CyberWire Daily

N2K Networks
CyberWire Daily

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

  1. 2 DAYS AGO

    A not so BASIC farewell.

    META details its efforts against pig butchering. The Salt Typhoon attack on major U.S. telecoms sparks interest from Congress.  Microsoft dismantles 240 domains linked to the ONNX phishing-as-a-service platform. A major U.S. gambling and lottery provider suffers a cyberattack. Hackers exploit newly patched zero-days in Palo Alto Networks firewalls. Researchers say Fortinet VPN servers lack sufficient logging. A pilot program looks to improve security for small U.S. water utilities. Bitdefender warns of scammers using Black Friday-themed spam emails. Our guest is DataDome’s CEO and Co-founder, Benjamin Fabre, discussing how "Fake Accounts Threaten Black Friday Gaming Sales." A fond farewell for a true cyber innovator.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In advance of Black Friday shopping next week, our guest is  DataDome’s CEO and Co-founder, Benjamin Fabre discussing their team's work on "Fake Accounts Threaten Black Friday Gaming Sales."  Selected Reading Meta cracks down on millions of accounts it tied to pig-butchering scams (CyberScoop) China’s Hacking Reached Deep Into U.S. Telecoms (New York Times) FCC leaders skirt call for wiretap security reform, hope to ‘go deeper’ on telecom breach briefings (NextGov) Microsoft disrupts ONNX phishing-as-a-service infrastructure (Bleeping Computer) Gambling and lottery giant disrupted by cyberattack, working to bring systems back online (The Record) Over 2,000 Palo Alto firewalls hacked using recently patched bugs (Bleeping Computer) Fortinet VPN design flaw hides successful brute-force attacks (Bleeping Computer) First Water Utilities Take Volunteer Cyber Help (The University of Chicago Harris School of Public Policy) Three-Quarters of Black Friday Spam Emails Identified as Scams (Infosecurity Magazine) Thomas E. Kurtz, a Creator of BASIC Computer Language, Dies at 96 (New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    34 min
  2. 3 DAYS AGO

    No more spinach for PopeyeTools.

    The feds take down the PopeyeTools cybercrime market. Five alleged Scattered Spider members have been charged.  CISA warns of critical vulnerabilities in VMware’s vCenter Server. Global AI experts convene to discuss safety. MITRE updates its list of Top 25 Most Dangerous Software Weaknesses. US and Australian agencies warn critical infrastructure organizations about evolving tactics by the BianLian ransomware group. A new report looks at rising threats to the U.S. manufacturing industry. Researchers at ESET uncover the WolfsBane Linux backdoor. A pair of malicious Python packages impersonating ChatGPT went undetected for over a year. A data breach at a French hospital compromised the medical records of 750,000 patients. On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate’s Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." AI Pimping is the scourge of Instagram.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Avihai Ben-Yossef, Cymulate’s Co-Founder and CTO, joins us to discuss "The Evolution and Outlook of Exposure Management." Resources:  Security Validation Essentials Hertz Israel Reduced Cyber Risk by 81% within 4 Months with Cymulate SecOps Roundtable: Security Validation and the Path to Exposure Management Double Agent: Exploiting Pass-through Authentication Credential Validation in Azure AD Selected Reading US seizes PopeyeTools cybercrime marketplace, charges administrators (Bleeping Computer) Five Charged in Scattered Spider Case (Infosecurity Magazine) CISA Warns of VMware VCenter Vulnerabilities Actively Exploited in Attacks (Cyber Security News) US Gathers Allies to Talk AI Safety as Trump’s Vow to Undo Biden’s AI Policy Overshadows Their Work (SecurityWeek) MITRE Updates List of 25 Most Dangerous Software Vulnerabilities (SecurityWeek) BianLian Ransomware Group Adopts New Tactics, Posing Significant Risk (Infosecurity Magazine) Manufacturing Sector Under Siege: Industry Faces Wave of Advanced Email Attacks (Abnormal Security) Gelsemium APT Hackers Attacking Linux Servers With New WolfsBane Malware (Cyber Security News) Two PyPi Malicious Package Mimic ChatGPT & Claude Steals Developers Data (GB Hackers) Cyberattack at French hospital exposes health data of 750,000 patients (Bleeping Computer) Inside the Booming 'AI Pimping' Industry (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    37 min
  3. 4 DAYS AGO

    When location data becomes a weapon.

    A WIRED investigation uncovers the ease of tracking U.S. military personnel. Apple releases emergency security updates to address actively exploited vulnerabilities. Latino teenagers and LGBTQ individuals are receiving disturbing text messages spreading false threats. Crowdstrike says Liminal Panda is responsible for telecom intrusions. Oracle patches a high-severity zero-day vulnerability. Trend Micro has disclosed a critical vulnerability in its Deep Security 20 Agent software. A rural hospital in Oklahoma suffers a ransomware attack. A leading fintech firm is investigating a security breach in its file transfer platform. Researchers deploy Mantis against malicious LLMs.  Ben Yelin from the University of Maryland Center for Health and Homeland Security discusses AI’s bias in the resume screening process. Tracking down a lost Lambo.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have Ben Yelin, Program Director, Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and our Caveat podcast co-host, discussing AI’s racial and gender bias in the resume screening process. You can read about it here. Selected Reading Anyone Can Buy Data Tracking US Soldiers and Spies to Nuclear Vaults and Brothels in Germany (WIRED) GAO recommends new agency to streamline how US government protects citizens’ data (The Record) Apple Issues Emergency Security Update for Actively Exploited Flaws (Infosecurity Magazine) Texts threatening deportation and 're-education' for gays stoke both fear and defiance (NBC News) Chinese APT Group Targets Telecom Firms Linked to BRI (Infosecurity Magazine) Oracle Patches Exploited Agile PLM Zero-Day (SecurityWeek) Trend Micro Deep Security Vulnerability Let Attackers Execute Remote Code (Cyber Security News) Oklahoma Hospital Says Ransomware Hack Hits 133,000 People (GovInfo Security) Fintech Giant Finastra Investigating Data Breach (Krebs on Security) AI About-Face: 'Mantis' Turns LLM Attackers Into Prey (Dark Reading) Hackers Steal MLB Star Kris Bryant’s $200K Lamborghini By Rerouting Delivery (Carscoops) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    32 min
  4. 5 DAYS AGO

    Biden vs. Trump: A tale of two cybersecurity strategies.

    Pundits predict Trump will overhaul U.S. cybersecurity policy. Experts examine escalating cybersecurity threats facing the U.S. energy sector. Palo Alto Networks patches a pair of zero-days. Akira and SafePay ransomware groups claim dozens of new victims. A major pharmacy group is pressured to pay a $1.3 million ransomware installment. Threat actors are exploiting Spotify playlists and podcasts. An alleged Phobos ransomware admin has been extradited to the U.S. Rapper “Razzlekhan” gets 18 months in prison for her part in the Bitfinex cryptocurrency hack. On today’s Threat Vector, David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea.  Swiss scammers send snail mail.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment On this segment of Threat Vector, host David Moulton speaks with Assaf Dahan, Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea. To hear the full conversation between David and Assaf, listen to Cyber Espionage and Financial Crime: North Korea’s Double Threat, and catch new episodes of Threat Vector every Thursday on your favorite podcast app!  Selected Reading More Spyware, Fewer Rules: What Trump’s Return Means for US Cybersecurity (WIRED) How to remove the cybersecurity gridlock from the nation's energy lifelines (CyberScoop) Palo Alto Patches Firewall Zero-Day Exploited in Operation Lunar Peek (SecurityWeek) SafePay ransomware: Obscure group uses LockBit builder, claims 22 victims (SC Media) Akira Ransomware Drops 30 Victims on Leak Site in One Day (SecurityWeek) Gang Shaking Down Pharmacy Group for Second Ransom Payment (GovInfo Security) Spotify abused to promote pirated software and game cheats (Bleeping Computer) Suspected Phobos Ransomware Admin Extradited to US (Infosecurity Magazine) Heather ‘Razzlekhan’ Morgan sentenced to 18 months in prison, ending Bitfinex saga (The Record) Now Hackers Are Using Snail Mail In Cyber Attacks—Here’s How (Forbes)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    34 min
  5. 6 DAYS AGO

    A new era for CISA under Trump?

    CISA’s Director Easterly plans to step down in the coming year. DHS issues recommendations for AI in critical infrastructure.Palo Alto Networks confirms active exploitation of a critical zero-day vulnerability in its firewalls. Threat actors exploit Microsoft’s 365 Admin Portal to send sextortion emails. A China-based APT targets a zero-day in Fortinet’s Windows VPN. The EPA reports on vulnerabilities in drinking water systems. A critical authentication bypass vulnerability affects a popular WordPress plugin. Researchers track a rise in the ClickFix social engineering technique. An 18 year old faces up to twenty years behind bars for swatting. Our guest is  Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos. Nuisance calls are in decline.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Rob Boyce, Global Lead, Cyber Resilience at Accenture, discussing SIM swapping services targeting telcos. Selected Reading CISA Director Jen Easterly to depart on Inauguration Day (Nextgov/FCW) DHS Releases Secure AI Framework for Critical Infrastructure (Dark Reading) Palo Alto firewalls exploited after critical zero-day vulnerability (Cybernews) Microsoft 365 Admin portal abused to send sextortion emails (Bleeping Computer)  Fortinet VPN Zero-Day Exploited in Malware Attacks Remains Unpatched: Report (SecurityWeek) 300 Drinking Water Systems in US Exposed to Disruptive, Damaging Hacker Attacks (SecurityWeek) Security plugin flaw in millions of WordPress sites gives admin access (Bleeping Computer) Security Brief: ClickFix Social Engineering Technique Floods Threat Landscape (Proofpoint) Teen serial swatter-for-hire busted, pleads guilty, could face 20 years (The Register) FTC Records 50% Drop in Nuisance Calls Since 2021 (Infosecurity Magazine) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

    32 min

Hosts & Guests

About

The daily cybersecurity news and analysis industry leaders depend on. Published each weekday, the program also includes interviews with a wide spectrum of experts from industry, academia, and research organizations all over the world.

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.

Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada