International law enforcement takes down the MATRIX messaging platform. SailPoint discloses a critical vulnerability in its IdentityIQ platform. A Solana library has been backdoored. SolarWinds discloses a critical vulnerability in its Platform product. Researchers identify 16 zero-day vulnerabilities in Fuji Electric’s remote monitoring software. Cisco urges users to patch a decade-old vulnerability. CISA warns of active exploitation of Zyxel firewall devices. A critical XSS vulnerability has been identified in MobSF. Google’s December 2024 Android security update addresses 14 high-severity vulnerabilities. The Federal Trade Commission settles with data brokers over alleged consent violations. On today’s CertByte segment, Chris Hare and Dan Neville break down a question targeting the A+ Core (220-1101) Exam 1 certification. A vodka company gets iced by ransomware.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management.

This week, Chris is joined by Dan Neville breaking down a question targeting the A+ Core (220-1101) Exam 1 certification. Today’s question comes from N2K’s CompTIA® A+ Core Exam 1 Practice Test (Core Exam 2 Practice Test is also available on our site).

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. Check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.

Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers.

Additional sources: www.comptia.org

Selected Reading

International Operation Dismantles MATRIX: A Sophisticated Encrypted Messaging Service (SOCRadar)

German Police Shutter Country’s Largest Dark Web Market (Infosecurity Magazine)

10/10 directory traversal bug hits SailPoint's IdentityIQ (The Register)

Solana Web3.js Library Backdoored in Supply Chain Attack (SecurityWeek)

SolarWinds Platform XSS Vulnerability Let Attackers Inject Malicious Code (Cyber Security News)

16 Zero-Days Uncovered in Fuji Electric Monitoring Software (GovInfo Security)

Cisco Urges Immediate Patch for Decade-Old WebVPN Vulnerability (Hackread)

VulnerabilitiesCISA Warns of Zyxel Firewall Vulnerability Exploited in Attacks (SecurityWeek)

U.S. CISA adds ProjectSend, North Grid Proself, and Zyxel firewalls bugs to its Known Exploited Vulnerabilities catalog (SecurityAffairs)

MobSF XSS Vulnerability Let Attackers Inject Malicious Scripts (GB Hacker)

Android's December 2024 Security Update Patches 14 Vulnerabilities (SecurityWeek)

FTC accuses data brokers of improperly selling location info (The Register)

Vodka Giant Stoli Files for Bankruptcy After Ransomware Attack (Infosecurity Magazine)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices