Brute force and broken trust. - CyberWire Daily

Summary8 min read

CyberWire Daily: "Brute Force and Broken Trust" Summary

Release Date: March 21, 2025
Host/Author: N2K Networks

The March 21, 2025 episode of CyberWire Daily, hosted by Dave Bittner and featuring insights from Brendan Karpf and guest Maria Vermazes, delves into pressing cybersecurity issues ranging from government data vulnerabilities to the evolving landscape of ransomware threats. This comprehensive summary captures the episode's key discussions, expert analyses, and critical revelations.

1. Exposed Government Databases: A Looming Cybersecurity Crisis

The episode opens with a concerning revelation about the security posture of U.S. government data. Over 150 government database servers, managed by agencies such as the Departments of Agriculture, Education, and Energy, are found to be dangerously exposed to the Internet. These databases, hosted on Microsoft's Azure GovCloud, have open ports susceptible to brute force attacks and known exploits.

Key Points:

Unauthorized Access Attempts: The investigation highlighted over 655 unauthorized access attempts, indicating persistent threats targeting these databases.
Data Replications: More than 200 real-time data replications were detected, suggesting significant flaws in both authentication mechanisms and data protection protocols.
Root Cause: Analysts attribute the exposure to a hastened federal data centralization effort, which compromised standard security protocols in favor of rapid deployment.

Expert Insight: Dave Bittner emphasizes the severity:
"These databases have open ports vulnerable to brute force attacks and known exploits. The report highlights over 655 unauthorized access attempts and more than 200 real time data replications, suggesting serious flaws in authentication and data protection."
[00:12:30]

2. Decentralizing Cybersecurity: Federal Shift to States and Local Governments

In response to the escalating cyber threats, the White House is transitioning cybersecurity responsibilities from federal agencies to state and local governments through a new executive order introduced by President Trump. This order is part of a broader national resilience strategy aimed at empowering local entities to defend critical infrastructure and elections against cyber threats.

Key Points:

Autonomy Granted: States will gain greater control over their cybersecurity measures, potentially allowing for more tailored and rapid responses.
Resource Challenges: However, this shift coincides with cuts to federal cybersecurity teams, depriving states of essential support services like vulnerability alerts and free risk assessments.
Risks of Fragmentation: Experts warn that decentralization may lead to fragmented defenses, exacerbating vulnerabilities, especially in underfunded sectors such as schools and small municipalities.

Critical Commentary: Brendan Karpf highlights the implications:
"Experts warn this decentralization could lead to fragmented defenses, especially as many states lack the resources and intelligence centers to fill the gap."
[13:31]

3. Exploiting Antivirus Vulnerabilities: The Check Point Zone Alarm Incident

A noteworthy vulnerability in Check Point's Zone Alarm antivirus software has been exploited by threat actors to bypass Windows Security. Security researcher Nima Bagheri explains a sophisticated "Bring Your Own Vulnerable Driver" attack that leverages an old signed driver with kernel-level privileges.

Mechanism of Attack:

Evading Detection: Attackers exploit the vulnerability to evade antivirus detection and bypass Windows memory integrity protections.
System Compromise: Once inside, they steal user credentials and establish remote access, posing significant risks to system integrity.

Security Recommendations: Users are urged to update to the latest non-vulnerable versions of the software to mitigate these threats.

4. Ransomware Evolution: Albabat and Van Helsing Threats

The episode discusses the alarming evolution of ransomware, highlighting two primary threats: Albabat and Van Helsing.

Albatbat Ransomware: Cross-Platform Extension

Multi-OS Targeting: Initially a Windows threat, Albabat has expanded to target Linux and macOS systems.
GitHub Integration: Utilizing GitHub for configuration management allows remote updates without redeploying malware, enhancing its adaptability.
Payment Diversification: The ransomware accepts various cryptocurrencies, including Bitcoin, Ethereum, Solana, and BNB, facilitating broader financial attacks.

Van Helsing Ransomware: Targeting Critical Sectors

Advanced Tactics: Van Helsing employs sophisticated encryption and evasion techniques, appending its name to affected files and demanding ransom through a Tor-based chat site.
Double Extortion: Beyond encryption, it exfiltrates sensitive data, increasing pressure on victims to comply with ransom demands.
Persistence Mechanisms: The use of rootkits, registry changes, and bootkits complicates detection and eradication efforts.

Defense Strategies: Security experts advocate for robust backups, timely system patching, multi-factor authentication (MFA), and Zero Trust architectures to defend against these formidable ransomware threats.

5. Operation Fish Medley: Chinese Cyber Espionage Campaign

ESET reports on Operation Fish Medley, a cyber espionage campaign conducted by Isun, a Chinese cybersecurity contractor linked to Beijing's Ministry of Public Security. The campaign targeted seven organizations across Taiwan, Hungary, Turkey, Thailand, the U.S., and France.

Operational Tactics:

Toolkit Utilization: Attackers employed tools such as ShadowPad, Spider, and the newly identified RPIPE Commander to gain deep network access.
Data Exfiltration: The campaign focused on credential harvesting and data extraction, compromising sensitive information from targeted organizations.
Strategic Timing: The campaign coincided with significant geopolitical events, including document leaks and U.S. indictments of ISOON staff involved in hacking activities.

Implications: The sustained nature of Operation Fish Medley underscores the persistent threat posed by state-sponsored cyber espionage activities, necessitating heightened vigilance and advanced defensive measures.

6. Critical Infrastructure Vulnerabilities: CISA Advisories

The Cybersecurity and Infrastructure Security Agency (CISA) issued five Industrial Control Systems (ICS) advisories addressing high-severity vulnerabilities across critical infrastructure sectors:

Schneider Electric's EcoStruxure: Multiple input validation issues.
Enerlinxife Components: Susceptible to exploitation via input validation flaws.
Siemens SimCenter Femap: Contains a memory buffer overflow vulnerability.
SMA's Sunny Portal: Prone to a file upload flaw.
Santasoft's DICOM Viewer Pro: Experiences an out-of-bounds write issue.

Urgent Action Required: CISA urges immediate updates to these systems to mitigate exploitation risks, emphasizing the vital nature of these infrastructures and their role in supporting essential services.

7. Cybercrime in Athletics: Indictment of Former NFL Coach

A former NFL and University of Michigan assistant coach, Matt Weiss, has been indicted on 14 counts of unauthorized computer access and 10 counts of identity theft. Weiss allegedly hacked into the accounts of over 150,000 college athletes across more than 100 schools between 2015 and 2023.

Modus Operandi:

Target Selection: Weiss focused on female athletes, accessing their social media, cloud, and email accounts to obtain private photos and videos.
Encryption Cracking: He reportedly cracked encryption using online resources and meticulously documented stolen content.
Employment Consequences: Weiss was terminated by Michigan in 2023 after refusing to cooperate with an internal investigation and previously worked for the Baltimore Ravens.

Prosecutorial Stance: Federal prosecutors remain committed to aggressively pursuing the case to uphold the privacy and security of the victims.

8. Expert Conversation: Cyberspace in Space

Brandon Karpf engages in an insightful discussion with Maria Vermazes from the T Minus podcast, exploring the intersection of cyberspace and space infrastructure.

Key Highlights:

DoD Software Acquisition Reform: The Department of Defense (DoD) is adopting agile processes for software acquisitions to accelerate the deployment of new software, reducing the traditional 12-year timeline to six years.

"They're going to accept more risk upfront by rapidly implementing new software, understanding that allows software to be iterated upon and improved."
[12:30]
Impact on Space Telecommunications: The conversation emphasizes leveraging space infrastructure to enhance cybersecurity. By implementing moving target defenses through satellite communications, the defense systems can obscure points of presence, making it harder for adversaries to conduct reconnaissance and target critical network infrastructures.

"If we can obfuscate your point of presence to get into networks as a user of telecoms infrastructure and leverage the space segment to create moving target defense, essentially maneuver warfare in the telecommunications network layer, that immediately makes it more difficult for the adversaries to target because they can't do reconnaissance as well."
[21:04]
Opportunities for Enhanced Security: The agile software development lifecycle proposed by the DoD can be harnessed to build more secure and resilient telecommunications infrastructures, mitigating the risks posed by persistent cyber threats.

Strategic Implications: The integration of space-based solutions into cybersecurity strategies represents a novel approach to defending against increasingly sophisticated cyber adversaries, particularly those targeting global telecommunications networks.

9. Fraud Detection Firm Shutdown

The episode also covers a significant incident in the cybersecurity industry: the shutdown of a fraud detection firm due to fraudulent activities. Former CEO Paul Roberts of an adtech company fabricated detection services, orchestrating a $1.3 million phony service swap with another company. This deception included generating fake reports from nonexistent data, misleading stakeholders and falsely inflating company revenues.

Consequences:

Legal Repercussions: Roberts pled guilty after the Securities and Exchange Commission (SEC) uncovered the fraudulent transactions.
Company Fallout: The embellished Kai Power merger dissolved, leading to the company's delisting and eventual closure.

Industry Impact: This case underscores the critical importance of due diligence and robust verification mechanisms within cybersecurity firms to maintain trust and integrity in the industry.

Conclusion and Future Outlook

The CyberWire Daily episode "Brute Force and Broken Trust" delivers a thorough examination of current cybersecurity challenges, highlighting vulnerabilities in government databases, evolving ransomware threats, and the shifting landscape of cybersecurity responsibilities. Expert conversations shed light on innovative strategies to bolster defenses using space-based technologies, while real-world incidents like the indictment of Matt Weiss and the fraudulent shutdown of a fraud detection firm underscore the multifaceted nature of cyber threats.

As cyber adversaries continue to advance, the insights and analyses provided in this episode serve as essential guidance for cybersecurity professionals, policymakers, and organizations striving to navigate and mitigate the complex threat environment.

Notable Quotes:

Dave Bittner on Government Data Exposure:
"Over 150 government database servers used by agencies like the Departments of Agriculture, Education and Energy are exposed to the Internet, violating basic security protocols."
[00:12:30]
Brendan Karpf on Decentralization Risks:
"Experts warn this decentralization could lead to fragmented defenses, especially as many states lack the resources and intelligence centers to fill the gap."
[13:31]
Dave Bittner on Agile Software Acquisition:
"They're going to accept more risk upfront by rapidly implementing new software, by trying to implement this agile process with software acquisitions."
[17:15]
Brandon Karp on Moving Target Defense:
"If we can obfuscate your point of presence to get into networks as a user of telecoms infrastructure and leverage the space segment to create moving target defense, essentially maneuver warfare in the telecommunications network layer, that immediately makes it more difficult for the adversaries to target because they can't do reconnaissance as well."
[21:04]

This summary encapsulates the critical discussions and expert insights presented in the "Brute Force and Broken Trust" episode of CyberWire Daily, providing listeners and non-listeners alike with a comprehensive understanding of the current cybersecurity landscape and emerging strategies to counteract evolving threats.

Loading summary

Transcript18 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network.
[00:04]
Brandon Karp
Powered by N2K Cyber threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door. The login Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs, and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security today, over 150 government database servers are dangerously exposed to the Internet. Threat actors are exploiting a vulnerability in Check Point's Zone Alarm antivirus software. Albabat ransomware goes cross platform ESET reports on the Chinese Operation Fish Medley campaign. Van Helsing ransomware targets Windows systems in the US And France. CISA issues five ICS advisories warning of high severity vulnerabilities across critical infrastructure systems. A former NFL coach is indicted for allegedly hacking into the accounts of thousands of college athletes. Brendan Karpf joins us with a look at cyberspace in space and a fraud detection firm gets shut down for FRAUD It's Friday, March 21, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us and happy Friday. It is great to have you with us. A recent investigation has revealed a major cybersecurity threat to US government data. Over 150 government database servers used by agencies like the Departments of Agriculture, Education and Energy are exposed to the Internet, violating basic security protocols. These databases, hosted On Microsoft's Azure GovCloud, have open ports vulnerable to brute force attacks and known exploits. The report highlights over 655 unauthorized access attempts and more than 200 real time data replications, suggesting serious flaws in authentication and data protection. Analysts believe the exposure stems from a rushed federal data centralization effort. Experts are calling for urgent action, including congressional hearings and audits, to address what has the potential to become a catastrophic breach. The White House is shifting cybersecurity responsibilities from federal agencies to states and local governments. A new executive order from President Trump introduces a national resilience strategy aiming to give local entities more control over defending infrastructure and elections from cyber threats. This move follows cuts to federal cybersecurity teams and programs, leaving states without vital support like vulnerability alerts and free risk assessments. Experts warn this decentralization could lead to fragmented defenses, especially as many states lack the resources and intelligence centers to fill the gap. Cybersecurity professionals say the burden will hit underfunded sectors like schools and small municipalities hardest. Critics argue the shift, combined with federal workforce reductions, undermines national security and leaves states to manage growing cyber risks largely on their own. A new report reveals that threat actors are exploiting a vulnerability in Check Point's zone alarm antivirus software to bypass Windows Security security researcher Nima Bagheri detailed a Bring your own vulnerable driver attack using an old signed driver with kernel level privileges. This allows attackers to evade antivirus detection, bypass Windows memory integrity protections, and gain full system access. Once in, they steal credentials and establish remote access. Users are urged to update to the latest non vulnerable version. Albabat ransomware has evolved into a cross platform threat, now targeting Windows, Linux and macOS systems. Trend Micro researchers found multiple versions using GitHub for configuration management, allowing remote updates without redeploying malware. The ransomware retrieves settings via the GitHub REST API and avoids encrypting key system files while targeting user data. It terminates processes to ensure encryption success and collects detailed system info. Payment details in its config suggest preparation for expanded attacks using Bitcoin, Ethereum, Solana and bnb. Eset reports that Isun, a Chinese cybersecurity contractor linked to Beijing's Ministry of Public Security, ran a 2022 cyber espionage campaign called Operation Fish Medley. Its operational unit, Fishmonger, targeted seven organizations across Taiwan, Hungary, Turkey, Thailand, the US and France. Using tools like ShadowPad, Spider and the newly identified RPIPE Commander. Attackers gained deep network access, extracted credentials, and exfiltrated data. The campaign followed a document leak and US Indictments of ISOON staff for hacking US Agencies, activists and dissidents. A new ransomware called Van Helsing is targeting Windows systems in the US And France, focusing on government, manufacturing and pharmaceutical sectors. First spotted in March 2025, it uses advanced encryption and evasion tactics, appending Van Helsing to files and demanding ransom via a Tor based chat site. Van Helsing employs double extortion by encrypting and exfiltrating sensitive data. It uses rootkits, registry changes and bootkits for persistence, making detection difficult. Security experts urge strong backups, system patching, MFA and Zero Trust strategies for defense. CISA issued five ICS advisories warning of high severity vulnerabilities across critical infrastructure systems. These include flaws in Schneider Electric's EcoStruxure software and Enerlinxife components with multiple input validation issues. Siemens SimCenter Femap also contains a memory buffer flow vulnerability, while SMA's Sunny Portal has a file upload flaw. Finally, Santasoft's DICOM Viewer Pro suffers from an out of bounds write issue. CISA urges immediate updates to reduce exploitation risks, especially as these systems often support vital infrastructure. Former NFL and University of Michigan assistant coach Matt Weiss has been indicted on 14 counts of unauthorized computer access and 10 counts of identity theft for hacking into the accounts of thousands of college athletes. From 2015 through 2023, Weiss allegedly breached databases managed by Kefir Development services targeting over 150,000 athletes across more than 100 schools, the indictment says. He focused on female athletes seeking private photos and videos by accessing their social media, cloud and email accounts. Weiss allegedly cracked encryption using online research and kept detailed notes on stolen content. Fired by Michigan in 2023 after refusing to cooperate with an internal investigation, Weiss had previously worked for the Baltimore Ravens. Federal prosecutors say they will aggressively pursue the case to defend victims privacy. Coming up after the break, my conversation with Brandon Karp with a look at cyberspace in space and a fraud detection firm gets shut down for fraud. Stick around. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed. When it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed, according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit to get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Foreign Looking for a career where innovation meets impact. Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguard.jobs.com My former N2K colleague and current friend of the show, Brandon Karp, recently sat down with Maria Vermazes over on the T Minus podcast to talk about cyberspace in space.
[12:31]
Dave Bittner
DOD released a memo and policies around modern software acquisition reform where they identified this pathway called the software acquisition pathways which is really meant to implement agile processes in how the DoD acquires implements fields software. Traditionally, software has been seen just like every other DoD program, regardless of if it's an aircraft or a ship or a ground system for a satellite communications network has all been approached exactly the same. Obviously that doesn't work well for software. Software you have to test, you have to iterate, you have to move quickly. And so this memo that just came out last week is directing the acquisitions community to come up with an implementation plan for this much more rapid, iterative agile approach to software acquisitions.
[13:29]
Maria Vermazes
So when we say rapid.
[13:31]
Dave Bittner
Yes.
[13:32]
Maria Vermazes
How rapid are we talking?
[13:34]
Dave Bittner
Right. Well, so similarly and actually the same day that this memo came out, Space Systems Command released a case study around satellite communications. And I think this was intentionally timed. It was literally the same day. And this case study is fantastic. It's about the evolve strategic satellite communications program and specifically their implementation of a new agile software acquisitions technique for this program and specifically for the ground segment. The ground segment software for this program. Now before this program they admitted, and I cannot believe they publicly admitted this, they admitted that it historically takes them 12 years to field new software to.
[14:19]
Maria Vermazes
Field, not even to get it up and running, just to approve, just to sign the contract.
[14:25]
Dave Bittner
Right, 12 years, which is insane under this program that they implemented their new time horizon is six years doesn't sound a lot better but I mean they literally cut it in half. I think that's proof of concept as they move forward with it's what they're calling the Griffin program G R I F F O N. It seems like they'll get faster and faster and basically the, the, the pressy here is they implemented the agile process. They started with customer discovery. They brought in a bunch of potential vendors to do requirements development. They, those vendors went away, took those requirements, developed a minimum Viable product. They presented that minimum viable product in a Bake Off. The Air Force, the Space Systems Command selected the winner from that Bake off and that allowed the winner to implement their own software development process and iterate on that and get it to the point where they could start deploying and testing this new ground resilient system for the satellite communications network.
[15:30]
Maria Vermazes
Sounds great. I'm asking a question I know the answer to, admittedly, but the cyber angle to this, can you, let's walk that in because there's a big one here.
[15:39]
Dave Bittner
Right. And so, you know, as we're kind of moving into this brave new world of software defined warfare, and my claim has always been the government, especially DoD is the primary buyer for pretty much the entire space economy, has been mostly on telecoms, you know, certainly Earth observation as well. But to me those are the two legitimate viable markets for this industry. They are all vulnerable to cyber attack and all those systems are cyber enabled, software enabled. So we're moving to a point of software defined warfare, Software defined warfare being that's where the threats are, that's where the opportunities are. We've certainly in this industry heard about the viasat attack in early Ukraine. What most people haven't talked about is since then there's been 124 more validated cyber attacks against space systems in Eastern Europe since viasat. So obviously a huge threat vector and a huge target. What we haven't talked about so much is the opportunities of how the space segment can actually especially software defined space segment could improve security and especially when we're talking about telecommunications. So what I kind of want to want to pitch to this community and talk about is how this more rapid software development life cycle, software acquisitions reform could help the space industry implement highly effective secure telecommunications infrastructure. Leveraging the space segment.
[17:15]
Maria Vermazes
Yeah, get in. I was going to say, yes, that, let's, let's get into that. So I mean, admittedly, if you're not in the umbrella that may be directly affected by this, you might be going, well, how does this apply? But I think there are a lot of lessons here. So, okay, so that is the pitch that it'll, that's the opportunity. What does that look like on the ground?
[17:34]
Dave Bittner
Right. So you know, on the ground, step number one, what the DOD is doing is saying that they're going to do is they're going to accept more risk upfront by rapidly implementing new software, by trying to implement this agile process with software acquisitions. They're basically saying we are going to accept early risk, understanding that that allows software to be iterated upon, to be improved and to be developed in a way that ultimately will decrease risk and cost in the long run. And so certainly there are initial risks implemented there by accepting minimum viable software products. So that's kind of an interesting framing of them saying we're going to accept. Historically they've said we're going to accept zero risk, which is why it takes 12 years to test and field anything. But what that ends up doing is it ends up locking them into these old systems. So now how does this industry implement this? I'm going to specifically talk about telecom because that's where I think the biggest opportunities are for improving the cyber posture and cyber defense of. Of the west, certainly.
[18:41]
Maria Vermazes
Largest perimeter too, right? If you want to think of it that way.
[18:43]
Dave Bittner
Exactly. Largest perimeter. It's also globally targetable. So let's think about the space segment of the telecom infrastructure is providing backbone services. Now we have, you know, Leo constellations, we have Geo constellations that can provide backbone connectivity for packetized networks, for data networks, for Internet, et cetera. Those systems are globally targeted, Right? You can reach those from anywhere in the globe. So any adversary, whether it's Volt Typhoon who proved that they're interested in the telecom infrastructure in the US and Canada and has found their way into those systems, they're going to be targeting those systems. However, when you think about the space architecture, it actually can be a little harder to target. So when you think about the kill chain, the first step of the kill chain is reconnaissance. First step of reconnaissance is figuring out where your target's infrastructure is, where their target points are, where their selectors, like IP addresses, servers, et cetera, are located and maneuvering through a network to find them and finding your way onto hot points. If we are leveraging intelligently, I'm not saying that you can necessarily do this off the bat, but think about how we can implement this rapid software implementation for the network layer, for the network and transport layer of the Internet and use the space segment to obfuscate our points of presence. So what does it mean by that? Think about each satellite as a point of presence, an adversary. I don't even as a user know which satellite my data's directly going to. Because they're moving, they're rapidly moving. It's a moving target defense. So if we can obfuscate your point of presence to get into networks as a user of telecoms infrastructure and leverage the space segment to create moving target defense, essentially maneuver warfare in the telecommunications network layer, that immediately makes it more difficult for the adversaries to target because they can't do reconnaissance as well.
[20:47]
Maria Vermazes
So it's like the okay, so I'm thinking in the classic on the defender side, you wanted to know what all your assets are so you can defend them. Because there's always assets that get forgotten or lost. In this case we're saying security through obscurity. We want the moving target. That's a fascinating opportunity that really only space provides.
[21:05]
Dave Bittner
Exactly. Yeah, pretty much space or high altitude balloons or drones potentially for creating these relays for communications. But if you think about how you can leverage and my call is to the DoD and any users of globalized telecom infrastructure, think about how you can use this space segment to obfuscate your communications. Relay your points of presence in a rapid fashion to essentially make them ephemeral. So when Volt Typhoon's going after your telecom infrastructure, they have a hard time finding where you even are and where your network even is.
[21:39]
Brandon Karp
That's Brandon Karp speaking with Maria Vermazes from the T Minus podcast. Be sure to check out T Minus wherever you get your favorite podcasts. Tired of investigation tools that only do one thing at a time? Spending more time juggling contracts with data vendors than actually investigating Maltego changes that for good. Get one investigation platform, one bill to pay, and all the data you need in one place. It comes with curated data and a full suite of tools to handle any digital investigation. Connect the dots so fast cybercriminals won't even have time to Google what Maltego is. See the platform in action@maltego.com and finally, in a plot twist worthy of a Silicon Valley satire, former CEO of an adtech company has been sentenced to a year and a day in prison for faking pretty much everything. Paul Roberts, whose AdTech company claimed to detect fraudulent ads with its cloudy software, Kai decided to fraud his way to the top. In a bold bit of corporate make believe, he orchestrated a $1.3 million phony service swap with another company, complete with fake reports generated from non existent data. Both firms recorded the made up transaction as real revenue, like a business version of kids trading monopoly money and calling it profit. It worked for a while. The company even went public raising $33 million. But the SEC noticed the imaginary math and Roberts pled guilty. By late 2024, the much hyped Kai Power merger vanished. Kubiant the company delisted itself and quietly folded. You have to admire the commitment. It takes real effort to fake that much effort. And that's the Cyber Wire for links to all of today's stories. Check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with Tom Hagel from Sentinel Labs. The research we're discussing is titled Ghostwriter. New Campaign Targets Ukrainian Government and Belarusian Opposition. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.