partnership. Dragos and Rockwell Automation Strengthen Industrial Control System Cybersecurity for Manufacturers with Expanded Capabilities (Business Wire) CISA’s ICS advisories. CISA Releases Two Industrial Control Systems Advisories (CISA) Hitachi Energy’s RTU500 Series Product (Update B) (CISA) CISA Releases Nine Industrial Control Systems Advisories (CISA) Control Loop Interview. Guest is Garrett Bladow, Distinguished Engineer at Dragos, discussing active visibility into OT systems. Control Loop Learning Lab. On the Learning Lab, Mark Urban is joined by Dragos’ Director of Intelligence Services, Paul Lukoskie, for part two of their discussion on cyber threat intelligence. Control Loop OT Cybersecurity Briefing. A companion monthly newsletter is available through free subscription and on the CyberWire's website. Learn more about your ad choices. Visit megaphone.fm/adchoices

Summary Cathy Hackl (Twitter, LinkedIn) joins Andrew (Twitter; LinkedIn) to discuss the potential implications of the metaverse on intelligence. Cathy has been called the “Godmother of the Metaverse.” What You’ll Learn Intelligence What the metaverse is Security and counterintelligence in a virtual world Futurism within intelligence agencies Potential risks and consequences of the metaverse Reflections How virtual spaces can affect our physical world The necessity to evolve alongside technology And much, much more … Episode Notes The web will continue to evolve and change with time, but what’s coming next? And how will this evolution affect the ways that intelligence organizations around the world conduct their operations? This week on SpyCast, Cathy Hackl joins Andrew to explain what the metaverse is, what we can expect from living in this new virtual world, and how intelligence agencies can begin planning for the Web 3 future. Cathy Hackl has been dubbed the “Godmother of the Metaverse” Resources Featured Resource Into the Metaverse: The Essential Guide to the Business Opportunities of the Web3 Era, Cathy Hackl (Bloomsbury, 2023) Metaverse Marketing [Cathy’s podcast] *Beginner Resources* What Is the Metaverse, Exactly?, Wired (2022) [Article] Web 3.0 Explained In 5 Minutes, YouTube (2022) [5 min. Video] 12 new tech terms you need to understand the future, R. Gray, BBC (2018) *SpyCasts* How Artificial Intelligence is Changing the Spy Game – with Mike Susong (2022) Trafficking Data: The Digital Struggle with China -- with Aynne Kokas (2022) The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 1 of 2) The FBI & Cyber – with Cyber Division Chief Bryan Vorndran (Part 2 of 2) *Wildcard Resource* Watch the world’s first metaverse music video, Snoop Dogg’s “House I Built,” here! Learn more about your ad choices. Visit megaphone.fm/adchoices

On this episode, Perry celebrates the one year birthday of ChatGPT by taking a look at AI from technological, philosophical, and folkloric perspectives. We see how AI was formed based on human words and works, and how it can now shape the future of human legend and belief. Guests: Brandon Karpf, Vice President at N2K Networks (LinkedIn) (Website) Dr. Lynne S. McNeill, Associate Professor at Utah State University (LinkedIn) (Twitter) Dr. John Laudun, Professor at University of Louisiana at Lafayette (LinkedIn) (Twitter) (Website) Lev Gorelov, Research Director at Handshake Consulting (LinkedIn) (Twitter) (Website) Resources Interview with the AI, part one, by the Brandon Karpf / the CyberWire 'Hard Fork': An Interview With Sam Altman, by The New York Times The Exciting, Perilous Journey Toward AGI, Ilya Sutskever TED Talk Ilya: the AI scientist shaping the world, by The Guardian Meet Loab, the AI Art Woman Haunting the Internet: Is she a demon? A Cryptid? Or nothing at all..., the Guardian In 2016, Microsoft’s Racist Chatbot Revealed the Dangers of Online Conversation The bot learned language from people on Twitter—but it also learned values, IEEE Spectrum Perry's Digital Folklore episode about AI Handshake's Generative AI Masterclass on Maven Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Be sure to check out Perry's other show, Digital Folklore. It's all about the oddities and importance of online culture. Head over to the show's website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, shop for merch, support the show on Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news. Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound. 8Li cover art by Chris Machowski @ https://www.RansomWear.net/. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com Learn more about your ad choices. Visit megaphone.fm/adchoices

This interview from August 18th, 2023 originally aired as a shortened version on the CyberWire Daily Podcast. In this extended interview, Simone Petrella sits down with Camille Stewart Gloster, Deputy National Cyber Director at the The White House discuss the White House's cybersecurity workforce and education strategy. Learn more about your ad choices. Visit megaphone.fm/adchoices

Merry Christmas and Happy Holidays from the CyberWire and our friends! Enjoy our rendition of the 12 Days of Malware created by Dave Bittner and performed by Dave and friends: Rachel Tobac, Jayson Street, Ron Eddings & Chris Cochran, Ray [Redacted], Dinah Davis, Camille Stewart, Rick Howard, Michelle Dennedy, Jack Rhysider, Johannes Ullrich, and Charity Wright. Ba dum bum bum. Sing along if you are game! Check out our video for the full effect! The 12 Days of Malware lyrics On the first day of Christmas, my malware gave to me: A keylogger logging my keys. On the second day of Christmas, my malware gave to me: 2 Trojan Apps... And a keylogger logging my keys. On the third day of Christmas, my malware gave to me: 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fourth day of Christmas, my malware gave to me: 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the fifth day of Christmas, my malware gave to me: 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the sixth day of Christmas, my malware gave to me: 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the seventh day of Christmas, my malware gave to me: 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eighth day of Christmas, my malware gave to me: 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the ninth day of Christmas, my malware gave to me: 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the tenth day of Christmas, my malware gave to me: 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the eleventh day of Christmas, my malware gave to me: 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! (Bah-dum-dum-dum!) 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. On the twelfth day of Christmas, my malware gave to me: 12 Hackers hacking... 11 Phishers phishing... 10 Darknet markets... 9 Rootkits rooting... 8 Worms a wiping... 7 Scripts a scraping... 6 Passwords spraying... 5 Zero Days! 4 Crypto scams... 3 Web shells... 2 Trojan Apps... And a keylogger logging my keys. Learn more about your ad choices. Visit megaphone.fm/adchoices

A Lapsus$ hacker is sentenced to hospital detention. Online ads and phishing drain crypto wallets. Cyberespionage continues. LockBit and ALPHV say they want to form a ransomware cartel. The 8220 gang's cryptojacking. DarkGate RAT's propagation. The evolution of Bandook. A prominent title insurance company takes systems offline. Rick Howard speaks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence. And Trump’s Dumps lead to BidenCash. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K’s Rick Howard talks with guests John Goodman & Amanda Satterwhite of Accenture Federal Services about the launch of a public sector Cybersecurity Center of Excellence in conjunction with Google. Selected Reading The infamous GTA VI hacker has been convicted - and the story is simply absurd (IT Pro) Crypto drainer steals $59 million from 63k people in Twitter ad push (Bleeping Computer) Threat Actor 'UAC-0099' Continues to Target Ukraine (Deep Instinct) ‘Today FBI Got Him, Tomorrow They Will Get Me’: LockBit, BlackCat Unite to Form Cyber Cartel (The Cyber Express) Imperva Detects Undocumented 8220 Gang Activities (Imperva) BattleRoyal, DarkGate Cluster Spreads via Email and Fake Browser Updates (Proofpoint) Bandook - A Persistent Threat That Keeps Evolving (Fortinet) First American takes IT systems offline after cyberattack (Bleeping Computer) BidenCash darkweb market gives 1.9 million credit cards for free (Bleeping Computer) BidenCash (Searchlight Cyber) Russia Seizes Ferum, Sky-Fraud, UAS, and Trump’s Dumps—and Signals More Takedowns to Come [Updated] (Flashpoint) Share your feedback.Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

German officials take down a dark web market. Google patched zero-day. Terrapin attack targets SSL. A look at payment fraud. Agent Tesla is spreading through an old vulnerability. An iPhone thief explains his techniques. Ukrainian reprisals for Russia's Kyivstar attack. Israeli officials warn of data wipers. Rick Howard speaks with Scott Roberts of Interpress about Driving Intelligence with MITRE ATT&CK, and leveraging limited resources to build an evolving threat repository. And go ahead and click that like button - just don’t expect to get paid. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest Scott Roberts of Interpres joins N2K’s Rick Howard from the recent MITRE ATT&CKcon event. They discuss driving intelligence with MITRE ATT&CK: Leveraging limited resources to build evolving threat repository. Selected Reading German police takes down Kingdom Market cybercrime marketplace (BleepingComputer) GOOGLE ADDRESSED A NEW ACTIVELY EXPLOITED CHROME ZERO-DAY (Securityaffairs) SSH protects the world’s most sensitive networks. It just got a lot weaker (Ars Technica) Annual Payment Fraud Intelligence Report: 2023 (Recorded Future) Threat Actors Exploit CVE-2017-11882 To Deliver Agent Tesla (Zscaler) iPhone Thief Explains How He Breaks Into Your Phone (Wall Street Journal) Ukrainian hackers breach Rosvodokanal, seize data of Russia's largest private water utility (RBC Ukraine) Fake F5 BIG-IP zero-day warning emails push data wipers (BleepingComputer) “Get Paid to Like Videos”? This YouTube Scam Leads to Empty Wallets (Hack Read) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Interpol leads cybercrime take downs. ALPHV/Blackcat is in a “tug of Tor” with the FBI. The Senate confirms a new leader for Cyber Command and NSA. Rite Aid is banned from using facial recognition. CISA prepares a new approach to information sharing. Remote encryption of ransomware. CitrixBleed is exploited to access customer data. An update on the Kyivstar cyberattack. The Tallinn Mechanism solidifies Western support for Ukraine's cybersecurity. In today’s Learning Layer segment, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. And GCHQ introduces youngsters to code breaking. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Learning Layer segment today, host Sam Meisenberg talks with Shelby Ludtke about passing the new ISC2 Certified in Cybersecurity (CC) exam. For more information on practice tests, please visit N2K’s certification page. Learning Layer links Practice tests Selected Reading Interpol operation arrests 3,500 cybercriminals, seizes $300 million (Bleeping Computer) AlphV claims to have ‘unseized’ its darkweb domain from the FBI. What’s happening? (The Record) Senate confirms Biden’s pick for Cyber Command, NSA (The Record) Rite Aid Banned from Using AI Facial Recognition After FTC Says Retailer Deployed Technology without Reasonable Safeguards (Federal Trade Commission) Enabling Threat-Informed Cybersecurity: Evolving CISA’s Approach to Cyber Threat Information Sharing (CISA) CryptoGuard: An asymmetric approach to the ransomware battle (Sophos) Notice To Customers of Data Security Incident (Businesswire) Ukraine's Kyivstar says it is fully operational after cyber attack (Reuters) UK and partners form The Tallinn Mechanism for cyber security (Gov.UK) GCHQ Christmas challenge: Agency reveals 2023 codebreaker (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FBI takes down ALPHV/BlackCat. Comcast reveals breach of nearly 36 million Xfinity customers. Microsoft and Cyberspace Solarium Commission release water sector security report. Malware increasingly uses public infrastructure. Iran's Seedworm and its telco targets. QR code scams. Feds release joint analysis of 2022 election integrity. Joint advisory on Play ransomware group. In today’s Mr Security Answer Person, John Pescatore considers the risks of AI. Rick Howard talks with Lauren Brennan of GuidePoint Security about evaluating and maturing your SOC. Iranian gas stations running on empty. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests John Pescastore joins us for Mr. Security Answer Person to address the question, “Things seem to be moving quickly with AI, what is your feeling about that positioning for early 2024?” Today’s guest is Lauren Brennan of GuidePoint Security. N2K’s Rick Howard caught up with Lauren recently at the MITRE ATT&CKcon 4.0. They discussed evaluating and maturing your SOC. Selected Reading Authorities claim seizure of notorious ALPHV ransomware gang’s dark web leak site (TechCrunch+) Comcast says hackers stole data of close to 36 million Xfinity customers (TechCrunch+) Microsoft, Cyberspace Solarium Commission propose measures to strengthen water sector cybersecurity (Industrial Cyber) Malware leveraging public infrastructure like GitHub on the rise (Reversing Labs) Seedworm: Iranian Hackers Target Telecoms Orgs in North and East Africa (Symantec) “Quishing” you a Happy Holiday Season (netcraft) 2022 Election Not Impacted by Chinese, Russian Cyber Activity: DOJ, DHS (Securityweek) US and Australia Warn of Play Ransomware Threat (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A US mortgage company reveals major data breach. Updates from CISA. NSA provides guidance on SBOMs. MongoDB warns customers of a breach. BlackCat/ALPHV is still a market leader, but feeling competitive pressure. Reassessing the effects of Log4shell. The International Committee of the Red Cross calls for restraint in cyber warfare. Ransomware hits a cancer center. Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. And what can I do to make you take home this chatbot today? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Host of Microsoft Security’s Afternoon Cyber Tea podcast, Ann Johnson, goes beyond basics with her guest Tanya Janca, founder of WeHackPurple. Ann’s full discussion with Tanya can be heard here. You can catch Afternoon Cyber Tea every other Tuesday on your favorite podcast apps and the N2K Network. Selected Reading Mr. Cooper reveals breach exposed 14.6 million clients (Cybernews) Enhancing Cyber Resilience: Insights from the CISA Healthcare and Public Health Sector Risk and Vulnerability Assessment (CISA) NSA Issues Guidance on Incorporating SBOMs to Improve Cybersecurity (Security Week) MongoDB says customer data was exposed in a cyberattack (Bleeping Computer) ALPHV Targeting: Ransomware & Digital Extortion (ZeroFox) A Log4Shell Retrospective - Overblown and Exaggerated (VulnCheck) We call on States to stop turning a blind eye to the participation of civilian hackers in armed conflict (ICRC) Seattle cancer center confirms cyberattack after ransomware gang threats (The Record) What can I do to make you take home this chatbot today? (Mastodon) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Oren Koren, Co-Founder and Chief Product Officer from Veriti sits down to share his amazing story. Before entering the vendor side of the cyber world, Oren served for 14 years in the Israeli 8200 unit where he led a variety of cybersecurity activities and researches that eventually earned him four 8200-unit cyber innovation awards. When he left the Israel Defense Forces, he joined Check Point Software to lead their AI-based innovations and advanced data analytics projects that redefined threat hunting and SIEM applications. This eventually inspired him to start his own company, with fellow co-founder Adi Ikan. Oren shares that he had a love for music growing up, and wanted to be a musician, saying music was the catalyst to him becoming interested in the cyber field, saying "I believe the music helped me a bit with my career in cybersecurity." We thank Oren for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Host of the CyberWire Daily podcast segment Threat Vector, David Moulton sits down with Mike "Siko" Sikorski from Palo Alto Networks Unit 42 to discuss their research on "Fighting Ursa Aka APT28: Illuminating a Covert Campaign." Unit 42 just published new threat intelligence on Fighting Ursa (aka APT28), a group associated with Russia's military intelligence, on how they are exploiting a Microsoft Outlook vulnerability (CVE-2023-23397) to target organizations in NATO member countries, Ukraine, Jordan, and the UAE. These organizations are of strategic importance in defense, foreign affairs, economy, energy, transportation, and telecommunications. The research can be found here: Fighting Ursa Aka APT28: Illuminating a Covert Campaign Learn more about your ad choices. Visit megaphone.fm/adchoices

Google boosts Maps privacy, a court shields password disclosure, feds foil a massive scam operation, Iran-Israel cyber tensions escalate, Idaho National Labs reports a significant data breach, a security engineer's cybercrime confession. N2K’s Rick Howard reports from the recent MITRE ATT&CK con, speaking with Blake Strom of Microsoft about 10 years of the MITRE ATT&CK Framework. And Brian Krebs' relentless investigation into the Target breach. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, N2K’s Rick Howard recently attended the MITRE ATT&CK Con. While there, Rick spoke with Blake Strom of Microsoft and they discussed 10 years of MITRE ATT&CK Framework. Selected Reading Google is rolling out new protections for our location data (The Washington Post) Four men indicted in $80 million ‘pig butchering’ scheme (CNBC) Just In: Crypto Hacker Shakeeb Ahmed Admits to $12 Million Heist (BET US) Suspects can refuse to provide phone passcodes to police, court rules (Ars Technica) Gaza Cybergang | Unified Front Targeting Hamas Opposition (Sentinal Labs) Israeli CEO recruits Muslim hackers to fight Hamas in cyberwarfare (The Jerusalem Post) Personal Information of 45,000 Individuals Stolen in Idaho National Laboratory Data Breach (Securityweek) Ten Years Later, New Clues in the Target Breach (krebsonsecurity) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices