Transcript
Dave Bittner (0:02)
You're listening to the Cyberwire network.
Brandon Karp (0:04)
Powered by N2K Cyber threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door. The login Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs, and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security today, over 150 government database servers are dangerously exposed to the Internet. Threat actors are exploiting a vulnerability in Check Point's Zone Alarm antivirus software. Albabat ransomware goes cross platform ESET reports on the Chinese Operation Fish Medley campaign. Van Helsing ransomware targets Windows systems in the US And France. CISA issues five ICS advisories warning of high severity vulnerabilities across critical infrastructure systems. A former NFL coach is indicted for allegedly hacking into the accounts of thousands of college athletes. Brendan Karpf joins us with a look at cyberspace in space and a fraud detection firm gets shut down for FRAUD It's Friday, March 21, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us and happy Friday. It is great to have you with us. A recent investigation has revealed a major cybersecurity threat to US government data. Over 150 government database servers used by agencies like the Departments of Agriculture, Education and Energy are exposed to the Internet, violating basic security protocols. These databases, hosted On Microsoft's Azure GovCloud, have open ports vulnerable to brute force attacks and known exploits. The report highlights over 655 unauthorized access attempts and more than 200 real time data replications, suggesting serious flaws in authentication and data protection. Analysts believe the exposure stems from a rushed federal data centralization effort. Experts are calling for urgent action, including congressional hearings and audits, to address what has the potential to become a catastrophic breach. The White House is shifting cybersecurity responsibilities from federal agencies to states and local governments. A new executive order from President Trump introduces a national resilience strategy aiming to give local entities more control over defending infrastructure and elections from cyber threats. This move follows cuts to federal cybersecurity teams and programs, leaving states without vital support like vulnerability alerts and free risk assessments. Experts warn this decentralization could lead to fragmented defenses, especially as many states lack the resources and intelligence centers to fill the gap. Cybersecurity professionals say the burden will hit underfunded sectors like schools and small municipalities hardest. Critics argue the shift, combined with federal workforce reductions, undermines national security and leaves states to manage growing cyber risks largely on their own. A new report reveals that threat actors are exploiting a vulnerability in Check Point's zone alarm antivirus software to bypass Windows Security security researcher Nima Bagheri detailed a Bring your own vulnerable driver attack using an old signed driver with kernel level privileges. This allows attackers to evade antivirus detection, bypass Windows memory integrity protections, and gain full system access. Once in, they steal credentials and establish remote access. Users are urged to update to the latest non vulnerable version. Albabat ransomware has evolved into a cross platform threat, now targeting Windows, Linux and macOS systems. Trend Micro researchers found multiple versions using GitHub for configuration management, allowing remote updates without redeploying malware. The ransomware retrieves settings via the GitHub REST API and avoids encrypting key system files while targeting user data. It terminates processes to ensure encryption success and collects detailed system info. Payment details in its config suggest preparation for expanded attacks using Bitcoin, Ethereum, Solana and bnb. Eset reports that Isun, a Chinese cybersecurity contractor linked to Beijing's Ministry of Public Security, ran a 2022 cyber espionage campaign called Operation Fish Medley. Its operational unit, Fishmonger, targeted seven organizations across Taiwan, Hungary, Turkey, Thailand, the US and France. Using tools like ShadowPad, Spider and the newly identified RPIPE Commander. Attackers gained deep network access, extracted credentials, and exfiltrated data. The campaign followed a document leak and US Indictments of ISOON staff for hacking US Agencies, activists and dissidents. A new ransomware called Van Helsing is targeting Windows systems in the US And France, focusing on government, manufacturing and pharmaceutical sectors. First spotted in March 2025, it uses advanced encryption and evasion tactics, appending Van Helsing to files and demanding ransom via a Tor based chat site. Van Helsing employs double extortion by encrypting and exfiltrating sensitive data. It uses rootkits, registry changes and bootkits for persistence, making detection difficult. Security experts urge strong backups, system patching, MFA and Zero Trust strategies for defense. CISA issued five ICS advisories warning of high severity vulnerabilities across critical infrastructure systems. These include flaws in Schneider Electric's EcoStruxure software and Enerlinxife components with multiple input validation issues. Siemens SimCenter Femap also contains a memory buffer flow vulnerability, while SMA's Sunny Portal has a file upload flaw. Finally, Santasoft's DICOM Viewer Pro suffers from an out of bounds write issue. CISA urges immediate updates to reduce exploitation risks, especially as these systems often support vital infrastructure. Former NFL and University of Michigan assistant coach Matt Weiss has been indicted on 14 counts of unauthorized computer access and 10 counts of identity theft for hacking into the accounts of thousands of college athletes. From 2015 through 2023, Weiss allegedly breached databases managed by Kefir Development services targeting over 150,000 athletes across more than 100 schools, the indictment says. He focused on female athletes seeking private photos and videos by accessing their social media, cloud and email accounts. Weiss allegedly cracked encryption using online research and kept detailed notes on stolen content. Fired by Michigan in 2023 after refusing to cooperate with an internal investigation, Weiss had previously worked for the Baltimore Ravens. Federal prosecutors say they will aggressively pursue the case to defend victims privacy. Coming up after the break, my conversation with Brandon Karp with a look at cyberspace in space and a fraud detection firm gets shut down for fraud. Stick around. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed. When it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed, according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit to get your jobs more visibility@indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. Foreign Looking for a career where innovation meets impact. Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguard.jobs.com My former N2K colleague and current friend of the show, Brandon Karp, recently sat down with Maria Vermazes over on the T Minus podcast to talk about cyberspace in space.