CyberWire Daily

N2K Networks
  • 0.0 (0)
  • TECH NEWS
  • UPDATED DAILY
CyberWire Daily

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

  1. 14 HR AGO

    A new Mirai-based botnet.

    Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On today’s CertByte segment, Chris Hare and Steven Burnley unpack a question from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test. Streaming license plate readers - no password required. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test. The CC(SM) - Certified in Cyber Security is an entry-level, ANAB accredited exam geared towards anyone who wants to prove their foundational skills, knowledge, and abilities. To learn more about this and other related topics under this objective, please refer to the following resource: ISC2 (n.d.). https://www.isc2.org/landing/cc-etextbook   Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/cc  Selected Reading New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (Infosecurity Magazine) First Android Update of 2025 Patches Critical Code Execution Vulnerabilities (SecurityWeek) A Day in the Life of a Prolific Voice Phishing Crew (Krebs on Security) Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data (AP News) Casio says hackers stole personal data of 8,500 people during October ransomware attack (TechCrunch) New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails (Hackread) Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication (Cyber Security News) CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks (SecurityWeek) New Labels Will Help People Pick Devices Less at Risk of Hacking (SecurityWeek) Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    32 min

  2. 1 DAY AGO

    U.S. sanctions spark cyber showdown with China.

    China criticizes U.S. sanctions. School districts face cyberattacks over the holiday season. The U.N.’s International Civil Aviation Organization (ICAO) is investigating a potential data breach. Eagerbee malware targets government organizations and ISPs in the Middle East. A major New York medical center notifies 674,000 individuals of a data breach. Hackers infiltrate Argentina’s Airport Security Police (PSA) payroll system. An industrial networking firm identifies critical vulnerabilities in its cellular routers, secure routers, and network security appliances. Phishing click rates among enterprise users surged in 2024. A California man is suing three banks for allegedly enabling criminals to steal nearly $1 million from him. On our Threat Vector segment, we preview this week’s episode where host David Moulton speaks with Margaret Kelley about the evolving landscape of cloud breaches. Microsoft’s Bing demonstrates imitation is the sincerest form of flattery.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On our Threat Vector segment, we preview this week’s episode where host David Moulton speaks with Margaret Kelley about the evolving landscape of cloud breaches and how organizations can defend against sophisticated attacks. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app.  Selected Reading China Protests US Sanctions for Its Alleged Role in Hacking, Complains of Foreign Hacker Attacks (SecurityWeek) Tencent added to US list of 'Chinese military companies' (The Register) School districts in Maine, Tennessee respond to holiday cyberattacks (The Record)  UN aviation agency 'actively investigating' cybercriminal’s claimed data breach (The Record)  Eagerbee backdoor deployed against Middle Eastern govt orgs, ISPs (Bleeping Computer) Staten Island Hospital Notifying 674,000 of May 2023 Hack (BankInfo Security) Industrial networking manufacturer Moxa reports 'critical' router bugs (CyberScoop) Phishing Click Rates Triple in 2024 (Infosecurity Magazine) Pig butchering victim sues banks for allowing scammers to open accounts (The Record)  Hackers Compromised Argentina’s Airport Security Payroll System (GB Hackers) Microsoft is using Bing to trick people into thinking they’re on Google (The Verge)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    33 min

  3. 2 DAYS AGO

    China’s shadow over U.S. telecom networks.

    New reports shed light on both Volt and Salt Typhoons. Tenable updates faulty Nessus Agents and resumes plugin updates. A new infostealer campaign targets gamers on Discord. A fake version of a popular browser extension has been discovered stealing login credentials and conducting phishing attacks. ESET warns Windows 10 users of a potential “security fiasco.” A vulnerability in Nuclei allows attackers to bypass template signature verification and inject malicious code. An Indiana dental practice pays a $350,000 settlement over an alleged ransomware coverup. Tim Starks, Senior Reporter from CyberScoop, joins us today to discuss a new United Nations cybercrime treaty and his outlook for 2025. Farewell to a visionary leader.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Tim Starks, Senior Reporter from CyberScoop, joins us today to discuss a new United Nations cybercrime treaty and his outlook for 2025. Read Tim’s article on the UN cybercrime treaty here.  Selected Reading The US’s Worst Fears of Chinese Hacking Are on Display in Guam (Bloomberg) How Chinese Hackers Graduated From Clumsy Corporate Thieves to Military Weapons (Wall Street Journal) China protests US sanctions for its alleged role in hacking, complains of foreign hacker attacks (AP News) Tenable Disables Nessus Agents Over Faulty Updates (SecurityWeek) New Infostealer Campaign Uses Discord Videogame Lure (Infosecurity Magazine) Beware! Malicious EditThisCookie Chrome Extension Steals Login Credentials (Cyber Security News) Windows 10 users urged to upgrade to avoid "security fiasco" (Bleeping Computer) Nuclei flaw lets malicious templates bypass signature verification (Bleeping Computer) Dental Practice Pays State in Alleged Data Breach 'Cover Up' (GovInfo Security) Tenable CEO Amit Yoran Dead at 54 (SecurityWeek) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    33 min

  4. 5 DAYS AGO · BONUS

    Crypto client or cyber trap? [Research Saturday]

    Karlo Zanki, Reverse Engineer at ReversingLabs, discussing their work on "Malicious PyPI crypto pay package aiocpa implants infostealer code." ReversingLabs' machine learning-based threat hunting system identified a malicious PyPI package, aiocpa, designed to exfiltrate cryptocurrency wallet information. Unlike typical attacks involving typosquatting, the attackers published a seemingly legitimate crypto client tool to build trust before introducing malicious updates. ReversingLabs used its Spectra Assure platform to detect behavioral anomalies and worked with PyPI to remove the package, highlighting the growing need for advanced supply chain security tools to counter increasingly sophisticated threats. The research can be found here: Malicious PyPI crypto pay package aiocpa implants infostealer code Learn more about your ad choices. Visit megaphone.fm/adchoices

    24 min

  5. 5 DAYS AGO · BONUS

    Dominique West: Security found me. [Strategy] [Career Notes]

    Technical account manager Dominique West takes us on her career journey from engineering to cybersecurity. Even though her undergraduate degree was in information systems, Dominique did not learn about cybersecurity until she personally experienced credit card fraud. She had a range of positions from working the help desk in an art museum to vulnerability management and cloud security. Dominique mentions remembering feeling isolated as the only black person and one of few women in many situations. These experiences spurred her into action to create Security in Color to help others navigate their way into cybersecurity and share resources are available to them. Dominique recommends those interested in cybersecurity to go ahead and get your hands dirty out there; figure out what you like and what you don't like and do community. We thank Dominique for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

    8 min

  6. 5 DAYS AGO

    AI-powered propaganda.

    The U.S. sanctions Russian and Iranian groups over election misinformation. Apple settles a class action lawsuit over Siri privacy allegations. DoubleClickjacking exploits a timing vulnerability in browser behavior. FireScam targets sensitive info on Android devices. ASUS issues a critical security advisory for several router models. A former crypto boss faces extradition amidst allegations of defrauding investors out of more than $40 billion. HHS unveils proposed updates to HIPAA. Millions of email servers have yet to enable encryption. Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security discussing the complexities of safeguarding critical infrastructure. Using Doom to prove you’re human.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Joe Saunders, Co-Founder & CEO of RunSafe Security. Joe joins us to discuss the complexities of safeguarding critical infrastructure amid the looming threat of cyber attacks and military conflict. Selected Reading US Imposes Sanctions on Russian and Iranian Groups Over Disinformation Targeting American Voters (SecurityWeek) Apple Agrees $95M Settlement Over Siri Privacy Violations (Infosecurity Magazine) SysBumps - New Kernel Break Attack Bypassing macOS Systems Security (Cyber Security News) 'DoubleClickjacking' Threatens Major Websites’ Security (GovInfo Security) FireScam Android Malware Packs Infostealer, Spyware Capabilities (SecurityWeek) ASUS Routers Vulnerabilities Allows Arbitrary Code Execution (Cyber Security News) Crypto Boss Extradited to Face $40bn Fraud Charges (Infosecurity Magazine) What's in HHS' Proposed HIPAA Security Rule Overhaul? (GovInfo Security) Over 3 million mail servers without encryption exposed to sniffing attacks (Bleeping Computer) CAPTCHAs now run Doom – on nightmare mode (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    37 min

  7. 6 DAYS AGO

    A breach in the U.S. Treasury.

    Chinese hackers breach the U.S. Treasury Department. At least 35 Chrome extensions are compromised. Federal authorities arrest a U.S. Army soldier over accusations of sensitive data stolen from AT&T and Verizon. A misconfigured Amazon cloud server exposes sensitive data from over 800,000 VW EV owners. Rhode Island confirms a data breach linked to ransomware group Brain Cipher. Ascension healthcare confirms the exposure of the personal and medical data of 5.6 million customers. A recent patch to Windows BitLocker encryption proves inadequate. A suspected Chinese hacking campaign is exploiting a vulnerability in Palo Alto firewalls for espionage. The DOJ bans the sale of Americans’ sensitive data to adversarial nations. HHS proposes a HIPAA update to address cybersecurity. Our guest is Mick Baccio, Global Security Advisor at Splunk, with insights on the cybersecurity resilience gap. CISA Director Easterly looks back at 2024.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mick Baccio, Global Security Advisor at Splunk’s security research team SURGe, sharing some insights on the cybersecurity resilience gap and top cyber challenges/priorities for the public sector. You can read more about this in SURGe’s blog and whitepaper.  Selected Reading US Treasury Department breached through remote support platform (Bleeping Computer) New details reveal how hackers hijacked 35 Google Chrome extensions (Bleeping Computer) U.S. Army Soldier Arrested in AT&T, Verizon Extortions (Krebs on Security) AT&T and Verizon Say Chinese Hackers Ejected From Networks (GovInfo Security) Volkswagen leak exposes private information of 800,000 EV owners, including location data (TechSpot) Hackers Leak Rhode Island Citizens' Data on Dark Web (Infosecurity Magazine) Ascension cyberattack exposed medical data of 5.6M customers (Healthcare IT News) Patched BitLocker Flaw Still Susceptible to Hack (GovInfo Security) Palo Alto Firewalls Backdoored by Suspected Chinese Hackers (BankInfo Security) US prohibits data sales to adversarial nations (SC Media)  Massive healthcare breaches prompt US cybersecurity rules overhaul (Bleeping Computer) CISA's 2024 Review Highlights Major Efforts in Cybersecurity Industry Collaboration (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    36 min
  8. Scotland’s position to lead cyber and space. [Deep Space]

    1 JAN · BONUS

    Scotland’s position to lead cyber and space. [Deep Space]

    Sharon Lemac-Vincere is an academic that focuses her research on the intersection of space and cyber. She has released a report on space and cybersecurity which outlines how Scotland can lead the way in both industries.  You can connect with Sharon on LinkedIn, and read her paper on The Cyber-Safe Gateway : Unlocking Scotland's Space Cybersecurity Potential on this website. Remember to leave us a 5-star rating and review in your favorite podcast app. Be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at space@n2k.com to request more info. Want to join us for an interview? Please send your pitch to space-editor@n2k.com and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    30 min
See All (2K)

Hosts & Guests

About

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

Information

  • Creator
    N2K Networks
  • Years Active
    2016 - 2025
  • Episodes
    2K
  • Rating
    Clean
  • Copyright
    © 2024 N2K Networks, Inc. 706761
  • Show Website
    CyberWire Daily

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada