CyberWire Daily

Tal Skverer, Research Team Lead from Astrix, sheds light on the resurgence of China's FamousSparrow hacking group and its impact on cybersecurity. The conversation dives into the dangers of exposed data from misconfigured Amazon S3 buckets and a sophisticated Linux backdoor aimed at industrial systems. Tal discusses the significance of the OWASP NHI Top 10 framework for securing non-human identities, offering crucial insights on best practices and the risks of improper off-boarding. The episode also touches on automated credential stuffing and the evolving cyber threat landscape.

Brian Levine, Co-founder and CEO of FormerGov.com, discusses the vital role of networking for former government and military professionals. He sheds light on the challenges they face transitioning to private sector jobs and the importance of a dedicated directory to facilitate connections. The conversation also touches on the rising cyber threats, including attacks on laid-off government workers and the implications for the cybersecurity landscape. Levine emphasizes creating visibility and community in an increasingly digital age.

Ben Yelin, Caveat co-host and Program Director at the University of Maryland Center for Health and Homeland Security, dives into the alarming Signal national security leak. He discusses serious vulnerabilities in Kubernetes systems and details the shocking breach that revealed sensitive military discussions. The conversation extends to the rise of cybercrime in Africa and critiques the current administration's accountability issues surrounding national security communications. With expert insights, Yelin underscores the pressing need for secure digital practices in an ever-evolving cyber landscape.

Join Joe Ryan, Head of Customer Enablement at Maltego Technologies, as he dives into the dark underbelly of online scams thriving in Cambodia. Learn how celebratory fireworks mark successful fraud while cybercriminal networks exploit cryptocurrencies. Joe highlights the challenges faced by analysts in resource-limited settings and stresses the critical need for effective training and communication in cybersecurity. Discover the implications of recent high-profile data breaches and the importance of innovative tools like Cloudflare’s AI Labyrinth for enhanced protection.

Andrew Hammond, a Historian and Curator at the International Spy Museum, shares his fascinating journey from the Royal Air Force to the world of espionage. He discusses the impact of 9/11 on his career choices and how studying history shaped his understanding of global events. Hammond delves into the power of artifacts in telling the stories of intelligence, particularly during World War II, showcasing the evolving role of museums in education and memory. His passion for engaging with history breathes life into the narratives of espionage.

Tom Hegel, Principal Threat Researcher at SentinelLabs, delves into the alarming tactics of the Ghostwriter cyber group targeting Ukraine and Belarus. He reveals how weaponized Excel documents are exploited in sophisticated malware attacks. The discussion highlights new obfuscation techniques and the strategic targeting of political opposition during wartime. Hegel emphasizes the importance of understanding basic cyber threats and fortifying defenses against relentless and clever attacks that can compromise even well-guarded systems.

Brandon Karpf, a cybersecurity expert and friend of N2K CyberWire, shares his insights on the growing threats in cyberspace, particularly in the realm of space technology. The discussion uncovers alarming vulnerabilities with over 150 U.S. government database servers exposed online. Karpf delves into the rise of various ransomware attacks, including the cross-platform Albabat strain. The conversation also addresses the impact of new cyber policies and the urgent need for better oversight and defense in our increasingly digital world.

David Wiseman, Vice President of Secure Communications at BlackBerry, shares his expertise in cybersecurity. He discusses the urgency of addressing remote code execution vulnerabilities as a major cybersecurity threat. Wiseman elaborates on CISA’s guidelines for encrypted communications and the importance of secure messaging apps. Additionally, he highlights the challenges posed by spyware and the need for digital sovereignty in the face of growing risks. The conversation touches on the evolving landscape of AI and misinformation, emphasizing the need for heightened digital privacy.

A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CertByte SegmentWelcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today’s question comes from N2K’s ISACA® Certified Information Security Manager® (CISM®) Practice Test.The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction.Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.Additional source: https://www.isaca.org/credentialing/cism#1Selected ReadingCritical AMI MegaRAC bug can let attackers hijack, brick servers (bleepingcomputer)Europol Warns of “Shadow Alliance” Between States and Criminals (Infosecurity Magazine)ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery (Sekoia.io Blog)PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems (cybersecuritynews)Scareware Combined With Phishing in Attacks Targeting macOS Users (securityweek)Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge (Infosecurity Magazine)New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware (gbhackers)Microsoft Warns of New StilachiRAT Malware (SecurityWeek)Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns (Infosecurity Magazine)AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (TechCrunch)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical vulnerability in Apache Tomcat is actively being exploited, putting various sectors at risk. Lawmakers are addressing cyber threats to rural water systems, while significant data breaches continue to affect many. The emerging BitM cyberattack method can bypass multi-factor authentication, and a Chinese group is targeting Central European diplomats. A lawsuit against a securities firm highlights the importance of customer data protection. Meanwhile, the evolving landscape of cybercriminal tactics illustrates the need for unified security capabilities.