CyberWire Daily

A WIRED investigation uncovers the ease of tracking U.S. military personnel. Apple releases emergency security updates to address actively exploited vulnerabilities. Latino teenagers and LGBTQ individuals are receiving disturbing text messages spreading false threats. Crowdstrike says Liminal Panda is responsible for telecom intrusions. Oracle patches a high-severity zero-day vulnerability. Trend Micro has disclosed a critical vulnerability in its Deep Security 20 Agent software. A rural hospital in Oklahoma suffers a ransomware attack. A leading fintech firm is investigating a security breach in its file transfer platform. Researchers deploy Mantis against malicious LLMs.  Ben Yelin from the University of Maryland Center for Health and Homeland Security discusses AI’s bias in the resume screening process. Tracking down a lost Lambo. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Today, we have Ben Yelin, Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and our Caveat podcast co-host, discussing AI’s racial and gender bias in the resume screening process. You can read about it here.

Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany (WIRED)

GAO recommends new agency to streamline how US government protects citizens’ data (The Record)

Apple Issues Emergency Security Update for Actively Exploited Flaws (Infosecurity Magazine)

Texts threatening deportation and 're-education' for gays stoke both fear and defiance (NBC News)

Chinese APT Group Targets Telecom Firms Linked to BRI (Infosecurity Magazine)

Oracle Patches Exploited Agile PLM Zero-Day (SecurityWeek)

Trend Micro Deep Security Vulnerability Let Attackers Execute Remote Code (Cyber Security News)

Oklahoma Hospital Says Ransomware Hack Hits 133,000 People (GovInfo Security)

Fintech Giant Finastra Investigating Data Breach (Krebs on Security)

AI About-Face: 'Mantis' Turns LLM Attackers Into Prey (Dark Reading)

Hackers Steal MLB Star Kris Bryant’s $200K Lamborghini By Rerouting Delivery (Carscoops)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Pundits predict Trump will overhaul U.S. cybersecurity policy. Experts examine escalating cybersecurity threats facing the U.S. energy sector. Palo Alto Networks patches a pair of zero-days. Akira and SafePay ransomware groups claim dozens of new victims. A major pharmacy group is pressured to pay a $1.3 million ransomware installment. Threat actors are exploiting Spotify playlists and podcasts. An alleged Phobos ransomware admin has been extradited to the U.S. Rapper “Razzlekhan” gets 18 months in prison for her part in the Bitfinex cryptocurrency hack. On today’s Threat Vector, David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea.  Swiss scammers send snail mail. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

On this segment of Threat Vector, host David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea. To hear the full conversation between David and Assaf, listen to Cyber Espionage and Financial Crime: North Korea’s Double Threat, and catch new episodes of Threat Vector every Thursday on your favorite podcast app! 

More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity (WIRED)

How to remove the cybersecurity gridlock from the nation's energy lifelines (CyberScoop)

Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek (SecurityWeek)

SafePay ransomware: Obscure group uses LockBit builder, claims 22 victims (SC Media)

Akira Ransomware Drops 30 Victims on Leak Site in One Day (SecurityWeek)

Gang Shaking Down Pharmacy Group for Second Ransom Payment (GovInfo Security)

Spotify abused to promote pirated software and game cheats (Bleeping Computer)

Suspected Phobos Ransomware Admin Extradited to US (Infosecurity Magazine)

Heather ‘Razzlekhan’ Morgan sentenced to 18 months in prison, ending Bitfinex saga (The Record)

Now Hackers Are Using Snail Mail In Cyber Attacks—Here’s How (Forbes) 

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA’s Director Easterly plans to step down in the coming year. DHS issues recommendations for AI in critical infrastructure.Palo Alto Networks confirms active exploitation of a critical zero-day vulnerability in its firewalls. Threat actors exploit Microsoft’s 365 Admin Portal to send sextortion emails. A China-based APT targets a zero-day in Fortinet’s Windows VPN. The EPA reports on vulnerabilities in drinking water systems. A critical authentication bypass vulnerability affects a popular WordPress plugin. Researchers track a rise in the ClickFix social engineering technique. An 18 year old faces up to twenty years behind bars for swatting. Our guest is  Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos. Nuisance calls are in decline. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Today, we are joined by Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos.

CISA Director Jen Easterly to depart on Inauguration Day (Nextgov/FCW)

DHS Releases Secure AI Framework for Critical Infrastructure (Dark Reading)

Palo Alto firewalls exploited after critical zero-day vulnerability (Cybernews)

Microsoft 365 Admin portal abused to send sextortion emails (Bleeping Computer) 

Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report (SecurityWeek)

300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks (SecurityWeek)

Security plugin flaw in millions of WordPress sites gives admin access (Bleeping Computer)

Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape (Proofpoint)

Teen serial swatter-for-hire busted, pleads guilty, could face 20 years (The Register)

FTC Records 50% Drop in Nuisance Calls Since 2021 (Infosecurity Magazine)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting duties to Kevin Magee, the Global Director of Cybersecurity Startups at Microsoft to discuss Cyber-entrepreneurship in the age of CyberAI.

For a complete reading list and even more information, check out Rick’s more detailed essay on the topic.

Andrew McCarty, Emma Eschweiler, Natalie Fratto, Andrew Pardo, Jake Ledbetter, 2024. The Rise of CyberAI [Analysis]. Silicon Valley Bank.

Camille Périssère, 2024. 2024 cybersecurity market trends [Analysis]. AXA Venture Partners.

Jeffrey Grabow, 2024. AI continues to drive venture capital activity [Analysis]. EY.

Kaloyan Andonov, 2024. Energy companies increase investment in cybersecurity startups [Analysis]. Global Corporate Venturing.

Staff, 2024. Cybersecurity Market Size, Share, Analysis Analysis]. Fortune Business Insights.

Staff, 2024. RBC FinSec Incubator [Analysis]. Rogers Cybersecure Catalyst.

Staff, 2024. Microsoft Digital Defense Report 2024 [White Paper]. Microsoft.

Steve Morgan, 2022. Cybercrime To Cost The World 8 Trillion Annually In 2023 [Analysis]. Cybercrime Magazine.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore episode where Vice President of Raytheon's Cyber Offense, Defense Expert Teresa Shea speaks of her journey from math to adapting new technologies on the cutting edge, With a love of math, Teresa was offered a scholarship by the Society of Women Engineering and decided to pursue a degree in electrical engineering. Unsurprisingly, there were few other women in her program, Teresa interned with and then proceeded to work for the National Security Agency becoming their SIGINT director. Following her government career, Teresa worked to help bring new technologies to government through her work at Raytheon. We thank Teresa for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week we are joined by, Blake Darché, Head of Cloudforce One at Cloudflare, to discuss their work on "Unraveling SloppyLemming’s Operations Across South Asia." Cloudforce One's investigation into the advanced threat actor "SloppyLemming" reveals an extensive espionage campaign targeting South and East Asia, with a focus on Pakistan's government, defense, telecommunications, and energy sectors.

Leveraging multiple cloud service providers, SloppyLemming employs tactics like credential harvesting, malware delivery, and command-and-control (C2) operations, often relying on open-source adversary emulation tools like Cobalt Strike. Despite its activities, the actor's poor operational security (OPSEC) has allowed investigators to gain valuable insights into its infrastructure and tooling.

The research can be found here:

• Unraveling SloppyLemming’s operations across South Asia

Learn more about your ad choices. Visit megaphone.fm/adchoices

Unredacted court filings from WhatsApp’s 2019 lawsuit against NSO Group reveal the scope of spyware infections. Glove Stealer can bypass App-Bound Encryption in Chromium-based browsers. Researchers uncover a new zero-day vulnerability in Fortinet’s FortiManager. Rapid7 detects an updated version of LodaRAT. CISA warns of active exploitation of Palo Alto Networks’ Expedition tool. Misconfigured Microsoft Power Pages accounts expose sensitive data. Iranian state hackers mimic North Koreans in fake job scams. Australia warns its critical infrastructure providers about state sponsored embedded malware. An especially cruel cybercriminal gets ten years in the slammer. Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents may change the cyber landscape. We’re countin’ down the top ten least secure passwords. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents are going to change the cyber landscape.

1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings (The Record)

Glove Stealer Malware Bypasses Chrome's App-Bound Encryption (SecurityWeek)

watchTowr Finds New Zero-Day Vulnerability in Fortinet Products ( Infosecurity Magazine)

LodaRAT: Established malware, new victim patterns (Rapid7 Blog)

CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks (SecurityWeek)

Microsoft Power Pages misconfigs exposing sensitive data (The Register)

Iranian Threat Actors Mimic North Korean Job Scam Techniques (BankInfo Security)

Hackers Lurking in Critical Infrastructure to Wage Attacks (BankInfo Security)

Cybercriminal devoid of boundaries gets 10-year prison sentence (The Register)

Top 200 Most Common Passwords (NordPass)

Just when you thought voting was over for this year…It’s time to vote…again!

The N2K CyberWire hosting team of Dave Bittner, Maria Varmazis, and Joseph Carrigan have been nominated for the Creator of the Year category in the Baltimore region’s 2024 Technical.ly Awards for their incredible work on the Hacking Humans podcast!

If you're a fan of Hacking Humans, we’d be thrilled to have your support! Please cast your vote here. (Make sure you select the “Baltimore” region). Thanks for your vote! Voting ends Monday, November 18th, so don't delay!

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts wit

h us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Feds confirm Chinese penetration of U.S. telecom wiretap systems. Anne Neuberger outlines top cybersecurity challenges facing the upcoming Trump administration. Former Air National Guardsman Jack Teixeira gets a 15-year prison sentence for leaking classified U.S. military documents. A Chinese national faces up to 20 years in prison after pleading guilty to money laundering for “pig-butchering” scams. Researchers say a popular pregnancy app has serious, unaddressed security vulnerabilities. NIST misses its deadline for clearing the NVD backlog. A B2B demand generation company confirms a leak affecting 122 million people. HHS warns healthcare organizations to be on the lookout for Godzilla. Moody’s designates the industries at highest risk of cyber attack. Guest Sarah Hutchins, Partner at Parker Poe, discusses the growing number of state data privacy laws. An AI grandma keeps scammers on the line. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Guest Sarah Hutchins, Partner at Parker Poe, discusses the growing number of state data privacy laws. You can listen to Sarah’s full conversation including litigation trends related to targeted advertising and wiretapping, and key takeaways for companies on cybersecurity practices and risk reporting on today’s Caveat episode. 

FBI confirms China-backed hackers breached US telecom giants to steal wiretap data (TechCrunch)

Top White House cyber official urges Trump to focus on ransomware, China (The Record)

Chinese national faces 20 years in US prison for laundering pig-butchering proceeds (The Record)

IT specialist Jack Teixeira jailed for 15 years after leaking classified military documents on Discord (Bitdefender)

Pregnancy Tracking App ‘What to Expect’ Refuses to Fix Issue that Allows Full Account Takeover (404 Media)

NIST Explains Why It Failed to Clear CVE Backlog (SecurityWeek)

Leaked info of 122 million linked to B2B data aggregator breach (Bleeping Computer)

Feds Warn of Godzilla Webshell Threats to Health Sector (BankInfo Security)

Industries with highest cyber risk unveiled by Moody’s Rating (SC Media)

O2 unveils Daisy, the AI granny wasting scammers’ time (Virgin Media O2) 

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Federal agencies and Five Eyes partners list the past year’s most exploited vulnerabilities. U.S. authorities hand down indictments in the Snowflake customer breach. Patch Tuesday updates. Zoom discloses multiple vulnerabilities. A China-linked hacker group has compromised Tibetan media and university websites. A cyberattack on a Dutch company affects over 2,000 U.S. grocery stores. Sheboygan suffers a ransomware attack. The White House plans to support a controversial UN cybercrime treaty. On today’s CertByte segment, N2K’s Chris Hare is joined by Dan Neville to break down a question from the CompTIA® Security+ certification Practice Test.  Bitcoin Jesus faces $48 million in tax fraud charges. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

On CertByte, host Chris Hare, content developer and project management specialist at N2K, shares practice questions and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Nevllie to break down a question targeting the CompTIA® Security+ (SY0-701) certification. Today’s question comes from N2K’s CompTIA® Security+ Practice Test.

According to CompTIA®, Security+ is "the most widely adopted ISO/ANSI-accredited early career cybersecurity certification on the market." The exam is geared towards anyone who already holds a Network+ cert, and has two years of experience in a security or a systems admin role.To learn more about this and other related topics under this objective, please refer to the following resources: CompTIA Security+ Study Guide with over 500 Practice Test Questions (Sybex Study Guide), Chapter 17: Risk Management and Privacy and CompTIA Security+ Get Certified Get Ahead: SY0-701 Study Guide Chapter 11: Implementing Policies to Mitigate Risk.

Have a question that you’d like to see covered? Email us at [email protected].

Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers.

Additional sources: www.comptia.org

FBI, CISA, and NSA reveal most exploited vulnerabilities of 2023 (Bleeping Computer)

Here’s the indictment against two men allegedly responsible for Snowflake customer breach (CyberScoop)

Microsoft Patch Tuesday, November 2024 Edition (Krebs on Security)

ICS Patch Tuesday: Security Advisories Released by CISA, Schneider, Siemens, Rockwell (SecurityWeek)

Zoom App Vulnerability Let Attackers Execute Remote Code (Cyber Security News)

China-linked group hacked Tibetan media and university sites to distribute Cobalt Strike payload (The Record)

Dutch company behind Hannaford, Stop & Shop says cyber issue affecting US network (The Record)

City of Sheboygan hit by apparent ransomware attack (WPR)

Biden Administration to Support UN Cyber Treaty Despite Concerns Over Misuse (Bloomberg)

‘Bitcoin Jesus’ Fights IRS Tax Evasion Case From Spanish Island (Bloomberg)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

At the U.N. Anne Neuberger frames ransomware as a growing public health crisis. Amazon confirms a MOVEit-related data breach. SAP provides patches and mitigations for a variety of flaws. Researchers identify North Korean hackers embedding malware in macOS applications. Form I-9 Compliance reports a data breach impacting over 193,000 individuals. Hot Topic confirms a breach affecting over 54 million customers. Halliburton reports a $35 million ransomware event. Ymir ransomware follows in the footsteps of RustyStealer.  Threat actors prepare for a second Trump presidency. A Venezuelan man gets 25 years for romance scam kidnappings. Our guest is Tim Starks from CyberScoop sharing what he’s hearing from Washington insiders as they prepare for the next Trump administration. The Secret Service wonders if warrants are really required.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Our guest is Tim Starks from CyberScoop sharing what he’s hearing from Washington insiders as they prepare for the next Trump administration.

White House Slams Russia Over Ransomware's Healthcare Hits (BankInfo Security)

Amazon employee data stolen by hacker, company confirms (Silicon Republic)

SAP Patches High-Severity Vulnerability in Web Dispatcher (SecurityWeek)

North Korean-linked hackers were caught experimenting with new macOS malware (CyberScoop)

Form I-9 Compliance Data Breach Impacts Over 190,000 People (SecurityWeek)

Hot Topic Data Breach: A Massive Leak Exposes Millions of Customer Records (SOCRadar)

Energy Giant Halliburton Reveals $35m Ransomware Loss (Infosecurity Magazine)

New Ymir ransomware partners with RustyStealer in attacks (Bleeping Computer)

How Global Threat Actors May Respond to a Second Trump Term (GovInfo Security)

Man Gets 25 Years for Online Dating Hostage Scams Targeting Americans (Hackread)

'FYI. A Warrant Isn’t Needed': Secret Service Says You Agreed To Be Tracked With Location Data (404 Media)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices