CyberWire Daily

Massive malware cleanup.

Jan 15, 2025

Join Mike Hamilton, Chief Information Officer at Cloudflare, as he navigates the complexities of tech sprawl and its security ramifications. He compares tech sprawl to the classic snake game, emphasizing how unchecked growth can lead to vulnerabilities. The conversation touches on the FBI's recent removal of the PlugX malware and critical flaws in Windows 11 and Linux tools. Legal challenges regarding data privacy, especially involving Allstate, highlight the ongoing struggle for consumer protection in the digital age.

35:35

Creator website

Episode guests

Mike Hamilton

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The FBI's removal of PlugX malware from thousands of computers underscores the importance of international cooperation in combating cyber threats.

Recent vulnerabilities in Windows 11 demonstrate the need for organizations to adopt layered security solutions beyond standard OS protections.

Deep dives

FBI Takedown of PlugX Malware Signals Cybersecurity Progress

The FBI successfully removed PlugX malware from over 4,200 computers linked to the Mustang Panda espionage group, marking a significant triumph in cybersecurity efforts. This potent tool, which has been around since 2008, is capable of various malicious activities, including data theft and command execution, and had previously exploited vulnerabilities across numerous organizations. The takedown was part of a broader initiative led by French law enforcement and cybersecurity firms, successfully dismantling a connected botnet that was likely affecting millions globally. This operation not only highlights the ongoing threat posed by cybercriminals but also emphasizes the importance of international cooperation in combating cyber threats.

Intro

3min

Unraveling Cyber Threats: PlugX and Modern Vulnerabilities

7min

Legal Challenges and Clean Energy Initiatives

6min

Navigating Security Budget Challenges

7min

User Experience Meets Cybersecurity

9min

The FBI deletes PlugX malware from thousands of U.S. computers. Researchers uncover vulnerabilities in Windows 11 allowing attackers to bypass protections and execute code at the kernel level. A look at (a busy) Patch Tuesday. Researchers uncovered six critical vulnerabilities in a popular Linux file transfer tool. Texas sues Allstate for allegedly collecting, using, and selling driving data without proper consent. An executive order enables AI developers to build data centers on federal lands. On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. Meta profits while users suffer.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Industry Voices Segment

On our Industry Voices segment, we are joined by Mike Hamilton, Chief Information Officer at Cloudflare, discussing how tech sprawl emulates the snake game. You can read Mike’s thoughts here.

Selected Reading

FBI deletes Chinese PlugX malware from thousands of US computers (Bleeping Computer)

Windows 11 Security Features Bypassed to Obtain Arbitrary Code Execution in Kernel Mode (Cyber Security News)

Microsoft Patches Eight Zero-Days to Start the Year (Infosecurity Magazine)

Chrome 132 Patches 16 Vulnerabilities (SecurityWeek)

Nvidia, Zoom, Zyxel Patch High-Severity Vulnerabilities (SecurityWeek)

Ivanti Patches Critical Vulnerabilities in Endpoint Manager (SecurityWeek)

Zoom Patches Multiple Vulnerabilities That Let Attackers Escalate Privileges (Cyber Security News)

Apple Patches Flaw That Allows Kernel Security Bypassing (GovInfo Security)

ICS Patch Tuesday: Security Advisories Published by Schneider, Siemens, Phoenix Contact, CISA (SecurityWeek)

Linux Rsync File Transfer Tool Vulnerability Let Attackers Execute Arbitrary Code (Cyber Security News)

Allstate car insurer sued for tracking drivers without permission (Bleeping Computer)

Biden Opens US Federal Sites for AI Data Center Growth (BankInfo Security)

Instagram Ads Send This Nudify Site 90 Percent of Its Traffic (404 Media)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

Massive malware cleanup.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

FBI Takedown of PlugX Malware Signals Cybersecurity Progress

Critical Vulnerabilities Highlighted in Windows 11 Security

Legal Action Against Allstate Highlights Data Privacy Concerns

Industry Voices Segment

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts