Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit.  The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability." The research can be found here: Cerber Ransomware: Dissecting the three heads

Healthcare providers report breaches affecting millions. PlugX malware is found in over 170 countries. Hackers exploit an old vulnerability to launch Cobalt Strike. A popular Wordpress plugin is under active exploitation. Developing nations may serve as a test bed for malware developers. German authorities question Microsoft over Russian hacks. CISA celebrates the success of their ransomware warning program. Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Password trends are a mixed bag. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Selected Reading Kaiser Permanente data breach may have impacted 13.4 million patients (Security Affairs) LA County Health Services: Patients' data exposed in phishing attack (Bleeping Computer) China-linked PlugX malware infections found in more than 170 countries (The Record) Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike (GB Hackers) Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors (SecurityWeek) Cybercriminals are using developing nations as test beds for ransomware attacks (TechSpot) Microsoft Questioned by German Lawmakers About Russian Hack (GovInfo Security) More than 800 vulnerabilities resolved through CISA ransomware notification pilot (The Record) Most people still rely on memory or pen and paper for password management (Help Net Security)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In this episode, we center our conversation around the Cyber Workforce Pipeline. We discuss where the next great wave of talent is going to come. We talk more about these sources of new talent, such as K-12 programs, higher education, and trade school programs, transitioning military, and other initiatives and programs focused on cultivating the next generation of cyber professionals. Explore Cyber Talent Insights N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool, Cyber Workforce Consultant Dr. Heather Monthie, Cybersecurity Workforce Consultant Jeff Welgan, Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Strategic Cyber Workforce Intelligence resources for your organization Cyber Talent Acquisition Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar

Cisco releases urgent patches for their Adaptive Security Appliances. Android powered smart TVs could expose Gmail inboxes. The FTC refunds millions to Amazon Ring customers. The DOJ charges crypto-mixers with money laundering. A critical vulnerability has been disclosed in the Flowmon network monitoring tool. A Swiss blood donation company reopens following a ransomware attack. Multiple vulnerabilities are discovered in the Brocade SANnav storage area network management application. Brokewell is a new Android banking trojan. Meta’s ad business continues to face scrutiny in the EU.  Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast speaks with LinkedIn's CISO Geoff Belknap. And an AI Deepfake Sparks a Community Crisis. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast talking with Geoff Belknap sharing "Insights from LinkedIn's CISO." You can listen to their full discussion here.  Selected Reading 'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks (WIRED) Cisco Releases Security Updates Addressing ArcaneDoor Campaign, Exploited Vulnerabilities in ASA and FTD (NHS England Digital) Android TVs Can Expose User Email Inboxes (404 Media) FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures (SecurityWeek) Southern District of New York | Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses (United States Department of Justice) Maximum severity Flowmon bug has a public exploit, patch now (Bleeping Computer) Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack (The Record) New Brokewell malware takes over Android devices, steals data (Bleeping Computer) Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking (SecurityWeek) Meta could face further squeeze on surveillance ads model in EU (TechCrunch) Baltimore County educator framed principal with AI-generated voice, police say (Baltimore Banner) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The DOJ indicts four Iranian nationals on hacking charges. Legislation to ban or force the sale of TikTok heads to the President’s desk. A Russian hack group claims a cyberattack on an Indiana water treatment plant. A roundup of dark web data leaks. Mandiant monitors dropping dwell times. Bcrypt bogs down brute-forcing. North Korean hackers target defense secrets. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Ransomware may leave the shelves in Sweden’s liquor stores bare. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for CISSP Domain 3 Security Architecture and Engineering, and discuss encryption and non-repudiation. Specifically they cover sub-domain 3.6, "Select and determine cryptographic solutions," which includes: Cryptographic life cycle Cryptographic method Public key infrastructure (PKI). Industry Voices On our Industry Voices segment, Tony Velleca, CEO of CyberProof, joins us to explore some of the pain points that CISOs & CIOs are experiencing today, and how they can improve their cyber readiness. Selected Reading Rewards Up to $10 Million for Information on Iranian Hackers (GB Hackers) Congress passes bill that could ban TikTok after years of false starts (Washington Post) Russian hackers claim cyberattack on Indiana water plant (The Record) Major Data Leaks from Honda Vietnam, US Airports, and Chinese Huawei/iPhone Users (SOCRadar® Cyber Intelligence Inc.) Global attacker median dwell time continues to fall (Help Net Security) New Password Cracking Analysis Targets Bcrypt (SecurityWeek) North Korean Hackers Target Dozens of Defense Companies (Infosecurity Magazine) ​​Hackers hijack antivirus updates to drop GuptiMiner malware (Bleeping Computer) Sweden's liquor shelves to run empty this week due to ransomware attack (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

The State Department puts visa restrictions on spyware developers. UnitedHealth says its recent breach could affect tens of millions of Americans. LockBit leaks data allegedly stolen from the DC government. Microsoft says APT28 has hatched a GooseEgg. The White House and HHS update HIPAA rules to protect private medical data. Keyboard apps prove vulnerable. A New Hampshire hospital suffers a data breach. Microsoft’s DRM may be vulnerable to compromise. On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. GoogleTeller just can’t keep quiet.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Ian Leatherman, Security Strategist at Microsoft, discusses raising the bar for security in the software supply chain. Selected Reading U.S. Gov imposed Visa restrictions on 13 individuals linked to commercial spyware activity (Security Affairs) UnitedHealth Group Previews Massive Change Healthcare Breach (GovInfo Security) Ransomware Gang Leaks Data Allegedly Stolen From Government Contractor (SecurityWeek) Russian APT28 Group in New “GooseEgg” Hacking Campaign (Infosecurity Magazine) HHS strengthens privacy protections for reproductive health patients and providers (The Record) The not-so-silent type: Vulnerabilities across keyboard apps reveal keystrokes to network eavesdroppers (The Citizen Lab) Records of almost 2,800 CMC patients vulnerable in 'data security incident': hospital | Crime (Union Leader)  Microsoft DRM Hack Could Allow Movie Downloads From Popular Streaming Services (SecurityWeek) The creepy sound of online trackers (Axbom)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Section 702 gets another two years. MITRE suffers a breach through an Ivanti VPN. CrushFTP urges customers to patch an actively exploited flaw. SafeBreach researchers disclose vulnerabilities in Windows Defender that allow remote file deletion. Ukrainian soldiers see increased attention from data-stealing apps. GitHub’s comments are being exploited to distribute malware. VW confirms legacy Chinese espionage and data breaches. CISA crowns winners of the President’s Cup Cybersecurity Competition. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists in anticipation of RSAC 2024. Targeting kids online puts perpetrators in the malware crosshairs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We have two guests today. Cecilia Marinier, Director, Innovation and Programs at RSA Conference, and Niloo Razi Howe, Senior Operating Partner at Energy Impact Partners & judge, review the top Innovation Sandbox contest finalists and what to look for on the innovation front at RSAC 2024. For 18 years, cybersecurity's boldest new innovators have competed in the RSAC Innovation Sandbox contest to put the spotlight on their potentially game-changing ideas. This year, 10 finalists will once again have three minutes to make their pitch to a panel of judges. Since the start of the contest, the Top 10 Finalists have collectively seen over 80 acquisitions and $13.5 billion in investments. Innovation Sandbox will take place on Monday, May 6th at 10:50am PT. Selected Reading Warrantless spying powers extended to 2026 with Biden’s signature (The Record) MITRE breached by nation-state threat actor via Ivanti zero-days (Help Net Security) CrushFTP File Transfer Vulnerability Lets Attackers Download System Files (Infosecurity Magazine) Researchers Claim that Windows Defender Can Be Bypassed (GB Hackers) Ukrainian soldiers’ apps increasingly targeted for spying, cyber agency warns (The Record) GitHub comments abused to push malware via Microsoft repo URLs (Bleeping Computer) Presumably Chinese industrial spies stole VW data on e-drive technology (Bleeping Computer) CISA declares winners of President’s Cup cybersecurity competition, with Artificially Intelligent team leading (Industrial Cyber) Malware dev lures child exploiters into honeytrap to extort them (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Managing director of the Cyber Readiness Institute Kiersten Todt shares how she came to be in the cybersecurity industry helping to provide free tools and resources for small businesses through a nonprofit. She describes how her work on the Hill prior to and just after 9/11 changed. Kiersten talks about the diversity of skills that benefit work in cybersecurity and offers her advice on going after what you want to do. Our thanks to Kiersten for sharing her story with us.

In this episode of CyberWire-X, N2K CyberWire’s Podcast host Dave Bittner is joined by Brian Davis, Principal Software Engineer, and Thomas Gardner, Senior Detection Engineer, both from Red Canary. They engage in a cloud architect vs. detection engineer discussion. Through the conversation, they illustrate how one person benefits the other's work and how they work together. Red Canary is our CyberWire-X episode sponsor.

Greg Lesnewich, senior threat researcher at Proofpoint, sits down to discuss "From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering." Since 2023, TA427 has directly solicited foreign policy experts for their opinions on nuclear disarmament, US-ROK policies, and sanction topics via benign conversation starting emails.  The research states "While our researchers have consistently observed TA427 rely on social engineering tactics and regularly rotating its email infrastructure, in December 2023 the threat actor began to abuse lax Domain-based Message Authentication, Reporting and Conformance (DMARC) policies to spoof various personas and, in February 2024, began incorporating web beacons for target profiling." The research can be found here: From Social Engineering to DMARC Abuse: TA427’s Art of Information Gathering

Two swift responses to recent cyberattacks. Frontier Communications discloses cyberattack. Texas town repels water system cyberattack by unplugging. List of undesirables falls into the wrong hands. CryptoChameleon phishing kit impersonates LastPass. Ransomware payments trending down in Q1 2024 and a warning for small to medium-sized businesses. US auto manufacturers targeted by FIN7. Akira ransomware has made $42 million since March 2023. No more WhatsApp or Threads in China. Concerning drop in US cybersecurity job listings. Our guest is Zscaler’s Chief Security Officer Deepen Desai exploring encrypted attacks amidst the AI revolution. Meghan Markle hacked by Kate supporters. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Deepen Desai, Chief Security Officer and SVP Security Engineering & Research at Zscaler, joins us to talk about exploring encrypted attacks amidst the AI revolution. Selected Reading Frontier Communications Shuts Down Systems Following Cyberattack (SecurityWeek) Tiny Texas City Repels Russia-Tied Hackers Eyeing Water System (Bloomberg) Cybercriminals threaten to leak all 5 million records from stolen database of high-risk individuals (The Register) Advanced Phishing Kit Adds LastPass Branding for Use in Phishing Campaigns (LastPass) Ransomware in Q1 2024: Frequency, size of payments trending downwards, SMBs beware! (Help Net Security) FIN7 cybercriminals targeted large U.S. automotive manufacturer last year (The Record) Akira Ransomware Made Over $42 Million in One Year: Agencies (SecurityWeek) Apple pulls WhatsApp, Threads from China App Store following state order (TechCrunch) Alarming Decline in Cybersecurity Job Postings in the US (Infosecurity Magazine) Meghan Markle's new lifestyle website hijacked by anonymous user whose ‘thoughts are with Kate’ (GB News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. In this episode, we shift our point of view to provide guidance for an individual's first career or perhaps considering a career change transitioning into the field. We discuss a market-driven approach to career development. We also explore how to discover one’s niche in cybersecurity, including how to stand out in this competitive market and align personal interests with career goals. Lastly, we examine the role certifications play when navigating your path throughout the talent acquisition, development, and retention of the cybersecurity workforce management lifecycle. Explore Cyber Talent Insights N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights. Connect with the N2K Cyber Workforce team on Linkedin: Dr. Sasha Vanterpool, Cyber Workforce Consultant Dr. Heather Monthie, Cybersecurity Workforce Consultant Jeff Welgan, Chief Learning Officer Resources for developing your cybersecurity teams: N2K Cyber Workforce Strategy Guide Workforce Media Resources Cyber Talent Acquisition Woes for Enterprises Workforce Intelligence: What it is and why you need it for cyber teams webinar Setting Better Cyber Job Expectations to Attract & Retain Talent webinar

A major Phishing-as-a-service operation gets taken down by international law enforcement. US election officials are warned of nation-state influence operations. The house votes to limit the feds’ purchase of citizens personal data. A Michigan healthcare provider suffered a ransomware attack. Critical infrastructure providers struggle to trust cybersecurity tools. Cloudflare reports on DDoS. Kaspersky uncovers new Android banking malware. Kubernetes cryptominers leverage previously patched flaws. The Massachusetts Attorney General emphasizes the responsible use of AI. Our guest Caleb Barlow, CEO of Cyberbit, joins us to talk about badge swipe fraud as more are returning to the office. Colorado passes a law to keep big tech out of our heads.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest and podcast partner Caleb Barlow, CEO of Cyberbit, joins us to talk about badge swipe fraud as more are returning to the office. Are your employees faking their badge swipes? Selected Reading LabHost phishing service with 40,000 domains disrupted, 37 arrested (Bleeping Computer) US Election Officials Told to Prepare for Nation-State Influence Campa (Infosecurity Magazine) House votes in favor of curtailing government transactions with data brokers (The Record) 180k Impacted by Data Breach at Michigan Healthcare Organization (SecurityWeek) Trust in Cyber Takes a Knock as CNI Budgets Flatline (Infosecurity Magazine) DDoS threat report for 2024 Q1 (Cloudflare)  SoumniBot malware exploits Android bugs to evade detection (Bleeping Computer) Hackers hijack OpenMetadata apps in Kubernetes cryptomining attacks (Bleeping Computer) Massachusetts official warns AI systems subject to consumer protection, anti-bias laws (AP News) Your Brain Waves Are Up for Sale. A New Law Wants to Change That (NY Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

A Russian hacker group boldly targets critical infrastructure. The Change Healthcare ransomware attack is projected to cost over a billion dollars. Three hundred bucks is the going rate for a SIM swap. PuTTY potentially reveals private keys. Cisco Talos reports a surge in brute-force attacks. Ivanti updates its MDM product. Omni Hotels & Resorts confirm a data breach. Financially motivated hackers target Businesses in Latin America with steganography. A prolific cryptojacker faces decades in prison. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. The ransomware equivalent of a Saturday night special. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe discuss content and study strategies for Domain 2, Asset Security. Resources: Domain 2, Asset Security Identify and securely provision information assets, establish handling requirements, manage the data lifecycle, and apply data security controls to comply with applicable laws. 2.1 Identify and classify information and assets 2.2 Establish information and asset handling requirements 2.3 Provision resources securely 2.4 Manage data lifecycle 2.5 Ensure appropriate asset retention (e.g., End-of-Life (EOL), End-of-Support (EOS)) 2.6 Determine data security controls and compliance requirements Are you studying for the CISSP exam, considering taking the test soon, or did you have an unsuccessful exam experience? Here are some CISSP exam pitfalls to avoid so that you’re confident and successful on exam day. Selected Reading Hackers Linked to Russia’s Military Claim Credit for Sabotaging US Water Utilities (WIRED) T-Mobile, Verizon workers get texts offering $300 for SIM swaps (Bleeping Computer) PuTTY SSH client flaw allows recovery of cryptographic private keys (Bleeping Computer) Large-scale brute-force activity targeting VPNs, SSH services with commonly used login credentials (Talos Intelligence) Ivanti Patches Two Critical Avalanche Flaws in Major Update (Infosecurity Magazine) Omni Hotels confirms data compromise in apparent ransomware attack (SC Media) Steganography Campaign Targets Global Enterprises (GovInfo Security) Nebraska man allegedly defrauded cloud providers of millions via cryptojacking (The Record) Ransomware attack has cost UnitedHealth $872 million; total expected to surpass $1 billion (The Record) ‘Junk gun’ ransomware: Peashooters can still pack a punch (Sophos News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Cisco Dou warns of a third-party MFA-related breach. MGM Resorts sues to stop an FTC breach investigation. Meanwhile the FTC dings another mental telehealth service provider. Open Source foundations call for caution after social engineering attempts. The NSA shares guidance for securing AI systems. IntelBroker claims to have hit a US geospatial intelligence firm. The UK clamps down on deepfakes. Hard-coded passwords provide the key to smart-lock vulnerabilities. On our Industry Voices segment, Ryan Lougheed, Director of Product Management at Onspring, discusses the benefits of artificial intelligence in governance, risk and compliance (GRC). A Law Firm’s Misclick Ends 21 Years of Matrimony.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Ryan Lougheed, Director of Product Management at Onspring, discusses the benefits of artificial intelligence in governance, risk and compliance (GRC). Selected Reading Cisco Duo MFA logs exposed in third-party data breach (ITPro) Casino operator MGM sues FTC to block probe into 2023 hack (Reuters) Open Source Leaders Warn of XZ Utils-Like Takeover Attempts (Infosecurity Magazine) FTC Bans Online Mental Health Firm From Sharing Certain Data (GovInfo Security) New NSA guidance identifies need to update AI systems to address changing risks, bolster security (Industrial Cyber) IntelBroker Claims Space-Eyes Breach, Targeting US National Security Data (HackRead)  Creating sexually explicit deepfakes to become a criminal offence (BBC) CISA warns of critical vulnerability in Chirp smart locks (The Register) Wrong couple divorced after computer error by law firm Vardag's (BBC) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Palo Alto Networks releases hotfixes for an exploited zero-day. Delinea issues an urgent update for a critical flaw. Giant Tiger data is leaked online. A European semiconductor manufacturer deals with a data breach. Roku suffers its second breach of the year. Operators of the Hive RAT face charges.  A former Amazon security engineer gets three years in prison for hacking cryptocurrency exchanges. Zambian officials arrest 77 in a scam call center crack down. Our guest Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division describes dual ransomware. And Rob Boyce, Managing Director at Accenture, shares his thoughts on security testing of generative AI. And selling Pokemon cheats leaves one man in Japan feeling like he had a run-in with a Scaldiburn. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have two guests, Deputy Assistant Director Cynthia Kaiser from the FBI Cyber Division discussing dual ransomware. Followed by Rob Boyce, Managing Director at Accenture, sharing some thoughts on security testing of generative AI. Selected Reading Palo Alto Networks Releases Fixes for Firewall Zero-Day as First Attribution Attempts Emerge (SecurityWeek) A critical vulnerability in Delinea Secret Server allows auth bypass, admin access (Help Net Security) Hacker claims Giant Tiger data breach, leaks 2.8M records online (Bleeping Computer) Press statement: Nexperia IT Breach (Nexperia) Roku issues warning over massive customer account breach (ITPro) Two People Arrested in Australia and US for Development and Sale of Hive RAT (SecurityWeek) Ex-Amazon engineer gets 3 years for hacking crypto exchanges (Bleeping Computer) Zambia arrests 77 people in swoop on "scam" call centre (Bitdefender) Japanese Police Arrest 36-Year-Old Man on Suspicion of Tampering With Pokémon Violet Save Data (IGN)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

You can learn more about AWS in Orbit at space.n2k.com/aws. N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11.  Our guests today are ​​Clint Crosier, Director at AWS Aerospace and Satellite, and Jim Tran, Vice President of Government Solutions at Iridium. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Founder and CEO Stu Sjouwerman takes us on a journey of how his career developed from starting a software service company to currently focusing on the infosec side of the business where his team essentially helps to create human firewalls. Stu talks about learning all aspects of the business while creating startups and suggests you learn to speak the language of the area you are looking to get into. He even touches on predicting the future and taking over the world. Our thanks to Stu for sharing his story with us.

You can learn more about AWS in Orbit at space.n2k.com/aws. N2K Space is working with AWS to bring the AWS in Orbit podcast series to the 39th Space Symposium in Colorado Springs from April 8-11.  Our guests today are ​​Salem El Nimri, Chief of Space Technology at AWS Aerospace and Satellite, and Declan Ganley, Chairman and CEO at Rivada Space Networks. AWS in Orbit is a podcast collaboration between N2K Networks and AWS to offer listeners an in-depth look at the transformative intersection of cloud computing, space technologies, and generative AI. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. Selected Reading AWS Aerospace and Satellite Audience Survey We want to hear from you! Please complete our short survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Tomer Peled, a Security & Vulnerability Researcher from Akamai is sharing their work on "What a Cluster: Local Volumes Vulnerability in Kubernetes." This research focuses on a high-severity vulnerability in Kubernetes, allowing for remote code execution with system privileges on all Windows endpoints within a Kubernetes cluster. The research states "The discovery of this vulnerability led to the discovery of two others that share the same root cause: insecure function call and lack of user input sanitization." The research can be found here: What a Cluster: Local Volumes Vulnerability in Kubernetes