CyberWire Daily

When fake fixes hide real attacks.

Apr 21, 2025

Yoni Shohet, Co-founder and CEO of Valence Security, discusses critical cybersecurity threats posed by Chinese open source AI, particularly for financial institutions. He highlights the alarming use of ClickFix in state-sponsored cyber espionage, alongside Japan's urgent warnings about unauthorized trades. The conversation dives into the vulnerabilities of new Microsoft tools and the complexities of navigating AI risks in organizations. Shohet emphasizes the need for robust security measures as the landscape of cyber threats continues to evolve.

31:36

Creator website

Episode guests

Yoni Shohet

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The Click-Fix technique used by state-sponsored hackers demonstrates the evolving methods of cyber espionage targeting sensitive systems worldwide.

Japan's recent alarming incident of unauthorized trades highlights the urgent need for improved security measures in the financial sector against cyber threats.

Deep dives

Emergence of Click-Fix Technique in Cyber Espionage

The Click-Fix technique is increasingly being used by government-backed hackers from North Korea, Iran, and Russia in cyber espionage campaigns. This method deceives users into executing malicious commands by presenting fake error messages or security alerts, leading them to believe they are troubleshooting an issue. For instance, North Korea's TA-427 targeted think tanks with deceptive meeting invites, while Iran's TA-450 attacked financial institutions using bogus Microsoft updates. The rising trend of Click-Fix highlights the evolving tactics employed by state-sponsored actors to streamline intrusions into sensitive systems.

Intro

3min

The Evolving Landscape of Cyber Threats

6min

Cybersecurity Breach and AI Risks

5min

Navigating Open Source AI Risks

5min

Evolving AI and Security Vulnerabilities

7min

Adversary nations are using ClickFix in cyber espionage campaigns. Japan’s Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP’s SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts. The alleged operator of SmokeLoader malware faces federal hacking charges. A new scam blends social engineering, malware, and NFC tech to drain bank accounts. GSA employees may have been oversharing sensitive documents. Yoni Shohet, Co-Founder and CEO of Valence Security, who cautions financial organizations of coming Chinese open source AI. Crosswalks in the crosshairs of satirical hacking.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Yoni Shohet, Co-Founder and CEO of Valence Security, discussing how the onslaught of more open source AI tools coming out of China will be difficult to manage for companies especially those in the financial sector.

Selected Reading

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks (Hackread)

Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare (SecurityWeek)

Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts (The Record)

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (Bleeping Computer)

Widespread Microsoft Entra lockouts tied to new security feature rollout (Bleeping Computer)

Alleged SmokeLoader malware operator facing federal charges in Vermont (The Record)

New payment-card scam involves a phone call, some malware and a personal tap (The Record)

Sensitive files, including White House floor plans, shared with thousands (The Washington Post)

Hacking US crosswalks to talk like Zuck is as easy as 1234 (The Register)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

When fake fixes hide real attacks.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Emergence of Click-Fix Technique in Cyber Espionage

Urgent Warnings from Japan's Financial Services Agency

Security Vulnerabilities in Infrastructure and Applications

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts