CEO and co-founder of SafeGuard Cyber Jim Zufoletti shares his journey starting out as an intrepreneur and transformation into a serial entrepreneur in cybersecurity. Jim shares how he got his feet wet working for others as an intrepreneur and catching the entrepreneurial bug in the mid-90s. He has co-founded a number of companies starting with FreeMarkets, a B2B ecommerce company. After that went public and Jim moved on, he went to business school at the University of Virginia and crossed paths with his future co-founder of SafeGuard Cyber. At UVA, Jim was inspired by a professor who exposed him to the effectuation approach to entrepreneurship, Along those lines, Jim recommends those looking to start a business in cyber build their experience portfolio. Jim took what he learned to help build where he is today. His company helps protect the humans in this new digital world with the current work from home environment. And, we thank Jim for sharing his story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Adam Khan, VP of Security Operations at Barracuda, joins to discuss his team's work on "The evolving use of QR codes in phishing attacks." Cybercriminals are evolving phishing tactics by embedding QR codes, or “quishing,” into PDF documents attached to emails, tricking recipients into scanning them to access malicious websites that steal credentials.

Barracuda researchers found over half a million such emails from June to September 2024, with most impersonating brands like Microsoft, DocuSign, and Adobe to exploit urgency and trust. To counter these attacks, businesses should deploy multilayered email security, use AI-powered detection tools, educate employees on QR code risks, and enable multifactor authentication to safeguard accounts.

The research can be found here:

• Threat Spotlight: The evolving use of QR codes in phishing attacks

Learn more about your ad choices. Visit megaphone.fm/adchoices

Russian hackers attack Ukraine’s state registers. NotLockBit is a new ransomware strain targeting macOS and Windows. Sophos discloses three critical vulnerabilities in its Firewall product. The BadBox botnet infects over 190,000 Android devices. BeyondTrust patches two critical vulnerabilities. Hackers stole $2.2 billion from cryptocurrency platforms in 2024. Officials dismantle a live sports streaming piracy ring. Rockwell Automation patches critical vulnerabilities in a device used for energy control in industrial systems. A new report from Dragos highlights ransomware groups targeting industrial sectors. A Ukrainian national is sentenced to 60 months in prison for distributing the Raccoon Infostealer malware. We bid a fond farewell to our colleague Rick Howard, who’s retiring after years of inspiring leadership, wisdom, and camaraderie. The LockBit gang tease what’s yet to come. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Today’s guest segment is bittersweet as we bid farewell to our beloved Rick Howard, who’s retiring after years of inspiring leadership, wisdom, and camaraderie. Join us in celebrating his incredible journey, sharing heartfelt memories, and letting him know just how deeply he’ll be missed by all of us here at N2K.

Ukraine’s state registers hit with one of Russia’s largest cyberattacks, officials say (The Record)

NotLockBit - Previously Unknown Ransomware Attack Windows & macOS (GB Hackers)

Critical Sophos Firewall Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News)

Botnet of 190,000 BadBox-Infected Android Devices Discovered (SecurityWeek)

BeyondTrust Security Incident — Command Injection and Escalation Weaknesses (CVE-2024-12356, CVE-2024-12686) (SOCRadar)

Crypto-Hackers Steal $2.2bn as North Koreans Dominate (Infosecurity Magazine)

Massive live sports piracy ring with 812 million yearly visits taken offline (Bleeping Computer)

Rockwell PowerMonitor Vulnerabilities Allow Remote Hacking of Industrial Systems (SecurityWeek)

Ransomware Attackers Target Industries with Low Downtime Tolerance (Infosecurity Magazine)

Ukrainian Raccoon Infostealer Operator Sentenced to Prison in US (SecurityWeek)

NetWalker Ransomware Operator Sentenced For Hacking Hundreds Of Organizations (Cyber Security News)

LockBit Admins Tease a New Ransomware Version (Infosecurity Magazine)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA urges senior government officials to enhance mobile device security. Russian state-sponsored hacker group Sandworm is targeting Ukrainian soldiers. A website bug in GPS tracking firm Hapn is exposing customer information. Multiple critical vulnerabilities have been identified in Sharp branded routers. Ireland’s Data Protection Commission fines Meta $263 million for alleged GDPR violations. Google releases an urgent Chrome security update to address four high-rated vulnerabilities. Cyberattacks on India-based organizations surged 92% year-over-year. Cybercriminals target Google Calendar to launch phishing attacks. Fortinet patches a critical vulnerability in FortiWLM. Juniper Networks warns of a botnet infection targeting routers with default credentials. Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, with advice on using employee access controls to limit internal cyber threats. When is “undesirable” a badge of honor?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Our guest is Jeff Krull, principal and practice leader of Baker Tilly's cybersecurity practice, talking about using employee access controls to limit internal cyber threats.

CISA urges senior government officials to lock down mobile devices amid ongoing Salt Typhoon breach (The Record)

Sandworm-linked hackers target users of Ukraine’s military app in new spying campaign (The Record)

Tracker firm Hapn spilling names of thousands of GPS tracking customers (TechCrunch)

Multiple security flaws reported in SHARP routers (Beyond Machines)

Meta fined $263 million for alleged GDPR violations that led to data breach (The Record)

Update Google Chrome Now—4 New Windows, Mac, Linux Security Warnings (Forbes)

India Sees Surge in Banking, Utilities API Attacks (Dark Reading)

Google Calendar Phishing Scam Targets Users with Malicious Invites (Hackread)

Fortinet Patches Critical FortiWLM Vulnerability (SecurityWeek)

Juniper Warns of Mirai Botnet Targeting Session Smart Routers (SecurityWeek)

Recorded Future CEO Calls Russia’s “Undesirable” Listing a “Compliment” (Infosecurity Magazine)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The U.S. considers a ban on Chinese made routers. More than 200 Cleo managed file-transfer servers remain vulnerable. The Androxgh0st botnet expands. Schneider Electric reports a critical vulnerability in some PLCs. A critical Apache Struts 2 vulnerability is being actively exploited. Malicious campaigns are targeting Chinese-branded IoT devices. A Nebraska-based healthcare insurer discloses a data breach affecting over 225,000 individuals. IntelBroker leaks 2.9GB of data from Cisco’s DevHub environment. CISA issues a Binding Operational Directive requiring federal agencies to enhance cloud security. On today’s CERTByte segment, Chris Hare and Dan Neville unpack a question targeting the Network+ certification. INTERPOL says, “Enough with the pig butchering.“

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

This week, Chris is joined by Dan Neville to break down a question targeting the Network+ certification (N10-008 expires on 12/20/24 and the N10-009 update launched on June 20th of this year). Today’s question comes from N2K’s CompTIA® Network+ Practice Test, both exam versions of which are offered on our site.

Have a question that you’d like to see covered? Email us at [email protected]. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers.

U.S. Weighs Ban on Chinese-Made Router in Millions of American Homes (Wall Street Journal)

Attack Exposure: Unpatched Cleo Managed File-Transfer Software (BankInfo Security)

Androxgh0st Botnet Targets IoT Devices, Exploiting 27 Vulnerabilities (Hackread)

Schneider Electric reports critical flaw in Modicon Programmable Logic Controllers (Beyond Machines)

RATs can sniff out your Chinese-made web cameras: here’s how to defend yourself (Cybernews)

Regional Care Data Breach Impacts 225,000 People (SecurityWeek)

Hacker IntelBroker Leaked 2.9GB of Data Stolen From Cisco DevHub Instance (Cyber Security News)

New critical Apache Struts flaw exploited to find vulnerable servers (Bleeping Computer)

CISA Issues Binding Operational Directive for Improved Cloud Security (SecurityWeek)

Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure (CISA)

INTERPOL urges end to 'Pig Butchering' term, cites harm to online victims (INTERPOL) 

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

The Biden administration takes its first step to retaliate against China for the Salt Typhoon cyberattack. The Feds release a draft National Cyber Incident Response Plan. Telecom Namibia suffers a cyberattack. The Australian Information Commissioner has reached a $50 million settlement with Meta over the Cambridge Analytica scandal. CISA releases its 2024 year in review. LastPass hackers nab an additional five millions dollars. Texas Tech University notifies over 1.4 million individuals of a ransomware attack. Researchers discover a new DarkGate RAT attack vector using vishing. A fraudster gets 69 months in prison. On our Threat Vector segment, David Moulton speaks with Nir Zuk, Founder and CTO of Palo Alto Networks about predictions for 2025. Surveillance tweaks our brains in unexpected ways. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

On our Threat Vector segment, we preview this week’s episode where host David Moulton talks with Nir Zuk, Founder and CTO of Palo Alto Networks. They talk about Palo Alto Networks' predictions for 2025, focusing on the shift to unified data security platforms and the growing importance of AI in cybersecurity. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. 

Biden Administration Takes First Step to Retaliate Against China Over Hack (The New York Times)

US Unveils New National Cyber Incident Response Plan (Infosecurity Magazine)

Telecom Namibia Cyberattack: 400,000 Files Leaked (The Cyber Express)

Landmark settlement of $50m from Meta for Australian users impacted by Cambridge Analytica incident (OAIC)

CISA Warns of New Windows Vulnerability Used in Hacker Attacks (CyberInsider)

CISA 2024 Year in review (CISA)

LastPass threat actor steals $5.4M from victims just a week before Xmas (Cointelegraph)

Texas Tech University Data Breach Impacts 1.4 Million People (SecurityWeek)

Microsoft Teams Vishing Spreads DarkGate RAT (Dark Reading)

Man Accused of SQL Injection Hacking Gets 69-Month Prison Sentence (SecurityWeek)

The psychological implications of Big Brother’s gaze (SCIMEX)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

A cyberattack in Rhode Island targets those who applied for government assistance programs. U.S. Senators propose a three billion dollar budget item to “rip and replace” Chinese telecom equipment. The Clop ransomware gang confirms exploiting vulnerabilities in Cleo’s managed file transfer platforms. A major Southern California healthcare provider suffers a ransomware attack. A leading US auto parts provider discloses a cyberattack on its Canadian business unit.SRP Federal Credit Union notifies over 240,000 individuals of cyberattack.  A sophisticated phishing campaign targets YouTube creators.  Researchers identify a high-severity vulnerability in Mullvad VPN. A horrific dark web forum moderator gets 30 years in prison. Our guests are Perry Carpenter and Mason Amadeus, hosts of the new FAIK Files podcast. Jailbreaking your license plate. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Our guests are Perry Carpenter and Mason Amadeus, hosts of The FAIK Files podcast, talking about their new show. You can find new episodes of The FAIK Files every Friday on the N2K CyberWire network. 

Personal Data of Rhode Island Residents Breached in Large Cyberattack (The New York Times)

Senators, witnesses: $3B for ‘rip and replace’ a good start to preventing Salt Typhoon-style breaches ( CyberScoop)

Clop ransomware claims responsibility for Cleo data theft attacks (Bleeping Computer)

Hackers Steal 17M Patient Records in Attack on 3 Hospitals (BankInfo Security)

Major Auto Parts Firm LKQ Hit by Cyberattack (Securityweek)

SRP Federal Credit Union Ransomware Attack Impacts 240,000 (Securityweek)

ConnectOnCall Announces 914K-Record Data Breach (HIPAA Journal)

Malware Hidden in Fake Business Proposals Hits YouTube Creators (Hackread)

Critical Mullvad VPN Vulnerabilities Let Attackers Execute Malicious Code (Cyber Security News) 

Texan man gets 30 years in prison for running CSAM exchange (The Register)

Hackers Can Jailbreak Digital License Plates to Make Others Pay Their Tolls and Tickets (WIRED)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore episode of Career Notes.

Senior security researcher from Secureworks Marcelle Lee shares her career journey into cybersecurity and how she helps solve hard problems in her daily work. Marcelle came into cybersecurity not through any traditional path. She describes her route from a different field and starting in cyber at her local community college through a grant program. Marcelle took full advantage of the opportunities she had and grew her career from there. She recommends finding your specialty, but continue to build other skills. As a woman in the field, she is a strong proponent of diversity and encouraging others to find what excites them. And, we thank Marcelle for sharing her story with us.

Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Andrew Morris, Founder and CTO of GreyNoise, to discuss their work on "GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI." GreyNoise discovered two critical zero-day vulnerabilities in IoT-connected live streaming cameras, used in sensitive environments like healthcare and industrial operations, by leveraging its AI-powered detection system, Sift.

The vulnerabilities, CVE-2024-8956 (insufficient authentication) and CVE-2024-8957 (OS command injection), could allow attackers to take full control of affected devices, manipulate video feeds, or integrate them into botnets for broader attacks. This breakthrough underscores the transformative role of AI in identifying threats that traditional systems might miss, highlighting the urgent need for robust cybersecurity measures in the expanding IoT landscape.

The research can be found here:

• GreyNoise Intelligence Discovers Zero-Day Vulnerabilities in Live Streaming Cameras with the Help of AI

Learn more about your ad choices. Visit megaphone.fm/adchoices

The U.S. dismantles the Rydox criminal marketplace.  File-sharing provider Cleo urges customers to immediately patch a critical vulnerability. A Japanese media giant reportedly paid nearly $3 million to a Russia-linked ransomware group. The largest Bitcoin ATM operator in the U.S. confirms a data breach. Microsoft quietly patches two potentially critical vulnerabilities. Researchers at Claroty describe a malware tool used by nation-state actors to target critical IoT and OT systems. Dell releases patches for a pair of critical vulnerabilities. A federal court indicts 14 North Korean nationals for a scheme funding North Korea’s weapons programs. Texas accuses a data broker of sharing sensitive driving data without consent. Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. How the bots stole Christmas. 

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Tim Starks, senior reporter at CyberScoop, joins Dave to explore the FCC's groundbreaking proposal to introduce cybersecurity rules linked to wiretapping laws. Read more about it in Tim’s article.

Rydox Cybercrime Marketplace Disrupted, Administrators Arrested (SecurityWeek)

Cleo urges customers to ‘immediately’ apply new patch as researchers discover new malware (The Record)

Japanese game and anime publisher reportedly pays $3 million ransom to Russia-linked hackers (The Record)

Bitcoin ATM Giant Byte Federal Hit by Hackers, 58,000 Users Impacted (Hackread)

Microsoft Patches Vulnerabilities in Windows Defender, Update Catalog (SecurityWeek)

Researchers Discover Malware Used by Nation-Sates to Attack OT Systems (Infosecurity Magazine)

Critical Dell Security Vulnerabilities Let Attackers Compromise Affected Systems (Cyber Security News)

14 North Korean IT Workers Charged, US to Offer $5 Million Rewards for Info (Cyber Security News)

Texas adds data broker specializing in driver behavior to list of alleged privacy law violators (The Record)

UK Shoppers Frustrated as Bots Snap Up Popular Christmas Gifts (Infosecurity Magazine)

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices