CyberWire Daily N2K Networks

A North Korean hacker is indicted for major cyberattacks. CrowdStrike’s in recovery mode. Phishing thrives in the wake of BSOD chaos. Wiz spells out no to Alphabet's $23bn offer. France goes full clean-up. Israel's secret shield in spyware saga. KOSA and COPPA 2.0 promise safer surfing for kids. N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. And last but not least, hacking can happen to anyone.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On today’s guest slot, N2K’s CSO Rick Howard speaks with Steve Schmidt, CSO of Amazon, about the culture of security and what it means to the CSO role. They touch upon the SEC reporting requirements and how testing is never done. Rick and Steve caught up at AWS re:Inforce 2024. 

Selected Reading
US indicts alleged North Korean state hacker for ransomware attacks on hospitals (The Record) 
North Korean Military Hacker Indicted for String of US Attacks (Metacurity)
CrowdStrike says over 97% of Windows sensors back online (Reuters)
Threat Actors leveraging the recent CrowdStrike update outage (FortiGuard Labs) 
Cyber-security firm rejects $23bn Google takeover (BBC)
ECB's cyber security test shows 'room for improvement' for banks (Reuters)  
France launches large-scale operation to fight cyber spying ahead of Olympics (The Record) 
Israel Maneuvered to Prevent Disclosure of State Secrets amid WhatsApp vs NSO Lawsuit (Forbidden Stories)  
KOSA, COPPA 2.0 Likely to Pass U.S. Senate (Inside Privacy) 
A North Korean Hacker Tricked a US Security Vendor Into Hiring Him—and Immediately Tried to Hack Them (WIRED) 
North Korean Fake IT Worker FAQ (KnowBe4) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

A North Korean hacking group targets healthcare, energy and finance. Leaked Leidos documents surface on the dark web. A Middle Eastern financial institution suffered a record-breaking DDoS attack. The latest tally on the fallout from the Crowdstrike outage. A cybersecurity audit of HHS reveals significant cloud security gaps. Docker patches a critical vulnerability for the second time. Google announced enhanced protections for Chrome users. In our latest Threat Vector segment, David Moulton speaks with Sama Manchanda, a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks. If you’re heading to Paris for the Summer Olympics, smile for the AI cameras. 
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
In this segment of Threat Vector, David Moulton, Director of Thought Leadership at Unit 42, engages with Sama Manchanda, a Consultant at Unit 42, to explore the evolving landscape of social engineering attacks, particularly focusing on vishing and smishing. 
As election season heats up, these threats are becoming more sophisticated, exploiting our reliance on mobile devices and psychological tactics. Sama provides expert insights into the latest trends, the psychological manipulations used in these attacks, and the specific challenges they pose to individuals and the democratic process. You can listen to Threat Vector every Thursday starting next week on the N2K CyberWire network. Check out the full episode with David and Sama here. 

Selected Reading
Mandiant: North Korean Hackers Targeting Healthcare, Energy (BankInfo Security)
Data pilfered from Pentagon IT supplier Leidos (The Register)
DDoS Attack Lasted for 6 Days, Record created for the duration of the Cyberattack (Cyber Security News)
Threat Actor Distributes Python-Based Information Stealer Using a Fake Falcon Sensor Update Lure (CrowdStrike)
Fortune 500 stands to lost $5bn plus from CrowdStrike incident (Computer Weekly)
HHS audit finds serious gaps in cloud security at agency office (SC Media)
Docker re-fixes a critical authorization bypass vulnerability (CSO Online)
Google Boosts Chrome Protections Against Malicious Files (SecurityWeek)
At The 2024 Summer Olympics, AI Is Watching You (WIRED) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Stargazer Goblin hosts malicious code repositories on GitHub. Crowdstrike blames buggy validations checks for last week’s major incident. The Breachforums database reveals threat actor OPSEC. Windows Hello for Business (WHfB) was found vulnerable to downgrade attacks. A medical center in the U.S. Virgin Islands is hit with ransomware. Interisle analyzes the phishing landscape. The FTC orders eight companies to explain algorithmic pricing. Meta cracks down on the Nigerian Yahoo Boys. A fake IT worker gets caught in the act. My conversation with Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast.” Researchers wonder if proving you’re human proves profitable for Google. 
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast," talking about what to expect on Bluehat on the N2K media network. You can catch the podcast every other Wednesday. Their latest episode launching today can be found here. 

Selected Reading
A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub (WIRED)
CrowdStrike blames test software for taking down 8.5 million Windows machines (The Verge)
BreachForums v1 database leak is an OPSEC test for hackers (Bleeping Computer)
Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication (Dark Reading)
Schneider Regional Medical Center hit by ransomware attack (Beyond Machines)
New phishing report names and shames TLDs, registrars (The Verge)
FTC Issues Orders to Eight Companies Seeking Information on Surveillance Pricing (FTC)
Meta bans 63,000 accounts belonging to Nigeria’s sextortionist Yahoo Boys (The Record)
How a North Korean Fake IT Worker Tried to Infiltrate Us (KnowBe4)
Forget security – Google's reCAPTCHA v2 is exploiting users for profit (The Register) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

UK law enforcement relieves DigitalStress. Congress summons Crowdstrike’s CEO to testify. FrostyGoop malware turned off the heat in Ukraine. EvilVideo is a zero-day exploit for Telegram. Daggerfly targets Hong Kong pro-democracy activists. Google has abandoned its plan to eliminate third-party cookies. The FCC settles with Tracfone Wireless over privacy and cybersecurity lapses. Wiz says no to Google and heads toward an IPO. N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about streamlining the fleet’s innovation process. Target’s in-store AI misses the mark. 
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
N2K’s Brandon Karpf speaks with guest Justin Fanelli, Acting CTO of the US Navy, about the US Navy streamlining the innovation process. For some background, you can refer to this article. 

Additional resources: 


PEO Digital Innovation Adoption Kit 

Atlantic Council’s Commission on Defense Innovation Adoption


For industry looking to engage with PEO Digital: Industry Engagement



Selected Reading
Prolific DDoS Marketplace Shut Down by UK Law Enforcement (Infosecurity Magazine)
Congress Calls for Tech Outage Hearing to Grill CrowdStrike C.E.O. (The New York Times)
How Russia-Linked Malware Cut Heat to 600 Ukrainian Buildings in Deep Winter (WIRED)
Telegram zero-day for Android allowed malicious files to masquerade as videos (The Record)
Chinese Cyberespionage Group Expands Malware Arsenal (GovInfo Security)
Google rolls back decision to kill third-party cookies in Chrome (Bleeping Computer)
FCC, Tracfone Wireless reach $16M cyber and privacy settlement (CyberScoop)
Wiz rejects Google’s $23 billion takeover in favor of IPO (The Verge)
Target Employees Hate Its New AI Chatbot (Forbes)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Mitigation continues on the global CrowdStrike outage. UK police arrest a suspected member of Scattered Spider. A scathing report from DHS says CISA ignored a directive to cut ties with a faulty contractor. Huntress finds SocGholish distributing AsyncRAT. Ransomware takes down the largest trial court in the U.S. A US regulator finds many major banks inadequately manage cyber risk. CISA adds three critical vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog. Australian police forces combat SMS phishing attacks.  Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, shares insights on the challenges of protecting the upcoming Summer Olympics. Rick Howard looks at Cyber Threat Intelligence. Appreciating the value of internships.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
The 2024 Summer Olympics start later this week in Paris. Our guest Chris Grove, Director of Cybersecurity Strategy at Nozomi Networks, discusses how, in addition to consumer issues, the actual events, games and facilities at the Olympics could be at risk of an attack. 

This week on CSO Perspectives
This week on N2K Pro’s CSO Perspectives podcast, host and N2K CSO Rick Howard focus on “The current state of Cyber Threat Intelligence.” Hear a bit about it from Rick and Dave. You can find the full episode here if you are an N2K Pro subscriber, otherwise check out an extended sample here. 

Selected Reading
Special Report: IT Disruptions Continue as CrowdStrike Sees Crisis Receding (Metacurity)
Suspected Scattered Spider Member Arrested in UK (SecurityWeek)
DHS watchdog rebukes CISA and law enforcement training center for failing to protect data (The Record)
SocGholish malware used to spread AsyncRAT malware (Security Affairs)
California Officials Say Largest Trial Court in US Victim of Ransomware Attack (SecurityWeek)
Finance: Secret Bank Ratings Show US Regulator’s Concern on Handling Risk (Bloomberg)
U.S. CISA adds Adobe Commerce and Magento, SolarWinds Serv-U, and VMware vCenter Server bugs to its Known Exploited Vulnerabilities catalog (Security Affairs)
Australian police seize devices used to send over 318 million phishing texts - Security - Telco/ISP (iTnews)
Internships can be a gold mine for cybersecurity hiring (CSO Online)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.
Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of Cyber Threat Intelligence with CyberWire Hash Table guest John Hultquist, Mandiant’s Chief Analyst.

References:
Andy Greenberg, 2022. Tracers in the Dark: The Global Hunt for the Crime Lords of Cryptocurrency [Book]. Goodreads.
Josephine Wolff, October 2023. How Hackers Swindled Vegas [Explainer]. Slate.
Rick Howard, 2023. Cybersecurity First Principles Book Appendix [Book Support Page]. N2K Cyberwire.
Staff, September 2023. mWISE Conference 2023 [Conference Website]. Mandiant.
Staff, n.d. VirusTotal Submissions Page [Landing Zone]. VirusTotal.
Learn more about your ad choices. Visit megaphone.fm/adchoices