CyberWire Daily

US Treasury Department sanctions Iranian national accused of running the Nemesis criminal marketplace. Hunters International threatens to leak data stolen from Tata Technologies. Apple challenges U.K.’s iCloud encryption backdoor order. UK competition regulator says no investigation into Microsoft's OpenAI partnership. Stealthy malware campaign targets the UAE's aviation and satellite industry. This week on our CertByte segment, N2K’s Chris Hare is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam. And hackers hit the books.Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CertByte SegmentWelcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. This week, Chris is joined by Troy McMillan to break down a question targeting the Cisco Certified Network Associate (CCNA) exam, 201-301, version 1.1 exam. Today’s question comes from N2K’s Cisco Certified Network Associate (CCNA 200-301) Practice Test. According to Cisco, the CCNA is the industry’s most widely recognized and respected associate-level certification. To learn more about this and other related topics under this objective, please refer to the following resource: https://learningnetwork.cisco.com/s/article/protection-techniques-nbsp-from-wardriving-attack To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.Additional source: https://www.cisco.com/site/us/en/learn/training-certifications/certifications/enterprise/ccna/index.htmlSelected ReadingTreasury sanctions Iranian national behind defunct Nemesis darknet marketplace (The Record)Ransomware Group Claims Attack on Tata Technologies (SecurityWeek) Apple is challenging U.K.’s iCloud encryption backdoor order (TechCrunch)UK's competition regulator says Microsoft's OpenAI partnership doesn't qualify for investigation (TechCrunch)  Call It What You Want: Threat Actor Delivers Highly Targeted Multistage Polyglot Malware (Proofpoint)Snail Mail Fail: Fake Ransom Note Campaign Preys on Fear (GuidePoint Security)Fake police call cryptocurrency investors to steal their funds (Bitdefender)Microsoft Teams tactics, malware connect Black Basta, Cactus ransomware (Bleeping Computer)  Investigator says differing names for hacker groups, hackers studying investigative methods hinders law enforcement (CyberScoop) Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

CISA is closely monitoring Russian cyber threats while notable companies like Broadcom and Google tackle critical vulnerabilities. A ransomware attack recently impacted Palau's health ministry, revealing the urgent need for improved cybersecurity measures. Upcoming discussions will dive into IoT security risks and showcase inspiring women in the field, celebrating their contributions to cybersecurity. Additionally, the threat of deepfakes is explored, emphasizing the importance of enhanced identity verification to counter sophisticated scams.

A recent directive pauses U.S. cyber operations against Russia amidst Ukraine negotiations, raising big discussions about cybersecurity strategies. Ransomware groups take advantage of vulnerabilities, and there's concern over government misuse of tech against activists. A breach at Poland's space agency prompts a return to traditional communication. The importance of collaboration in rising cyber threats and empathy among cybersecurity professionals is highlighted, showcasing the changing landscape and the need for robust security measures.

Taree Reardon, a Senior Threat Analyst at VMware Carbon Black, shares her inspiring journey in cybersecurity as a fierce advocate for women. Passionate about hacking and forensics, she highlights the importance of representation and mentorship in a male-dominated field. Taree discusses her daily work in tracking and blocking cyber threats, her commitment to a diverse team, and shares valuable advice on trusting yourself. Her story is a testament to resilience and the power of support in navigating career paths in cybersecurity.

Phil Stokes, a threat researcher at SentinelOne's SentinelLabs, delves into the alarming world of macOS malware, particularly the FlexibleFerret variant linked to North Korean actors. He discusses the 'Contagious Interview' campaign, where fake job interviews lure developers into installing malicious software. The conversation highlights the gaps in Apple's security measures, the significance of robust data protection, and the misconception that macOS is invulnerable. Stokes emphasizes the need for proactive security practices in a landscape where all operating systems are at risk.

Keith Mularski, Chief Global Ambassador at Qintel and former FBI Special Agent, shares his insights on the booming intersection of cryptocurrency and cybercrime. He discusses the alarming rise of cyberattacks targeting crypto assets and the tactics employed by criminals in the underground. The conversation highlights the challenges law enforcement faces in tackling these threats and emphasizes the crucial role of regulatory measures to enhance consumer protection. Additionally, they explore strategies for securely storing cryptocurrencies amidst growing vulnerabilities.

Adam Marré, CISO at Arctic Wolf and a former FBI special agent, dives into the complexities of social media regulation. He discusses the national security risks posed by TikTok, advocating for comprehensive regulation rather than an outright ban. Marré emphasizes the importance of transparency in social media algorithms to safeguard against foreign influence. The conversation also highlights urgent cybersecurity needs and the evolving landscape of cyber threats, particularly in the context of state-sponsored attacks.

Seamus Lennon, ThreatLocker’s VP of Operations for EMEA, discusses critical insights into Zero Trust security and the evolving threat landscape. The conversation dives into alarming trends in social engineering, including the IRS’s warning about misleading tax scams. The hosts reflect on the top scams of the year, with online shopping fraud leading the pack. Additionally, they touch on the worrisome use of AI and deepfakes in phishing schemes, emphasizing the need for vigilance as scammers become increasingly sophisticated.

A massive data breach has impacted over 3.3 million people, raising serious cybersecurity concerns. Signal is contemplating leaving Sweden due to a law allowing police access to encrypted messages. Apple’s decision to retract iCloud’s end-to-end encryption has sparked debate over user privacy. Critical vulnerabilities in popular software platforms highlight the urgent need for security updates. Meanwhile, a cautionary tale from a Disney employee illustrates the rising risks individuals face in today's digital landscape.

Lauren Buitta, Founder and CEO of Girl Security, sheds light on empowering girls in the national security sector. She discusses innovative mentoring strategies, including reverse mentorship, that foster intergenerational knowledge transfer. The conversation dives into the challenges faced by organizations in recruiting female talent and the significance of skills-based learning. With cyber threats on the rise, Buitta emphasizes the urgent need for a diverse workforce to tackle these challenges and promote effective cybersecurity solutions.