A House oversight committee requests DOGE documents from Microsoft. Predatory Sparrow claims a cyberattack on an Iranian bank. Microsoft says data that happens in Europe will stay in Europe. A complex malware campaign is using heavily obfuscated Visual Basic files to deploy RATs. A widely used CMS platform suffers potential RCE bugs.  North Korea’s Kimsuky targets academic institutions using password-protected research documents. Asus patches a high-severity vulnerability in its Armoury Crate software. CISA’s new leader remains in confirmation limbo. Our guest is Brian Downey, VP of Product Management from Barracuda, talking about how security sprawl increases risk. Operation Fluffy Narwhal thinks it’s time to rethink adversary naming.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. 

CyberWire Guest

We are joined by Brian Downey, VP of Product Marketing and Product Management from Barracuda, talking about how security sprawl increases risk. You can find more information about what Brian discussed here.

Selected Reading

Following Whistleblower Reports, Acting Ranking Member Lynch Demands Microsoft Hand Over Information on DOGE’s Misconduct at NLRB | The Committee on Oversight and Accountability Democrats (House Committee on Oversight and Government Reform)

Pro-Israel hackers claim breach of Iranian bank amid military escalation (The Record)

Microsoft lays out data protection plans for European cloud customers (Reuters)

New Sophisticated Multi-Stage Malware Campaign Weaponizes VBS Files to Execute PowerShell Script (Cyber Security News)

Chained Flaws in Enterprise CMS Provider Sitecore Could Allow RCE (Infosecurity Magazine)

Beware of Weaponized Research Papers That Delivers Malware Via Password-Protected Documents (Cyber Security News)

Organizations Warned of Vulnerability Exploited Against Discontinued TP-Link Routers (SecurityWeek)

Asus Armoury Crate Vulnerability Leads to Full System Compromise (SecurityWeek)

Trump’s Pick to Lead CISA is Stuck in Confirmation Limbo (Gov Infosecurity)

Call Them What They Are: Time to Fix Cyber Threat Actor Naming (Just Security)

Audience Survey

Complete our annual audience survey before August 31.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices