AI’s blind spots need human eyes. - CyberWire Daily

Summary6 min read

CyberWire Daily Podcast Summary
Episode Title: AI’s Blind Spots Need Human Eyes
Host/Author: N2K Networks
Release Date: February 14, 2025

Episode Overview

In this episode of CyberWire Daily, hosted by Dave Bittner, the discussion centers around the evolving landscape of cybersecurity in the age of artificial intelligence (AI). The episode delves into AI’s capabilities and its limitations, emphasizing the indispensable role of human oversight. Additionally, the episode covers significant cybersecurity news, including regulatory investigations, cyberattacks, and emerging threats, culminating in an insightful interview with Lawrence Pingree, VP of Technical Marketing at Dispersive.

Key News Highlights

1. AI Integration in National Security

At the Munich CyberSecurity Conference, former NSA Director Paul Nakasone underscored the necessity of integrating AI with human expertise. He emphasized that while AI can significantly enhance operational efficiency, human intuition remains crucial, especially in detecting subtle adversarial tactics that AI might overlook.

Notable Quote:

“AI can enhance efficiency, but human intuition remains essential, especially in intelligence work where operators detect subtle adversarial changes that AI cannot.”
— Paul Nakasone [04:15]

2. Court Documents Reveal DOGE’s Access Levels

New court documents disclosed that Marco Elez, a 25-year-old employee of the Department of Government Efficiency (DOGE), had write privileges to a Treasury payment system. Contrary to earlier reports of read-only access, his elevated permissions were mistakenly granted for just one day before being revoked. Despite media speculation, there is no evidence of unauthorized changes by Elez.

3. Security Vulnerabilities in DOGE-Associated Websites

The doge.gov website was found to have significant security flaws, allowing unauthorized users to edit its database. Demonstrations revealed that attackers could manipulate government employment statistics and other sensitive data through exposed API endpoints. Similar vulnerabilities were identified in waste.gov, raising serious concerns about DOGE's cybersecurity posture.

4. Dutch Authorities Crack Down on Bulletproof Hosting

Dutch police successfully dismantled the Z server's bulletproof hosting operation, taking offline 127 illegal servers. These servers were implicated in supporting cybercriminal activities, including Lockbit ransomware operations orchestrated by Russian nationals Alexander Mishin and Alexander Bolshakov. The operation facilitated botnets, malware distribution, and money laundering through cryptocurrency transactions.

Notable Quote:

“Shutting down bulletproof hosting is key to disrupting global cybercrime.”
— Dutch Police Representative [12:05]

5. German Investigation into Apple’s App Tracking Transparency

Germany’s competition watchdog is probing Apple’s App Tracking Transparency (ATT) framework, alleging that Apple exempts itself from the stringent privacy rules it enforces on third-party apps. Since 2021, iOS developers must obtain user consent before tracking activities, a move that significantly impacted companies like Facebook. Regulators argue that Apple’s preferential treatment of its own services may constitute anti-competitive behavior.

6. Beyond Trust Faces Security Breaches

Hackers exploited two unknown vulnerabilities and a stolen security key to breach Beyond Trust’s network in December. The attack, linked to Chinese state-sponsored hackers known as Silk Typhoon, led to the theft of sensitive government documents. The breach also exposed a hidden weakness in PostgreSQL, allowing remote control of Beyond Trust’s software. Although Beyond Trust addressed part of the vulnerability, the persistent database flaw remains a concern.

7. CISA Issues New Industrial Control System Advisories

The Cybersecurity and Infrastructure Security Agency (CISA) released 20 new security advisories targeting industrial control systems (ICS). These advisories highlight critical vulnerabilities in products from Siemens, O-Ring, MySCADA, Mitsubishi Electric, and others. Potential exploits include remote code execution, authentication bypasses, weak encryption, and command injections. CISA recommends applying security patches, strengthening authentication protocols, and isolating vulnerable systems to mitigate risks.

8. Emergence of Astaroth Phishing Kit

A new phishing toolkit named Astaroth has emerged, capable of bypassing two-factor authentication (2FA) through advanced session hijacking and real-time credential interception. Targeting platforms like Gmail, Yahoo, and Office365, Astaroth mirrors legitimate login pages with SSL certificates to deceive users. Priced at $2,000 on cybercrime forums, it includes real-time credential capture and takedown-resistant hosting, posing a significant threat to traditional security measures.

9. SonicWall Firewalls Exploited by Hackers

Following the publication of a proof-of-concept exploit, hackers are actively targeting a high-severity authentication bypass vulnerability in SonicWall firewalls. This flaw allows attackers to circumvent multi-factor authentication, access private data, and disrupt VPN sessions. Despite SonicWall releasing patches in January, approximately 4,500 devices remain unpatched as of February 7th. Cybersecurity firms urge organizations to update their firewalls immediately or implement mitigation strategies to prevent potential ransomware attacks.

In-Depth Interview: Lawrence Pingree on AI and Cyber Defense

Guest: Lawrence Pingree, VP of Technical Marketing at Dispersive
Topic: The necessity of preemptive defense in the AI arms race

Preemptive Cyber Defense in the AI Era

Lawrence Pingree discusses the dual-edged nature of AI, highlighting its potential for both defense and offense in cybersecurity. He reflects on his time at Gartner, where he introduced concepts like generative AI runtime defense, and expresses concern over the increasing capability of attackers to leverage AI for sophisticated cyberattacks.

Notable Quote:

“AI is dual-use technology. It can be used for defending and it can also be used for offense.”
— Lawrence Pingree [14:51]

The AI Arms Race

Pingree elaborates on the rapid advancement of AI, transitioning from basic models like ChatGPT to more complex AI agents. He warns that attackers now have the tools to execute hyper-automated, multi-stage attacks, utilizing breached data to craft highly personalized and convincing phishing attempts.

Notable Quote:

“Attackers are now capable of leveraging AI to generate malware hyperscale attacks with multiple dimensions in multiple domains.”
— Lawrence Pingree [17:31]

Recommendations for Security Professionals

Pingree advocates for preemptive cyber defense strategies that incorporate randomization and unpredictability to counteract AI-driven modeling by attackers. He emphasizes the importance of hiding attack surfaces and implementing measures such as traffic randomization and memory randomization to make it difficult for adversaries to predict and exploit vulnerabilities.

Notable Quote:

“Randomization is the Achilles heel of modeling, and that's really the superpower of preemptive cyber defense.”
— Lawrence Pingree [21:37]

Balancing Technology and Human Expertise

While AI enhances cybersecurity capabilities, Pingree stresses that human intelligence, ethical judgment, and adaptability remain irreplaceable. He underscores the necessity of integrating human oversight with AI tools to create a robust defense mechanism capable of anticipating and mitigating advanced cyber threats.

Final Thoughts and Conclusions

The episode underscores the intricate balance between leveraging AI for enhancing cybersecurity and recognizing its limitations that necessitate human vigilance. The discussions highlight the escalating sophistication of cyber threats and the critical need for preemptive, adaptive defense mechanisms. The insights provided by Lawrence Pingree offer valuable strategies for security professionals aiming to stay ahead in the AI-driven cybersecurity landscape.

Notable Quotes with Timestamps

Paul Nakasone at Munich CyberSecurity Conference [04:15]:
“AI can enhance efficiency, but human intuition remains essential, especially in intelligence work where operators detect subtle adversarial changes that AI cannot.”
Lawrence Pingree on AI Dual-Use [14:51]:
“AI is dual-use technology. It can be used for defending and it can also be used for offense.”
Lawrence Pingree on AI-Driven Attacks [17:31]:
“Attackers are now capable of leveraging AI to generate malware hyperscale attacks with multiple dimensions in multiple domains.”
Lawrence Pingree on Preemptive Defense [21:37]:
“Randomization is the Achilles heel of modeling, and that's really the superpower of preemptive cyber defense.”
Dutch Police Representative on Bulletproof Hosting [12:05]:
“Shutting down bulletproof hosting is key to disrupting global cybercrime.”

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity landscape, emphasizing the pivotal role of AI and the necessity of human oversight in defending against increasingly sophisticated cyber threats. The guest insights and news coverage equip listeners with the knowledge to navigate the complexities of modern cybersecurity challenges.

For more detailed information and daily updates, visit CyberWire Daily.

Loading summary

Transcript16 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K Nakasone addresses AI at the Munich Cybersecurity Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation German officials investigate Apple's app tracking hackers exploited security flaws in Beyond Trust CISA issues 20 new ICS advisories the new Astorock fishing kit bypasses two FA hackers waste no time exploiting a sonic wall Proof of concept vulnerability Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, discussing why preemptive defense is essential in the AI arms race and have I been pwned? Ponders whether resellers are worth The Trouble Foreign February 14, 2024 I'm Dave Bittner and this is your Cyberwire intel briefing. Well, happy Valentine's and thank you all for joining us here today at the Munich CyberSecurity conference. Former NSA Director Paul Nakasone emphasized the need for AI integration while preserving human expertise. He highlighted that future national security professionals must blend coding skills with policy knowledge. AI can enhance efficiency, but human intuition remains essential, especially in intelligence work where operators detect subtle adversarial changes that AI cannot. Nakasone stressed that the side integrating AI fastest will gain the advantage, but ethical and moral decision making will still require human judgment. Peter Kant, CEO of Enabled Intelligence, reinforced this, advocating for neurodiverse teams to refine AI. He noted that neurodiverse individuals excel at spotting AI hallucinations, biases and inconsistencies, making AI outputs more reliable. AI, Kent argued, should automate routine tasks, allowing humans to focus on critical thinking and innovation. Neurodiversity enhances AI development, improving defense applications like satellite image analysis. Ultimately, AI is a tool, but human intelligence, ethics and adaptability remain irreplaceable. New court documents reveal that Marco Elez, a 25 year old employee of the Department of Government Efficiency DOGE had write privileges to a Treasury payment system, contradicting earlier reports that he had read only access. However, his privileges were mistakenly granted for just one day before treasury officials revoked them, and there's no evidence he made unauthorized changes. The treasury implemented strict security measures, including monitoring ELEZ's activities and restricting his access to certain systems. Despite media claims that he had administrative level access, officials assert he was only able to edit data in a limited capacity. A lawsuit has been filed to block Doge employees from accessing treasury systems over security concerns. Elez resigned on February 6 following media scrutiny. While some reports suggest he altered treasury code, court documents indicate his work mainly involved helping automate payment review processes rather than making unauthorized or disruptive changes. Meanwhile, the doge.gov website has serious security flaws allowing anyone to edit its database. Two security individuals demonstrated the vulnerability by adding public messages mocking the site's lack of protection. Doge.gov was hastily launched after Musk touted Doge's transparency, but experts say it appears to be hosted on cloudflare pages rather than secure government servers. The site pulls data from an open database that's been modified by third parties. One researcher found they could alter government employment stats by accessing exposed API endpoints. The site's codebase appears to be deployed from GitHub without proper security measures. Similar issues were found with waste.gov, another DOGE affiliated site. Needless to say, the lack of cybersecurity raises major concerns. Dutch police dismantled the Z server's X host bulletproof hosting operation, taking 127 illegal servers offline. The US, UK and Australia recently sanctioned the same service for aiding cybercriminals, particularly Lockbit ransomware operators run by Russian nationals Alexander Mishin and Alexander Bolshakov. Z servers facilitated botnets, malware distribution and money laundering. The service openly advertised its tolerance for criminal activity, making it a safe haven for cybercrime. Authorities found servers hosting hacking tools from Lockbit and Conti Ransomware, two of the most damaging ransomware operations. The Amsterdam based servers allowed anonymous purchases via cryptocurrency while no arrests were made. Dutch cybercrime specialists are investigating seized equipment for further evidence. Mission and Boshakov face asset freezes and travel bans, but criminal charges have not been filed yet. Dutch police emphasize that shutting down bulletproof hosting is key to disrupting global cybercrime. Germany's competition watchdog is investigating Apple's app tracking transparency framework, alleging that the company exempts itself from the strict privacy rules it enforces on third party apps. Since 2021, iOS developers must ask for user consent before tracking activity across apps, a move that hit Facebook hard, costing it an estimated $10 billion in ad revenue. However, regulators claim Apple still tracks users within its own ecosystem, using data from the App Store, Apple ID and connected devices for personalized ads. Apple's consent prompts also appear to favor its own services by reducing user friction compared to third party apps. The German Federal Cartel Office argues this could be anti competitive self preferencing. Apple, which has appealed its regulatory designation in Germany, has yet to respond. A final court decision on its competitive status is expected on March 18. Hackers exploited security flaws in Beyond Trust, a company that helps businesses manage secure access to their systems. They used two unknown software bugs and a stolen security key to break in to Beyond Trust's network in December. A month later, the US Treasury Department was also hacked. Investigators linked this attack to Chinese state sponsored hackers known as Silk Typhoon, who stole sensitive government documents related to economic sanctions and foreign investments. Experts later discovered that the hackers also took advantage of a hidden weakness in PostgreSQL, a database tool used in many systems. This flaw allowed them to take control of Beyond Trust software remotely. Although Beyond Trust fixed one of the security issues, it didn't fully repair the database flaw. Still, their update blocked hackers from using it. CISA has since ordered agencies to secure their systems against these types of attacks. Speaking of CISA, they've issued 20 new security advisories for industrial control systems, warning about critical vulnerabilities in products from Siemens, O Ring, My, scada, Mitsubishi Electric and others. These flaws could allow hackers to disrupt operations, steal sensitive data, or gain unauthorized access. Issues range from remote code execution, authentication, bypass weak encryption, and command injection. CISA urges organizations to apply security patches, strengthen authentication and isolate vulnerable systems. A new phishing kit called Astaroth has emerged as a major cybersecurity threat, capable of bypassing two factor authentication using advanced session hijacking and real time credential interception. First seen in January of this year, it targets platforms like gmail, Yahoo, and Office365. Astaroth acts as a person in the middle, mirroring real login pages with SSL certificates to avoid detection when victims enter credentials and two FA tokens, attackers intercept session cookies allowing them to bypass authentication entirely. Sold for $2,000 on cybercrime forums, it includes real time credential capture, SSL certified phishing domains, and takedown resistant hosting. Experts warn that traditional security measures are ineffective against Astaroth's real time attacks. Enhanced cybersecurity user awareness and proactive threat detection are crucial to defending against these evolving phishing threats. Hackers are actively exploiting a high severity authentication bypass in Sonicwall firewalls after a proof of concept exploit was published. This vulnerability allows attackers to bypass multi factor authentication, access private data and disrupt VPN sessions. Sonicwall released patches in January, but as of February 7th around 4,500 devices remain unpatched. Arctic Wolf warns that cybercriminals often exploit firewall and VPN vulnerabilities for ransomware attacks, citing past incidents involving Akira. Ransomware organizations should immediately update Sonicwall firewalls or follow mitigation steps to prevent attacks. Disabling SSL VPN is recommended if patching is not possible, as the public proof of concept increases the risk of exploitation. Coming up after the break, Lawrence Pingree from Dispersive joins us to discuss why preemptive defense is essential in the AI arms race. And have I been poned ponders whether resellers are worth the trouble? Stay with us. Foreign cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. Threat Locker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. Lawrence Pingree is VP of Technical Marketing at Dispersive. I recently sat down with him to discuss why preemptive defense is essential in the AI arms race.
[14:49]
Lawrence Pingree
It harkens me back to when I was at Gartner. So I introduced some of the concepts in generative AI, specifically generative AI runtime defense. And I think everyone knows now that AI has an upside and a downside. Right? It's basically dual use technology. And in being dual use, it can be used for defending and it can also be used for the offense and the lay of the land in terms of AI is over the last 18 months we went from the introduction to, you know, the market of, you know, ChatGPT and know, the GPT craze. And over the last maybe six months, you know, we've been transitioning into the AI agentics and AI agents. And this is giving rise to, you know, lots of integrated software use cases. And so what's really, you know, I think both fascinating as well as, you know, a bit scary is that the attackers are now capable of leveraging AI. Obviously there was a big scandal yesterday about the new model out of China. And it was always my belief actually that the open source GPTs would eventually win the race because open source generally wins over time. But we've gone into this phase where software can be hyper powered by Agentix. And what's happening is the broad distribution of models, the various use cases, they're getting better and better. We went from simply chatting with an AI and getting really kind of wonky results sometimes and good results other times to now where the error rate or the hallucination rate in AI is roughly maybe one and a half percent, you know, in the larger, you know, foundational models. Which means they're better at what they do. Right. And a lot of people don't realize that the technology behind the scenes, they created entire towns out of AI and Agentix. Right. So they had little creatures running around throwing parties, telling where people wanted to go for the party. They have some pretty amazing superpowers. When you use Agentix, what are some.
[17:25]
Dave Bittner
Of the areas that you are specifically concerned about that you think security professionals should have their eye on?
[17:32]
Lawrence Pingree
I mean, there's. When I started doing research into AI at Gartner, I was really concerned about this notion of an arms race between the attacker and the defender. And what I mean by that is if you're using ML or if you're using These advanced AI models to both defend and to do offense, it's kind of an arms race, you're in this race condition. And my worry, at least back then, was that the attackers would readily be able to use these models to generate malware hyperscale attacks with multiple dimensions in multiple domains. So for example, rather than just simply pulling up a port scanner like NMAP and then having to go grab tools and compile them that the attackers of the past had to do, we have hyper automation that's possible to do multi stage and multi step attacks. And the other thing I was concerned about is all of the breached data out there being used to contextualize attacks down to the individual level. Right. So if you look at like the phishing attacks of, you know, five or six years ago, they were generally pretty easy to figure out, right? You know, mouse over it, you could look at the URL, you could see that it was kind of broken English or broken other language. And today now we have, you know, contextualized based text messages coming to us with our family, our co workers, names in them, maybe using your boss and saying, hey, you know, this is a CEO, I'm trying to reach out, I need you to do something. So it's gotten a lot more advanced and contextualized and at the same time that, you know, that historical error prone phishing email looks like it's real live people sending a message in native languages.
[19:43]
Dave Bittner
What are your recommendations then? I mean, for folks who are interested in exploring this, what's a good way to begin?
[19:50]
Lawrence Pingree
I think that when it comes to the tech provider community, well, first of all, you can start looking for preemptive cyber defense technologies. Dispersive does it at the network layer. We randomize traffic, we randomize keying, and we have preemptive measures of hiding the attack surface which differentiate us. But the idea behind preemptive cyber defense is that it can be applied in many different layers. It can be applied in software to randomize parameters that are being used for an application so that script kiddies, when they go out to various databases like exploit DB or something, they can't just use it, compile it and it works. That's the static realm that we're in today. We need to be able to prioritize things like defense within the endpoint operating system. Randomizing memory better, you know, making it, you know, kind of neutering these attacks with the preemptive measures and you know, to rotate back into, you know, the things like AI. You know, these kinds of attacks are possible because AI's greatest superpower is that it models things. Right. And how do you defend against modeling? You have to randomize. So just to illustrate this, if we were on, again, the battlefield, which I think of the cyber war as the battlefield, a moving target is very difficult to hit. Okay. So you ask any soldier, if somebody's standing still, it's easy to hit them and they start running. It's harder to hit them if they start running randomly and changing direction. Up, down, left, right. You know, then it becomes an NP hard problem.
[21:36]
Dave Bittner
Right.
[21:37]
Lawrence Pingree
So you need to understand that randomization is the Achilles heel of modeling, and that's really the superpower of preemptive cyber defense, or at least one of them.
[21:49]
Dave Bittner
Is it fair to think of this, at least in part, as kind of making it so that you're not the low hanging fruit? In other words, you know, if you're doing preemptive defense, there's no, there's no silver bullet, right? There's no 100% perfect thing. But if you're doing this and someone else isn't, I guess to your analogy, you're the person running around zigzagging while the shop next door might be running in a straight line or even standing still.
[22:17]
Lawrence Pingree
I think you're spot on, Dave. I mean, so one of the problems is. And then I'll just talk about what we see. Over the last 18 months, you've had what, Palo Alto firewalls be owned by the Chinese backdoored. I mean, a lot of those firewalls are configured to be able to do man in the middle inspection of traffic. Nothing wrong with that. But the problem becomes, then the Chinese can literally snarf your packets, your credentials right off the wire and go use them. Right? Same thing with Fortinet. We've had a big. You know, there was a big story the other day on Fortinet where the configurations could be accessed and downloaded by threat actors. And I think the vulnerability existed from back in 2022. The other big thing that people forget is that whether it's a zero day or a disclosed vulnerability with a patch, that vulnerability likely existed in all of history as long as that code existed. Right? And so if we don't think that threat actors are literally stacking a huge list of zero day attacks that they don't want to ever give to anybody, we're lying to ourselves. Right? So we have to start taking preemptive measures. So, for example, if you want to prevent a firewall attack, you have to hide the management plane, right? So you need to separate the control plane. And the data plane. And some of you have probably heard this, but what that means is your management should be done elsewhere, right? It should be in a protected environment separate from data transactions. The ideal attack surface is one that doesn't exist, right? And in network security land, if we look at the standard VPN technologies like SSL or IPsec, you know, the sad thing is that most of the time even service providers do this where they configure them in such a way that basically people can roam around the whole planet and still get to that port or that protocol. And that's for flexibility, agility, all of that. But the problem is that exposed attack surface becomes the next zero day.
[24:30]
Dave Bittner
That's Lawrence Pingree from Dispersive. We'll have a link to their recent report in our show. Notes.
[24:46]
Lawrence Pingree
Foreign.
[24:51]
Dave Bittner
And now a message from our sponsor. Zscaler, the leader in cloud security enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security Zscaler Zero Trust AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement connecting users only to specific apps, not the entire network continuously verifying every request based on identity and context simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.
[26:08]
Troy Hunt
This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify, the global commerce platform that supercharges your selling. Wherever you sell with Shopify, you'll harness the same intuitive features, trusted apps and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period@shopify.com tech. All lowercase, that's shopify.com tech.
[26:42]
Dave Bittner
And finally, Troy Hunt, the mastermind behind have I Been Pwned? Is on the verge of banning resellers. And honestly, who can blame him? Have I Been Pwned? The go to site for checking if your email has been pwned, stolen and floating around the dark web offers paid API access to bulk check data breaches. But some crafty resellers have been buying the subscriptions at doll1100 and flipping them and doubling the price. Worse, despite making up less than 1% of users, resellers account for 15% of support tickets and take five times longer to assist. Frustrated with endless pricing disputes and bizarre refund requests, Hunt says he is very, very strongly inclined to kick them out. He's still mulling over a solution, maybe automation to save. Have I been pwned from reseller induced headaches while keeping legit customers happy? Stay tuned. And that's the Cyberwire. For links to all of today's stories, check out our daily brief briefing@thecyberwire.com a quick programming note we will be observing Washington's birthday in the US this coming Monday. Have no fear, we will have some great content on your Cyberwire Daily feed. While we're out on our publishing break, be sure to check out Research Saturday and my conversation with Nati Tal, head of Guardiolabs. We're discussing their work, deception ads, fake captcha driving, infosteeler infections, and a glimpse to the dark side side of Internet advertising. That's Research Saturday. Do check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our Executive Producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.
[29:30]
Troy Hunt
Hey everyone, grab your favorite mug and put the kettle back on the stove. Because afternoon cyber tea is coming back this season, I am joined by an all star team of thought leaders and industry experts to dive into the critical trends that are shaping the future of cybersecurity. We will explore how these technologies are revolutionizing the way we work, the way we live, and the way we interact with the world around us. And as always, we will be bringing you thought provoking discussions and fresh perspectives on what is driving the future of cybersecurity and what leaders can do now to protect their teams. Tomorrow, new episodes will be coming to you in February every other Tuesday, so Subscribe now, wherever you get your favorite podcasts.