CyberWire Daily

Pennies for access.

Feb 19, 2025

Stephen Burnley, an ISC2 expert, joins to discuss credential theft risks impacting corporate and military networks. They dive into the nuances of the SSCP certification, stressing its practical relevance. The conversation touches on the role of network protocols in system security and the importance of certification accountability, particularly for federal contractors facing penalties. Emerging cyber threats and insightful exam preparation strategies are also highlighted, making this a must-listen for cybersecurity enthusiasts!

35:20

Creator website

Episode guests

Stephen Burnley

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Credential theft poses a serious risk to corporate and military networks, urging immediate action to mitigate compromised logins and data breaches.

Federal contractors are facing significant fines for cybersecurity noncompliance, highlighting the importance of adherence to established security regulations and standards.

Deep dives

Credential Theft and National Security Risks

Credential theft represents a significant danger to both corporate and military networks, threatening sensitive information and national security. Research indicates that cybercriminals are selling stolen credentials from major defense contractors and government agencies for very low prices, sometimes as little as $10 per log. These logs can allow attackers to bypass security measures, including multi-factor authentication, which exacerbates the risk of breaches. Experts are urging organizations to implement immediate password resets and forensic investigations to mitigate these threats, as millions of devices have already been compromised through various means, including phishing and malware.

Intro

3min

Security Risks and Cyber Threats

9min

Cyber Fraud Initiatives and Certification Insights

4min

Navigating SSCP and Cybersecurity Protocols

8min

Upcoming Certification Updates and Cloud Security Innovations

6min

Credential theft puts sensitive corporate and military networks at risk. A federal judge refuses to block DOGE from accessing sensitive federal data. New York-based Insight Partners confirms a cyber-attack. BlackLock ransomware group is on the rise. OpenSSH patches a pair of vulnerabilities. Russian threat actors are exploiting Signal’s “Linked Devices” feature. Over 12,000 GFI KerioControl firewalls remain exposed to a critical remote code execution (RCE) vulnerability.CISA issued two ICS security advisories. Federal contractors pay $11 million in cybersecurity noncompliance fines. In our CertByte segment, Chris Hare is joined by Steven Burnley to break down a question targeting the ISC2® SSCP - Systems Security Certified Practitioner exam.Sweeping cybercrime reforms are unveiled by…Russia?

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, for the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional source: https://www.isc2.org/certifications/sscp

Selected Reading

Hundreds of US Military and Defense Credentials Compromised (Infosecurity Magazine)

DOGE Team Wins Legal Battle, Retains Access to Federal Data (GovInfo Security)

Musk Ally Demands Admin Access to System That Lets Government Text the Public (404 Media)

Cyber Investor Insight Partners Suffers Security Breach (Infosecurity Magazine)

BlackLock On Track to Be 2025’s Most Prolific Ransomware Group (Infosecurity Magazine)

Qualys reports two flaws in OpenSSH, one critical DDoS (Beyond Machines)

Russian phishing campaigns exploit Signal's device-linking feature (Bleeping Computer)

Over 12,000 KerioControl firewalls exposed to exploited RCE flaw (Bleeping Computer)

CISA Releases Two New ICS Advisories Exploits Following Vulnerabilities (Cyber Security News)

Managed healthcare defense contractor to pay $11 million over alleged cyber failings (The Record)

Russian Government Proposes Stricter Penalties to Tackle Cybercrime (GB Hackers)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CyberWire Daily

Pennies for access.

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Credential Theft and National Security Risks

Impact of New Cybersecurity Laws and Regulations

Emerging Threats from Ransomware and Exploits

CertByte Segment

Selected Reading

Share your feedback.

Want to hear your company in the show?

Remember Everything You Learn from Podcasts