CyberWire Daily

David Wiseman, Vice President of Secure Communications at BlackBerry, shares his expertise in cybersecurity. He discusses the urgency of addressing remote code execution vulnerabilities as a major cybersecurity threat. Wiseman elaborates on CISA’s guidelines for encrypted communications and the importance of secure messaging apps. Additionally, he highlights the challenges posed by spyware and the need for digital sovereignty in the face of growing risks. The conversation touches on the evolving landscape of AI and misinformation, emphasizing the need for heightened digital privacy.

A critical vulnerability could let attackers hijack and potentially disable vulnerable servers. Europol warns of a “shadow alliance” between state-backed threat actors and cybercriminals. Sekoia examines ClearFake. A critical PHP vulnerability is under active exploitation. A sophisticated scareware phishing campaign has shifted its focus to macOS users. Phishing as a service attacks are on the rise. A new jailbreak technique bypasses security controls in popular LLMs. Microsoft has uncovered StilachiRAT. CISA confirms active exploitation of a critical Fortinet vulnerability. On our CertByte segment, Chris Hare is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. AI coding assistants get all judgy. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CertByte SegmentWelcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources. This week, Chris is joined by Troy McMillan to break down a question targeting the ISACA® Certified Information Security Manager® (CISM®) exam. Today’s question comes from N2K’s ISACA® Certified Information Security Manager® (CISM®) Practice Test.The CISM exam helps to affirm your ability to assess risks, implement effective governance, proactively respond to incidents and is the preferred credential for IT managers, according to ISACA.To learn more about this and other related topics under this objective, please refer to the following resource: CISM Review Manual, 15th Edition, 1.0, Information Security Governance, Introduction.Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify.Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.Additional source: https://www.isaca.org/credentialing/cism#1Selected ReadingCritical AMI MegaRAC bug can let attackers hijack, brick servers (bleepingcomputer)Europol Warns of “Shadow Alliance” Between States and Criminals (Infosecurity Magazine)ClearFake’s New Widespread Variant: Increased Web3 Exploitation for Malware Delivery (Sekoia.io Blog)PHP RCE Vulnerability Actively Exploited in Wild to Attack Windows-based Systems (cybersecuritynews)Scareware Combined With Phishing in Attacks Targeting macOS Users (securityweek)Sneaky 2FA Joins Tycoon 2FA and EvilProxy in 2025 Phishing Surge (Infosecurity Magazine)New Jailbreak Technique Bypasses DeepSeek, Copilot, and ChatGPT to Generate Chrome Malware (gbhackers)Microsoft Warns of New StilachiRAT Malware (SecurityWeek)Fortinet Vulnerability Exploited in Ransomware Attack, CISA Warns (Infosecurity Magazine)AI coding assistant Cursor reportedly tells a 'vibe coder' to write his own damn code (TechCrunch)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

A critical vulnerability in Apache Tomcat is actively being exploited, putting various sectors at risk. Lawmakers are addressing cyber threats to rural water systems, while significant data breaches continue to affect many. The emerging BitM cyberattack method can bypass multi-factor authentication, and a Chinese group is targeting Central European diplomats. A lawsuit against a securities firm highlights the importance of customer data protection. Meanwhile, the evolving landscape of cybercriminal tactics illustrates the need for unified security capabilities.

A phishing campaign targets nearly 12,000 GitHub repositories. The BlackLock ransomware group is one to watch. A federal judge orders reinstatement of workers at CISA. Over 100 car dealership websites suffer a supply chain attack, and Hellcat breaches Jaguar Land Rover. Researchers uncover a major vulnerability affecting RSA encryption keys. A Life Insurance Company notifies 355,500 individuals of a December 2024 data breach. A researcher releases a decryptor for Akira ransomware. A new  mapping database aims to help NGOs and high-risk individuals find security tools. Tim Starks from CyberScoop reports that trade groups fear a cybersecurity blackout if a key panel and vital cyber law aren’t renewed. A fundamental shift of our understanding of hash tables. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestToday our guest is Tim Starks from CyberScoop is discussing how "Trade groups worry information sharing will worsen without critical infrastructure panel, CISA law renewal."Selected ReadingFake "Security Alert" issues on GitHub use OAuth app to hijack accounts (Bleeping Computer)BlackLock Ransomware Strikes Over 40 Organizations in Just Two Months (GB Hackers)Federal Judges Block Trump's Mass Firings of Federal Workers (BankInfo Security)100 Car Dealerships Hit by Supply Chain Attack (SecurityWeek)Jaguar Land Rover Breached by HELLCAT Ransomware Group using Jira Credentials (Cyber Security News)Millions Of RSA Key Exposes Serious Flaws That Can Be Exploited (Cyber Security News)Insurer Notifying 335,500 Customers, Agents, Others of Hack (BankInfo Security)New Akira ransomware decryptor cracks encryptions keys using GPUs (Bleeping Computer)Security Database Aims to Empower Non-Profits (Infosecurity Magazine)Undergraduate Disproves 40-Year-Old Conjecture, Invents New Kind of Hash Table (WIRED)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this encore of Career Notes.Chief Product Officer at Cybint Solutions, Ingrid Toppelberg, shares her journey from consulting to bootcamp coach and cybersecurity education. As a young girl, Ingrid wanted to do everything from being a teacher to the head of the World Bank. After consulting for several years, Ingrid found cybersecurity. What she found fascinating about the cyber world is how important it is for absolutely everyone at all levels to know about cybersecurity. Ingrid also develops and conducts bootcamps to reskill displaced people into cybersecurity. Ingrid says to those interested in cyber, "just do it. We need different kinds of minds in cyber keeping us safe." We thank Ingrid for sharing her story with us. Learn more about your ad choices. Visit megaphone.fm/adchoices

We thought you might enjoy this episode of Threat Vector podcast from the N2K CyberWIre network as we continue our observance of Women's History Month. You can catch new episodes of Threat Vector every Thursday here and on your favorite podcast app. In this special Women’s History Month episode of Threat Vector, host David Moulton speaks with four trailblazing women in cybersecurity who are shaping the industry: Kristy Friedrichs, Chief Partnerships Officer; Tanya Shastri, SVP of Product Management; Sama Manchanda, Consultant at Unit 42; and Stephanie Regan, Principal Technical Architect at Unit 42.They share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation, and mentorship. From AI-driven security to digital forensics, these women have made a lasting impact. Tune in to hear their advice for the next generation and why cybersecurity remains one of the most exciting and dynamic fields to be in today.Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: @paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat VectorThreat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends.The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers.Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization.Palo Alto NetworksPalo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com⁠ Learn more about your ad choices. Visit megaphone.fm/adchoices

Jim Walter, Senior Threat Researcher on SentinelLabs research team, to discuss their work on "HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code." Over the past six months, new ransomware groups like FunkSec, Nitrogen, and Termite have emerged, while established threats such as Cl0p and LockBit 4.0 have resurfaced. Two prominent Ransomware-as-a-Service (RaaS) operations, HellCat and Morpheus, have gained traction, with research indicating that affiliates of both are using nearly identical ransomware payloads. Despite similarities in their encryption techniques and ransom notes, there is no conclusive evidence linking HellCat and Morpheus to the Underground Team, though shared tools or affiliates may be involved.The research can be found here:HellCat and Morpheus | Two Brands, One Payload as Ransomware Affiliates Drop Identical Code Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House is urging federal agencies not to lay off cybersecurity teams. Google doesn’t deny receiving a secret legal order from the UK government. Microsoft researchers identify a simple method to bypass AI safety guardrails. Scammers are impersonating the Clop ransomware gang. Cisco issues security advisories for multiple IOS XR vulnerabilities. CISA warns of multiple ICS security issues. A LockBit ransomware developer has been extradited to the U.S. GCHQ’s former director calls for stronger cybersecurity collaboration. Rick Howard and Kim Jones pass the mic for the CISO Perspectives podcast. Sniffing out Stingrays.Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestToday, we have Dave speaking with Rick Howard, a friend of the show, and Kim Jones, a veteran CISO, educator, and expert in the field, as Rick passes the mic to Kim for a brand new season of CISO Perspectives, formerly CSO Perspectives. Selected ReadingWhite House instructs agencies to avoid firing cybersecurity staff, email says (Reuters)Elon Musk Made Visit to U.S. Spy Agency (Wall Street Journal)Google refuses to deny it received encryption order from UK government (The Record)New Context Compliance Exploit Jailbreaks Major AI Models (GB Hackers)Fraudsters Impersonate Clop Ransomware to Extort Businesses (Infosecurity Magazine)Cisco Warns of IOS XR Software Vulnerability Let Attackers Trigger DoS condition (Cyber Security News)CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits (Cyber Security News)LockBit Ransomware Developer Extradited to US (SecurityWeek)Cyber Industry Falls Short on Collaboration, Says Former GCHQ Director  (Infosecurity Magazine)Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying (Electronic Frontier Foundation)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The FCC looks to counter Chinese cyber threats. Turmoil at CISA. Volt Typhoon infiltrated a power utility for over 300 days. Europe takes the lead at Ukraine’s annual cyber conference. Facebook discloses a critical vulnerability in FreeType. A new Android spyware infiltrated the Google Play store. Our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis. A UK hospital finds thousands of unwelcome guests on their network. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestToday our guest is Alvaro Alonso Ruiz, Co-Founder and CCO of Leanspace, who is discussing software in space with T-Minus Space Daily host Maria Varmazis.Selected ReadingUS communications regulator to create council to counter China technology threats (Financial Times)‘People Are Scared’: Inside CISA as It Reels From Trump’s Purge (WIRED)CISA cuts $10 million annually from ISAC funding for states amid wider cyber cuts (The Record)Arizona Secretary of State Proposes Alternative to Defunded National Election Security Program (Democracy Docket)China's Volt Typhoon Hackers Dwelled in US Electric Grid for 300 Days (SecurityWeek)Chinese cyberspies backdoor Juniper routers for stealthy access (Bleeping Computer)At Ukraine’s major cyber conference, Europe takes center stage over US (The Record)Facebook discloses FreeType 2 flaw exploited in attacks (Bleeping Computer)New North Korean Android spyware slips onto Google Play (Bleeping Computer)NHS Trust IT head: ‘Our attack surface was much bigger than we thought’ (Computing)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The White House names their nominee for CISA’s top spot. Patch Tuesday updates. Apple issues emergency updates for a zero-day WebKit vulnerability. Researchers highlight advanced MFA-bypassing techniques. North Korea's Lazarus Group targets cryptocurrency wallets and browser data. Our guest today is Rocco D’Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats. Making sense of the skills gap paradox. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestJoining us today is Rocco D’Amico of Brass Valley discussing hidden risks in retired devices and reducing data breach threats.Selected ReadingTrump nominates Sean Plankey as new CISA director (Tech Crunch)CISA worker says 100-strong red team fired after DOGE action (The Register)March 2025 Patch Tuesday: Microsoft Fixes 57 Vulnerabilities, 7 Zero-Days (Hackread)ICS Patch Tuesday: Advisories Published by CISA, Schneider Electric, Siemens (SecurityWeek)CISA Warns of Microsoft Windows Management Console (MMC) Vulnerability Exploited in Wild (Cyber Security News)Apple WebKit Zero-Day Vulnerability Actively Exploit in High Profile Cyber Attacks (Cyber Security News)Hackers Using Advanced MFA-Bypassing Techniques To Gain Access To User Account (Cyber Security News)North Korean Lazarus hackers infect hundreds via npm packages (Bleeping Computer)Welcome to the skills gap paradox (Computing)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices