Can connected cars jeopardize national security?

International Law Enforcement Seizes Domains of Russian Crypto Laundering Networks. The real-world risk of a recently revealed Linux vulnerability appears low. Criminal Charges Loom in the Iranian Hack of the Trump Campaign. Meta is fined over a hundred million dollars for storing users’ passwords in plaintext. Delaware’s public libraries grapple with the aftermath of a ransomware attack. Tor merges with Tails. Progress Software urges customers to patch multiple vulnerabilities. A critical vulnerability in VLC media player has been discovered. Our guests are Mark Lance, Vice President of DFIR and Threat Intelligence at GuidePoint Security, and Andrew Nelson, Principal Security Consultant at GuidePoint Security discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story." Having the wisdom to admit you just don’t know.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Mark Lance, Vice President DFIR and Threat Intelligence at GuidePoint Security, discussing their work on "Hazard Ransomware – A Successful Broken Encryptor Story."  Selected Reading US-led operation disrupts crypto exchanges linked to Russian cybercrime (The Record) Highly Anticipated Linux Flaw Allows Remote Code Execution, but Less Serious Than Expected (SecurityWeek) Criminal charges coming in alleged Iranian hack of Trump campaign emails: Sources (ABC News) Meta fined $101 million for storing hundreds of millions of passwords in plaintext (The Record) Hackers attack Delaware libraries, seek ransom. Here's what we know (Delaware Online) Tor Merges With Security-Focused OS Tails (SecurityWeek) Progress urges admins to patch critical WhatsUp Gold bugs ASAP (Bleeping Computer) VLC Player Vulnerability Let Attackers Execute Malicious Code, Update Now (Cyber Security News) Bigger AI chatbots more inclined to spew nonsense — and people don't always realize (Nature) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Salt Typhoon infiltrates US ISPs. Researchers hack the connected features in Kia vehicles.WiFi portals in UK train stations suffer Islamophobic graffiti. International partners release a joint guide for protecting Active Directory. A key house committee approves an AI vulnerability reporting bill. India’s largest health insurer sues Telegram over leaked data. HPE Aruba Networking patches three critical vulnerabilities in its Aruba Access Points. OpenAI plans to restructure into a for-profit business. CISA raises the red flag on Hurricane Helene scams. Our guest is Ashley Rose, Founder & CEO at Living Security, on the creation of Forrester’s newest cybersecurity category, Human Risk Management. The FTC says “Objection!” to the world’s first self-proclaimed robot lawyer. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Ashley Rose, Living Security’s Founder & CEO, talking about the creation of Forrester’s newest cybersecurity category, Human Risk Management. Read Ashley’s blog. Learn more on The Forrester Wave™: Human Risk Management Solutions, Q3 2024.   Selected Reading China-Backed Salt Typhoon Targets U.S. Internet Providers: Report (Security Boulevard) Millions of Vehicles Could Be Hacked and Tracked Thanks to a Simple Website Bug (WIRED) Public Wi-Fi operator investigating cyberattack at UK's busiest train stations (The Rgister) ASD’s ACSC, CISA, and US and International Partners Release Guidance on Detecting and Mitigating Active Directory Compromises (CISA) House panel moves bill that adds AI systems to National Vulnerability Database (CyberScoop) India's Star Health sues Telegram after hacker uses app's chatbots to leak data (Reuters) HPE Aruba Networking fixes critical flaws impacting Access Points (Bleeping Computer) Exclusive: OpenAI to remove non-profit control and give Sam Altman equity (Reuters) OpenAI's technology chief Mira Murati, two other research executives to leave (Reuters) CISA Warns of Hurricane-Related Scams (CISA) DoNotPay must pay $193,000 to settle false claim charges from FTC. (The Verge) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CrowdStrike’s Adam Meyers testifies before congress. The State Department is set to provide nearly $35 million in foreign aid to strengthen global cybersecurity. Foreign adversaries claim ongoing access to presidential campaign documents. Researchers warn of critical vulnerabilities in fuel tank monitoring systems. Hackers claim a Chrome 2FA feature bypass takes less than ten minutes. Exploiting ChatGPT’s long-term memory. Politicians and staffers find personal data exposed on the dark web. A critical vulnerability in Ivanti’s Virtual Traffic Manager is being actively exploited. On our CertByte segment,  Chris Hare is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ Practice Test. Don’t click the PDiddy links. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from our suite of industry-leading content and a study tip to help you achieve the professional certifications you need to fast-track your career growth. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by resident Microsoft SME George Monsalvatge to break down a question from N2K’s CompTIA Project+ (PK0-005) Practice Test. This exam is targeted for candidates who have about 1-2 years of project management experience. This is not an actual test question, but an example of one that covers an objective for the 5th version of the exam, which came out in November 2022. Have a question that you’d like to see covered? Email us at [email protected]. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Selected Reading CrowdStrike Apologizes for IT Outage, Defends Microsoft Kernel Access (Infosecurity Magazine) Exclusive: State Department cyber bureau preps funding blitz aimed at boosting allies' defenses (The Record) Iranian-linked election interference operation shows signs of recent access (CyberScoop) FEC expands campaign spending rules to allow for physical, cybersecurity purchases (CyberScoop) Automatic Tank Gauges Used in Critical Infrastructure Plagued by Critical Vulnerabilities (SecurityWeek) New Chrome Alert After Hackers Claim 2FA Security Cracked In 10 Minutes (Forbes) Hacker plants false memories in ChatGPT to steal user data in perpetuity (Ars Technica) Proton warns that data of thousands politicians leaked on the dark web (Beyond Machines) Third Recent Ivanti Vulnerability Exploited in the Wild (SecurityWeek) PDiddySploit Malware Hidden in Files Claiming to Reveal Deleted Diddy Posts (Hackread) Diddy Do It? Or Did Cybercriminals? How Hackers Are Turning Scandals Into Cyber Attacks (Veriti) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The House Homeland Security Chair introduces a major cyber workforce bill. Google rolls out new Gmail security tools. Telegram makes a big shift in its privacy policy. Microsoft doubles down on cybersecurity. A Kansas water treatment facility suffers a suspected cyberattack. MoneyGram reports network outages. Kaspersky antivirus users get an automatic upgrade, maybe. North Korean IT workers infiltrate Fortune 100 companies. Gartner analysts urge cybersecurity leaders to focus on  prevention, response, and recovery. In this week’s Threat Vector, host David Moulton is joined by Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, to explore the seismic shifts in cybersecurity brought about by AI technologies.  A lavish lifestyle exposes the duo behind a $230M crypto scam. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment In this segment of Threat Vector, host David Moulton, Director of Thought Leadership at Palo Alto Networks Unit 42, and Daniel Kendzior, Global Data & AI Security Practice Lead at Accenture, explore the seismic shifts in cybersecurity brought about by AI technologies.  Join us each Thursday for a new episode of Threat Vector on the N2K CyberWire network. To hear David and Daniel’s full discussion, check it out here.  Selected Reading Exclusive: House Homeland Security chair releases, pushes forth cyber workforce bill (CyberScoop) Google Announces New Gmail Security Move For Millions (Forbes) Telegram will now provide some user data to authorities (BBC) Microsoft CEO to Cyber Team: Don’t Tell Me How Great Everything Is (Bloomberg) Kansas Water Facility Switches to Manual Operations Following Cyberattack (SecurityWeek) MoneyGram says cyber incident causing network outages (The Record) Kaspersky Users in US Find Antivirus Software Automatically Replaced (Cyber Security News) Dozens of Fortune 100 companies have unwittingly hired North Korean IT workers, according to report (The Record) Zero Failure Tolerance, A Cybersecurity Myth Holding Back Organization (Infosecurity Magazine) Two men arrested one month after $230 million of cryptocurrency stolen from a single victim (Bitdefender)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The US is set to propose a ban on Chinese software and hardware in connected cars. Dell investigates a breach of employee data. Unit 42 uncovers a North Korean PondRAT and a red team tool called Splinter. Marko Polo malware targets cryptocurrency influencers, gamers, and developers. An Iranian state-sponsored threat group targets Middle Eastern governments and telecommunications.The alleged Snowflake hacker remains active and at large. German officials quantify fallout from the CrowdStrike incident. Apple’s latest macOS update has led to widespread issues with cybersecurity software and network connectivity. Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Supercharging your graphing calculator.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Vincenzo Ciancaglini, Senior Threat Researcher from Trend Micro, talking about the uptick in cybercrime driven by the generative AI explosion. Read their blog "Surging Hype: An Update on the Rising Abuse of GenAI" here.  Selected Reading Exclusive: US to propose ban on Chinese software, hardware in connected vehicles (Reuters) Dell investigates data breach claims after hacker leaks employee info (Bleeping Computer) North Korea-linked APT Gleaming Pisces deliver new PondRAT backdoor via malicious Python packages (Security Affairs) Global infostealer malware operation targets crypto users, gamers (Bleeping Computer) Iranian-Linked Group Facilitates APT Attacks on Middle East Networks (Security Boulevard) Hacker behind Snowflake customer data breaches remains active (CyberScoop) Discovering Splinter: A First Look at a New Post-Exploitation Red Team Tool (Palo Alto Networks) Organizations are changing cybersecurity providers in wake of Crowdstrike outage (Help Net Security) Cybersecurity Products Conking Out After macOS Sequoia Update (SecurityWeek) Secret calculator hack brings ChatGPT to the TI-84, enabling easy cheating (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, N2K CyberWire’s Chief Analyst and Senior Fellow, turns over hosting responsibilities to Roselle Safran, the CEO and Founder of KeyCaliber and one of the original contributors to the N2K CyberWire Hash Table. She interviews Tia Hopkins, the eSentire Chief Cyber Resilience Officer, to make the business case for why resilience might be the most important cyber strategy. References: Black Women in Cyber Collective, 2024. Securing Our Future: Embracing The Resilience and Brilliance of Black Women in Cyber [Book]. Goodreads. Ken Underhill, Christophe Foulon, Tia Hopkins, Mari Galloway, 2022. Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career [Book]. Goodreads. Ron Ross, Victoria Pillitteri, Richard Graubart, Deborah Bodeau, Rosalie McQuaid, 2021. SP 800-160 Vol. 2 Rev. 1, Developing Cyber-Resilient Systems: A Systems Security Engineering Approach [Guidance]. CSRC. Roselle Safran, 2024. Who Does the CISO Work for? [Social Media Post]. LinkedIn. Staff, n.d. Empow(H)er Cyber Home [Website]. Learn more about your ad choices. Visit megaphone.fm/adchoices

Enjoy this special encore episode, where we are jjoined by Founder and CEO of nonprofit Bits N' Bytes Cybersecurity Education and undergraduate student at Stanford University, Kyla Guru shares her journey from GenCyber Camp to becoming a cybersecurity thought leader. Seeing the need. for cybersecurity education in her own community spurred Kyla into action engaging our civilian population in understanding their role in the cybersecurity space. Kyla recommends putting yourself out there: taking courses, getting more knowledge, getting internships, meeting people and going to conferences. Kyla thinks her generation has an inquisitive mind and feels that is where advocacy and education come in with cybersecurity. She shares for any young person "thinking about maybe starting something in security, this is definitely the time to do so." And, we thank Kyla for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this 2-part special edition series, guest Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, speaks with N2K's Brandon Karpf about national security and the dilemma of technology disruption. In this series, Steve Blank, a renowned expert in national security innovation, explores the critical challenges facing the U.S. Department of Defense in a rapidly evolving technological landscape. From the rise of global adversaries like China to the bureaucratic obstacles hindering defense innovation, Blank breaks down the “dilemma of technology disruption” in national security. Learn how the U.S. can overcome its outdated systems, accelerate innovation, and prepare for the future of defense technology. Whether you’re interested in defense tech, cybersecurity, or government innovation, this episode offers deep insights into the intersection of national security and technological disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” Learn more about your ad choices. Visit megaphone.fm/adchoices

Jonathan Tanner, Senior Security Researcher from Barracuda, discussing their work on "Stealthy phishing attack uses advanced infostealer for data exfiltration." The recent phishing attack, detailed by Barracuda, uses a sophisticated infostealer malware to exfiltrate a wide array of sensitive data. The attack begins with a phishing email containing an ISO file with an HTA payload, which downloads and executes obfuscated scripts to extract and transmit browser information, saved files, and credentials to remote servers. This advanced infostealer is notable for its extensive data collection capabilities and complex exfiltration methods, highlighting the increasing sophistication of cyber threats. The research can be found here: Stealthy phishing attack uses advanced infostealer for data exfiltration Learn more about your ad choices. Visit megaphone.fm/adchoices

An FTC report confirms online surveillance and privacy concerns. Ukraine bans Telegram for state and security officials. Sensitive customer data from India’s largest health insurer is leaked. German law enforcement shuts down multiple cryptocurrency exchange services. HZ RAT sets its sights on macOS systems. Stolen VPN passwords remain a growing threat. Law enforcement dismantles the iServer phishing-as-a-service platform. Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. CISA’s boss pushes for accountability.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today’s guest is Steve Blank, co-founder of the Gordian Knot Center for National Security Innovation at Stanford University, talking with N2K's Brandon Karpf about national security and the dilemma of technology disruption. For some background, you can check out Steve’s article “Why Large Organizations Struggle With Disruption, and What to Do About It.” To listen to Brandon and Steve’s full conversation, check out our Special Edition series that will run over the next two Sundays in our CyberWire Daily podcast feed.  Selected Reading FTC Staff Report Finds Large Social Media and Video Streaming Companies Have Engaged in Vast Surveillance of Users with Lax Privacy Controls and Inadequate Safeguards for Kids and Teens (Federal Trade Commission) Ukraine bans Telegram on state and military devices (The Record) Hacker selling 7 TB of Star Health Insurance’s customer data using Telegram (CSO Online) German Government Shuts Down 47 Exchanges, Says They're Tied To ‘Illegal Activity’ (CoinDesk) New MacOS Malware Let Attackers Control The Device Remotely (Cyber Security News) More Than Two Million Stolen VPN Passwords Discovered (Security Boulevard) High-risk vulnerabilities in common enterprise technologies (Rapid7 Blog) Law Enforcement Dismantles Phishing Platform Used for Unlocking Stolen Phones (SecurityWeek) Insecure software makers are the real cyber villains – CISA (The Register)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices