Cats and RATS are all the rage. - CyberWire Daily

Summary6 min read

CyberWire Daily: "Cats and RATS are all the rage" Summary

Release Date: January 29, 2025
Host: Dave Buettner, N2K Networks
Guest: Ivan Novikov, CEO at Walarm

1. AI-Enhanced Cyber Attacks

Overview:
The episode begins with an alarming report from The Wall Street Journal about state-linked hacking groups from China and Iran utilizing AI, specifically Google's Gemini Chatbot, to bolster their cyberattack capabilities. These groups are leveraging AI for tasks such as writing malicious code, identifying system vulnerabilities, and researching potential targets.

Key Points:

Use of AI in Cyberattacks:
- “These groups leverage AI for tasks like writing malicious code, identifying vulnerabilities and researching targets.” – Dave Buettner [02:30]
Country-Specific Tactics:
- Chinese and Iranian groups use Gemini more extensively, treating it as a research tool.
- North Korean hackers employ AI for creating convincing job application cover letters to aid espionage.
- Russian groups have limited AI usage, primarily for coding tasks.
Skepticism Among Cybercriminals:
- Despite the potential, many cybercriminals remain skeptical about the practical applications of generative AI.
- “Many cybercriminals see AI as overhyped and unsuitable for complex operations.” – Dave Buettner [05:15]
US Intelligence Perspective:
- AI is becoming integral to global cyber and military strategies.
- “AI is becoming a crucial factor in global cyber and military strategies.” – Dave Buettner [06:00]
Concerns Over Open Source AI:
- China’s release of Deep Seek AI with open-source code raises worries about unregulated misuse.

2. Security Vulnerabilities and Data Leaks

Structchat Data Leak:
A significant breach was reported in an AI-powered messaging tool for Slack and Discord, Structchat. An exposed Apache Kafka broker streamed sensitive user data without security measures, affecting over 1,000 users across 200 companies within an hour.

“This information could be exploited for phishing, identity theft, or corporate espionage.” – Dave Buettner [07:20]

Smiths Group Cyber Attack:
British engineering firm Smiths Group experienced a cyberattack resulting in unauthorized system access. The company responded by isolating affected systems and collaborating with cybersecurity experts, though the exact nature of the attack remains unclear.

Rockwell Automation Vulnerabilities:
Rockwell Automation released advisories on six critical and high-severity vulnerabilities in their Factory Talks software. Potential exploits include remote command execution and system configuration access.

“Organizations are urged to apply patches to protect industrial automation systems from potential threats.” – Dave Buettner [09:45]

Apple CPU Side Channel Vulnerabilities:
Researchers discovered new side channel vulnerabilities in Apple’s M2 and A15 CPUs, potentially allowing attackers to leak sensitive information through web browsers.

“These attacks exploit flaws in speculative execution, the same underlying issue behind Spectre and Meltdown.” – Dave Buettner [11:30]

3. Emergence of the Hellcat Ransomware Gang

Characteristics and Tactics:
The Hellcat ransomware gang, emerging in 2024, employs a ransomware-as-a-service model with a unique approach combining financial extortion and psychological pressure.

“Hellcat uses psychological pressure alongside standard double extortion, threatening to leak stolen data if ransoms aren't paid.” – Dave Buettner [12:10]

Notable Attacks:
Targets include Schneider Electric, a US university, a French energy company, and an Iraqi city government. Hellcat is known for humiliating victims by demanding unconventional ransom payments, such as $125,000 in baguettes.

“Their approach signals a potential evolution in cyber extortion, blending traditional financial motives with psychological warfare.” – Dave Buettner [13:05]

4. Spark RAT and Fleshstealer Malware

Spark RAT on macOS and Government Entities:
Researchers uncovered ongoing operations of Spark RAT, a remote access trojan targeting macOS users and government organizations. Distributed via fake meeting platforms and gaming sites, Spark RAT is linked to North Korean cyber campaigns.

“Analysts recommend monitoring HTTP headers, JSON error messages, and network traffic for detection.” – Dave Buettner [14:20]

Fleshstealer Malware Analysis:
Fleshstealer, a credential-stealing malware written in C, employs encryption to evade detection and self-terminates in debugging environments. It targets Chromium and Mozilla-based browsers to extract credentials and crypto wallet data.

“Fleshstealer is lightweight and offers 24/7 support for cybercriminals with logs decrypted directly on its web-based control panel.” – Dave Buettner [15:10]

5. Exploitation of Government Websites for Phishing

Methodology:
Cybercriminals have been exploiting vulnerabilities in government websites, using trusted domains as platforms to host phishing pages, act as command and control servers, and redirect users to malicious destinations.

“Victims seeing a trusted government address click without hesitation only to land on pages designed to steal their credentials.” – Dave Buettner [16:30]

Impact Regions:
The United States, Brazil, and Colombia are among the most affected, with US government domains accounting for 9% of total cases.

“Their strategy is methodical, their execution precise.” – Dave Buettner [17:00]

6. Interview with Ivan Novikov, CEO at Walarm

US Ruling on Connected Car Tech:
Ivan Novikov discusses the recent US Commerce Department ruling that bars certain Chinese and Russian connected car technologies from being imported into the US. This move aims to protect both personal and government privacy by securing the vast electronic networks within modern vehicles.

“They want to protect privacy at a personal level and also kind of government privacy.” – Ivan Novikov [16:05]

Cyber Risks in Connected Cars:
Novikov emphasizes the vulnerabilities in APIs that connect cars to the cloud, highlighting that while no vendor can claim absolute security, focus should be on securing dealership and cloud infrastructure.

“All of them vulnerable. There is a few things that I have to point that we call this kind of attack Surface.” – Ivan Novikov [20:31]

Future of Automotive Cybersecurity:
Novikov predicts that attackers will prioritize hacking cloud systems and dealership APIs over individual cars due to the scalability and impact of such breaches.

“The cloud itself and a dealership with the first thing and then cloud of this automakers.” – Ivan Novikov [21:15]

7. Innovative QR Code Manipulations

Optical Illusion QR Codes:
The episode concludes with a discussion on novel QR code manipulations inspired by optical illusions. Researchers like Guy Dupont and Christian Walther have developed QR codes that direct users to different URLs based on the viewing angle or distance.

“Depending on the distance your camera is from the QR code, you will be directed to one of two unrelated URLs.” – Dave Buettner [25:00]

Implications:
This technique opens new avenues for both creative uses and potential malicious applications, highlighting the evolving nature of cybersecurity challenges.

Conclusion

The "Cats and RATS are all the rage" episode of CyberWire Daily delves deep into the intersection of AI and cybersecurity, the rise of sophisticated malware gangs, vulnerabilities in modern technologies, and innovative yet potentially exploitable techniques in QR code usage. With insights from industry experts like Ivan Novikov, the episode underscores the ever-evolving landscape of cyber threats and the critical need for robust security measures.

Notable Quotes:

“AI is becoming a crucial factor in global cyber and military strategies.” – Dave Buettner [06:00]
“Their approach signals a potential evolution in cyber extortion, blending traditional financial motives with psychological warfare.” – Dave Buettner [13:05]
“Victims seeing a trusted government address click without hesitation only to land on pages designed to steal their credentials.” – Dave Buettner [16:30]

For more detailed insights and updates, listeners are encouraged to visit CyberWire Intel Briefing.

Produced by Liz Stokes, mixed by Trey Hester, with original music and sound design by Elliott Peltzman. Executive Producer: Jennifer Ibin. Executive Editor: Brandon Karp. President: Simone Petrella. Publisher: Peter Kilpe.

Loading summary

Transcript17 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire Network, powered by N2K. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect. Prepare and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more@AI.domo.com that's AI.domo.com hackers linked to China and Iran are using AI to enhance cyber attacks An AI powered messaging tool for Slack and Discord is reportedly leaking user data. British engineering giant Smith's group suffers a cyber attack. Rockwell Automation details critical and high severity vulnerabilities. Researchers warn of new side channel vulnerabilities in Apple CPUs. The Hellcat ransomware gang looks to humiliate its victims. Spark rat targets macOS users and government entities. Flashpoint looks at flesh stealer malware Cybercriminals leverage trust in government websites. Our guest is Ivan Novikov, CEO at Walarm, sharing insights on the recent US Ruling that bars certain Chinese and Russian connected car tech from being imported into the US and QR code shenanigans. It's Wednesday, January 29, 2020. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Happy Wednesday and thank you for joining us here today. The Wall Street Journal, in an exclusive, says hackers linked to China, Iran and other foreign governments are using AI, including Google's Gemini Chatbot, to enhance cyberattacks. These groups leverage AI for tasks like writing malicious code, identifying vulnerabilities and researching targets. While Western officials have Long warned about AI's misuse, Google's new findings provide concrete examples of adversaries utilizing generative AI. Chinese and Iranian hacking groups are the most active users of Gemini, treating it as a research tool rather than a game changing cyberweapon. North Korean hackers use AI for job application cover letters aiding espionage efforts, while Russian groups use it sparingly for coding tasks. In contrast, researchers at Sophos conclude cybercriminals on underground forums remain largely skeptical about generative AI, with little evidence of its use in developing new exploits or malware. While some actors discuss ambitious AI applications, these remain theoretical. The primary concern is AI's potential misuse for automating tasks like spamming, mass mailing and data analysis. Rather than creating novel threats. Many cybercriminals see AI as overhyped and unsuitable for complex operations. For now, most are taking a wait and see approach, assessing how AI could integrate into their workflows over time. Meanwhile, China's Deep Seek AI with open source code raises concerns about unregulated misuse. US Intelligence officials warn that AI is becoming a crucial factor in global cyber and military strategies. Google urges tighter export controls and faster AI adoption in US Defense to maintain its technological edge. Structchat, an AI powered messaging tool for Slack and Discord, claims to prioritize privacy. However, researchers at Cybernews found an exposed Apache Kafka broker instance streaming user data without security measures. Despite multiple disclosure attempts, the leak remains open as of yesterday, posing a severe risk to users. The leak includes sensitive Slack data such as usernames, emails, conversations, team details and internal URLs. In just one hour, data from over 1,000 users across 200 companies was exposed. This information could be exploited for phishing, identity theft, or corporate espionage. Structchat, which uses OpenAI's ChatGPT for summaries, has not responded to inquiries. British engineering giant Smiths Group is working to restore systems following a cyberattack that led to unauthorized access. The company quickly isolated affected systems and activated business continuity plans. Smiths is collaborating with cybersecurity experts to assess the impact and comply with regulations. While the exact nature of the attack remains unclear, it may involve ransomware, as taking systems offline is a common response. No ransomware group has claimed responsibility. The company, with 15,000 employees worldwide, promises updates as needed. Rockwell Automation has released six security advisories detailing critical and high severity vulnerabilities in its products. In the Factory Talks software, critical flaws in View Machine Edition and High Severity issues in View Site Edition could allow remote and local attackers to execute commands or access system configurations. Other vulnerabilities include a critical SQLite flaw in Data Mosaic's private cloud, a denial of service issue in the ISE2 controller, and credential exposure in PowerFlex 755. While there's no evidence of active exploitation, CISA has issued advisories urging organizations to apply patches to protect industrial automation systems from potential threats. Security researchers from the Georgia Institute of Technology and Ruhr University Bauchem have discovered new side channel vulnerabilities in modern Apple processors that could leak sensitive information from Web browsers named FLOP and slap. These attacks exploit flaws in speculative execution, the same underlying issue behind Spectre and Meltdown. The attacks target M2 or A15 and newer Apple CPUs, which predict memory addresses and data values to speed up processing. However, mispredictions can expose sensitive information, potentially allowing attackers to bypass browsers, sandboxes and steal data in Safari and chrome via malicious JavaScript or web assembly code. The researchers disclosed SLAP in March of last year and FLOP in September. Apple acknowledged the flaws and pledged to address them, but no fixes have been released. The company stated that it does not see an immediate risk to users, though researchers warn of real world security implications. The Hellcat ransomware gang emerging in 2024 employs a ransomware as a service model but stands out for its humiliating tactics against victims. According to Cato researchers, Hellcat uses psychological pressure alongside standard double extortion, threatening to leak stolen data if ransoms aren't paid. Notable attacks include Schneider Electric, where hackers demanded $125,000 in baguettes instead of cash. They also leaked 40 gigabytes of sensitive data. Other targets include a US university, a French energy company and an Iraqi city government. Hellcat prioritizes public embarrassment over financial gain, selling access to compromise systems cheaply rather than demanding large ransoms. Their approach signals a potential evolution in cyber extortion, blending traditional financial motives with psychological warfare to pressure victims. Moving from cats to rats Researchers from Huntio have uncovered new Spark RAT operations, exposing its persistent use in cyber espionage against macOS users and government entities. Originally released on GitHub in 2022, Sparkrat is a cross platform remote access Trojan targeting Windows, macOS and Linux linked to North Korean cyber campaigns. Sparkrat has been distributed via fake meeting platforms and gaming sites. Researchers from Hunt and Kato Networks identified C2 servers in Korea and Singapore using port 8000 for communication. An Android apk linked to Sparkrat further extends its attack surface. Analysts recommend monitoring HTTP headers, JSON error messages and network traffic for detection. Hunt, Cato Networks and other cybersecurity researchers continue investigating SparkRat's evolving infrastructure and tactics to mitigate this growing threat. Researchers at Flashpoint look at fleshstealer, a credential stealing malware that first emerged in September of last year. Written in C, it uses encryption to evade detection and terminates itself if debugging is detected. It also avoids execution in virtual machine environments, preventing forensic analysis. Fleshstealer targets chromium and Mozilla based browsers, extracting credentials, crypto wallet data and two FA extensions from over 70 sources. It can reset Google cookies for further exploitation. The malware is lightweight and offers 24. 7 support for cybercriminals with logs decrypted directly on its web based control panel for nearly two years, cybercriminals have been quietly exploiting vulnerabilities in government websites, using their trusted.gov domains to launch phishing campaigns. According to Cofence Intelligence, attackers have turned these sites into weapons, leveraging them to host credential phishing pages, act as command and control servers and redirect unsuspecting users to malicious destinations. A particularly insidious tactic is the abuse of open redirects, where a compromised government site unknowingly forwards visitors to phishing links. Victims seeing a trusted government address click without hesitation only to land on pages designed to steal their credentials. The United States, Brazil, and Colombia have been among the hardest hit, with US government domains accounting for 9% of total cases. In most instances, these domains were exploited to bypass email security gateways like Microsoft ATP, proofpoint, and mimecast, ensuring phishing emails reached inboxes undetected. What's most alarming is how deliberate this campaign appears. Instead of opportunistically attacking any vulnerable site, cybercriminals first design their phishing campaigns and then seek out compromised government domains to give their attacks credibility. Their strategy is methodical, their execution precise. Coming up after the break, my conversation with Ivan Novikov, CEO at walarmonde. We're discussing the recent US Ruling that bars Chinese and Russian connected car tech and QR code shenanigans. Stay with us.
[12:46]
Nerds Gummy Clusters
This episode is brought to you by Nerds Gummy Clusters the sweet treat that always elevates the vibe with a sweet gummy surrounded with tangy, crunchy nerds. Every bite of Nerds Gummy Clusters brings you a whole new world of flavor. Whether it's game night, on the way to a concert or kicking back with your crew, unleash your senses with Nerds Gummy Clusters.
[13:09]
Dave Buettner
And now a message from our sponsor zscaler. The leader in cloud security. Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement connecting users only to specific apps, not the entire network continuously verifying every request based on identity and context, simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler, Zero Trust and AI. Learn more@zscaler.com Security hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try Delete me. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeletMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. Ivan Novikov is CEO at Walarm. I recently caught up with him to discuss a recent US ruling that bars certain Chinese and Russian connected car tech.
[15:57]
Ivan Novikov
Ultimately, what do we have now right to the market as there is a plenty of Chinese car makers, right? The automotive vehicle makers already ready to kind of like fulfill the market, buy a lot of new cars, right? They're cheaper and in many cases even more convenient for customers specifically to count latest features such as amount of electronics they have and so on. And that's I think what they want to do is to kind of prevent American customers against using these cars in the future because they might be very inexpensive and also kind of like rich by features. Why? Because ultimately there is a plenty of cars that exist in the market already connected and connected cars means not only sending your current location but also in many cases send some parts, if not all the video stream from some cameras or lidars or different other electronic components that built in a car including microphones and so on. So cars just are full of electronics and this parts and components connected to the cloud. So they want to protect privacy at personal level and also kind of government privacy. Because if it's plenty of cars, they can literally film everything around and you don't even know what could be filmed right outside of the car. I guess what they want to do is to kind of improve security level very proactively before American market kind of like fulfilled by these Chinese cars.
[17:39]
Dave Buettner
What sort of components are we talking about here?
[17:42]
Ivan Novikov
Sure. I mean, it's not a secret, right. Many of these electronic components such as chips. Right. Produced in China or Taiwan, which is very unclear region, is it? For now and then that's specifically an interesting part of those. And definitely these components, software and hardware components, as you can see in this notice, in this requirement, they split hardware and software a little bit separately and they can kind of like push software a little bit faster than headwear. Headwear is not that easy to replace because many of American car vendors and car makers using this Chinese header. Right. We're mainly talking about pretty much everything that connect car, definitely the chips itself and less about AI components because many of them produced by intel and Nvidia, they're based in states. Right. But all this component that basically make this car connect to the, to the cloud, to the main servers. That's what I'm talking about. So built in embedded systems and built in computers and definitely all the lidars and cameras, all of this.
[19:08]
Dave Buettner
This rule was put in by the Commerce Department, of course, under the previous administration. Do we suspect that this rule will hold with the Trump administration coming into office?
[19:19]
Ivan Novikov
This is a little bit kind of like unclear, but is it? For me this question is definitely kind of rely on the main point that I have to make. The main point is like, who will enforce this? Right. Ultimately it should be department on Transportation who actually applied these rules and making this as in any form, such as recall, if you already own the car or kind of like, you know, some restriction for dealership to sell such cars. And this is what we will see. So I really think that this may stay in any form. But most interesting, how Department of Transportation will act on this and which new kind of rules, right. Or guidances or you know, commands in that sense will be issued by Department of Transportation.
[20:13]
Dave Buettner
I know you and your colleagues at Wall ARM work with automakers, looking at the potential vulnerabilities of components and the software and so on. When you look at the big cyber risks when it comes to cars, what are some of the things that you think folks should know about?
[20:31]
Ivan Novikov
Yeah, you're right. We're doing a lot of research and working with car makers and automotive companies over the world. Our main idea is to help them to secure their APIs. Basically the data layer used to connect cars and clouds. Right. Or servers somewhere in the Internet to basically connect cars to Internet and then what I have to say, first of all, all the cars are vulnerable, some of them more, some of them less. But there is absolutely no vendor that can claim that hey guys, we 100% secure, right? All of them vulnerable. There is a few things that I have to point that we call this kind of attack Surface means which attacks and how and where attackers can do to compromise very specific cars or vendor in general. So just a few things to mention. First of all, there's definitely all the APIs related to dealerships and management such as technical station and so on. They should be connected. And for attackers, it's kind of a lot of benefits to hack them and hack many cars altogether rather than target very specific cars such as mine and yours and others one by one. It's less productive for them. The other thing overall, the data centers and clouds that used to serve the data came from cars. Imagine you have plenty of cars such as hundreds of times a minute connect to the cloud, but you better try to hack the cloud rather than go after each car which could be everywhere, right? The cloud itself and a dealership with the first thing and then cloud of this automakers, however, they definitely protect that much better than many other IT components and systems because automotive cars already recognize this risk a while ago and they invested in this security. And the third point, I guess overall communication protocols, it could be, you know, direct link between your car and the cloud. It could be some indirect links such as your Bluetooth that you can activate in the car and some, some other guy can connect. But this attacks a little bit more targeted and I really think that it's more about, you know, the more targeted, you know, kind of like internal system to break this, to break them and you know, steal your car rather than, you know, compromise your car during the driving and so on. Dealerships and cloud provider and clouds like IT systems for built to serve. This connected car is definitely kind of number one, number two priorities for attackers.
[23:18]
Dave Buettner
That's Ivan Novikov from Walar.
[23:29]
Ivan Novikov
Foreign.
[23:35]
Dave Buettner
Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off.
[24:40]
Nerds Gummy Clusters
This episode is brought to you by Indeed. When your computer breaks, you don't wait for it to magically start working again. You fix the problem. So why wait to hire the people your company desperately needs? Use Indeed's sponsored jobs to hire top talent fast. And even better, you only pay for results. There's no need to wait. Speed up your hiring with a $75 sponsored job credit@ Indeed.com podcast terms and conditions apply.
[25:15]
Dave Buettner
And finally, there's a popular optical illusion that features the faces of Albert Einstein and Marilyn Monroe superimposed over one another. Depending on how far away you are from the image, you see either Albert or Marilyn. And if you vary your distance, the two faces seemingly morph back and forth. The illusion takes advantage of the way our visual systems interpret contrast and sharpness, and how our brains prefer to lock into the familiar. Curious researchers wondered if the same effect could be applied to QR codes. In a post on Mastodon, Guy Dupont experimented with using lenticular lenses on QR codes to activate one of two different URLs depending on the angle the code was viewed at. Christian Walther took it to the next level, creating a version with no lens required, taking advantage of the previously mentioned peculiarities of perceived contrast and sharpness. It works. Depending on the distance your camera is from the QR code, you will be directed to one of two unrelated URLs. Needless to say, this opens up a whole new world of possibilities for QR code shenanigans. We'll have a link in the show notes. See for yourself. It's fun and not just a little bit unnerving. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Ibin. Our executive editor is Brandon Karp Simone Petrella is our president. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[28:05]
Ivan Novikov
Foreign.
[28:13]
Dave Buettner
Cyber threats are evolving every second. And staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with Threat Locker, a cybersecurity solution trusted by businesses worldwide. Threat Locker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.