CyberWire Daily N2K Networks

Draft legislation looks to streamline federal cybersecurity regulations. Clarity.fm exposed personal information of business leaders and celebrities. Researchers find european politicians’ personal info for sale on the dark web. The BBC’s pension scheme suffers a breach. OpenAI disrupts covert influence operations making use of their platform. Hackers brick over 600,000 routers. Cracked copies of Microsoft office deliver a malware mix. A senator calls for accountability in the Change Healthcare ransomware attack. On our Industry Voices segment, we hear from SpyCloud’s Chip Witt, on navigating the threat of digital identity exposure. Florida man becomes Moscow’s fake-news puppet.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
On our Industry Voices segment, we hear from Chip Witt, SpyCloud's SVP, Product Management, discussing navigating the threat of digital identity exposure. To learn more, check out SpyCloud’s Annual Identity Exposure Report 2024. 

Selected Reading
Senate chairman wants new White House-led panel to streamline federal cyber rules (The Record)
Data Leak Exposes Business Leaders and Top Celebrity Data (Hackread)
Information of Hundreds of European Politicians Found on Dark Web (SecurityWeek)
BBC Pension Scheme Breached, Exposing Employee Data (Infosecurity Magazine)
OpenAI accuses Russia, China, Iran, and Israel of misusing its GenAI tools for covert Ops (CSO Online)
Mystery malware destroys 600,000 routers from a single ISP during 72-hour span (Ars Technica)
Pirated Microsoft Office delivers malware cocktail on systems (Bleeping Computer)
UnitedHealth leaders 'should be held responsible' for installing inexperienced CISO, senator says (The Record)
Once a Sheriff’s Deputy in Florida, Now a Source of Disinformation From Russia (The New York Times) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Operation Endgame takes down malware operations around the globe. A major botnet operator is arrested. Ticketmaster’s massive data breach is confirmed, and so is Google’s SEO algorithm leak. Journalists and activists in Europe were targeted with Pegasus spyware. Okta warns users of credential stuffing attacks. NIST hopes to clear out the NVD backlog. On our Threat Vector segment, host David Moulton speaks with Greg Jones, Chief Information Security Officer at Xavier University of Louisiana. Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, joins us to discuss software security. LightSpy surveillance malware comes to macOS. ChatGPT briefly gets a god mode.
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
Eric Goldstein, Executive Assistant Director for Cybersecurity at CISA, joins us to discuss software security.

Threat Vector
In this Threat Vector segment, host David Moulton speaks with Greg Jones, Chief Information Security Officer at Xavier University of Louisiana. Greg brings a wealth of knowledge from his military background and applies a disciplined, adaptive approach to securing one of America's most vibrant educational institutions. You can listen to David and Greg’s full discussion here. 

Selected Reading
Police seize malware loader servers, arrest four cybercriminals (Bleeping Computer)
Is Your Computer Part of ‘The Largest Botnet Ever?’ (Krebs on Security)
Ticketmaster hacked. Breach affects more than half a billion users. (Mashable)
Google confirms the leaked Search documents are real (The Verge)
Phones of journalists and activists in Europe targeted with Pegasus (CyberScoop)
Okta Warns of Credential Stuffing Attacks Targeting Cross-Origin Authentication (SecurityWeek)
NIST says NVD will be back on track by September 2024 (Help Net Security)
macOS version of elusive 'LightSpy' spyware tool discovered (Bleeping Computer)
Hacker Releases Jailbroken "Godmode" Version of ChatGPT (Futurism) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

An alleged leak of Google’s search algorithm contradicts the company’s public statements.  German researchers discover a critical vulnerability in a TP-Link router. Breachforums is back…maybe. The Seattle Public Library suffers a ransomware attack. A Georgia man gets ten years for money laundering and romance scams, and the Treasury department sanctions a group of botnet operators. 44,000 individuals are affected by the breach of a major U.S. title insurance company. Microsoft describes North Korea’s Moonstone Sleet. Advocating for a more architectural approach to cybersecurity. Maria Varmazis speaks with WiCyS Executive Director Lynn Dohm and a panel of N2K experts about the 2024 Cyber Talent Study. A cracked password results in a multimillion dollar windfall. 
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Learning Layer
On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. Sam and Joe dive into Domain 6: Security Assessment and Testing and tackle the following question together:
You are hiring a vendor to perform a penetration test that would simulate a breach from an insider threat. What type of test would be BEST to perform? 

Blue Box

Black Box

White-hat hack

White box


CyberWire Guest
Maria Varmazis, N2K host of T-Minus Space Daily, talks with WiCyS Executive Director Lynn Dohm and N2K's Simone Petrella, Dr. Heather Monthie, and Jeff Welgan about the 2024 Cyber Talent Study. You can find out more about the study here. 

Selected Reading
Google won’t comment on a potentially massive leak of its search algorithm documentation (The Verge)
Update TP-Link's Archer C5400X router now to fix remote takeover vulnerability (TechSpot)
Data leak site BreachForums is back, boasting Live Nation/Ticketmaster user data. But is it a trap? (Malwarebytes)
Ransomware attack on Seattle Public Library knocks out online systems (The Record)
Man Sentenced for Laundering Over $4.5M Obtained from Business Email Compromise and Romance Fraud Schemes (United States Department of Justice)
Treasury Sanctions a Cybercrime Network Associated with the 911 S5 Botnet (United States Department of Treasury)
First American December data breach impacts 44,000 people (Bleeping Computer)
Moonstone Sleet emerges as new North Korean threat actor with new bag of tricks (Microsoft Security Blog)
Cybersecurity at a crossroads: Time to shift to an architectural approach (CSO Online)
How Researchers Cracked an 11-Year-Old Password to a $3 Million Crypto Wallet (WIRED) 

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

The FBI untangles Scattered Spider. The RansomHub group puts a deadline on Christie’s. Prescription services warn customers of data breaches. Personal data from public sector workers in India is leaked online. Check Point says check your VPNs. The Internet Archive suffers DDoS attacks. A Minesweeper clone installs malicious scripts. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space. If you can’t beat ‘em, troll ‘em. 
Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app.
Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest
N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guest Carrie Hernandez Marshall, CEO and Co-Founder from Rebel Space Technologies, about the need to extend cybersecurity into space.

Selected Reading
Potent youth cybercrime ring made up of 1,000 people, FBI official says (CyberScoop)
Christie’s given Friday ransom deadline after threat group claims responsibility for cyber attack (ITPro)
Data Stolen From MediSecure for Sale on Dark Web (SecurityWeek)
2.8 Million Impacted by Data Breach at Prescription Services Firm Sav-Rx (SecurityWeek)
Data leak exposes personal data of Indian military and police (CSO Online)
Check Point warns of threat actors targeting its VPNs (TechMonitor)
Internet Archive Hit With DDoS Attack (PCMag)
Hackers phish finance orgs using trojanized Minesweeper clone (bleepingcomputer)
Cops Are Just Trolling Cybercriminals Now (WIRED)

Share your feedback.
We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?
You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.
The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Rick Howard, N2K CyberWire’s Chief Analyst, CSO, and Senior Fellow, commemorates Memorial Day.
References:
Abraham Lincoln, 1863. The Gettysburg Address [Speech]. Abraham Lincoln Online.
Amanda Onion, Original 2009, Updated 2023. Memorial Day 2022: Facts, Meaning & Traditions [Essay]. HISTORY.
Brent Hugh, 2021. A Brief History of “John Brown’s Body” [Essay]. Digital History.
Bob Zeller, 2022. How Many Died in the American Civil War? [Essay]. HISTORY.
General George Marshall, 2014. President Lincoln’s Letter to Mrs Bixby [Movie Clip - Saving Private Ryan]. YouTube.
JOHN LOGAN, 1868. Logan’s Order Mandating Memorial Day [Order]. John A. Logan College.
John Williams, Chicago Symphony Orchestra, 2012. The People’s House: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music.
John Williams, Chicago Symphony Orchestra, 2012. The Blue and the Grey: Lincoln (Original Motion Picture Soundtrack) [Song]. Apple Music - Web Playe.
Livia Albeck-Ripka, 2023. A Brief History of Memorial Day [Essay]. The New York Times.
Paul Robeson, 2021. John Brown’s Body [Song]. YouTube.
Robert Rodat (Writer), Steven Spielberg (Director), Harve Presnell (Actor), 1998. Saving Private Ryan [Movie]. IMDb.
Staff, 2020. A Brief Biography of General John A. Logan [Biography]. John A. Logan College.
Staff, 2024. Civil War Timeline [WWW Document], American Battlefield Trust.
Thomas Jefferson, 1776. Declaration of Independence: [Transcription]. National Archives.
Winston Churchil, 1940. Never was so much owed by so many to so few - Winston Churchill Speeches [Speech]. YouTube.

Director of security operations at Syntax Richard Torres talks about his path leading him working in juvenile justice to becoming a private investigator to physical security at a nuclear power plant to cybersecurity presently. Always a fan of police shows, Richard became a member of the Air Force Junior ROTC in high school and began his path there. Richard shares the challenges of working in several facets of the security industry including his transition from SWAT team member to cybersecurity. He notes the role that diplomacy plays when you're trying to get honesty and be steered in the right direction. Our thanks to Richard for sharing his story with us.