International effort dismantles LockBit. [Research Saturday]

The US scrutinizes Chinese telecoms. Indonesia’s national datacenter is hit with ransomware. RedJulliett targets organizations in Taiwan. Researchers can tell where you are going by how fast you get there. A previously dormant botnet targeting Redis servers becomes active. Thousands of customers may have had info compromised in an attack on Levi’s. A new industry alliance hopes to prevent memory-based cyberattacks. Guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach with N2K President Simone Petrella. Assange agrees to a plea deal. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Solution Spotlight, guest Seeyew Mo, Assistant National Cyber Director, Office of the National Cyber Director at the White House, shares the nuances of the White House's skills-based approach (and how it's not only about hiring) with N2K President Simone Petrella. Seeyew shares a progress report on the National Cyber Workforce and Education Strategy nearly one year out. For more information, you can visit the press release: National Cyber Director Encourages Adoption of Skill-Based Hiring to Connect Americans to Good-Paying Cyber Jobs. The progress report Seeyew and Simone discuss can be found here: National Cyber Workforce and Education Strategy: Initial Stages of Implementation.  Selected Reading Exclusive: US probing China Telecom, China Mobile over internet, cloud risks (Reuters)  Indonesian government datacenter locked down in $8M ransomware rumble (The Register) Taiwanese tech firms, universities, religious groups among targets in cyber-espionage campaign (The Record) New security loophole allows spying on internet users' online activity (HelpNet Security) P2PInfect botnet targets REdis servers with new ransomware module (Bleeping Computer) Credential Stuffing Attack Hits 72,000 Levi’s Accounts (Infosecurity Magazine) CHERI Backers Form Alliance to Promote Memory Safety Chip (GovInfo Security) Julian Assange, WikiLeaks Founder, Agrees to Plead Guilty in Deal With U.S. (The New York Times)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

LockBit claims to have hit the Federal Reserve. CDK Global negotiates with BlackSuit to unlock car dealerships across the U.S. Treasury proposes a rule to restrict tech investments in China. An LA school district confirms a Snowflake related data breach. Rafel RAT hits outdated Android devices. The UK’s largest plutonium stockpiler pleads guilty to criminal charges of inadequate cybersecurity. Clearview AI settles privacy violations in a deal that could exceed fifty million dollars. North Korean hackers target aerospace and defense firms. Rick Howard previews CSOP Live. Our guest is Christie Terrill, CISO at Bishop Fox, discussing how organizations can best leverage offensive security tactics. Bug hunting gets a little too real. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Christie Terrill, CISO at Bishop Fox, joins to discuss how organizations can leverage offensive security tactics not just as strategies to prevent cyber incidents, but as a critical component of a cyberattack recovery process.  Rick Howard sits down with Dave to share a preview of what’s to come at our upcoming CSOP Live event this Thursday, going beyond the headlines with our panel of Hash Table experts for an insightful discussion on emerging industry trends, recent threats and events, and the evolving role of executives in our field.   Selected Reading LockBit claims the hack of the US Federal Reserve (securityaffairs) Why are threat actors faking data breaches? (Help Net Security) CDK Global outage caused by BlackSuit ransomware attack (bleepingcomputer) US proposes rules to stop Americans from investing in Chinese technology with military uses (AP News) Los Angeles Unified confirms student data stolen in Snowflake account hack (bleepingcomputer) Ratel RAT targets outdated Android phones in ransomware attacks (bleepingcomputer) Sellafield Pleads Guilty to Historic Cybersecurity Offenses (Infosecurity Magazine) Sellafield nuclear waste site pleads guilty to IT security breaches (Financial Times) Facial Recognition Startup Clearview AI Settles Privacy Suit (SecurityWeek) New North Korean Hackers Attack Aerospace and Defense Companies (cybersecuritynews) Spatial Computing Hack (Ryan Pickren) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Associate Professor of Computer Information Systems at the University of Tulsa Sal Aurigemma shares how his interest in how things worked shaped his career path in nuclear power and computers, Being introduced to computers in high school and learning about the Chernobyl event led Sal to study nuclear engineering followed by time in the Navy as a submarine officer. On the submarine, Sal had to understand how systems worked from soup to nuts and that let him back to IT. As a computer engineer, Sal spent a lot of time on network troubleshooting and was eventually introduced to cybersecurity. Following 9/11, cybersecurity took on greater importance. Sal's research focuses on behavioral cybersecurity. To newcomers, he suggests heading into things with an open mind and doesn't recommend giving users 24-character passwords that have two upper, two lower, and two special characters that cannot be written down. We thank Sal for sharing his story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

Kerri Shafer-Page from Arctic Wolf joins us to discuss their work on "Lost in the Fog: A New Ransomware Threat." Starting in early May, Arctic Wolf's Incident Response team investigated Fog ransomware attacks on US education and recreation sectors, where attackers exploited compromised VPN credentials to access systems, disable Windows Defender, encrypt files, and delete backups. Despite the uniformity in ransomware payloads and ransom notes, the organizational structure of the responsible groups remains unknown. The research can be found here: Lost in the Fog: A New Ransomware Threat Learn more about your ad choices. Visit megaphone.fm/adchoices

Biden bans Kaspersky over security concerns. Accenture says reports of them being breached are greatly exaggerated. SneakyChef targets diplomats in Africa, the Middle East, Europe and Asia. A serious firmware flaw affects Intel CPUs. More headaches for car dealerships relying on CDK Global. CISA Alerts Over 100,000 Individuals of Potential Data Breach in Chemical Security Tool Hack. SquidLoader targets Chinese organizations through phishing. A new nonprofit aims to establish certification standards in maritime cybersecurity. A sneak peek of our latest podcast, Only Malware in the Building. Using the court system for customer support. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Selena Larson, joined by Dave Bittner and Rick Howard, hosts the new podcast "Only Malware in the Building." This monthly collaboration between N2K CyberWire and Proofpoint delves into the most impactful and intriguing malware stories. Selena makes complex cybersecurity info fun and digestible, offering tech professionals clear, actionable insights.  Selected Reading Biden bans US sales of Kaspersky software over Russia ties (Reuters) Exclusive: Accenture says data leak claims false, only 3 affected (Cyber Daily) Chinese-aligned hacking group targeted more than a dozen government agencies, researchers find (CyberScoop) Intel-powered computers affected by serious firmware flaw (CVE-2024-0762) (Help Net Security) CDK warns: threat actors are calling customers, posing as support (bleepingcomputer) Personal and Chemical Facility Information Potentially Accessed in CISA Hack (SecurityWeek) New Highly Evasive SquidLoader Attacking Employees Mimic As Word Document (gbhackers) New body IMCSO to elevate standards and streamline provisioning of cybersecurity services in Maritime (itsecurityguru) US DHS partners with Indonesia to strengthen maritime cybersecurity in Indo-Pacific region (Industrial Cyber) How small claims court became Meta's customer service hotline (engadget). The curious case of the missing IcedID (Only Malware in the Building) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Over 15,000 car dealerships hit the brakes after a software supplier cyber incident. The EU’s Chat Control gets put on hold. A hacker leaks contact details of over 33,000 Accenture employees. A major forklift manufacturer shuts down operations in the wake of a ransomware attack. IntelBroker claims to have leaked source code from Apple. An investigation questions the ethics of AI firm Perplexity. A radiology practice notifies over half a million people of a data breach. Federal contractors pay millions in fines for inadequate cyber security during the COVID-19 pandemic. Stolen files from the Kansas City Police department are posted online. On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey. Remembering the work of MIT’s Arvind.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Learning Layer On our Learning Layer segment, host Sam Meisenberg and Joe Carrigan continue their discussion of Joe's ISC2 CISSP certification journey using N2K’s comprehensive CISSP training course, CISSP practice test, and CISSP practice labs. With all eight domains wrapped up, Sam and Joe pivot to the homestretch of Joe's studies. With the test about two weeks away, Joe discusses his approach to retaining the information and filling any remaining knowledge gaps.  Selected Reading Car Dealerships Across US Halt Services After Cyberattack (Bloomberg) Car Dealers Are Idle Across the US After Second Cyberattack  (Bloomberg) EU Council has withdrawn the vote on Chat Control (Stack Diary) Hacker Leaks Data of 33,000 Accenture Employees in Third-Party Breach (HackRead) Crown Equipment confirms a cyberattack disrupted manufacturing (Bleeping Computer) Threat actor claims to have breached Apple, allegedly stealing source code of several internal tools (9to5Mac) Perplexity Is a Bullshit Machine (WIRED) Radiology Practice Hack Affects Sensitive Data of 512,000 (GovInfo Security) Federal contractors pay multimillion-dollar settlements over cybersecurity lapses (The Record) BlackSuit ransomware publishes Kansas City, Kansas, police files (StateScoop) Arvind, longtime MIT professor and prolific computer scientist, dies at 77 (MIT)   Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this bonus episode from our T-Minus Space Daily team. The N2K CyberWire team is observing the Juneteenth holiday here in the US. Welcome to the T-Minus Overview Radio Show. In this program we’ll feature some of the conversations from our daily podcast with the people who are forging the path in the new space era, from industry leaders, technology experts and pioneers, to educators, policy makers, research organizations, and more. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our weekly intelligence roundup, Signals and Space, and you’ll never miss a beat. And be sure to follow T-Minus on LinkedIn and Instagram. T-Minus Guest Our guests are Science Writer and Author Rebecca Boyle, and CEO and Founder, Chair and CEO of Lonestar Space Holdings, Chris Stott.  T-Minus Crew Survey We want to hear from you! Please complete our 4 question survey. It’ll help us get better and deliver you the most mission-critical space intel every day. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. Want to join us for an interview? Please send your pitch to [email protected] and include your name, affiliation, and topic proposal. T-Minus is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Europol and partners shut down 13 terrorist websites.  A data breach at the LA County Department of Public Health affects over two hundred thousand. The Take It Down act targets deepfake porn. The Five Eyes alliance update their strategies to protect critical infrastructure. VMware has disclosed two critical-rated vulnerabilities in vCenter Server. The alleged heads of the "Empire Market" dark web marketplace are charged in Chicago federal court. A new malware campaign tricks users into running malicious PowerShell “fixes.”Researchers thwart Memory Tagging Extensions in Arm chips. A major e-learning platform discloses a breach. On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Clearview AI offers plaintiffs a piece of the pie.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Selected Reading Europol Taken Down 13 Websites Linked to Terrorist Operations (GB Hackers) Los Angeles Public Health Department Discloses Large Data Breach (Infosecurity Magazine) New AI deepfake porn bill would require big tech to police and remove images (CNBC) Five Eyes' Critical 5 nations focus on adapting to evolving cyber threats to boost critical infrastructure security, resilience (Industrial Cyber) VMware by Broadcom warns of critical vCenter flaws (The Register) Empire Market owners charged for enabling $430M in dark web transactions (Bleeping Computer) From Clipboard to Compromise: A PowerShell Self-Pwn (Proofpoint US) Arm Memory Tag Extensions broken by speculative execution (The Register) Star ed-tech company discloses data breach (Cybernews) Clearview AI Is So Broke It’s Now Offering Lawsuits Plaintiffs A Cut Of Its Extremely Dubious Future Fortunes (Techdirt) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Spanish authorities snag a top Scattered Spider hacker. HC3 issues an alert about PHP. WIRED chats with ShinyHunters about the breach affecting Snowflake customers. Meta delays LLM training over European privacy concerns. D-Link urges customers to upgrade routers against a factory installed backdoor. A new Linux malware uses emojis for command and control. Vermont’s Governor vetoes a groundbreaking privacy bill. California fines Blackbaud millions over a 2020 data breach. Guest Patrick Joyce, Proofpoint's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of XDR: A Rick-the-Toolman episode.  Be sure to change those virtual locks.  Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Patrick Joyce, Proofpoint's Global Resident CISO, sharing some key challenges, expectations and priorities of chief information security officers (CISOs) worldwide. You can learn more from their 2024 Voice of the CISO report.  CSO Perspectives  Dave is joined by N2K’s CSO Rick Howard for a preview of his latest CSO Perspectives podcast episode on The Current State of XDR: A Rick-the-Toolman episode. You can find the accompanying essay here. If you are not an N2K CyberWire Pro subscriber, you can catch the first half of the episode as a preview here.  Selected Reading Alleged Scattered Spider ringleader taken down in Spain after law enforcement crackdown (ITPro) US HC3 issues alert on critical PHP vulnerability impacting healthcare sector (Industrial Cyber) Hackers Detail How They Allegedly Stole Ticketmaster Data From Snowflake (WIRED) Meta Pauses European GenAI Development Over Privacy Concerns (Infosecurity Magazine) Hidden Backdoor in D-Link Routers Let Attacker Login as Admin (GB Hackers) New Linux malware is controlled through emojis sent from Discord (Bleeping Computer) Vermont governor rejects state’s tough data privacy bill (The Record) Blackbaud must pay $6.75 million, improve security after lying about scope of 2020 hack (The Record) Former IT employee gets 2.5 years for wiping 180 virtual servers (Bleeping Computer)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rick Howard, The CSO, Chief Analyst, and Senior Fellow at N2K Cyber, discusses the current state of “eXtended Detection and Response” (XDR) with CyberWire Hash Table guests Rick Doten, Centene’s VP of Security, and Milad Aslaner, Sentinel One’s XDR Product Manager. References: Alexandra Aguiar, 2023. Key Trends from the 2023 Hype Cycle for Security Operations [Gartner Hype Cycle Chart]. Noetic Cyber. Daniel Suarez, 2006. Daemon [Book]. Goodreads. Dave Crocker, 2020. Who Invented Email, Email History, How Email Was Invented [Websote]. LivingInternet. Eric Hutchins, Michael Cloppert, Rohan Amin, 2010, Intelligence-Driven Computer Network Defense Informed by Analysis of Adversary Campaigns and Intrusion Kill Chains [Paper] Lockheed Martin Corporation. Jon Ramsey, Mark Ryland, 2022. AWS co-announces release of the Open Cybersecurity Schema Framework (OCSF) project [Press Release]. Amazon Web Services. Nir Zuk, 2018. Palo Alto Networks Ignite USA ’18 Keynote [Presentation]. YouTube. Raffael Marty, 2021. A Log Management History Lesson – From syslogd(8) to XDR [Youtube Video]. YouTube. Raffael Marty, 2021. A history lesson on security logging, from syslogd to XDR [Essay]. VentureBeat. Rick Howard, 2020. Daemon [Podcast]. Word Notes. Rick Howard, 2021. XDR: from the Rick the Toolman Series. [Podcast and Essay]. CSO Perspectives, The CyberWire. Rick Howard, 2023. Cybersecurity First Principles: A Reboot of Strategy and Tactics [Book]. Goodreads. Staff, n.d. Open Cybersecurity Schema Framework [Standard]. GitHub. Staff, 2019. What is EDR? Endpoint Detection & Response Defined [Explainer]. CrowdStrike. Staff, 2020. Log Formats – a (Mostly) Complete Guide [Explainer]. Graylog. Stephen Watts, 2023. Common Event Format (CEF): An Introduction [Explainer]. Splunk. Thomas Lintemuth, Peter Firstbrook, Ayelet Heyman, Craig Lawson, Jeremy D’Hoinne, 2023. Market Guide for Extended Detection and Response [Essay]. Gartner. Learn more about your ad choices. Visit megaphone.fm/adchoices