CyberWire Daily

Tom Hegel, Principal Threat Researcher at SentinelLabs, delves into the alarming tactics of the Ghostwriter cyber group targeting Ukraine and Belarus. He reveals how weaponized Excel documents are exploited in sophisticated malware attacks. The discussion highlights new obfuscation techniques and the strategic targeting of political opposition during wartime. Hegel emphasizes the importance of understanding basic cyber threats and fortifying defenses against relentless and clever attacks that can compromise even well-guarded systems.

Brandon Karpf, a cybersecurity expert and friend of N2K CyberWire, shares his insights on the growing threats in cyberspace, particularly in the realm of space technology. The discussion uncovers alarming vulnerabilities with over 150 U.S. government database servers exposed online. Karpf delves into the rise of various ransomware attacks, including the cross-platform Albabat strain. The conversation also addresses the impact of new cyber policies and the urgent need for better oversight and defense in our increasingly digital world.

David Wiseman, Vice President of Secure Communications at BlackBerry, shares his expertise in cybersecurity. He discusses the urgency of addressing remote code execution vulnerabilities as a major cybersecurity threat. Wiseman elaborates on CISA’s guidelines for encrypted communications and the importance of secure messaging apps. Additionally, he highlights the challenges posed by spyware and the need for digital sovereignty in the face of growing risks. The conversation touches on the evolving landscape of AI and misinformation, emphasizing the need for heightened digital privacy.

A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CertByte SegmentWelcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today’s question comes from N2K’s ISACA® Certified Information Security Manager® (CISM®) Practice Test.The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction.Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.Additional source: https://www.isaca.org/credentialing/cism#1Selected ReadingCritical AMI MegaRAC bug can let attackers hijack, brick servers (bleepingcomputer)Europol Warns of “Shadow Alliance” Between States and Criminals (Infosecurity Magazine)ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery (Sekoia.io Blog)PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems (cybersecuritynews)Scareware Combined With Phishing in Attacks Targeting macOS Users (securityweek)Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge (Infosecurity Magazine)New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware (gbhackers)Microsoft Warns of New StilachiRAT Malware (SecurityWeek)Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns (Infosecurity Magazine)AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (TechCrunch)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical vulnerability in Apache Tomcat is actively being exploited, putting various sectors at risk. Lawmakers are addressing cyber threats to rural water systems, while significant data breaches continue to affect many. The emerging BitM cyberattack method can bypass multi-factor authentication, and a Chinese group is targeting Central European diplomats. A lawsuit against a securities firm highlights the importance of customer data protection. Meanwhile, the evolving landscape of cybercriminal tactics illustrates the need for unified security capabilities.

A phishing campaign targets nearly 12,000 GitHub repositories. The BlackLock ransomware group is one to watch. A federal judge orders reinstatement of workers at CISA. Over 100 car dealership websites suffer a supply chain attack, and Hellcat breaches Jaguar Land Rover. Researchers uncover a major vulnerability affecting RSA encryption keys. A Life Insurance Company notifies 355,500 individuals of a December 2024 data breach. A researcher releases a decryptor for Akira ransomware. A new  mapping database aims to help NGOs and high-risk individuals find security tools. Tim Starks from CyberScoop reports that trade groups fear a cybersecurity blackout if a key panel and vital cyber law aren’t renewed. A fundamental shift of our understanding of hash tables. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestToday our guest is Tim Starks from CyberScoop is discussing how "Trade groups worry information sharing will worsen without critical infrastructure panel, CISA law renewal."Selected ReadingFake "Security Alert" issues on GitHub use OAuth app to hijack accounts (Bleeping Computer)BlackLock Ransomware Strikes Over 40 Organizations in Just Two Months (GB Hackers)Federal Judges Block Trump's Mass Firings of Federal Workers (BankInfo Security)100 Car Dealerships Hit by Supply Chain Attack (SecurityWeek)Jaguar Land Rover Breached by HELLCAT Ransomware Group using Jira Credentials (Cyber Security News)Millions Of RSA Key Exposes Serious Flaws That Can Be Exploited (Cyber Security News)Insurer Notifying 335,500 Customers, Agents, Others of Hack (BankInfo Security)New Akira ransomware decryptor cracks encryptions keys using GPUs (Bleeping Computer)Security Database Aims to Empower Non-Profits (Infosecurity Magazine)Undergraduate Disproves 40-Year-Old Conjecture, Invents New Kind of Hash Table (WIRED)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.Chief Product Officer at Cybint Solutions, Ingrid Toppelberg, shares her journey from consulting to bootcamp coach and cybersecurity education. As a young girl, Ingrid wanted to do everything from being a teacher to the head of the World Bank. After consulting for several years, Ingrid found cybersecurity. What she found fascinating about the cyber world is how important it is for absolutely everyone at all levels to know about cybersecurity. Ingrid also develops and conducts bootcamps to reskill displaced people into cybersecurity. Ingrid says to those interested in cyber, "just do it. We need different kinds of minds in cyber keeping us safe." We thank Ingrid for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

We thought you might enjoy this episode of Threat Vector podcast from the N2K CyberWIre network as we continue our observance of Women's History Month. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. In this special Women’s History Month episode of Threat Vector, host David Moulton speaks with four trailblazing women in cybersecurity who are shaping the industry: Kristy Friedrichs, Chief Partnerships Officer; Tanya Shastri, SVP of Product Management; Sama Manchanda, Consultant at Unit 42; and Stephanie Regan, Principal Technical Architect at Unit 42.They share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation, and mentorship. From AI-driven security to digital forensics, these women have made a lasting impact. Tune in to hear their advice for the next generation and why cybersecurity remains one of the most exciting and dynamic fields to be in today.Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: @paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat VectorThreat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.Palo Alto NetworksPalo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Jim Walter, Senior Threat Researcher on SentinelLabs research team, to discuss their work on "HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code." Over the past six months, new ransomware groups like FunkSec, Nitrogen, and Termite have emerged, while established threats such as Cl0p and LockBit 4.0 have resurfaced. Two prominent Ransomware-as-a-Service (RaaS) operations, HellCat and Morpheus, have gained traction, with research indicating that affiliates of both are using nearly identical ransomware payloads. Despite similarities in their encryption techniques and ransom notes, there is no conclusive evidence linking HellCat and Morpheus to the Underground Team, though shared tools or affiliates may be involved.The research can be found here:HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House is urging federal agencies not to lay off cybersecurity teams. Google doesn’t deny receiving a secret legal order from the UK government. Microsoft researchers identify a simple method to bypass AI safety guardrails. Scammers are impersonating the Clop ransomware gang. Cisco issues security advisories for multiple IOS XR vulnerabilities. CISA warns of multiple ICS security issues. A LockBit ransomware developer has been extradited to the U.S. GCHQ’s former director calls for stronger cybersecurity collaboration. Rick Howard and Kim Jones pass the mic for the CISO Perspectives podcast. Sniffing out Stingrays.Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestToday, we have Dave speaking with Rick Howard, a friend of the show, and Kim Jones, a veteran CISO, educator, and expert in the field, as Rick passes the mic to Kim for a brand new season of CISO Perspectives, formerly CSO Perspectives. Selected ReadingWhite House instructs agencies to avoid firing cybersecurity staff, email says (Reuters)Elon Musk Made Visit to U.S. Spy Agency (Wall Street Journal)Google refuses to deny it received encryption order from UK government (The Record)New Context Compliance Exploit Jailbreaks Major AI Models (GB Hackers)Fraudsters Impersonate Clop Ransomware to Extort Businesses (Infosecurity Magazine)Cisco Warns of IOS XR Software Vulnerability Let Attackers Trigger DoS condition (Cyber Security News)CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits (Cyber Security News)LockBit Ransomware Developer Extradited to US (SecurityWeek)Cyber Industry Falls Short on Collaboration, Says Former GCHQ Director  (Infosecurity Magazine)Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying (Electronic Frontier Foundation)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices