Biden’s final cyber order tackles digital weaknesses. - CyberWire Daily

Summary7 min read

CyberWire Daily Podcast Summary Episode: Biden’s Final Cyber Order Tackles Digital Weaknesses
Release Date: January 9, 2025
Host: Dave Bittner, N2K Networks

Biden’s Final Cyber Order Tackles Digital Weaknesses

In his concluding efforts to strengthen U.S. cybersecurity, the Biden administration is finalizing an executive order aimed at mitigating digital vulnerabilities exposed during his tenure. Host Dave Bittner outlines that the order emphasizes robust identity authentication and encryption for government communications, ensuring that sensitive information remains secure even in the event of a system breach.

Dave Bittner (00:46): “The executive order also proposes securing cryptographic keys via hardware security modules and tightening access management for federal contractors.”

The order responds to significant breaches, including a notable Treasury Department hack attributed to the Chinese group Silk Typhoon, which involved the theft of digital keys from Beyond Trust, a third-party provider. The administration is pushing for software vendors to adhere to stringent cybersecurity standards, such as prompt patching of known vulnerabilities and the implementation of multi-factor authentication.

However, uncertainty looms as the incoming Trump administration has hinted at rolling back federal regulations, particularly those concerning artificial intelligence safeguards, raising questions about the order's future.

Ivanti Addresses Critical Zero Day Vulnerability

Ivanti has issued emergency updates to address a critical zero day vulnerability in its Ivanti Connect Secure VPN devices, which allows for remote code execution. The vulnerability, actively exploited by suspected Chinese nation-state actors, necessitates immediate action from users.

Dave Bittner (00:46): “Avante recommends factory resetting devices before applying the update to remove potential malware that may fake the update process.”

Additionally, Ivanti has identified a stack-based buffer overflow with a high severity rating, although it has not yet been exploited in the wild. Similar vulnerabilities have been found in Ivanti’s Policy Secure and Neurons for Zero Trust Access Gateways, with patches expected by January 21. The company credits Mandiant and Microsoft’s Threat Intelligence Center for uncovering these flaws.

Karyo Control Firewall Software Flaw

A critical vulnerability discovered in Karyo Control firewall software allows attackers to achieve one-click remote code execution. Researcher Egidio Romano identified the flaw, which arises from improper input sanitization across multiple interface pages, enabling HTTP response splitting and open redirect attacks.

Dave Bittner (00:46): “The flaw stems from improper input sanitization in several interface pages, enabling HTTP response splitting and open redirect attacks.”

Initially classified as low risk, the vulnerability was later elevated to a high severity rating (CVSS of 8.8) due to its exploitation potential via an older GFI software vulnerability. While the vendor has been notified, no patches are currently available.

Palo Alto Networks Patches Multiple Vulnerabilities

Palo Alto Networks has addressed several vulnerabilities in its retired Expedition migration tool, including a high severity SQL injection flaw. This flaw permits authenticated attackers to access sensitive data such as usernames, passwords, and device configurations, as well as manipulate system files.

Dave Bittner (00:46): “Expedition, retired at the end of last year, will no longer receive updates or security fixes, and users are urged to find alternatives.”

In response, Palo Alto has released the latest Expedition version, which resolves the SQL injection issue along with four additional medium and low severity vulnerabilities. Additionally, the company updated Prisma Access Browser to mitigate six Chromium vulnerabilities, including two critical flaws in the V8 JavaScript engine. Although no exploits have been reported for these vulnerabilities, CISA previously warned about Expedition-related flaws being exploited in attacks.

Security Researchers Targeted with Fake Exploits for Microsoft Vulnerabilities

Security researchers are facing increased threats from fake exploits targeting Microsoft vulnerabilities. Trend Micro discovered a malicious version of a legitimate proof-of-concept (POC) exploit for LDAP Nightmare, a denial-of-service bug patched in December. This counterfeit POC replaces Python files with a malicious executable that deploys a PowerShell script to download malware aimed at stealing user data.

Dave Bittner (00:46): “LDAP nightmare highlights two critical vulnerabilities, including one with a severity of 9.8, but both significant due to LDAP's widespread use in Windows environments.”

These deceptive tactics continue the trend of state-sponsored attackers targeting security experts, utilizing methods such as social media deception, zero-day exploits, and backdoor tools to compromise professionals in major tech firms.

Medusynd Data Breach Impacts Over 360,000 Individuals

Medusynd, a U.S.-based medical and dental billing company, experienced a substantial data breach affecting over 360,000 individuals. The compromised data includes:

Health insurance details
Medical records
Payment information
Government IDs
Contact information

Dave Bittner (00:46): “The company has offered affected individuals 24 months of free credit monitoring and identity protection.”

Discovered in December 2023, the breach involves stolen files containing personal information, posing risks of medical identity theft and financial fraud. Medusynd, headquartered in Miami, Florida, services thousands of healthcare providers across the U.S. and India.

Excelsior Orthopedics Ransomware Attack Compromises Personal Data

In June 2024, Excelsior Orthopedics, a New York-based healthcare provider, fell victim to a ransomware attack compromising the personal and health information of approximately 357,000 individuals. The breach impacted patients and employees of Excelsior and related entities, including Buffalo Surgery Center and North Town's Orthopedics.

Dave Bittner (00:46): “Affected individuals have been offered 12 months of free credit monitoring and fraud assistance services.”

The Monti ransomware gang claimed responsibility, with 300 gigabytes of stolen data now publicly available. Excelsior responded by disconnecting external access to its network and initiating recovery efforts. The company has not disclosed the specific nature of the attack but acknowledges significant data compromise.

Cyber Attack Disrupts Winston Salem Utility Payment Systems

A post-Christmas cyber attack targeted the online utility payment systems in Winston Salem, North Carolina, affecting 250,000 residents and nearby Forsyth County. Discovered on December 26, the attack forced the city to take systems offline, hindering residents from making online payments without incurring late penalties.

Dave Bittner (00:46): “The attack coincides with severe weather communication challenges and follows similar incidents across North Carolina.”

City officials are collaborating with state and federal agencies to restore full services. North Carolina’s 2022 law prohibits government entities from paying ransoms, complicating the response to such attacks.

CrowdStrike Identifies Phishing Campaign Exploiting Recruitment Branding

CrowdStrike has detected a sophisticated phishing campaign that leverages its recruitment branding to distribute malware. The attack utilizes emails impersonating CrowdStrike’s recruitment efforts, directing victims to a malicious site that offers downloads of a fake employee CRM application.

Dave Bittner (00:46): “The downloaded executable, written in Rust, acts as a downloader for the cryptominer XMRig.”

The malware employs advanced evasion tactics, including debugger detection, process checks, and sandbox avoidance. Before deploying the XMRig cryptominer, the malware establishes persistence by creating batch scripts in the Startup directory and adding registry entries to re-execute upon system logon. CrowdStrike advises verifying the authenticity of their communications and avoiding the download of unsolicited files.

Interview with Danny Allen: Balancing AI and Human Oversight in Cybersecurity

Danny Allen, CTO of Snyk, discusses the balanced approach between artificial intelligence (AI) and human oversight to enhance cybersecurity. Conducting a survey of 400 organizations with over 1,000 employees, Allen reveals significant insights:

C-suite executives are five times more likely to view AI coding tools as non-risky compared to application security teams, highlighting a disconnect in risk perception.

Danny Allen (16:16): “...executives instead are looking at it and saying, how can we be productive in using this.”

Two-thirds of developers lack training in AI security, posing risks as they integrate AI tools like ChatGPT into their workflows without understanding potential security implications.

Danny Allen (18:02): “...developers were saying they weren't being trained on AI security.”

Allen emphasizes the necessity of guardrails to ensure AI enhances productivity without compromising security. He advocates for comprehensive training programs and security controls that align AI usage with corporate policies.

Danny Allen (20:19): “You don't want to be slowing down the organization... But you do need to have those guardrails in place.”

CES Worst in Show Highlights Privacy and Security Concerns in Tech

The podcast also covers the Worst in Show awards from the Consumer Electronics Show (CES), which spotlight gadgets that raise privacy, security, and sustainability concerns:

FacePalms Ultra Human's $2,200 Luxury Smart Ring: Criticized for limited durability, lasting only 500 charges before becoming irreparable.
Bosch's AI-Powered Crib: Labeled as surveillance for your infant, it incorporates cameras, microphones, and radar, infringing on privacy within a supposed safe environment.
Soundhound's AI in Car Commerce System: Accused of promoting wasteful takeout and encouraging distracted driving.
TP-Link's Router: Declared least secure due to vulnerabilities that prioritize government alerts over user safety.
LG's AI Refrigerator: Won the overall award for being flashy, pricey, and prone to premature obsolescence.

Conclusion

The episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity landscape, highlighting significant governmental actions, emerging threats, and the ongoing challenges in balancing innovation with security. The insights from Danny Allen underscore the critical need for integrating AI responsibly within cybersecurity frameworks, ensuring that technological advancements do not outpace the necessary safeguards.

For those interested in deeper insights, the podcast offers a link to Snyk's AI Readiness Report in the show notes.

Produced by Liz Stokes, mixed by Trey Hester, with original music by Elliot Peltzman. Executive Producer: Jennifer Ibin. Executive Editor: Brandon Karp. President: Simone Petrella. Publisher: Peter Kilke.

Loading summary

Transcript21 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network.
[00:04]
Danny Allen
Powered by n2k.
[00:10]
Amazon Sponsor
This episode is brought to you by Amazon. Sometimes the most painful part of getting sick is the getting better part. Waiting on hold for an appointment, Sitting in crowded waiting rooms, Standing in line at the pharmacy? That's painful. Amazon One Medical and Amazon Pharmacy remove those painful parts of getting better with things like 24. 7 virtual visits and prescriptions delivered to your door. Thanks to Amazon Pharmacy and Amazon One Medical Healthcare just got less painful.
[00:46]
Dave Bittner
The Biden administration is finalizing an executive order to bolster US Cybersecurity Avante releases emergency updates to address a critical zero day vulnerability. A critical vulnerability is discovered in Krio Control firewall software. Palo Alto Networks patches multiple vulnerabilities in its retired migration tool. Fake exploits for Microsoft vulnerabilities lure security researchers. A medical billing company data breach affects over 360,000 a cyber attack disrupts the city of Winston Salem. CrowdStrike identifies a phishing campaign exploiting its recruitment branding. Our guest is Danny Allen, CTO from Sneak Sharing how a balanced approach between AI and human oversight can strengthen cybersecurity and the worst of the worst from CES it's Thursday, January 9th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us. It is great to have you with us here today. The Biden administration is finalizing an executive order to bolster U.S. cybersecurity in its final days following major breaches during Biden's term, including a Treasury Department hack attributed to the Chinese group Silk Typhoon. The order emphasizes strong identity authentication and encryption for government communications. This would protect sensitive information even if systems are breached by ensuring hackers cannot access encrypted documents. The treasury hack reportedly involves stolen digital keys from Beyond Trust, a third party provider granting access to unclassified sanctions related data. The executive order also proposes securing cryptographic keys via hardware security modules and tightening access management for federal contractors. Additionally, it mandates that software vendors demonstrate adherence to cybersecurity standards like fixing known vulnerabilities and using multi factor authentication. It's unclear if the incoming Trump administration will retain the order as Trump has signaled intentions to roll back federal regulations, including on artificial intelligence safeguards. Ivanti has released emergency updates to address a critical zero day vulnerability actively exploited by suspected Chinese nation state attackers. The flaw affects Ivanti Connect secure VPN devices and allows remote code execution. Avanti recommends factory resetting devices before applying the update to remove potential malware that may fake the update process. A second vulnerability, also a stack based Buffer overflow has a high severity rating but hasn't been exploited in the wild. Ivanti also warns that similar vulnerabilities exist in its Policy Secure and neurons for zero trust access gateways with patches expected by January 21. Attackers have used malware to block legitimate updates, creating a fake update facade. Ivanti credits Mandiant and Microsoft's Threat Intelligence center for discovering the flaws. The US CISA and the UK's NCSC urge immediate action, highlighting the risks to critical edge devices and advising organizations to review networks for signs of intrusion. A critical vulnerability in Karyo Control firewall software allows attackers to achieve one click remote code execution discovered by researcher Egidio Romano. The flaw stems from improper input sanitization in several interface pages, enabling HTTP response splitting and open redirect attacks, potentially leading to severe consequences like gaining root access to the firewall. Initially deemed low risk, it was reclassified as high severity with a CVSS of 8.8 due to exploitation potential via an older vulnerability GFI software. The vendor has been notified, but no patches are available yet. Palo Alto Networks has patched multiple vulnerabilities in its retired Expedition migration tool, including a high severity SQL injection flaw. This flaw allows authenticated attackers to access sensitive data such as usernames, passwords and device configurations and manipulate files on the system. Expedition, retired at the end of last year, will no longer receive updates or security fixes, and users are urged to find alternatives. The latest Expedition version resolves the flaw and four additional medium and low severity issues. Palo Alto also updated Prisma Access browser to address six Chromium vulnerabilities, including two critical flaws in the V8 JavaScript engine. While no exploitation has been reported for the latest vulnerabilities, CISA previously warned about critical Expedition flaws exploited in attacks. Users should restrict network access to Expedition or deactivate it if unused. Security researchers are being targeted again, this time with fake exploits for Microsoft vulnerabilities. Trend Micro identified a malicious version of a legitimate proof of concept exploit for LDAP Nightmare, a denial of service bug patched in December. The counterfeit POC replaces Python files with a malicious executable that delivers a PowerShell script which downloads malware to steal user data. LDAP nightmare highlights two critical vulnerabilities, including one with a severity of 9.8, but both significant due to LDAP's widespread use in Windows environments. While experienced researchers may spot red flags such as executables in Python projects, these lures still exploit trending issues to target a broader audience. This tactic follows a pattern of attackers targeting researchers, including incidents involving North Korean operatives. Previous cases have seen state sponsored attackers use social media deception, zero day exploits and backdoor tools to compromise experts at major tech firms. Medusynd, a U S based medical and dental billing company, suffered a data breach affecting over 360,000 individuals. Exposed data includes health insurance details, medical records, payment information, government IDs and contact information. Though impacted data varies per person, threat actors could exploit this information for medical identity theft or financial fraud. The breach, discovered in December of 2023, involves stolen files containing personal information. Medusynd has offered affected individuals 24 months of free credit monitoring and identity protection. The company, headquartered in Miami, Florida, serves thousands of healthcare providers across the US And India. Meanwhile, Excelsior Orthopedics, a New York based healthcare provider, experienced a ransomware attack in June of 2024, compromising the personal and health information of approximately 357,000 individuals. The breach affected patients and employees of Excelsior and related entities including Buffalo Surgery center and North Town's Orthopedics. Exposed data includes names, Social Security numbers, medical records, diagnosis and treatment details, and more. Initially thought to impact only employees, the breach's scope was later found to include patient data. The Monti ransomware gang claimed responsibility. Stealing 300 gigabytes of data now publicly available, Excelsior disconnected external access to its network and continues recovery efforts. Affected individuals have been offered 12 months of free credit monitoring and fraud assistance services. The company has not confirmed the specific type of attack but acknowledges significant data compromise. A post Christmas cyber attack disrupted online utility payment systems in Winston Salem, North Carolina, affecting a quarter of a million residents and nearby Forsyth county. Discovered on December 26, the attack forced the city to take systems offline, though fire and police services remain unaffected. Residents can pay bills in person without late penalties. City officials, working with state and federal agencies, have yet to restore full services. The attack coincides with severe weather communication challenges and follows similar incidents across North Carolina. The state prohibits government entities from paying ransoms under a 2022 law. Earlier this week, CrowdStrike identified a phishing campaign exploiting its recruitment branding to distribute malware. The attack uses phishing emails impersonating CrowdStrike recruitment to direct victims to a malicious site offering downloads of a fake employee CRM application. The downloaded executable, written in Rust, acts as a downloader for the cryptominer XMRig. The malware employs evasion tactics such as debugger detection, process checks and sandbox avoidance. Before downloading and running XMRig, it establishes persistence by creating batch scripts in the Startup directory and adding registry entries to re execute on system logon. Victims are urged to verify the authenticity of CrowdStrike communications and avoid downloading unsolicited files. CrowdStrike emphasizes that it does not ask candidates to download software for interviews or process payments. Organizations should educate employees on phishing risks, monitor suspicious activity, and implement endpoint protection to mitigate these kinds of threats. Coming up next, we've got my conversation with Sneaks CTO Danny Allen about how a balanced approach between AI and human oversight can strengthen cyber security. And hear about worst in show, also known as when your fridge knows too much about you. We'll be right back.
[12:10]
Capella University Sponsor
Imagine what's possible when learning doesn't get in the way of life at Capella University. Our game changing flexpath learning format lets you set your own deadline so you can learn at a time and pace that works for you. It's an education you can tailor to your schedule. That means you don't have to put your life on hold to pursue your professional goals. Instead, enjoy learning your way and earn your degree without missing a beat. A different future is closer than you think with Capella University. Learn more at capella. Edu.
[12:44]
KnowBe4 Sponsor
And now a word from our sponsor, knowbefore it's all connected and we're not talking conspiracy theories when it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBeFor, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBeForS security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco. 35. Vendor integrations and counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity, or web security vendors. Then coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbefor.com SecurityCoach that's knowbe4.com SecurityCoach and we thank knowbe4 for sponsoring our show.
[14:17]
Dave Bittner
Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. Danny Allen is Chief Technology Officer at Snyk. I recently caught up with him to talk about how a balanced approach between AI and human oversight can strengthen cybersecurity.
[15:39]
Danny Allen
AI is clearly a focus for most organizations right now. From CEO to CIO on down, organizations are asking, how can I effectively use AI that is not an exclusion for the development organization which we regularly meet with. And so what we wanted to do is understand how organizations were thinking about AI and how they were rolling it out within the organization. And so this led to a survey by Snyk of 400 organizations with 1,000 or more employees.
[16:11]
Dave Bittner
Well, let's go through some of the findings together here. What are some of the things that caught your eye?
[16:17]
Danny Allen
Well, the thing that probably stood out the most to me is that the C suite so CEOs, CIOs, etc. CISOs were five times more likely to rate AI coding tools because we were specifically honing in on development and AI coding tools as not risky at all. Not risky at all as compared to the application security folks who were saying they were risky and the numbers there, I think 5% of the application security team were saying, hey, these are not risky. Where for the C suite, 25% of them said not risky at all. So there's clearly a disconnect between executives and the application security team. It's probably the most significant standout from the report for myself.
[17:02]
Dave Bittner
No, that's an interesting disconnect there. What do you make of that? What do you suspect might be driving it?
[17:09]
Danny Allen
I suspect that application security folks are very in tune with security issues and tend to be more paranoid. They have a lengthy history of dealing with security and when it comes to AI, of course security is the top concern. And so they just look at it as a new type of infrastructure. We need to be concerned about security. Executives, on the other hand, are not looking at it from a negative perspective of I need to be paranoid about this. Executives instead are looking at it and saying, how can we be productive in using this. And so they are looking at it more optimistically than the security team who are looking at it and say, what are the risks associated with this?
[17:48]
Dave Bittner
Now one of the things that caught my eye was this finding that organizations may not be making the proper preparations when it comes to AI coding security. Can you explain that for us?
[18:02]
Danny Allen
Yes. So on the development side, what we found is that two of three devs, so 66% of developers were saying they weren't being trained on AI security. And if you think about this logically, a developer can take code and put it in ChatGPT and say, can you make this faster or more efficient? Or convert this to a different language. There's obviously security concerns about that because they just took proprietary code and put it in ChatGPT. And so one of the things that organizations are not thinking about is developers that are trying to be more efficient and they're using AI to be more efficient. But they haven't been trained on the security concerns that come along with the use of this AI. And what you find is that most of the organization, it's the proprietary information that they're trying to optimize because it's their crown jewels and they're saying, how do I do this more effectively? Having security training around that is obviously critical.
[19:03]
Dave Bittner
Yeah. What are the take homes here in terms of lessons learned or words of wisdom for folks to take away from this report? What do you hope they get from it?
[19:14]
Danny Allen
Well, I really hope that organizations realize that AI first of all is extremely effective and it helps organizations to be so much more productive. So this is in no way meant to say don't use AI. Instead it's to say we should be using AI to make our organizations more productive, to develop more quickly. But we also need to be thinking about the guardrails that come along with that AI. And those guardrails can be at a people level. So for example, training developers on how to use AI more effectively, they can also be at a process level so that they're trained on how to use the AI within their daily workflows. And then also at a security level, there's many ways that we can put in security controls that as organizations are using AI, they're doing it in a way that conforms with the corporate policy.
[20:06]
Dave Bittner
Do you have any guidelines for best practices for folks to kind of dial in the balance between effective use of AI but also the necessity for human oversight?
[20:19]
Danny Allen
I'm not yet convinced that AI is ready to be completely autonomous. Some human oversight is valuable, I think of self driving cars. I'm not yet ready to get in a self driving car and say drive me across the country, still need to be sitting in the seat with my hands on steering wheel. However, that being said, you want to do it in a way that takes advantage of what the AI is giving you. In other words, if you're in a self driving car, of course you can pay attention to the traffic, but you don't have the stress associated with it. And I think that's the same way when it comes to AI within the organization. You don't want to be slowing down the organization. You don't want the guardrails to be so onerous that it doesn't allow them to achieve the outcome and that they are achieving the benefit of it. But you do need to have those guardrails in place.
[21:11]
Dave Bittner
Our thanks to Danny Allen from Snyk for joining us. We'll have a link to Snyk's AI readiness report in the show Notes.
[21:33]
KnowBe4 Sponsor
And now a message from our sponsor Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security Zscaler 0Trust AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement Connecting users only to specific apps, not the entire network. Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@Zscaler.com Security.
[22:54]
Dave Bittner
And finally, CES. The Consumer Electronics show is all about futuristic gadgets designed to improve lives. But sometimes innovation veers into eyebrow raising territory. Enter the Worst in Show awards, where dystopia experts highlight the most repair challenged, privacy invading and unsustainable tech. Topping the list of face Palms Ultra Human's $2,200 luxury smart ring, which lasts just 500 charges before becoming irreparable bling. Two years of use for that price. A new low, quipped Ifixit CEO Kyle Wiens. Next up, Bosch's AI powered crib promising to rock babies to sleep and track their vitals. The Electronic Frontier foundation dubbed it surveillance for your infant, packing cameras, mics and radar into what should be a privacy safe sanctuary. The least sustainable prize? Soundhound's AI in Car Commerce system encouraging wasteful takeout and distracted driving. And TP Link's router won least secure thanks to vulnerabilities that prioritize government alerts over user safety. Finally, the overall winner. That would be LG's AI refrigerator, flashy, pricey, and doomed to premature obsolescence. And that's the CyberWire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilke is our publisher, and I'm Dave Bitner. Thanks for listening. We'll see you back here tomorrow.