Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal’s “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you’d like to see covered? Email us at [email protected]. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional source: https://www.isc2.org/certifications/sscp   

Selected Reading

Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine)

DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security)

Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media)

Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine)

BlackLock On Track to Be 2025’s Most Prolific Ransomware Group (Infosecurity Magazine)

Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines)

Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer)

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer)

CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News)

Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record)

Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices