Afleveringen
-
The CISA and FBI warn that Ghost ransomware has breached organizations in over 70 countries. President Trump announces his pick to lead the DOJ’s National Security Division. A new ransomware strain targets European healthcare organizations. Researchers uncover four critical vulnerabilities in Ivanti Endpoint Manager. Microsoft has patched a critical improper access control vulnerability in Power Pages. The NSA updates its Ghidra reverse engineering tool. A former U.S. Army soldier admits to leaking private call records. Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. The pentesters’ breach was simulated — their arrest was not.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. Learn more in the report.
Selected Reading
CISA and FBI: Ghost ransomware breached orgs in 70 countries (Bleeping Computer)
Trump to nominate White House insider from first term to lead DOJ’s National Security Division (The Record)
New NailaoLocker ransomware used against EU healthcare orgs (Bleeping Computer)
PoC Exploit Published for Critical Ivanti EPM Vulnerabilities (SecurityWeek)
Microsoft Patches Exploited Power Pages Vulnerability (SecurityWeek)
NSA Added New Features to Supercharge Ghidra 11.3 (Cyber Security News)
Army soldier linked to Snowflake extortion to plead guilty (The Register)
Katie Arrington Returns to Pentagon as DoD CISO (GovInfo Security)
Penetration Testers Arrested by Police During Authorized Physical Penetration Testing (Cyber Security News)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal’s “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CertByte Segment
Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you’d like to see covered? Email us at [email protected]. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.
Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.
Additional source: https://www.isc2.org/certifications/sscp
Selected Reading
Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine)
DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security)
Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media)
Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine)
BlackLock On Track to Be 2025’s Most Prolific Ransomware Group (Infosecurity Magazine)
Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines)
Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer)
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer)
CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News)
Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record)
Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Zijn er afleveringen die ontbreken?
-
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commissioner of the Social Security Administration (SSA) resigns after Elon Musk’s team sought access to sensitive personal data of millions of Americans. The EagerBee malware framework is actively targeting government agencies and ISPs across the Middle East. Proofpoint researchers document a new macOS infostealer. A new phishing kit uses timesheet notification emails to steal credentials and two-factor authentication codes. JPMorgan Chase will begin blocking Zelle payments to social media contacts to combat online scams. Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. Transferring your digital legacy.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. You can read more about Tim’s interview “National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office” and companion piece “Trump picks Sean Cairncross for national cyber director” on CyberScoop.
Selected Reading
Palo Alto Networks Confirms Exploitation of Firewall Vulnerability (SecurityWeek)
CISA Warns of Apple iOS Vulnerability Exploited in Wild (Cyber Security News)
Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products (Cyber Security News)
Top Social Security Official Leaves After Musk Team Seeks Data Access (New York Times)
EagerBee Malware Attacking Government Entities & ISPs To Deploy Backdoor (Cyber Security News)
Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer (Infosecurity Magazine)
Microsoft Warns of Improved XCSSET macOS Malware (SecurityWeek)
Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit (GB Hackers)
Chase will soon block Zelle payments to sellers on social media (Bleeping Computer)
Digital Estate Planning: How to Prepare Your Social Media Accounts (New York Times)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc
Learn more about your ad choices. Visit megaphone.fm/adchoices -
While we are taking a publishing break to observe Washington's Birthday here in the United States, enjoy this primer on how to create a podcast from our partners at Palo Alto Networks direct from the CyberMarketingCon 2024.
Podcasts have become vital tools for sharing knowledge and insights, particularly in technical fields like cybersecurity. "Threat Vector," led by David Moulton, serves as an essential guide through the complex landscape of cyber threats, offering expert interviews and in-depth analysis.
In this session, David will discuss the process behind creating "Threat Vector," highlighting the challenges and rewards of developing a podcast that resonates with industry experts. Attendees will learn about the foundational elements of podcasting, from initial concept development to content creation and audience engagement.
David's approach integrates his extensive background in storytelling, design, and strategic marketing, enabling him to tackle intricate cybersecurity topics and make them accessible to a broad audience. This session will dive into how to present intricate cybersecurity topics in an accessible and engaging manner and explore various techniques for producing compelling content and effective strategies for promoting a podcast to a wider audience.
Join David and guest host David J. Ebner of Content Workshop for an informative discussion on using podcasts as a medium for education and influence in the cybersecurity field. This session is ideal for anyone interested in starting a podcast or enhancing their approach to cybersecurity communication.
Join the conversation on our social media channels:
Website: http://www.paloaltonetworks.com
Threat Research: â â â â https://unit42.paloaltonetworks.com/â â â â
Facebook: â â â â https://www.facebook.com/LifeatPaloAltoNetworks/â â â â
LinkedIn: â â â â https://www.linkedin.com/company/palo-alto-networks/
YouTube: â â â â @paloaltonetworks
Twitter: â â â â https://twitter.com/PaloAltoNtwksâ â â â
About Threat Vector
Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.
The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.
Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.
Palo Alto Networks
Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. â http://paloaltonetworks.comâ
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Maria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in security and took it upon herself to train up and move into that realm. Maria notes it was not without roadblocks, but that being flexible helped her address those challenges and make her career in security happen. We thank Maria for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Nati Tal, Head of Guardio Labs, discusses their work on "“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising." Guardio has uncovered a large-scale malvertising campaign dubbed “DeceptionAds,” which tricks users into running a malicious PowerShell command under the guise of proving they’re human. This fake CAPTCHA scheme delivers Lumma info-stealer malware while bypassing security measures like Google’s Safe Browsing.
Even after disclosure and takedown efforts, the campaign resurfaced—raising concerns about the effectiveness of existing defenses against ad-driven cyber threats.
The research can be found here:
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Nakasone addresses AI at the Munich Cyber Security Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation. German officials investigate Apple’s App Tracking. Hackers exploited security flaws in BeyondTrust. CISA issues 20 new ICS advisories. The new Astoroth phishing kit bypasses 2FA. Hackers waste no time exploiting a SonicWall proof-of-concept vulnerability. Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. Have I Been Pwned ponders whether resellers are worth the trouble.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. You can read more in "How Cybercriminals Are Using AI: Exploring the New Threat Landscape."
Selected Reading
Putting the human back into AI is key, former NSA Director Nakasone says (The Record)
Court Documents Shed New Light on DOGE Access and Activity at Treasury Department (Zero Day)
Musk's DOGE team: Judges to consider barring it from US government systems (Reuters)
Anyone Can Push Updates to the DOGE.gov Website (404 Media)
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster (Bleeping Computer)
Apple app tracking rules more strict for others – watchdog (The Register)
PostgreSQL flaw exploited as zero-day in BeyondTrust breach (Bleeping Computer)
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News)
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins (GB Hackers)
SonicWall Firewall Vulnerability Exploited After PoC Publication (SecurityWeek)
Have I Been Pwned likely to ban resellers (The Register)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Salt Typhoon is still at it. Russian cyber-actor Seashell Blizzard expands its reach. The EFF sues DOGE to protect federal workers’ data. House Republicans pursue a comprehensive data privacy bill. Fortinet patches a critical vulnerability. Google views cybercrime as a national security threat. Palo Alto Networks issues 10 new security advisories. Symantec suspects a Chinese APT sidehustle. Guest Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. A massive IoT data breach exposes 2.7 billion records. Here come the AI agents.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today’s guest, Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware.
Selected Reading
China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers (WIRED)
Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops (Infosecurity Magazine)
EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data (Infosecurity Magazine)
Elon Musk and the Right Are Recasting Reporting as ‘Doxxing’ (New York Times)
FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! (Hackread)
Cybercrime evolving into national security threat: Google (The Record)
House Republicans launch group for comprehensive data privacy legislation (The Record)
Palo Alto Networks Patches Potentially Serious Firewall Vulnerability (SecurityWeek)
Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job (SecurityWeek)
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords (Cyber Security News)
Are You Ready to Let an AI Agent Use Your Computer? (IEEE Spectrum)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Is DOGE a cyberattack against America? The White House plans to nominate a new national cyber director. Patch Tuesday updates. Ivanti discloses a critical stack-based buffer overflow vulnerability. The GAO identifies cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System. An Arizona woman pleads guilty to running a laptop farm for North Korea. A notorious swatter gets a prison sentence. Our guests are Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast. Plague-themed phishing tests take it too far.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we welcome Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast, sharing their plans for 2025. You can listen to new episodes of Breaking Through in Cybersecurity Marketing every Wednesday airing on the N2K CyberWire network and wherever you get your podcasts.
Selected Reading
DOGE's Cyberattack Against America (Foreign Policy)
Trump plans to nominate GOP insider Sean Cairncross as national cyber director (The Record)
Microsoft Fixes Another Two Actively Exploited Zero-Days (Infosecurity Magazine)
Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities (SecurityWeek)
ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens (SecurityWeek)
Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely (Cyber Security News)
GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System (SecurityWeek)
Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence (The Record)
California Teenager Sentenced to 48 Months in Prison for Nationwide Swatting Spree (US Department of Justice)
Phishing Tests, the Bane of Work Life, Are Getting Meaner (Wall Street Journal)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Apple releases emergency security updates to patch a zero-day vulnerability. CISA places election security workers on leave. Elon Musk leads a group of investors making an unsolicited bid to acquire OpenAI. The man accused of hacking the SEC’s XTwitter account pleads guilty. Law enforcement seizes the leak site of the 8Base ransomware gang. Researchers track a massive increase in brute-force attacks targeting edge devices. Experts question the U.K. government’s demand for an encryption backdoor in Apple devices. Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike." And it’s international day for women and girls in science.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike."
Selected Reading
Apple fixes zero-day exploited in 'extremely sophisticated' attacks (BleepingComputer)
US cyber agency puts election security staffers who worked with the states on leave (AP News)
Elon Musk-led group makes $97.4 billion bid for OpenAI, CEO refuses and offers to "buy Twitter for $9.74 billion" (TechSpot)
OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials (SecurityWeek)
Hacker who hijacked SEC’s X account pleads guilty, faces maximum five-year sentence (The Record)
8Base ransomware site taken down as Thai authorities arrest 4 connected to operation (The Record)
Edge Devices Face Surge in Mass Brute-Force Password Attacks (Data Breach Today)
U.K. Kicks Apple’s Door Open for China (Wall Street Journal)
International Day of Women and Girls in Science- United Nations (United Nations)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
A cyberattack disrupts newspaper publishing. A major AI summit takes place in Paris this week. A federal judge restricts DOGE from accessing Treasury Department systems. Cybersecurity cooperation between Canada and the U.S. remains strong. The Kraken ransomware group leaks credentials allegedly linked to Cisco. Europol urges banks to start preparing for quantum-safe cryptography. Microsoft expands its Copilot bug bounty program. The PlayStation Network (PSN) experienced a major outage over the weekend. Indiana man sentenced to 20 years for $37m cryptocurrency fraud. Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI. Hunting for length and complexity in WiFi passwords.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Mike Woodard, VP of Product Management for App Security at Digital.ai, sharing strategies to minimize risk when implementing AI to enhance security.
Selected Reading
Cyberattack Disrupts Publication of Lee Newspapers Across the U.S. (New York Times)
Trump’s AI Ambition and China’s DeepSeek Overshadow an AI Summit in Paris (SecurityWeek)
Musk Team’s Treasury Access Raises Security Fears, Despite Judge’s Ordered Halt (New York Times)
In Breaking USAID, the Trump Administration May Have Broken the Law (ProPublica)
Judge: DOGE made US Treasury ‘more vulnerable to hacking’ (The Register)
Cisco Data Breach – Ransomware Group Allegedly Breached Internal Network (GB Hackers)
Europol Warns Financial Sector of “Imminent” Quantum Threat (Infosecurity Magazine)
Trade war or not, Canada will keep working with the U.S. on cybersecurity (The Logic)
Microsoft Expands Copilot Bug Bounty Program, Increases Payouts (SecurityWeek)
PlayStation Network Down; Outage Leaves Gamers Frustrated (Updated) (HackRead)
Indiana Man Sentenced to 20 Years in Federal Prison for Conspiracies Involving Cyber Intrusion and a Massive $37 Million Cryptocurrency Theft (DataBreaches.Net)
The World's Longest and Strongest WiFi Passwords (InfoSec Write-ups)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
CEO and co-founder of Orca Security Avi Shua shares his thoughts on ways to succeed in cybersecurity. Avi's excitement about cybersecurity began when he was 13 as he tried to think of ways to get around the school's network security. He joined the Israeli Army's Intelligence Unit 8200 and experienced some unique cybersecurity training programs that he would eventually come to teach. Learning to solve problems on your own is a skill Avi acquired and took into his professional career. In his current position, Avi works to advance Orca's mission. He loves that his company works to reduce friction and enables security people to do their jobs. Instead of becoming of plumbers connecting things, Avi says they can do their job and become real security practitioners. We thank Avi for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Mark Manglicmot, SVP of Security Services from Arctic Wolf, is sharing their research on "Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software." Arctic Wolf Labs discovered an ongoing exploitation campaign targeting Cleo Managed File Transfer (MFT) products, beginning on December 7, 2024. Threat actors used a malicious PowerShell stager to deploy a Java-based backdoor, dubbed Cleopatra, which features in-memory file storage and cross-platform compatibility across Windows and Linux.
Despite Cleo's previous patch for CVE-2024-50623, attackers appear to have leveraged an alternative access method, exploiting the software's autorun feature to execute payloads and establish persistent access.
The research can be found here:
Cleopatra’s Shadow: A Mass Exploitation Campaign Deploying a Java Backdoor Through Zero-Day Exploitation of Cleo MFT Software
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Security concerns grow over DOGE’s use of AI. The British government demands access to encrypted iCloud accounts. Researchers identify critical vulnerabilities in the DeepSeek iOS app. Microsoft Edge uses AI to block scareware. A phishing campaign targets Facebook users with fake copyright infringement notices. Researchers discover malicious machine learning models on Hugging Face. A major data broker faces yet-another data breach lawsuit. CISA warns of a critical Microsoft Outlook vulnerability under active exploitation. Guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control. The UK’s cyber weather report says expect light phishing with a chance of ransomware.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today on our Industry Voices segment, guest John Anthony Smith, Founder and Chief Security Officer at Fenix24, shares insights into why backups are the most important security control.
For additional details, please visit this resource:
The Reality of Resilience, Recovery, and Repeat Cyberattacks (Infographic)
Selected Reading
Elon Musk’s DOGE feeds AI sensitive federal data to target cuts (The Washington Post)
Will DOGE Access to CMS Data Lead to HIPAA Breaches? (GovInfo Security)
Federal judge tightens DOGE leash over critical Treasury payment system access (The Register)
UK reportedly demands secret ‘back door’ to Apple users’ iCloud accounts (The Record)
NowSecure Uncovers Multiple Security and Privacy Flaws in DeepSeek iOS Mobile App (NowSecure)
Microsoft Edge update adds AI-powered Scareware Blocker (Bleeping Computer)
New Facebook Fake Copyright Notices Phishing Steals Your FB Credentials (Cyber Security News)
Developers Beware! Malicious ML Models Detected on Hugging Face Platform (Cyber Security News)
Coordinates of millions of smartphones feared stolen, sparking yet another lawsuit against data broker (The Register)
Critical Microsoft Outlook Vulnerability (CVE-2024-21413) Actively Exploited in Attacks - CISA Warns (CISA)
UK cyberattack severity to be scored by world-first group (The Register)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Chaos and security concerns continue in Washington. Spanish authorities arrest a man suspected of hacking NATO, the UN, and the US Army. A major U.S. hiring platform exposes millions of resumes. Another British engineering firm suffers a cyberattack. Cisco patches multiple vulnerabilities. Cybercriminals exploit SVG files in phishing attacks. SparkCat SDK targets cryptocurrency via Android and iOS apps. CISA directs federal agencies to patch a high-severity Linux kernel flaw. Thailand leaves scamming syndicates in the dark. Positive trends in the fight against ransomware. Our guest is Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. Don’t eff with the FCC.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today on our Industry Voices segment, guest Cliff Crosland, CEO and Co-founder at Scanner.dev, discusses the evolution of security data lakes and the "bring your own" model for security tools. For some additional details, check out their blog on “Security Data Lakes: A New Tool for Threat Hunting, Detection & Response, and GenAI-Powered Analysis.”
Selected Reading
Musk’s DOGE agents access sensitive personnel data, alarming security officials (Washington Post)
Union groups sue Treasury over giving DOGE access to sensitive data (The Record)
Hacker Who Targeted NATO, US Army Arrested in Spain (SecurityWeek)
Hiring platform serves users raw with 5.4 million CVs exposed (Cybernews)
IMI becomes the latest British engineering firm to be hacked (TechCrunch)
Cisco Patches Critical Vulnerabilities in Enterprise Security Product (SecurityWeek)
Scalable Vector Graphics files pose a novel phishing threat (Sophos News)
Crypto-stealing apps found in Apple App Store for the first time (Bleeping Computer)
Ransomware payments dropped in 2024 as victims refused to pay hackers (TechCrunch)
CISA orders agencies to patch Linux kernel bug exploited in attacks (Bleeping Computer)
Thailand cuts power supply to Myanmar scam hubs (The Record)
Robocallers posing as FCC fraud prevention team call FCC staff (Bleeping Computer)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The DOGE team faces growing backlash. The Five Eyes release guidance on protecting edge devices. A critical macOS kernel vulnerability allows privilege escalation, memory corruption, and kernel code execution. Google and Mozilla release security updates for Chrome and Firefox. Multiple Veeam backup products are vulnerable to man-in-the-middle attacks. Zyxel suggests you replace those outdated routers. A former Google engineer faces multiple charges for alleged corporate espionage. CISA issues nine new advisories for ICS vulnerabilities. A house Republican introduces a cybersecurity workforce scholarship bill. On our CertByte segment, a look at ISC2’s CISSP exam. Google updates its stance on AI weapons.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CertByte Segment
Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare.
This week, Chris is joined by Steven Burnley to break down a question targeting ISC2®'s CISSP - Certified Information Systems Security Professional) exam. Today’s question comes from N2K’s ISC2® CISSP - Certified Information Systems Security Professional Practice Test.
Have a question that you’d like to see covered? Email us at [email protected]. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.
Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.
Selected Reading
Federal Workers Sue to Disconnect DOGE Server (WIRED)
Treasury says DOGE review has ‘read-only’ access to federal payments system (The Record)
‘Things Are Going to Get Intense:’ How a Musk Ally Plans to Push AI on the Government (404 Media)
Cybersecurity, government experts are aghast at security failures in DOGE takeover (CyberScoop)
Five Eyes Launch Guidance to Improve Edge Device Security (Infosecurity Magazine)
Apple's MacOS Kernel Vulnerability Let Attackers Escalate Privileges - PoC Released (Cyber Security News)
Chrome 133, Firefox 135 Patch High-Severity Vulnerabilities (SecurityWeek)
Critical Veeam Vulnerability (CVE-2025-23114) Exposes Backup Servers to Remote Code Execution (SOCRadar)
Router maker Zyxel tells customers to replace vulnerable hardware exploited by hackers (TechCrunch)
US cranks up espionage charges against ex-Googler accused of trade secrets heist (The Register)
CISA Releases Nine Advisories Detailing vulnerabilities and Exploits Surrounding ICS (Cyber Security News)
CISA hires former DHS CIO into top cyber position (Federal News Network)
Proposal for federal cyber scholarship, with service requirement, returns in House (The Record)
Google drops pledge not to use AI for weapons or surveillance (Washington Post)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
DOGE’s unchecked access to federal networks sparks major cybersecurity fears. Senator Hawley’s AI ban targets China and raises free speech concerns. Apple service ticket portal vulnerability exposed millions of users’ data. North Korean ‘FlexibleFerret’ malware targets macos via job scams and fake zoom apps. February 2025 android security update fixes 48 vulnerabilities, including exploited zero-day. Grubhub data breach exposes customer and driver information. Abandoned cloud infrastructure creates major security risks. Texas to launch its own Cyber Command amid rising cyber threats. Dell PowerProtect vulnerabilities pose critical security risks. On our Threat Vector segment, David Moulton and his guests look at the potential dangers of DeepSeek. U.S. Government is quietly altering the Head Start database. And a moment of inspiration from a spacefaring poet.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
Threat Vector Segment
Artificial intelligence is advancing fast, but with innovation comes risk. In this segment of Threat Vector, host David Moulton sits down with Sam Rubin, SVP of Consulting and Threat Intelligence at Unit 42, and Kyle Wilhoit, Director of Threat Research, to explore the vulnerabilities of DeepSeek, a new large language model. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networksï»ż every Thursday.
Selected Reading
Musk’s DOGE effort could spread malware, expose US systems to threat actors (CSO Online)
As DOGE teams plug into federal networks, cybersecurity risks could be huge, experts say (The Record)
Senator Hawley Proposes Jail Time for People Who Download DeepSeek (404 Media)
Apple Service Ticket portal Vulnerability Exposes Millions of Users Data (Cyber Security News)
N. Korean ‘FlexibleFerret’ Malware Hits macOS with Fake Zoom, Job Scams (Hackread)
Google fixes Android kernel zero-day exploited in attacks (Bleeping Computer)
GrubHub Data Breach - Customers Phone Numbers Exposed (Cyber Security News)
Here’s all the ways an abandoned cloud instance can cause security issues (CyberScoop)
Texas to Establish Cyber Command Amid “Dramatic” Rise in Attacks (Infosecurity Magazine)
Multiple Dell PowerProtect Vulnerabilities Let Attackers Compromise System (Cyber Security News)
‘Forbidden Words’: Github Reveals How Software Engineers Are Purging Federal Databases (404 Media)
T-Minus Deep Space: Inspiration4 with Dr. Sian “Leo” Proctor. (T-Minus Deep Space podcast)
Dr. Sian Proctor got her ticket to space after being selected for her poetry (Instagram)
2025 SpaceCom: Interview with Dr. Sian Proctor (YouTube)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Federal agencies become battlegrounds in an unprecedented power struggle. XE Group evolves from credit-card skimming to exploiting zero-day vulnerabilities. WhatsApp uncovers a zero-click spyware attack linked to an Israeli firm.Texas expands its ban on Chinese-backed AI and social media apps. Data breaches expose the personal and medical information of over a million people.NVIDIA patches multiple critical vulnerabilities. Arm discloses critical vulnerabilities affecting its Mali GPU Kernel Drivers and firmware. The UK government aims to set the global standard for securing AI. Tim Starks from CyberScoop has the latest from Senate confirmation hearings. The National Cryptologic Museum rights a wrong.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Joining us today is Tim Starks, Senior Reporter from CyberScoop, to discuss two of his recent articles:
FBI nominee Kash Patel getting questions on cybercrime investigations, Silk Road founder, surveillance powers
Even the US government can fall victim to cryptojacking
Selected Reading
Top Security Officials at Aid Agency Put on Leave After Denying Access to Musk Team (New York Times)
Exclusive: Musk aides lock workers out of OPM computer system (Reuters)
Federal Workers Block Doors of Admin Building Over Elon Musk Data Breach (DC Media Group)
Trump Broke the Federal Email System and Government Employees Got Blasted With Astonishingly Vulgar Messages (Futurism)
CISA employees told they are exempt from federal worker resignation program (The Record)
From credit card fraud to zero-day exploits: Xe Group expanding cybercriminal efforts (CyberScoop)
Israeli Firm Paragon Attack WhatsApp With New Zero-Click Spyware (Cyber Security News)
Texas Gov. Greg Abbott bans DeepSeek, RedNote and other Chinese-backed AI platforms (Statesman)
Hundreds of Thousands Hit by Data Breaches at Healthcare Firms in Colorado, North Carolina (SecurityWeek)
Insurance Company Globe Life Notifying 850,000 People of Data Breach (SecurityWeek)
NVIDIA GPU Display Driver Vulnerability Lets Attackers Steal Files Remotely - Update Now (Cyber Security News)
Arm Mali GPU Kernel Driver 0-Day Vulnerability Actively Exploited in the Wild (Cyber Security News)
UK Announces “World-First” AI Security Standard (Infosecurity Magazine)
Larry Pfeiffer on Bluesky (Bluesky)
Possibly related to the Bluesky post: Trailblazers in U.S. Cryptologic History
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore episode with Principal Research Scientist for Human Behavior at Forcepoint, Margaret Cunningham. She shares her story of how she landed in cybersecurity. With a background in psychology and counseling and not feeling that one-on-one counseling was her thing, Margaret had a transformational moment in her PhD program in applied experimental technology when she realized she could "provide helping services and good work services at a broader scale." Margaret found her professional footing at DHS's Human Systems Integration Branch of Science and Technology Department as the person who figured out how to measure how new technologies impacted human performance. Margaret points out that making connections and reading whatever you can is important to stay up to date in the field. She notes that her statistical analysis skills are an asset. She hopes to create champions in human behavior and performance in the world of technology. We thank Margaret for sharing her story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
This week, Dave Bittner is joined by Juan Andres Guerrero-Saade (JAGS) from SentinelOne's SentinelLabs to discuss the work his team and Tinexta Cyber did on "Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels."
Tinexta Cyber and SentinelLabs have been tracking threat activities targeting business-to-business IT service providers in Southern Europe. Based on the malware, infrastructure, techniques used, victimology, and the timing of the activities, we assess that it is highly likely these attacks were conducted by a China-nexus threat actor with cyberespionage motivations.
The relationships between European countries and China are complex, characterized by cooperation, competition, and underlying tensions in areas such as trade, investment, and technology. Suspected China-linked cyberespionage groups frequently target public and private organizations across Europe to gather strategic intelligence, gain competitive advantages, and advance geopolitical, economic, and technological interests.
The research can be found here:
Operation Digital Eye | Chinese APT Compromises Critical Digital Infrastructure via Visual Studio Code Tunnels
Learn more about your ad choices. Visit megaphone.fm/adchoices - Laat meer zien
