CyberWire Daily N2K Networks

Okta warns of a credential stuffing spike. A congressman looks to the EPA to protect water systems from cyber threats. CISA unveils security guidelines for critical infrastructure. Researchers discover a stealthy botnet-as-a-service coming from China. The UK prohibits easy IoT passwords. New vulnerabilities are found in Intel processors. A global bank CEO shares insights on cybersecurity. Users report mandatory Apple ID resets. A preview of N2K CyberWire activity at RSA Conference. Police in Japan find a clever way to combat gift card fraud. 
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
It’s the week before the 2024 RSA Conference. Today, we have N2K’s own Rick Howard, Brandon Karpf, and Dave Bittner previewing N2K’s upcoming activities and where you can find our team at RSAC 2024.

Special Edition: Threat Vector
Understanding the Midnight Eclipse Activity and CVE 2024-3400: Host David Moulton and Andy Piazza, Sr. Director of Threat Intelligence at Unit 42, dive into the critical vulnerability CVE-2024-3400 found in PAN-OS software of Palo Alto Networks, emphasizing the importance of immediate patching and mitigation strategies for such vulnerabilities, especially when they affect edge devices like firewalls or VPNs. 

Selected Reading
Okta warns customers about credential stuffing onslaught (Help Net Security)
Crawford puts forward bill on cybersecurity risks to water systems (The Arkansas Democrat-Gazette) 
CISA unveils guidelines for AI and critical infrastructure (FedScoop)
Chinese Botnet As-A-Service Bypasses Cloudflare & Other DDoS Protection Services (GB Hackers)
UK becomes first country to ban default bad passwords on IoT devices (The Record)
Researchers unveil novel attack methods targeting Intel's conditional branch predictor (Help Net Security)
Standard Chartered CEO on why cybersecurity has become a 'disproportionately huge topic' at board meetings (The Record)
Security Bite: Did Apple just declare war on Adload malware? (9to5Mac)
Apple users are being locked out of their Apple IDs with no explanation (9to5Mac)
Japanese police create fake support scam payment cards to warn victims (Bleeping Computer)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Host of Darknet Diaries podcast Jack Rhysider shares his experiences from studying computer engineering at university to his strategy of using gamification on his career that led to him landing in the security space. Jack talks about how his wide experiences came together in security and what prompted him to learn podcasting. Jack endeavors to share the whole story through his podcasts while making them entertaining, enlightening and inspirational. Our thanks to Jack for sharing his story with us. 

Christopher Doman, Co-Founder and CTO at Cado Security, is talking about their research on "Cerber Ransomware: Dissecting the three heads." This research delves into Cerber ransomware being deployed onto servers running the Confluence application via the CVE-2023-22518 exploit. 
The research states "Cerber emerged and was at the peak of its activity around 2016, and has since only occasional campaigns, most recently targeting the aforementioned Confluence vulnerability."
The research can be found here:
Cerber Ransomware: Dissecting the three heads

Healthcare providers report breaches affecting millions. PlugX malware is found in over 170 countries. Hackers exploit an old vulnerability to launch Cobalt Strike. A popular Wordpress plugin is under active exploitation. Developing nations may serve as a test bed for malware developers. German authorities question Microsoft over Russian hacks. CISA celebrates the success of their ransomware warning program. Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software. Password trends are a mixed bag.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Our guest is Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, discussing open source software.

Selected Reading
Kaiser Permanente data breach may have impacted 13.4 million patients (Security Affairs)
LA County Health Services: Patients' data exposed in phishing attack (Bleeping Computer)
China-linked PlugX malware infections found in more than 170 countries (The Record)
Hackers Exploit Old Microsoft Office 0-day to Deliver Cobalt Strike (GB Hackers)
Critical WordPress Automatic Plugin Vulnerability Exploited to Inject Backdoors (SecurityWeek)
Cybercriminals are using developing nations as test beds for ransomware attacks (TechSpot)
Microsoft Questioned by German Lawmakers About Russian Hack (GovInfo Security)
More than 800 vulnerabilities resolved through CISA ransomware notification pilot (The Record)
Most people still rely on memory or pen and paper for password management (Help Net Security)  

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Join us for this special three-part series where the N2K Cyber Talent Insights team guides you through effective strategies to develop your cybersecurity team, helping you stay ahead in the constantly changing cybersecurity landscape. 
In this episode, we center our conversation around the Cyber Workforce Pipeline. We discuss where the next great wave of talent is going to come.
We talk more about these sources of new talent, such as K-12 programs, higher education, and trade school programs, transitioning military, and other initiatives and programs focused on cultivating the next generation of cyber professionals.

Explore Cyber Talent Insights
N2K’s Cyber Talent Insights provides security leaders measurable and actionable insights on your organization’s current cyber roles and capabilities to maximize your talent investments and build a business case for better hiring, developing, maintaining, and retaining your technical talent pools. Learn how at n2k.com/talent-insights.

Connect with the N2K Cyber Workforce team on Linkedin:


Dr. Sasha Vanterpool, Cyber Workforce Consultant 


Dr. Heather Monthie, Cybersecurity Workforce Consultant


Jeff Welgan, Chief Learning Officer


Resources for developing your cybersecurity teams:

N2K Cyber Workforce Strategy Guide

Workforce Media Resources

Strategic Cyber Workforce Intelligence resources for your organization

Cyber Talent Acquisition Woes for Enterprises


Workforce Intelligence: What it is and why you need it for cyber teams webinar


Setting Better Cyber Job Expectations to Attract & Retain Talent webinar

Cisco releases urgent patches for their Adaptive Security Appliances. Android powered smart TVs could expose Gmail inboxes. The FTC refunds millions to Amazon Ring customers. The DOJ charges crypto-mixers with money laundering. A critical vulnerability has been disclosed in the Flowmon network monitoring tool. A Swiss blood donation company reopens following a ransomware attack. Multiple vulnerabilities are discovered in the Brocade SANnav storage area network management application. Brokewell is a new Android banking trojan. Meta’s ad business continues to face scrutiny in the EU.  Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast speaks with LinkedIn's CISO Geoff Belknap. And an AI Deepfake Sparks a Community Crisis.
Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
We are joined by Ann Johnson, host of Microsoft Security’s Afternoon Cyber Tea podcast talking with Geoff Belknap sharing "Insights from LinkedIn's CISO." You can listen to their full discussion here. 

Selected Reading
'ArcaneDoor' Cyberspies Hacked Cisco Firewalls to Access Government Networks (WIRED)
Cisco Releases Security Updates Addressing ArcaneDoor Campaign, Exploited Vulnerabilities in ASA and FTD (NHS England Digital)
Android TVs Can Expose User Email Inboxes (404 Media)
FTC Sending $5.6 Million in Refunds to Ring Customers Over Security Failures (SecurityWeek)
Southern District of New York | Founders And CEO Of Cryptocurrency Mixing Service Arrested And Charged With Money Laundering And Unlicensed Money Transmitting Offenses (United States Department of Justice)
Maximum severity Flowmon bug has a public exploit, patch now (Bleeping Computer)
Plasma donation company Octapharma slowly reopening as BlackSuit gang claims attack (The Record)
New Brokewell malware takes over Android devices, steals data (Bleeping Computer)
Vulnerabilities Expose Brocade SAN Appliances, Switches to Hacking (SecurityWeek)
Meta could face further squeeze on surveillance ads model in EU (TechCrunch)
Baltimore County educator framed principal with AI-generated voice, police say (Baltimore Banner)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.