CyberWire Daily

Major breach at the US Treasury’s OCC.

Apr 9, 2025

Jack Rhysider, the creator and host of Darknet Diaries, joins to discuss a significant email breach at the OCC, exposing 150,000 emails and suspected ties to Chinese hackers. They delve into the urgency of patching critical vulnerabilities in various sectors and the alarming insider threats plaguing healthcare. Rhysider also shares insights on the art of storytelling in cybersecurity podcasting and the importance of personal data protection as digital privacy risks grow. They examine the need for real-time compliance in the face of evolving threats.

28:53

Creator website

Episode guests

Jack Rhysider

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

The significant email breach at the U.S. Treasury's OCC underscores vulnerabilities in federal agencies and the risk of sensitive data exploitation.

Rapid implementation of security patches following Microsoft's Patch Tuesday is crucial to mitigate threats from critical vulnerabilities and enhance operational security.

Deep dives

Email Breach at U.S. Treasury

A significant email breach at the U.S. Treasury's Office of the Comptroller of the Currency (OCC) involved unauthorized access to 103 email accounts, including those belonging to executives. Hackers gained access to approximately 150,000 emails dating back to May 2023, some of which contained sensitive information critical for overseeing federally regulated banks. Although the OCC has confirmed that the wider financial sector was not affected, the breach highlights vulnerabilities within federal agencies and the potential for sensitive data to be exploited. The identity of the attackers is still unknown, but previous incidents have pointed to the involvement of a China-based hacking group known as Silk Typhoon.

Intro

3min

Cybersecurity Crisis and Updates

6min

Inside Threats and Negligence: A Cybersecurity Breach Case

3min

Navigating Podcasting in Cybersecurity

5min

Navigating Digital Privacy and Security Risks

5min

Treasury’s OCC reports a major email breach. Patch Tuesday updates. A critical vulnerability in AWS Systems Manager (SSM) Agent allowed attackers to execute arbitrary code with root privileges. Experts urge Congress to keep strict export controls to help slow China’s progress in AI. A critical bug in WhatsApp for Windows allows malicious code execution.CISA adds multiple advisories on actively exploited vulnerabilities. Insider threat allegations rock a major Maryland medical center. Microsoft’s Ann Johnson from Afternoon Cyber Tea is joined by Jack Rhysider, the creator and host of the acclaimed podcast Darknet Diaries. Feds Aim to Rewrite Social Security Code in Record Time.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

In this episode of Afternoon Cyber Tea, Ann Johnson is joined by Jack Rhysider, the creator and host of the acclaimed podcast Darknet Diaries. You can hear the full conversation here. Be sure to catch new episodes of Afternoon Cyber Tea every other Tuesday on N2K CyberWIre and your favorite podcast app.

Selected Reading

Treasury's OCC Says Hackers Had Access to 150,000 Emails (SecurityWeek)

Microsoft Fixes Over 130 CVEs in April Patch Tuesday (Infosecurity Magazine)

Vulnerabilities Patched by Ivanti, VMware, Zoom (SecurityWeek)

Fortinet Patches Critical FortiSwitch Vulnerability (SecurityWeek)

ICS Patch Tuesday: Vulnerabilities Addressed by Rockwell, ABB, Siemens, Schneider (SecurityWeek)

AWS Systems Manager Plugin Vulnerability Let Attackers Execute Arbitrary Code (Cyber Security News)

Tech experts recommend full steam ahead on US export controls for AI (CyberScoop)

Don't open that file in WhatsApp for Windows just yet (The Register)

CISA Warns of Microsoft Windows CLFS Vulnerability Exploited in Wild (Cyber Security News)

CISA Urges Urgent Patching for Exploited CentreStack, Windows Zero-Days (SecurityWeek)

Pharmacist accused of spying on women using work, home cams (The Register)

DOGE Plans to Rebuild SSA Code Base in Months, Risking Benefits and System Collapse (WIRED)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

Major breach at the US Treasury’s OCC.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Email Breach at U.S. Treasury

Patch Tuesday and Security Vulnerabilities

Insider Threat at University of Maryland Medical Center

CyberWire Guest

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts