![From small-time scams to billion-dollar threats. [Research Saturday]](https://is5-ssl.mzstatic.com/image/thumb/Podcasts116/v4/12/16/ca/1216caa3-af21-5352-8400-c6e0e84332b5/mza_6844882071149318753.jpg/250x250bb.jpg)
Folgen
-
This week we are joined by Phil Stokes, threat researcher at SentinelOne's SentinelLabs, discussing their work on "macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed." Apple recently pushed an update to its XProtect tool, blocking several variants of the DPRK-linked Ferret malware family, which targets victims through the "Contagious Interview" campaign.
The malware uses fake job interview processes to trick users into installing malicious software, and new variants, including FlexibleFerret, remain undetected by XProtect. SentinelOne's research reveals a deeper investigation into this malware, which uses social engineering to expand its attack vectors, including targeting developers through platforms like GitHub.
The research can be found here:
macOS FlexibleFerret | Further Variants of DPRK Malware Family Unearthed
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Qilin ransomware gang claims responsibility for attack against Lee Enterprises. Thai police arrest suspected hacker behind more than 90 data leaks. JavaGhost uses compromised AWS environments to launch phishing campaigns. LotusBlossum cyberespionage campaigns target Southeast Asia. Malware abuses Microsoft dev tunnels for C2 communication. Protecting the food supply. Today’s guest is Keith Mularski, Chief Global Ambassador at Qintel and former FBI Special Agent, discussing crypto being the target of the cyber underground. And an interview with Iron Man?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today we share Dave’s conversation with Keith Mularski, Chief Global Ambassador at Qintel and former FBI Special Agent, discussing crypto being the target of the cyber underground.
Selected Reading
Ransomware Group Takes Credit for Lee Enterprises Attack (SecurityWeek)
Hacker Behind Over 90 Data Leaks Arrested in Thailand (SecurityWeek)
JavaGhost’s Persistent Phishing Attacks From the Cloud (Unit 42)
Lotus Blossom espionage group targets multiple industries with different versions of Sagerunex and hacking tools (Cisco Talos)
Njrat Campaign Using Microsoft Dev Tunnels (SANS Internet Storm Center)
New Pass-the-Cookie Attack Bypass Microsoft 365 & YouTube MFA Logins (Cyber Security News)
How pass the cookie attacks can bypass your MFA (Longwall Security)
Farm and Food Cybersecurity Act reintroduced to protect food supply chain from cyber threats (Industrial Cyber)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Fehlende Folgen?
-
FBI attributes $1.5 billion Bybit hack to DPRK hackers. Cellebrite suspends services in Serbia following allegations of misuse. A Belgium spy agency is hacked. New groups, bigger attacks. Sticky Werewolf strikes again. US DNI orders legal review of UK's request for iCloud backdoor. A cybersecurity veteran takes CISA’s lead. DOGE accesses sensitive HUD data. Cleveland Municipal Court remains closed following cyber incident. Our guest today is an excerpt from our Caveat podcast. Adam Marré, Arctic Wolf CISO and former FBI special agent, joins Dave to discuss banning TikTok and increasing regulations for social media companies. And can hacking be treason?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest today is an excerpt from our Caveat podcast. Adam Marré, Arctic Wolf CISO and former FBI special agent, joins Dave to discuss banning TikTok and increasing regulations for social media companies. You can hear Adam and Dave’s full discussion on today’s Caveat episode. Listen to Dave and co-host Ben Yelin discuss the issue following the interview on Caveat.
Selected Reading
FBI confirms Lazarus hackers were behind $1.5B Bybit crypto heist (Bleeping Computer)
Cellebrite suspends Serbia as customer after claims police used firm's tech to plant spyware (TechCrunch)
Belgium probes suspected Chinese hack of state security service (The Record)
It's not just Salt Typhoon: All China-backed attack groups are showcasing specialized offensive skills (CyberScoop)
Angry Likho APT Resurfaces with Lumma Stealer Attacks Against Russia (Hackread)
Gabbard: UK demand to Apple for backdoor access is 'grave concern' to US (The Record)
Karen Evans steps into a leading federal cyber position: executive assistant director for cybersecurity at CISA (CyberScoop)
DOGE Gains Access to Confidential Records on Housing Discrimination, Medical Details — Even Domestic Violence (ProPublica)
‘Cyber incident’ shuts down Cleveland Municipal Court for third straight day (The Record)
Cyber threat shuts down Cleveland Municipal Court for second day (News5 Cleveland)
U.S. Soldier Charged in AT&T Hack Searched “Can Hacking Be Treason” (Krebs on Security)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
In this special live episode of Hacking Humans, recorded at ThreatLocker’s Zero Trust World 2025 conference in Orlando, Florida, Dave Bittner is joined by T-Minus host Maria Varmazis. Together, they explore the latest in social engineering scams, phishing schemes, and cybercriminal exploits making headlines. Their guest, Seamus Lennon, ThreatLocker’s VP of Operations for EMEA, shares insights on Zero Trust security and the evolving threat landscape. Maria's story this week follows the IRS warning about a fake “Self Employment Tax Credit” scam on social media, urging taxpayers to ignore misinformation and consult professionals. Dave's got the story of the Better Business Bureau’s annual Scam Tracker report, revealing that online shopping scams continue to top the list for the fifth year, with phishing and employment scams remaining major threats, while fraudsters increasingly use AI and deepfake technology to deceive victims. Our catch of the day comes from Diesel in West Virginia, and features a scammer who tried to panic their target with a classic “We’ve frozen your account” scam—only to get hilariously mixed up with actual embryo freezing.
Resources and links to stories:
Better Business Bureau reveals top local scams of 2024
IRS warns taxpayers about misleading claims about non-existent “Self Employment Tax Credit;” promoters, social media peddling inaccurate eligibility suggestions
BBB Scam Tracker
Got a $1,400 rebate text from the IRS? It's a scam, Better Business Bureau warns.
You can hear more from the T-Minus space daily show here.
Have a Catch of the Day you'd like to share? Email it to us at [email protected].
Learn more about your ad choices. Visit megaphone.fm/adchoices -
A major employee screening provider discloses a data breach affecting over 3.3 million people. Signal considers exiting Sweden over a proposed law that would give police access to encrypted messages. House Democrats call out DOGE’s negligent cybersecurity practices. Critical vulnerabilities in Rsync allow attackers to execute remote code. A class action lawsuit claims Amazon violates Washington State’s privacy laws. CISA warns that attackers are exploiting Microsoft’s Partner Center platform. A researcher discovers a critical remote code execution vulnerability in MITRE’s Caldera security training platform. An analysis of CISA’s JCDC AI Cybersecurity Collaboration Playbook. Ben Yelin explains Apple pulling iCloud end-to-end encryption in response to the UK Government. A Disney employee’s cautionary tale.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
We are joined by Caveat podcast co-host Ben Yelin to discuss Apple pulling iCloud end-to-end encryption in response to the UK Government. You can read the article from Bleeping Computer here. Ben is the Program Director for Public Policy & External Affairs at University of Maryland Center for Health and Homeland Security. You can catch Caveat every Thursday here on the N2K CyberWire network and on your favorite podcast app.
Selected Reading
3.3 Million People Impacted by DISA Data Breach (SecurityWeek)
DOGE must halt all ‘negligent cybersecurity practices,’ House Democrats tell Trump (The Record)
Signal May Exit Sweden If Government Imposes Encryption Backdoor (Infosecurity Magazine)
Rsync Vulnerabilities Let Hackers Gain Full Control of Servers - PoC Released (Cyber Security News)
Lawsuit: Amazon Violates Washington State Health Data Law (BankInfo Security)
CISA Warns of Microsoft Partner Center Access Control Vulnerability Exploited in Wild (Cyber Security News)
MITRE Caldera security suite scores perfect 10 for insecurity (The Register)
CISA’s AI cybersecurity playbook calls for greater collaboration, but trust is key to successful execution (CyberScoop)
A Disney Worker Downloaded an AI Tool. It Led to a Hack That Ruined His Life. (Wall Street Journal)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
A hacker claims to have stolen internal documents from a major French telecommunications company. A security breach hits Russia’s financial sector. Cyberattacks targeting ICS and OT surged dramatically last year. Chinese group Silver Fox is spoofing medical software. The UK Home Office’s new vulnerability reporting policy risks prosecuting ethical hackers. Ransomware actors are shifting away from encryption. A sophisticated macOS malware campaign is distributing Poseidon Stealer. The LightSpy surveillance framework evolves into a cross-platform espionage tool. A Chinese botnet is targeting Microsoft 365 accounts using password spraying attacks. Our guest today is Lauren Buitta, Founder and CEO at Girl Security, discussing mentoring and intergenerational strategies. There may be a backdoor in your front door.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest today is Lauren Buitta, Founder and CEO at Girl Security, discussing mentoring and intergenerational strategies.
Selected Reading
Orange Group confirms breach after hacker leaks company documents (Bleeping Computer)
Russia warns of breach of major IT service provider LANIT serving the financial sector (Beyond Machines)
Dragos: Surge of new hacking groups enter ICS space as states collaborate with private actors (CyberScoop)
China's Silver Fox spoofs medical imaging apps to hijack patients' computers (The Register)
UK Home Office’s new vulnerability reporting mechanism leaves researchers open to prosecution (The Record)
Only a Fifth of Ransomware Attacks Now Encrypt Data (Infosecurity Magazine)
Poseidon Stealer Malware Attacking Mac Users via Fake DeepSeek Site (Cyber Security News)
Exploits for unpatched Parallels Desktop flaw give root on Macs (Bleeping Computer)
LightSpy Malware Expands with 100+ Commands to Target Users Across All Major OS Platforms (GB Hackers)
Chinese Botnet Bypasses MFA in Microsoft 365 Attacks (Infosecurity Magazine)
CISA Warns of Attacks Exploiting Oracle Agile PLM Vulnerability (SecurityWeek)
A single default password exposes access to dozens of apartment buildings (TechCrunch)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Retired Gen. Paul Nakasone warns the U.S. is falling behind in cyberspace. Australia orders government entities to remove and ban Kaspersky products. FatalRAT targets industrial organizations in the APAC region. A major cryptocurrency exchange reports the theft of $1.5 billion in digital assets. Apple removes end-to-end encryption (E2EE) for iCloud in the UK. Researchers uncover a LockBit ransomware attack exploiting a Windows Confluence server. Researchers uncover zero-day vulnerabilities in a widely used cloud logging utility.A PayPal email scam is tricking users into calling scammers. Republican leaders in the House request public input on national data privacy standards. A Michigan man faces charges for his use of the Genesis cybercrime marketplace. Our guest is Karl Sigler, Senior Security Research Manager from Trustwave SpiderLabs, explaining the domino effect of a cyberattack on the power grid. Meta sues an Insta Extortionist.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, Dave speaks with Karl Sigler, Senior Security Research Manager from Trustwave SpiderLabs, about the domino effect of a cyberattack on the power grid. You can dig into the details in their report.
Selected Reading
Former NSA, Cyber Command chief Paul Nakasone says U.S. falling behind its enemies in cyberspace (CyberScoop)
Kaspersky Banned on Australian Government Systems (SecurityWeek)
Chinese Hackers Attacking Industrial Organizations With Sophisticated FatalRAT (Cyber Security News)
Bybit Hack Drains $1.5 Billion From Cryptocurrency Exchange (SecurityWeek)
Experts Slam Government After “Disastrous” Apple Encryption Move (Infosecurity Magazine)
Confluence Exploit Leads to LockBit Ransomware (The DFIR Report)
Fluent Bit 0-day Vulnerabilities Exposes Billions of Production Environments to Cyber Attacks (Cyber Security News)
Beware: PayPal "New Address" feature abused to send phishing emails (Bleeping Computer)
Top House E&C Republicans query public for ideas on data privacy law (CyberScoop)
US Charges Genesis Market User (SecurityWeek)
Meta Sues Alleged Instagram Extortionist (404 Media)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
Senior technical project manager Dwayne Price takes us on his career journey from databases to project management. Always fascinated with technology and one who appreciates the aspects of the business side of a computer implementations, Dwayne attended UMBC for both his undergraduate and graduate degrees in information systems management. A strong Unix administration background prepared him to understand the relationship between Unix administration and database security. He recommends those interested in cybersecurity check out the NICE Framework as it speaks to all the various different types of roles in cybersecurity, Dwayne prides himself on his communication skills and openness. We thank Dwayne for sharing his story with us.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
This week, we are joined by Selena Larson from Proofpoint, and co-host of the "Only Malware in the Building" podcast, as she discusses the research on "Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk." The cybersecurity industry has historically prioritized Advanced Persistent Threats (APTs) from nation-state actors over cybercrime, but this distinction is outdated as cybercriminals now employ equally sophisticated tactics.
Financially motivated threat actors, especially ransomware groups, have evolved to the point where they rival state-backed hackers in technical capability and impact, disrupting businesses, infrastructure, and individuals on a massive scale. To enhance security, defenders must shift focus from an APT-centric mindset to a broader approach that equally prioritizes combating cybercrime, which poses an immediate and tangible risk to global stability.
The research can be found here:
Why Biasing Advanced Persistent Threats over Cybercrime is a Security Risk
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The Senate confirms Kash Patel as FBI director. The SEC rebrands its Crypto Assets and Cyber Unit. Microsoft's quantum chip signals an urgent need for post-quantum security. Chat log leaks reveal the inner workings of BlackBasta. CISA advisories highlight Craft CMS and ICS devices. Researchers release proof-of-concepts for Ivanti Endpoint Manager vulnerabilities. Warby Parker gets a $1.5 million HIPAA fine. Our guest is Steve Schmidt, Amazon CSO, with a behind the scenes look at securing a major event. Researchers explore the massive, mysterious YouTube wormhole.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Steve Schmidt, Amazon CSO, talking about integrating physical and logical security measures. Learn more: "Securing a city-sized event: How Amazon integrates physical and logical security at re:Invent."
Selected Reading
Trump loyalist Kash Patel is confirmed as FBI director by the Senate despite deep Democratic doubts (AP)
SEC rebrands cryptocurrency unit to focus on emerging technologies (CyberScoop)
Microsoft’s Quantum Chip Breakthrough Accelerates Threat to Encryption (Infosecurity Magazine)
BlackBasta Ransomware Chatlogs Leaked Online (Infosecurity Magazine)
CISA Warns of Attacks Exploiting Craft CMS Vulnerability (SecurityWeek)
CISA Releases 7 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News)
Ivanti endpoint manager can become endpoint ravager (The Register)
Feds Fine Eyeglass Retailer $1.5M for HIPAA Lapses in Hacks (GovInfo Security)
How a computer that 'drunk dials' videos is exposing YouTube's secrets (BBC)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
The CISA and FBI warn that Ghost ransomware has breached organizations in over 70 countries. President Trump announces his pick to lead the DOJ’s National Security Division. A new ransomware strain targets European healthcare organizations. Researchers uncover four critical vulnerabilities in Ivanti Endpoint Manager. Microsoft has patched a critical improper access control vulnerability in Power Pages. The NSA updates its Ghidra reverse engineering tool. A former U.S. Army soldier admits to leaking private call records. Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. The pentesters’ breach was simulated — their arrest was not.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Stephen Hilt, senior threat researcher at Trend Micro, sharing the current state of the English cyber underground market. Learn more in the report.
Selected Reading
CISA and FBI: Ghost ransomware breached orgs in 70 countries (Bleeping Computer)
Trump to nominate White House insider from first term to lead DOJ’s National Security Division (The Record)
New NailaoLocker ransomware used against EU healthcare orgs (Bleeping Computer)
PoC Exploit Published for Critical Ivanti EPM Vulnerabilities (SecurityWeek)
Microsoft Patches Exploited Power Pages Vulnerability (SecurityWeek)
NSA Added New Features to Supercharge Ghidra 11.3 (Cyber Security News)
Army soldier linked to Snowflake extortion to plead guilty (The Register)
Katie Arrington Returns to Pentagon as DoD CISO (GovInfo Security)
Penetration Testers Arrested by Police During Authorized Physical Penetration Testing (Cyber Security News)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal’s “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia?
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CertByte Segment
Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you’d like to see covered? Email us at [email protected]. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.
Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.
Additional source: https://www.isc2.org/certifications/sscp
Selected Reading
Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine)
DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security)
Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media)
Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine)
BlackLock On Track to Be 2025’s Most Prolific Ransomware Group (Infosecurity Magazine)
Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines)
Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer)
Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer)
CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News)
Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record)
Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Palo Alto Networks confirms a recently patched firewall vulnerability is being actively exploited. CISA warns of an actively exploited iOS vulnerability. Juniper Networks has issued a critical security advisory for an API authentication bypass vulnerability. The acting commissioner of the Social Security Administration (SSA) resigns after Elon Musk’s team sought access to sensitive personal data of millions of Americans. The EagerBee malware framework is actively targeting government agencies and ISPs across the Middle East. Proofpoint researchers document a new macOS infostealer. A new phishing kit uses timesheet notification emails to steal credentials and two-factor authentication codes. JPMorgan Chase will begin blocking Zelle payments to social media contacts to combat online scams. Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. Transferring your digital legacy.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest is Tim Starks from CyberScoop discussing his interview with former National Cyber Director Harry Coker. You can read more about Tim’s interview “National Cyber Director Harry Coker looks back (and ahead) on the Cyber Director office” and companion piece “Trump picks Sean Cairncross for national cyber director” on CyberScoop.
Selected Reading
Palo Alto Networks Confirms Exploitation of Firewall Vulnerability (SecurityWeek)
CISA Warns of Apple iOS Vulnerability Exploited in Wild (Cyber Security News)
Juniper Warns of Critical Authentication Bypass Vulnerability Affecting Multiple Products (Cyber Security News)
Top Social Security Official Leaves After Musk Team Seeks Data Access (New York Times)
EagerBee Malware Attacking Government Entities & ISPs To Deploy Backdoor (Cyber Security News)
Proofpoint Uncovers FrigidStealer, A New MacOS Infostealer (Infosecurity Magazine)
Microsoft Warns of Improved XCSSET macOS Malware (SecurityWeek)
Fake Timesheet Report Emails Linked to Tycoon 2FA Phishing Kit (GB Hackers)
Chase will soon block Zelle payments to sellers on social media (Bleeping Computer)
Digital Estate Planning: How to Prepare Your Social Media Accounts (New York Times)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc
Learn more about your ad choices. Visit megaphone.fm/adchoices -
While we are taking a publishing break to observe Washington's Birthday here in the United States, enjoy this primer on how to create a podcast from our partners at Palo Alto Networks direct from the CyberMarketingCon 2024.
Podcasts have become vital tools for sharing knowledge and insights, particularly in technical fields like cybersecurity. "Threat Vector," led by David Moulton, serves as an essential guide through the complex landscape of cyber threats, offering expert interviews and in-depth analysis.
In this session, David will discuss the process behind creating "Threat Vector," highlighting the challenges and rewards of developing a podcast that resonates with industry experts. Attendees will learn about the foundational elements of podcasting, from initial concept development to content creation and audience engagement.
David's approach integrates his extensive background in storytelling, design, and strategic marketing, enabling him to tackle intricate cybersecurity topics and make them accessible to a broad audience. This session will dive into how to present intricate cybersecurity topics in an accessible and engaging manner and explore various techniques for producing compelling content and effective strategies for promoting a podcast to a wider audience.
Join David and guest host David J. Ebner of Content Workshop for an informative discussion on using podcasts as a medium for education and influence in the cybersecurity field. This session is ideal for anyone interested in starting a podcast or enhancing their approach to cybersecurity communication.
Join the conversation on our social media channels:
Website: http://www.paloaltonetworks.com
Threat Research: â â â â https://unit42.paloaltonetworks.com/â â â â
Facebook: â â â â https://www.facebook.com/LifeatPaloAltoNetworks/â â â â
LinkedIn: â â â â https://www.linkedin.com/company/palo-alto-networks/
YouTube: â â â â @paloaltonetworks
Twitter: â â â â https://twitter.com/PaloAltoNtwksâ â â â
About Threat Vector
Threat Vector, Palo Alto Networks podcast, is your premier destination for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.
The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.
Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.
Palo Alto Networks
Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. â http://paloaltonetworks.comâ
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Please enjoy this encore of Career Notes.
Senior Program Manager for Governance, Risk and Compliance at Illumio, Maria Thompson-Saeb shares experiences that led to her career in cybersecurity. Interested in computers and not a fan of math, Maria opted for information systems management rather than computer science. She started her career as a government contractor. Once in the private sector, Maria moved into the Unix and Linux environments where she says "something that would totally change everything." She gained an interest in security and took it upon herself to train up and move into that realm. Maria notes it was not without roadblocks, but that being flexible helped her address those challenges and make her career in security happen. We thank Maria for sharing her story.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Nati Tal, Head of Guardio Labs, discusses their work on "“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising." Guardio has uncovered a large-scale malvertising campaign dubbed “DeceptionAds,” which tricks users into running a malicious PowerShell command under the guise of proving they’re human. This fake CAPTCHA scheme delivers Lumma info-stealer malware while bypassing security measures like Google’s Safe Browsing.
Even after disclosure and takedown efforts, the campaign resurfaced—raising concerns about the effectiveness of existing defenses against ad-driven cyber threats.
The research can be found here:
“DeceptionAds” — Fake Captcha Driving Infostealer Infections and a Glimpse to the Dark Side of Internet Advertising
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Nakasone addresses AI at the Munich Cyber Security Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation. German officials investigate Apple’s App Tracking. Hackers exploited security flaws in BeyondTrust. CISA issues 20 new ICS advisories. The new Astoroth phishing kit bypasses 2FA. Hackers waste no time exploiting a SonicWall proof-of-concept vulnerability. Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. Have I Been Pwned ponders whether resellers are worth the trouble.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. You can read more in "How Cybercriminals Are Using AI: Exploring the New Threat Landscape."
Selected Reading
Putting the human back into AI is key, former NSA Director Nakasone says (The Record)
Court Documents Shed New Light on DOGE Access and Activity at Treasury Department (Zero Day)
Musk's DOGE team: Judges to consider barring it from US government systems (Reuters)
Anyone Can Push Updates to the DOGE.gov Website (404 Media)
Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster (Bleeping Computer)
Apple app tracking rules more strict for others – watchdog (The Register)
PostgreSQL flaw exploited as zero-day in BeyondTrust breach (Bleeping Computer)
CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News)
Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins (GB Hackers)
SonicWall Firewall Vulnerability Exploited After PoC Publication (SecurityWeek)
Have I Been Pwned likely to ban resellers (The Register)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Salt Typhoon is still at it. Russian cyber-actor Seashell Blizzard expands its reach. The EFF sues DOGE to protect federal workers’ data. House Republicans pursue a comprehensive data privacy bill. Fortinet patches a critical vulnerability. Google views cybercrime as a national security threat. Palo Alto Networks issues 10 new security advisories. Symantec suspects a Chinese APT sidehustle. Guest Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware. A massive IoT data breach exposes 2.7 billion records. Here come the AI agents.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today’s guest, Jason Baker, Principal Security Consultant at GuidePoint Security, joins us to share an update on the state of ransomware.
Selected Reading
China’s Salt Typhoon Spies Are Still Hacking Telecoms—Now by Exploiting Cisco Routers (WIRED)
Russian Seashell Blizzard Enlists Specialist Initial Access Subgroup to Expand Ops (Infosecurity Magazine)
EFF Leads Fight Against DOGE and Musk's Access to US Federal Workers' Data (Infosecurity Magazine)
Elon Musk and the Right Are Recasting Reporting as ‘Doxxing’ (New York Times)
FortiOS Vulnerability Allows Super-Admin Privilege Escalation – Patch Now! (Hackread)
Cybercrime evolving into national security threat: Google (The Record)
House Republicans launch group for comprehensive data privacy legislation (The Record)
Palo Alto Networks Patches Potentially Serious Firewall Vulnerability (SecurityWeek)
Chinese Cyberspy Possibly Launching Ransomware Attacks as Side Job (SecurityWeek)
Massive IoT Data Breach Exposes 2.7 Billion Records, Including Wi-Fi Passwords (Cyber Security News)
Are You Ready to Let an AI Agent Use Your Computer? (IEEE Spectrum)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Is DOGE a cyberattack against America? The White House plans to nominate a new national cyber director. Patch Tuesday updates. Ivanti discloses a critical stack-based buffer overflow vulnerability. The GAO identifies cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System. An Arizona woman pleads guilty to running a laptop farm for North Korea. A notorious swatter gets a prison sentence. Our guests are Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast. Plague-themed phishing tests take it too far.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today, we welcome Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast, sharing their plans for 2025. You can listen to new episodes of Breaking Through in Cybersecurity Marketing every Wednesday airing on the N2K CyberWire network and wherever you get your podcasts.
Selected Reading
DOGE's Cyberattack Against America (Foreign Policy)
Trump plans to nominate GOP insider Sean Cairncross as national cyber director (The Record)
Microsoft Fixes Another Two Actively Exploited Zero-Days (Infosecurity Magazine)
Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities (SecurityWeek)
ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens (SecurityWeek)
Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely (Cyber Security News)
GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System (SecurityWeek)
Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence (The Record)
California Teenager Sentenced to 48 Months in Prison for Nationwide Swatting Spree (US Department of Justice)
Phishing Tests, the Bane of Work Life, Are Getting Meaner (Wall Street Journal)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices -
Apple releases emergency security updates to patch a zero-day vulnerability. CISA places election security workers on leave. Elon Musk leads a group of investors making an unsolicited bid to acquire OpenAI. The man accused of hacking the SEC’s XTwitter account pleads guilty. Law enforcement seizes the leak site of the 8Base ransomware gang. Researchers track a massive increase in brute-force attacks targeting edge devices. Experts question the U.K. government’s demand for an encryption backdoor in Apple devices. Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike." And it’s international day for women and girls in science.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.
CyberWire Guest
Today’s guest is John Fokker, Head of Threat Intelligence at Trellix, joining us to discuss their work on "Blurring the Lines: How Nation-States and Organized Cybercriminals Are Becoming Alike."
Selected Reading
Apple fixes zero-day exploited in 'extremely sophisticated' attacks (BleepingComputer)
US cyber agency puts election security staffers who worked with the states on leave (AP News)
Elon Musk-led group makes $97.4 billion bid for OpenAI, CEO refuses and offers to "buy Twitter for $9.74 billion" (TechSpot)
OpenAI Finds No Evidence of Breach After Hacker Offers to Sell 20 Million Credentials (SecurityWeek)
Hacker who hijacked SEC’s X account pleads guilty, faces maximum five-year sentence (The Record)
8Base ransomware site taken down as Thai authorities arrest 4 connected to operation (The Record)
Edge Devices Face Surge in Mass Brute-Force Password Attacks (Data Breach Today)
U.K. Kicks Apple’s Door Open for China (Wall Street Journal)
International Day of Women and Girls in Science- United Nations (United Nations)
Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.
Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices - Mehr anzeigen
![Caught in the contagious interview. [Research Saturday]](https://is5-ssl.mzstatic.com/image/thumb/Podcasts116/v4/12/16/ca/1216caa3-af21-5352-8400-c6e0e84332b5/mza_6844882071149318753.jpg/80x80bb.jpg)