A reel disaster for GitHub. - CyberWire Daily

Summary8 min read

CyberWire Daily: A Reel Disaster for GitHub Release Date: March 17, 2025
Host: Dave Bittner | Contributor: Tim Starks (Cyberscoop)

1. Massive Phishing Campaign Targets GitHub Repositories

On March 17, 2025, CyberWire Daily reported a significant phishing campaign targeting nearly 12,000 GitHub repositories. The malicious operations involved fake security alert issues designed to deceive developers into authorizing a rogue OAuth application named "Git Security App".

Mechanism of Attack:
- Fake Security Alerts: The phishing messages falsely claimed that suspicious activities were detected from Iceland, urging users to update passwords and enable two-factor authentication.
- Malicious OAuth Authorization: All embedded links redirected users to an OAuth authorization page. Once authorized, attackers gained comprehensive access to repositories, user profiles, discussions, and workflows.
Response and Mitigation:
- Detection and Advisory: The campaign was first identified by researcher Luke4M. GitHub is actively responding to the threat.
- User Actions: Affected users are advised to revoke access to the malicious app via GitHub settings, inspect for unexpected GitHub actions, and rotate their credentials.
Notable Insight:
- "Developers should remain vigilant against such phishing attempts," emphasized Dave Bittner ([00:02]).

2. BlackLock Ransomware Group Escalates Attacks

The BlackLock Ransomware Group has emerged as one of the most active ransomware-as-a-service (RaaS) operators in early 2025, targeting over 40 organizations across various sectors including construction, real estate, IT services, and government agencies.

Tactics and Techniques:
- Fast Encryption: Utilizing Golang for cross-platform attacks, BlackLock employs swift encryption methods.
- Extortion Methods: The group uses ChaCha20 and RSA OAEP encryption, leveraging leak sites to pressure victims into paying ransoms.
- Recruitment: BlackLock recruits key players, known as "traffers," to facilitate and execute attacks.
Impact and Recommendations:
- The group's activities, rooted in the rebranded Eldorado Group, underscore the need for enhanced cybersecurity measures.
- Experts advise organizations to bolster their defenses against such sophisticated ransomware threats.

3. Federal Judge Orders Reinstatement of CISA Employees

A pivotal legal development occurred when Judge James Breidar temporarily blocked the Trump administration's attempt to terminate thousands of federal employees, including over 400 from the Department of Homeland Security (DHS) and 130 from the Cybersecurity and Infrastructure Security Agency (CISA).

Legal Context:
- The judge's order mandates the reinstatement of employees by March 17, amidst a lawsuit filed by 20 state attorneys general.
Concerns Raised:
- Cybersecurity Implications: Experts caution that mass layoffs could severely weaken national cybersecurity defenses.
- Official Responses:
  - White House: Labelled the rulings as judicial overreach.
  - CISA: Denied layoffs of its Red Team, attributing changes to contract modifications for efficiency.
Notable Discussion:
- During the episode, Tim Starks highlighted the importance of retaining cybersecurity personnel, stating, "We need to keep on hand actual cyber operational people who are responsible for protecting the federal government in those agencies" ([18:17]).

4. Supply Chain Attack Compromises Car Dealership Websites

Over 100 car dealership websites fell victim to a sophisticated supply chain attack targeting LES Automotive, a shared video service provider.

Attack Details:
- Click Fix Technique: Users were deceived into executing malicious commands via fake reCAPTCHA prompts.
- Malware Distribution: The attack deployed Secto Rat via PowerShell, with injected JavaScript containing Russian comments indicative of dynamic script manipulation.
Broader Implications:
- Industry Impact: Microsoft has issued warnings about similar attacks within the hospitality sector.
- Prevention Strategies: Security researchers, including Randy McCoyne, advise enforcing multi-factor authentication and regular credential rotations.

5. Critical Vulnerability Discovered in RSA Encryption Keys

Researchers uncovered a significant vulnerability affecting RSA encryption keys, revealing that approximately 1 in 172 online certificates are susceptible to compromise due to inadequate random number generation.

Findings:
- Shared Prime Factors: Over 75 million RSA certificates were analyzed, with 435,000 deemed vulnerable as shared prime factors could be exploited using basic greatest common divisor (GCD) calculations.
- At-Risk Devices: IoT devices are particularly vulnerable, with 50% of compromised keys linked to a major network equipment manufacturer.
Recommendations:
- Manufacturers must enhance entropy sources and adhere to cryptographic best practices to mitigate these risks.
- Critical Systems Vulnerability: Weak RSA keys pose threats to essential systems like medical equipment and industrial controls.

6. New Era Life Insurance Data Breach Affects 355,000 Individuals

New Era Life Insurance Company disclosed a data breach affecting 355,000 individuals in December 2024, marking the largest health data breach reported by a health plan this year.

Breach Details:
- Unauthorized Access Period: Between December 9th and 18th, last year.
- Compromised Data: Included sensitive personal and health information such as names, insurance IDs, medical details, and some Social Security numbers.
Response Measures:
- Support Offered: The company is providing free credit monitoring and is in the process of enhancing its security infrastructure.
- Legal Actions: Multiple law firms are investigating potential class action lawsuits against the insurer.

7. Decryptor Released for Akira Ransomware

Security researcher Johannes Nugroho has developed and released a decryptor for the Linux variant of Akira ransomware, utilizing GPUs to brute-force encryption keys.

Technical Breakdown:
- Encryption Key Generation: Akira employs timestamp-based seeds, complicating decryption efforts.
- Decryptor Efficiency: Nugroho leveraged cloud-based RTX 4090 GPUs to crack the keys within approximately 10 hours.
- Availability: The decryptor tool is accessible on GitHub, enabling free file recovery, though effectiveness may vary.
User Advisory:
- Users are strongly recommended to back up encrypted files before attempting decryption to avoid potential data corruption.

8. New Mapping Database Launched to Aid NGOs and High-Risk Individuals

Common Good Cyber, a global nonprofit, has unveiled a mapping database designed to assist NGOs and high-risk individuals in identifying appropriate security tools.

Database Features:
- Content: Lists 334 Public Interest Security Services, categorized under six primary domains: Govern, Identify, Protect, Detect, Respond, and Recover.
- Support and Backing: Funded by the UK Foreign, Commonwealth & Development Office (FCDO) and the EU Institute for Security Studies.
Objective:
- Aimed at enhancing cybersecurity for over 10 million NGOs worldwide, the initiative addresses the rising cyber threats against nonprofits, with 32% of charities reporting incidents in 2024.
Expert Commentary:
- Common Good Cyber emphasizes the necessity of making cybersecurity accessible to all, supported by the UK's National Cyber Security Centre (NCSC) guidance highlighting the sector's vulnerability to digital threats.

9. In-Depth Discussion with Tim Starks on Cyber Policy and CISA

In an insightful segment, host Dave Bittner converses with Tim Starks, a senior reporter at Cyberscoop, regarding concerns among trade groups over the renewal of critical cyber laws and the future direction of the Cybersecurity and Infrastructure Security Agency (CISA).

Key Topics Discussed:
- DHS Advisory Panels: The Trump administration's elimination of several DHS advisory panels, including one focused on critical infrastructure protection, has raised alarm among trade groups. These panels previously held legal authority to safeguard communications between the government and industry sectors.
- Cybersecurity Information Sharing Act (CISA):
  - The 2015 Cybersecurity Information Sharing Act is nearing expiration, posing threats to information sharing between the government and private sectors.
  - *"If you were to say, 'We need these things, otherwise we're not going to be sharing as much information between ourselves,'" * Tim emphasized ([14:18]).
- Nomination of CISA Director:
  - Discussion around the Trump administration's nominee for CISA director, Sean Planke, who brings extensive cybersecurity experience from both the private sector and government roles, contrasting with other nominees lacking in-depth cyber expertise.
  - Tim noted, "If you were worried about the administration's cyber direction, he [Planke] seems loyal to the Republican agenda but has deep credentials," highlighting the nominee’s balanced profile ([16:31]).
- Potential Reversals on Cyber Personnel Cuts:
  - The conversation touched upon recent messages from the Office of Management and Budget (OMB) and possible walkbacks by the administration regarding the termination of cybersecurity personnel.
  - Tim concluded, "We're getting some hints of some commitment to cybersecurity personnel, but it's a question of how much of a commitment and where," acknowledging ongoing uncertainties ([18:38]).
Conclusion of Discussion:
- The exchange underscored the critical importance of maintaining robust cybersecurity teams within federal agencies to protect national security interests amidst administrative changes.

10. Breakthrough in Hash Table Research

In a fascinating development, recent academic research has refuted a longstanding conjecture by Turing Award winner Andrew Yao regarding hash tables.

Research Highlights:
- Discovery of a New Hash Table: Andrew Krapivin and his colleagues unveiled a novel hash table design that achieves constant time for insertions and searches, regardless of the table’s fullness.
- Impact on Computer Science: This advancement overturns Yao's conjecture, which posited that the worst-case time complexity for such operations could not be exponentially improved as the table approaches full capacity.
Collaborative Validation:
- Professor Martin Farosh Colton and William Kazmal from Carnegie Mellon University confirmed the validity of Krapivin's findings, solidifying the breakthrough's credibility.
Future Implications:
- While practical applications are still being explored, this research fundamentally redefines the efficiency paradigms for hash tables, which are integral to cybersecurity and data storage mechanisms.

Notable Quotes

Dave Bittner ([00:02]): "Developers should remain vigilant against such phishing attempts."
Tim Starks ([14:18]): "We need to keep on hand actual cyber operational people who are responsible for protecting the federal government in those agencies."
Tim Starks ([16:31]): "He [Sean Planke] seems loyal to the Republican agenda but has deep credentials."
Tim Starks ([18:38]): "We're getting some hints of some commitment to cybersecurity personnel, but it's a question of how much of a commitment and where."

Conclusion

This episode of CyberWire Daily provided a comprehensive overview of significant cybersecurity incidents and developments as of March 17, 2025. From large-scale phishing campaigns and ransomware threats to pivotal legal decisions impacting federal cybersecurity personnel, the discussions underscored the evolving landscape of cyber threats and the critical need for robust defense mechanisms. The insightful dialogue with Tim Starks shed light on the intricate interplay between government policies and cybersecurity infrastructure, highlighting ongoing challenges and the pursuit of effective information-sharing frameworks.

For further details on today's stories, visit thecyberwire.com.

Produced by Alice Carruth, Liz Stokes, and mixed by Trey Hester. Executive Producer: Jennifer Ibin. Publisher: Peter Kilpe.

Loading summary

Transcript17 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. And now a brief message from our sponsor, DropZone AI. Is your SoC drowning in alerts? With legitimate threats sitting in queues for hours or even days? The latest SANS SOC survey report reveals alert fatigue and limited automation are SOC Team's greatest barriers. Drop Zone AI, recognized by Gartner as a cool vendor, directly addresses these challenges through autonomous recursive reasoning investigations, quickly eliminating false positives, enriching context, and enabling analysts to prioritize real incidents faster. Take control of your alerts and investigations with DropZone AI. A phishing campaign targets nearly 12,000 GitHub repositories the BlackLock ransomware group is one to watch. A federal judge orders reinstatement of workers at CISA. Over 100 car dealership websites suffer a supply chain attack and Hellcat breaches. Jaguar Land Rover researchers uncover a major vulnerability affecting RSA encryption keys. A life Insurance Co. Notifies 355,000 individuals of a December 2024 data breach. A researcher releases a decryptor for Akira Ransomware. A new mapping database aims to help NGOs and high risk individuals find security tools. Tim Starks from cyberscoop joins me with news that trade groups worry over renewal of a vital cyber law and a fundamental shift of our understanding of hash tables. It's Monday, March 17, 2025. I'm Dave Pittner and this is your Cyberwire Intel Brief. Thanks for joining us here today. Happy St Patrick's Day for those who celebrate. It is always great to have you with us. A phishing campaign has targeted nearly 12,000 GitHub repositories with fake security alert issues, tricking developers into authorizing a malicious OAuth app called Git Security App. The fake alerts claim suspicious activity was detected from Iceland, urging users to update passwords and enable two factor authentication. However, all links lead to an OAuth authorization page that grants attackers full access to repositories, user profiles, discussions and workflows. The attack, first spotted by researcher Luke4M, is ongoing, though GitHub appears to be responding. Users who mistakenly authorize the app should revoke access in GitHub settings, check for unexpected GitHub actions, and rotate credentials. The malicious campaign directs stolen credentials to sites hosted on Render. Developers should remain vigilant against such phishing attempts. The Blacklock Ransomware Group has attacked over 40 organizations in early 2025, making it one of the most active ransomware as a service operators targeting construction, real estate, IT service providers and government agencies. The group employs fast encryption and leak sites for extortion using Golang for cross platform attacks. Blacklock leverages ChaCha20 and RSA OAEP encryption emerging from the rebranded Eldorado Group. It recruits key players known as traffers to aid attacks. Organizations should enhance their cybersecurity measures to combat this growing ransomware threat. A US federal judge temporarily blocked the Trump administration's effort to fire thousands of federal employees, including over 400 from the Department of Homeland Security and 130 from the Cybersecurity and Infrastructure Security Agency. Judge James Breidar ordered reinstatement by March 17, pending a lawsuit by 20 state attorneys general. Concerns over cybersecurity and national security have emerged, with experts warning that mass layoffs weaken defenses. The White House called the rulings judicial overreach. DHS contractors like penetration tester Christopher Chenoweth reported terminations affecting Red Team operations. CISA denied laying off its Red Team, stating contract changes were made for efficiency. The Office of Personnel Management and the Department of Government Efficiency have not commented on the firings. Over 100 car dealership websites were compromised in a supply chain attack after threat actors infected LES Automotive, a shared video service. The attackers deployed the click fix technique, tricking users into executing malicious commands via fake recaptcha prompts. This method, increasingly used by cybercriminals, has spread information stealers and malware. Security researcher Randy McCoyne found the attack distributing Secto Rat via PowerShell. The injected JavaScript contained Russian comments suggesting dynamic script manipulation. Microsoft recently warned of similar attacks in hospitality. Elsewhere in the automotive world, the Hellcat ransomware group breached Jaguar Land Rover using stolen Atlassian in JJIRA credentials, exposing 700 internal documents and employee data on hacking forums. The threat actor Ray claimed responsibility, while another hacker, Apts, leaked an additional 350GB of sensitive data. The stolen information includes development logs, tracking data and proprietary source code, raising concerns over intellectual property theft and potential targeted attacks. Hellcat, known for exploiting JIRA vulnerabilities, has previously targeted Telefonica and Schneider Electric. Experts urge organizations to enforce multi factor authentication and credential rotation to prevent similar breaches. Security researchers have uncovered a major vulnerability affecting RSA encryption keys, with approximately 1 in 172 online certificates susceptible to compromise due to poor random number generation. Key Factor security analyzed over 75 million RSA certificates, finding 435,000 vulnerable due to shared prime factors allowing attackers to break encryption using simple greatest common Divisor calculations. IoT devices are particularly at risk, with 50% of compromise keys linked to a major network equipment manufacturer. Despite warnings, many devices still use weak RSA keys, posing threats to critical systems like medical equipment and industrial controls. Researchers urge manufacturers to improve entropy sources and follow cryptographic best practices to mitigate risks. New Era Life insurance companies is notifying 355,000 individuals of a December 2024 data breach, the largest health data breach reported by a health plan this year. The Texas based insurer discovered unauthorized access between December 9th and 18th of last year, during which sensitive personal and health data, including names, insurance IDs and medical details was copied. Some Social Security numbers were also compromised. The company is offering free credit monitoring and enhancing security measures. Several law firms are investigating potential class action lawsuits. Security researcher Johannes Nugroho released a decryptor for the Linux variant of Akira ransomware, leveraging GPUs to brute force encryption keys. Akira generates keys using timestamp based seeds, making decryption difficult but not impossible. Nigroho used cloud based RTX 4090 GPUs to crack the keys in about 10 hours. His tool, available on GitHub, allows free file recovery, though its effectiveness may vary. Users are advised to back up encrypted files before attempting decryption, as errors could cause data corruption. A global nonprofit named Common Good Cyber has launched a mapping database to help NGOs and high risk individuals find security tools. The database, featuring 334 Public Interest Security Services, is categorized into six Govern, Identify, Protect, Detect, Respond and Recover. Supported by the UK FCDO and the EU Institute for Security Studies, the initiative aims to improve CyberSecurity for over 10 million NGOs worldwide. Cyber threats against nonprofits are rising, with 32% of charities reporting incidents in 2024. Past attacks include breaches at free cycle and maternal and family health services. Common Good Cyber, founded by the Global Cyber alliance, stresses that cybersecurity should be accessible to all. The UK's NCSC has also issued guidance for charities emphasizing the sector's vulnerability to digital threat. Coming up after the break, Tim Starks from cyberscoop joins me with news that trade groups worry over renewal of a vital cyber law and a fundamental shift in our understanding of hash tables. Stay with us. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, indeed is all you need. Stop struggling to get your job post noticed. Indeed. Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first. And it works. Sponsored jobs on Indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with sponsored jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. It is always my pleasure to welcome back to the show Tim Starks. He is a senior reporter at cyberscoop. Tim, it's great to have you back.
[13:48]
Tim Starks
Yeah. It's been a minute. Hi, Dave.
[13:50]
Dave Bittner
It has. And speaking of being a minute, it feels like stories are coming at us a mile a minute. You know, your beat is Washington D.C. and all the goings on there. You wrote a story recently about some trade groups who were worrying about information sharing without some critical infrastructure, without a panel, but also some stuff having to do with cisa. Can you unpack that for us?
[14:19]
Tim Starks
Yeah. Two different things, but related. One of the things that's happened in the Trump administration that some people would consider hasty, one of one of a few is that they got rid of a host of DHS advisory panels, one of which happened to be a panel focused on critical infrastructure protection, that wasn't just advisory. It actually had some legal authorities that protected communications between the government and industry sectors and industry sectors between themselves. Also at this one particular panel, they got rid of it. And a bunch of the trade groups were like, wait, wait, wait, wait. We need that. That's good. There was some sympathy to say, okay, sure, you can get rid of some advisory panels. There are an awful lot of them. Maybe if you get rid of this, you can replace it with something else. So there's a little bit of conciliatory. But the gist was this is really. And we need it. The other thing related in both of these things without they say information sharing on cyber will really decline is the. I used to call it the OG CISA, but everybody's been calling it the 2015 CISA. So I just. But it's a cybersecurity information sharing act that is expiring later this year, and that provides even stronger legal protections for communications, I mean, protections against lawsuits, antitrust exemptions, stuff that is the foundation of a lot of other information sharing that goes on in the federal government on cyber. And it's not clear what the path is for that bill. But the trade groups were making the argument, we need these things, otherwise we're going to suffer. We're not going to be sharing as much information between ourselves. We're not going to be sharing as much information with the government, and vice versa.
[16:15]
Dave Bittner
Well, speaking of cisa, the administration has named their nominee for new CISA director. I think it's nice to see that he comes to the nomination with some credentials.
[16:31]
Tim Starks
Yeah, this is, you know, there are probably too many cyber Seans in the world between Sean Plankey, who's the pick for sissa, Sean Cairncross, who was the pick for Office of National Cyber Director, and that. Okay. Reporter for cnn, Shawn Lingus. The idea, though, is that if you look at Sean Cranecross, you and I discussed this nomination, you could be concerned that he has no cyber experience. None. Maybe he's touched it here and there, but no major cyber experience. Sean Planke has a deep resume on cyber private sector most recently, but he's worked at the nsc, he's worked on cyber at Cyber Command, he's worked the Department of Energy, he's worked at the Coast Guard. I mean, he worked at the Navy on cyber. Like, the guy has a lot, a lot of experience. And if you were, you know, worried about a lot of the things that are happening in the Trump administration on cyber being so off the path of what we're used to. He is someone who, you know, seems to be loyal to the Republican agenda and the Trump agenda, but at the same time has, has deep credentials. And that's a little, that's a little different in some cases. I mean, if you look at some of the other nominees, you have people who, who don't understand the definitions of the terms of the things that they're going to be running the agency for. This guy's, this guy's going to know what, what, what's going on. He's going to understand the issues big time.
[17:58]
Dave Bittner
Well, I, I thought, you know, in light of that. And then also we just recently saw, I believe it was DHS said, please don't fire cyber security people in your cuts.
[18:10]
Tim Starks
Right, yeah. That said that DHS might have said it as well, but I saw that OMB had said that.
[18:17]
Dave Bittner
Okay, okay. Yeah. But just that message, is this a walk back? You know, is this a realization as the feedback is coming in and more and more people are saying to the administration, hey, this is actually really important? I mean, are those the kinds of things that you're hearing in the comments, the folks you're talking to?
[18:39]
Tim Starks
Certainly there have been some discussions I've had with people behind the scenes who are involved in all of this saying we need to be really careful about not getting rid of cyber personnel. How much that message is going to reverberate through the entire administration, I do not know. It does seem like, at least in part, the discussions that are public now about this have said we need to keep on hand actual cyber operational people who are responsible for protecting the federal government in those agencies. That was a point of emphasis how much that means CISA won't suffer cuts. CISA being more of a broader policy focused agency. I think that's an open question. If you look at the fact that if there was a shutdown, they had put out guidance saying, hey, if there's a shutdown, you know, we, we would keep about a thousand some odd people from CISA on hand out of, you know, 3,500. That maybe gives you a little indication of, of how much of a part of the. Consider that. I mean, I think it's actually not that far off from the, from the Biden administration's guidance in terms of the, the actual sheer numbers. So I think we're getting some hints of some commitment to cybersecurity personnel, but it's a question of how much of a commitment and how and where. I think those are the open questions.
[19:55]
Dave Bittner
Yeah, it's hard to keep up, isn't it?
[19:59]
Tim Starks
Dave? No, I can't.
[20:04]
Dave Bittner
Well, my heart goes out to you, Tim. Thanks. Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for taking the time for us.
[20:13]
Tim Starks
Thanks to you, sir.
[20:28]
Dave Bittner
Tired of investigation tools that only do one thing at a time? Spending more time juggling contracts with data vendors than actually investigating Maltego changes that for good. Get one investigation platform, one bill to pay, and all the data you need in one place. It comes with curated data and a full suite of tools to handle any digital investigation. Connect the dots so fast cybercriminals won't even have time to Google what Maltego is. See the platform in action@maltego.com and finally, # tables are one of the most fundamental data structures in computing, allowing for fast storage and retrieval of information. They play a critical role in cybersecurity, enabling efficient database lookups, cryptographic functions, and even firewall operations. Their efficiency hinges on how quickly they can insert, locate or delete data, something researchers have studied for decades. In 2021, Andrew Krapivin, then an undergraduate at Rutgers University, stumbled upon a paper about tiny pointers. He didn't think much of it at the time, but two years later, as he explored ways to make pointers more memory efficient, he unexpectedly discovered a new kind of hash table, one that shattered long held assumptions in computer science. Without realizing it, Krapivin had disproved a 40 year old conjecture by Turing Award winner Andrew Yao, which stated that the worst case time to insert or search for an item in a nearly full hash table could never be faster than X, where x represents how close the table is to 100% full. Krapivin's new hash table, however, achieved an exponential improvement in time complexity. Skeptical at first, his former professor Martin Farosh Colton brought in William Kazmal from Carnegie Mellon University to validate the discovery. They confirmed that not only had Krapiven refuted Yao's conjecture, but he had also uncovered an even more surprising Some hash tables can achieve constant time research regardless of how full they are. This contradicted another of Yao's long standing assumptions. Krapivin, now at the University of Cambridge, along with Farak, Koltin and Khushmaul, published their findings in January of this year. While practical applications remain to be seen, their work fundamentally changes how computer scientists understand hash tables, one of the most essential tools in cybersecurity and data storage. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[24:47]
Tim Starks
Foreign.
[24:53]
Dave Bittner
Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cyber security solution trusted by businesses worldwide. Threat Locker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.