China’s cyberstorm goes global. - CyberWire Daily

Summary6 min read

CyberWire Daily: “China’s cyberstorm goes global.”

Date: September 4, 2025
Host: Dave Bittner, N2K Networks
Guest: Rick Kahn, Global Director of Cybersecurity Services, Rockwell Automation

Episode Overview

This episode centers on a series of escalating global cyber threats, with a specific focus on China’s “Salt Typhoon” operation, and new tactics from advanced actors worldwide. The show also covers updates on major cyber campaigns, significant vulnerabilities, and closes with expert insight into the critical challenges facing OT/IT cybersecurity convergence in the water and wastewater sector.

Major News & Analysis Highlights

1. China’s Salt Typhoon: The New Face of State-Backed Campaigns

[02:30 - 05:00]

Scope & Sophistication:
The New York Times reports that the "Salt Typhoon" campaign is the most ambitious Chinese cyber operation to date. Investigators discovered the state-backed operation had infiltrated telecom and other sectors across over 80 countries—potentially impacting nearly every American.
Shift in Tactics:
Unlike previous attacks that singled out specific targets, Salt Typhoon is broad and indiscriminate, “sweeping up vast amounts of data that could let Chinese intelligence track politicians, spies, and activists worldwide.”
Global Response:
Western allies, including the US, UK, Germany, and Japan issued a rare joint statement condemning the attack, calling it "unrestrained."
Quote:
“Experts say the campaign reflects China's growing cybersophistication, shifting from theft of trade secrets to deep, long-term infiltration of global communication networks to gain strategic advantage.” (Host, 04:15)

2. Major Google Outage in Southeastern Europe

[05:10 - 06:00]

Google services (YouTube, Maps, Search, Gmail, and Drive) suffered failures across Bulgaria, Turkey, and Greece.
Root-cause appears to be on Google’s end—not local connections—with widespread user disruption.
Error messages referenced 5xx server errors.

3. Critical FreePBX Zero-Day Patch Issued

[06:05 - 07:00]

Sangoma responded to active exploitation of a CVSS 10 flaw allowing database manipulation and remote code execution in FreePBX.
Patch and firewall protections are urgently advised.
CISA adds the flaw to its Known Exploited Vulnerabilities list, with deadlines for federal agencies.

4. Jaguar Land Rover Breach Claimed by Youth Cyber Gang

[07:10 - 08:00]

“Scattered Lapsus Hunters” claim responsibility for a cyberattack that halted production, sharing internal screenshots.
The group has previous ties to UK retailer breaches and is reportedly attempting extortion.
Company response: IT system shutdowns for containment; ICO is assessing the incident.

5. Exworm Backdoor Campaign Evolves

[08:05 - 09:00]

Tactic Shift:
Xworm is now using multi-stage infection chains and deceptive file disguises to evade detection.
- Capabilities include firewall disabling, data theft, DDoS, and persistence mechanisms.
- Uses combination of Rindale encryption and base64 to hide C2 traffic.
- Adopted anti-analysis techniques: sandbox checks, mutex creation.
Quote:
“Security experts warn its growing sophistication and prevalence highlight the urgent need for layered defenses and proactive detection strategies.” (Host, 08:50)

6. Ghost Redirector: A New China-Aligned Threat Actor

[09:05 - 10:10]

ESET research identifies Ghost Redirector, active since Dec. 2024, compromising at least 65 Windows servers (mainly Brazil, Thailand, Vietnam).
Toolset: Rungon backdoor, Gamshan IIS module for SEO fraud—alters content only for Googlebot.
Entry through SQL injection and public exploits, then uses PowerShell for further access.
Affects multiple sectors: healthcare, education, insurance, transport, retail.

7. TP-Link Router Vulnerabilities Exploited

[10:15 - 11:00]

Two flaws—authentication bypass, command injection—affect multiple and even EOL models; linked to activity from the Quad 7 botnet (China-linked Storm 0940).
Federal agencies must remediate by September 24.

8. US Bounty on Russian FSB Hackers

[11:05 - 12:00]

State Dept. offers up to $10M for info leading to three Russian FSB officers’ arrest (Berserk Bear, Dragonfly).
Involved in global targeting of critical infrastructure (Nuclear Reg. Commission, Wolf Creek Nuclear, etc.).
FBI calls for tips; reflects ongoing threat from Russian APTs.

9. Editorial: ODNI Cuts Threaten US Cyber Defense

[12:05 - 13:00]

Authors warn about “crippling” effects of 40% staffing cuts and the shutdown of key units at the ODNI (e.g., CTIIC).
Quote:
“The authors argue these cuts will fragment intelligence sharing and leave the nation vulnerable, calling for continued support…” (Host, 12:55)

Special Interview: Rick Kahn, Rockwell Automation – OT/IT Convergence & Critical Infrastructure

[14:13 - 24:09]

Key Topics and Insights

1. Unique Challenges in Water/Wastewater Sector

[14:13]
Rick Kahn:

Smaller municipalities lack the budget/staff for both IT and OT specialties.
OT environments “look and feel like IT, but they’re not”—fragility, legacy systems, embedded non-traditional equipment abound.
“The magic comes from… blending those two skill sets to solve problems.” ([14:58])

2. Data Context Is Key

[15:28]
Rick Kahn:

Asset lists aren’t enough—contextual data is vital (“I need to know what that asset’s particular function in this facility is…”).
Risk must be understood on both IT and OT terms for informed decision-making.
“You can’t just go with IT planning—patch everything Tuesday. The real world is more nuanced.” ([16:20])

3. Who Should Bridge IT & OT?

[17:11]
Rick Kahn:

No universal answer; sometimes board-driven, sometimes organically OT- or IT-led.
Legacy “firewall and forget” attitudes are no longer acceptable to boards/insurance.
Quote: “Operations are always king… we had to step back and let the parents have their battle royale…” ([17:53])

4. Modern Facility vs. Decades-Old Legacy Systems

[18:54 - 21:35]
Rick Kahn:

Legacy (“brownfield”) systems require deep contextual understanding for security layering (e.g., digital twin, HMI redundancy, microsegmentation).
New (“greenfield”) builds often neglect to write security requirements into specs—still seen as optional add-ons.
Adoption improving, but “only about half the room puts their hand up” when asked if they include cybersecurity in procurement requirements. ([21:26])

5. Best Practices with Limited Resources

[21:35 - 24:09]
Rick Kahn:

Always approach challenges as part of a phased program, not quick fixes (“Any step you make today… needs to be in support of what your ultimate goal is.” [22:30])
Build contextualized inventories to support both technical and business cases for funding.
Recognize that “nobody goes to zero risk”—the task is determining “how much do I have and how far do I need to go… That context helps you decide where to spend the day.”

Notable Quotes

“Experts say the campaign reflects China's growing cybersophistication, shifting from theft of trade secrets to deep, long-term infiltration of global communication networks to gain strategic advantage.” (Host, 04:15)
“You start to have a way more informed and more intelligent discussion and can come up with reasonable paths forward…” (Rick Kahn, 16:35)
“Operations are always king… we had to step back and let the parents have their battle royale…” (Rick Kahn, 17:53)
“Nobody goes to zero risk in an operational environment. The challenge is how much do I have and how far do I need to go and how much will that cost me?” (Rick Kahn, 23:50)

Closing Segment: Gmail Breach Rumor Debunked

[25:27 - End]

Recent viral reports claimed “catastrophic” Gmail breach; Google refuted the rumors in a blog post, affirming:
- Gmail was not hacked.
- No widespread password reset was issued.
- Google blocks over 99.9% of phishing/malware.
Reminder: “It would do us all well to pause, take a breath, and do some fact checking.” (Host, 25:55)

Summary Table of Timestamps

| Topic | Segment Start | |---------------------------------------------|--------------| | Salt Typhoon/China’s Global Campaign | 02:30 | | Google Outage in Europe | 05:10 | | FreePBX Zero-Day | 06:05 | | Jaguar Land Rover Breach | 07:10 | | Xworm Malware Evolves | 08:05 | | Ghost Redirector China-linked APT | 09:05 | | TP-Link Router Vulnerabilities | 10:15 | | Russian FSB Bounty | 11:05 | | Editorial: ODNI Cuts | 12:05 | | Interview: Rick Kahn / OT-IT in Water/Waste | 14:13 | | Gmail Breach Debunked | 25:27 |

Tone

The tone throughout is authoritative, explanatory, and measured—offering both urgency and practical advice, with a conversational touch especially in the interview segment.

Recommendations for Listeners

Stay vigilant as threat actors increase scope and sophistication.
Security for critical infrastructure requires cross-disciplinary, context-rich strategies.
Fact-check cyber breach news before reacting.
Organizational alignment and phased, context-driven programs offer the best path forward for resource-limited operators.

Loading summary

Transcript13 lines

[00:02]
A
You're listening to the Cyberwire network. Powered by N2K, the DMV has established itself as a top tier player in the global cyber industry. DMV Rising is the premier event for cyber leaders and innovators to engage in meaningful discussions and celebrate the innovation happening in and around the Washington D.C. area. Join us on Thursday, September 18th to connect with the leading minds shaping our field and experience firsthand why the Washington D.C. region is the beating heart of cyber innovation. Visit DMVRising.com to secure your spot. Think your Certificate security is covered by March 2026 TLS certificate lifespans will be cut in half, mean double today's renewals and in 2029 certificates will expire every 47 days demanding between 8 and 12 times the renewal volume. That's exponential complexity, operational workload and risk. Unless you modernize your strategy, Cyberark Proven in Identity Security is your partner in certificate security. Cyberark simplifies lifecycle management with visibility, automation and control at scale. Master the 47 day shift with CyberArk Scan for vulnerabilities, streamline operations, scale security visit cyberark.com 47day that's cyberark.com the numbers 47 day Typhoon marks China's most ambitious campaign yet A major Google outage hits southeastern Europe. A critical zero day flaw in free PBX gets patched scattered lapsus hunters claim the Jaguar Land Rover hack. Researchers uncover a major evolution in the exworm backdoor campaign. Ghost Redirector is a new China aligned threat actor. CISA adds a pair of TP link router flaws to its known exploited vulnerabilities catalog. The Feds put a $10 million bounty on three Russian FSB officers. Experts warn sweeping cuts to odni could cripple U.S. cyber defense. Our guest is Rick Kahn, Global Director of Cybersecurity Services at Rockwell Automation, discussing the OT IT convergence in securing critical water and wastewater systems. And Google says rumors of Gmail's breach are greatly exagger foreign September 4, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. The New York Times weighs in on Salt Typhoon, reminding us that for decades China has targeted US Companies and infrastructure through hacking. But the Salt Typhoon cyberattack marks its most ambitious campaign yet. Investigators say the state backed operation Uncovered last year infiltrated telecommunications and other sectors in over 80 countries, potentially affecting nearly every American. Unlike past hacks aimed at specific targets, Salt Typhoon was broad and indiscriminate sweeping up vast amounts of data that could let Chinese intelligence track politicians, spies and activists worldwide. Western allies including the us, uk, Germany, Japan and others issued a rare joint statement condemning the attack, calling it unrestrained. Experts say the campaign reflects China's growing cybersophistication, shifting from theft of trade secrets to deep, long term infiltration of global communication networks to gain strategic advantage. A major Google outage hit southeastern Europe and parts of the Caucasus earlier today, disrupting daily life and work across several countries including Bulgaria, Turkey and Greece. Reports flooded social media and down detector as users struggled with core Google services. YouTube, Google Maps, search, Gmail and Drive all experienced significant failures with YouTube and Maps. Hardest hit error messages showed 5xx server errors pointing to issues on Google's end rather than local connections. Sangoma has issued emergency patches for a critical zero day flaw in free PBX with a CVSS score of 10. The bug, caused by poor sanitation of user input, allows attackers to access the administrator panel, manipulate databases and execute remote code. Exploited in the wild since at least Aug. 21, the flaw impacts multiple versions. Sangoma advises restricting admin access, updating immediately and applying firewall protections. CISA added the bug to its known exploited vulnerabilities list, mandating Federal fixes by September 19th we reported yesterday that Jaguar Land Rover suffered a major cyber attack that halted production at multiple plants. A group of young hackers calling themselves Scattered Lapsus Hunters claimed responsibility on Telegram sharing screenshots allegedly from JLR's internal IT systems. The gang linked to past attacks on UK retailers and tied to the youth cybercrime network. The comm is reportedly attempting to extort jlr. While the company has not confirmed data theft, IT shut down systems to contain the incident and is working to restore operations. Security experts believe the hackers accessed sensitive internal systems. The Information Commissioner's Office is assessing JLR's report. While authorities remain concerned about rising threats from youth led cyber gangs, researchers at Trellix have uncovered a major evolution in the Exworm background door campaign, signaling a strategic shift in its deployment tactics. Once reliant on predictable phishing and email vectors, Xworm now employs deceptive methods such as disguised executables and multi stage infection chains to evade detection. The malware disables firewalls, bypasses PowerShell protections, and establishes persistence through registry edits and scheduled tasks. Using Rindale encryption combined with base 64 encoding, it conceals critical command and control data while evading analysis with sandbox checks and mutex creation. Beyond persistence, Exworm offers extensive backdoor capabilities, including system Shutdowns data theft, DDoS attacks and remote file execution. Security experts warn its growing sophistication and prevalence highlight the urgent need for layered defenses and proactive detection strategies. ESET research has uncovered a new China aligned threat actor dubbed Ghost Redirector, which compromised at least 65 Windows servers, primarily in Brazil, Thailand and Vietnam between December 2024 and June of this year. Its toolkit includes Rungon, a passive C backdoor for remote code execution, and Gamshan, a malicious IIS module engineered to manipulate Google search results for SEO fraud, serving altered content only to googlebot. Promoting gambling websites, attackers leverage public exploits like efs, Potato and Bad Potato to escalate privileges, install web shells, create administrator accounts and maintain persistence. The group's favored entry point appears to be SQL injection followed by PowerShell downloads comprising custom tools and fallback mechanisms. Ghost Redirector demonstrates significant operational resilience impacting diverse sectors including healthcare, education, insurance, transportation and retail. CISA has added two TP link router flaws to its known exploited vulnerabilities catalog after evidence of in the wild attacks. The bugs include an authentication bypass exposing credentials and a command injection flaw enabling remote code execution. Multiple models are impacted, many of which are end of life, though no public exploitation reports exist. TP link linked activity to the Quad 7 botnet tied to China linked storm 0940 federal agencies must patch or mitigate by September 24th the US State Department is offering up to $10 million for information on three Russian FSB officers, Marat Chukov, Mikhail Gavrilov and Pavel Akalov linked to cyberattacks against US critical infrastructure. Members of FSB Center 16, also known as Berserk Bear, Dragonfly and Koala Team. The trio was charged in 2022 for a campaign that targeted agencies like the Nuclear Regulatory Commission and energy firms including Wolf Creek Nuclear. More recently, they exploited a vulnerability in Cisco devices to infiltrate infrastructure, telecom, education and manufacturing networks worldwide. The group has also targeted over 500 energy companies in 135 countries. Rewards for justice is accepting anonymous tips offering potential relocation. This follows June's similar bounty for Russian hackers tied to the redline infostealer. In an editorial titled Cutting Cyber Intelligence Undermines national security, Sophie McDowell and retired rear Admiral Mark Montgomery warn that sweeping reductions to the Office of the Director of National Intelligence are crippling the U.S. s cyber defense amid rising threats from Russia, China and Iran. The downsizing part of the ODNI 2.0 plan includes slashing over 40% of staff and shutting down key units like the Cyber Threat Intelligence Integration center and the Foreign Malign Influence center, both critical to coordinating threat intelligence and countering foreign influence operations. The authors argue these cuts will fragment intelligence sharing and leave the nation vulnerable, calling for continued support of these capabilities rather than discontinuing them. Coming up after the break, my conversation with Rick Kahn, Global Director of Cybersecurity Services at Rockwell Automation. We're discussing securing critical water and wastewater systems and Google says rumors of Gmail's breach are greatly exaggerated. Stay with us at talas, they know cybersecurity can be tough and you can't protect everything, but with Thales, you can secure what matters most. With Thales industry leading platforms, you can protect critical applications, data and identities anywhere and at scale with the highest roi. That's why the most trusted brands and largest banks, retailers and healthcare companies in the world rely on Thales to protect what matters most applications, data and identity. That's Thales T H A L E S learn more@thalesgroup.com cyber and now a word from our sponsor ThreatLocker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from threat locker Rick Kahn is Global Director of Cybersecurity Services at Rockwell Automation. I recently caught up with him to discuss IT and OT convergence in securing critical water and wastewater systems.
[14:13]
B
So convergence is actually unfortunately not unique to a particular industry. I think in the case of water and wastewater it's maybe even more acutely difficult simply because water and wastewater are typically much smaller and municipally funded, don't necessarily have the deep bench strength and budgets and wallets to have both IT and OT practitioners, each with expertise in their own areas. The general notion of IT OT convergence is when we have an OT environment, it kind of looks and feels like it, but it's not. There's the antiquated nature of some of the systems, there's the fragility and the potential environmental or safety impacts of knocking something offline. There's of course the whole third rail we call, which is the non traditional it equipment like POCs and controllers that are also in that environment but are ethernet enabled. And so the notion of IT OT convergence is how do we effectively take IT practice into an OT environment safely because we have to do things differently. And that's where the magic comes from is When I can find a way to blend those two skill sets to solve problems, we start to win. With water and wastewater and budget and access to resources, it becomes even more unique of a challenge to try and figure out how to do it.
[15:23]
A
Well, the folks who are finding success here, what are the common elements?
[15:28]
B
Well, in any industry with the convergence, you have to start with data. So many. And I've been doing this for 25 years, and I joke that when people start to figure out this, I keep saying the same things for 25 years, I won't have a job any longer is because it boils down to the same challenges for the same reason. The same side of that fence, if you will, the IT or the OT side. And it boils down to data, but not just a list. It's contextual data. What I mean by that, and I think it's important to delineate, is that contextual data means I can't just have a list of assets, I can't just have a list of bones. I need to know much more about that asset to make an informed decision, I. E. I need to know what that asset's particular function in this facility. So for water and wastewater, you know, or is it. Is it a venting or an emergency release? Or is it something to do with my chemicals for treatment? And is it something to do with the way that we're moving product from place to place, verification and various sensors for levels and measures, et cetera? Because when you look at the risk, that's one thing and that's the IT side, but the OT can tell you, yeah, but that's a really key component to this processor. It only goes down or can have this happen to it or whatever. And that's where you then start to find the magic of, okay, I can't go with planning, which is make everything Windows 11 and patch on Tuesday. What do I need to do next? And so the short answer is, when you get people from either side of that fence and you're looking at something in its native environment and its actual impact and function, you start to have a way more informed and more intelligent discussion and can come up with reasonable paths forward as opposed to just either giving up or trying to force fit.
[17:11]
A
Things, who typically bears the burden of having to learn what's on the other side of that fence between IT and ot?
[17:21]
B
Yeah, that's a great question. One of our webinars that was very successful a few years ago was it's from Mars and OTs from Venus, right? A play on the men and women thing that because of that in every single organization, different people, different politics, different budgets usually sort of dictate that before we get there, we are seeing it being expected from the board and more, more consistently being forced to try and figure out what's on that other side. And in the past when it was trying to do that, they'd often put up a firewall and just say, well, whatever's on the other side is not a problem. But boards and insurers aren't accepting that disclaimer as much anymore. So we're seeing the decision making for what to do and how to do it, who to bring in, like a trusted partner like Rockwell or something more coming from an IT source. But at the end of the day, what you do and how you do it is still operations are always king. I mean we went into a facility that it didn't bother telling OT we were coming and we had to step back and pause the program while we stepped away and let the parents have their battle royal sort of thing and figure out who's who in the zoo before we came back a couple of weeks later and re engaged. Right. So it's not always clear. We get called from both sides and in a lot of cases it's not entirely decided. And they kind of figure it out as they go sometimes unfortunately. But short answer is it's both and it depends on the org and, and how senior the practice is. Typically you get pulls in from the OT side if OT is leading and being mature and proactive. But if not, and it's being forced from above, it usually comes from the itz.
[18:55]
A
Help me understand the difference between let's say a new facility that is starting from square one. I'll put air quotes around in modern times and a legacy system that may have been around for decades. I mean I imagine we have water systems in some cities that go back over 100 years.
[19:16]
B
Yes. And we even have some that we still see Windows 95 and 98 at, unfortunately. True. I love the question. And it gets to some of the crux here. It's twofold, typically the old school Brownfield if you will, 50, 60, 100 year old facility. There's a lot of complexity in there and it needs to be even more so that context to be able to make intelligent, informed decisions. And those, those are, are very, very difficult. But when you have the context, you can do it right. We, we have clients that, that everything in OT isn't about first pass risk reduction. It's about second and third and fourth and layers of, you know, digital twin and redundancy on HMIs and micro segmentation. So you need in a existing facility with complex systems or older systems, and maybe a blend of different types of systems, much more of that because it's much more useful now on the greenfield side, you can typically build something new and exciting. I've seen a few plans recently for some new factories and groundbreaking things. Everybody's going after the factory of the Future, Digital 4.0 and all this other stuff where you have not only process optimization and minimal footprint, but you also have it done securely because you're relying on multiple other external sources to help you get faster, better, more secure, etc. The reality though is that in a lot of the new green fields, and this is going away, but it's not universal, is that when you write a spec for a process, you usually write for what your throughput is, your temperature, your geographic or your floor space footprint, etc. And operating temperatures and whatnot. Very mechanical and physical and engineering type of requirements. What often doesn't get put in there is. And by the way, you shall follow these security standards and expectations. To put it in. When I was at Honeywell, albeit 15 years ago, we would always put the cyber security portion as an optional line item with a separate cost. So when we went against other OEMs, we were at least minimum compliant, bid head to head, and when they bought the spinning equipment, we were at least competitive. But when you wanted the. The add on the feature after was is usually tacked on at the end or maybe not even adopted. Unfortunately, it's. It's a better level of adoption and awareness and expectation now. But I still go to many trade shows and say, how many of you have cybersecurity language in your procurement specs? And only about half the room puts their hand up.
[21:36]
A
Wow. So what are your recommendations then for. For. For folks to have best practices. Given the reality of limited budgets, limited time, limited resources, what are your words of wisdom here?
[21:52]
B
So everybody's doing something a little bit here, there and wherever, day in and day out. It's not like these facilities are doing nothing. What I would really challenge people to do, especially when they're struggling, is always look towards the problem as part of a program. I know it sounds very contrite, but the reality is if I decide on what I need for an inventory today, and I'm very immature, I'm primarily looking at inventory so that I can see how many systems do I have, how many I need to track vulnerabilities and patches against how many do I need to go and look up, you know, Rockwell, any product notices or what have you. But that's a very first phase view. If I'm not looking, while I'm looking at that inventory, towards step two, three and four, which is wanting to work on lifecycle management and capital replacement of old antiquated equipment that can't handle or manage modern security controls, or if I want to know how to do a backup and restoration plan, I'm not going to back up everything fully and store it off site daily. Because not every system is created equal. They have different levels of impact and different levels of repercussion. So start to build your. Any step you make today, the decision you make today needs to be in support of what your ultimate goal is. And then once you start to get that inventory in that context, in a much more granular view, you've not only got a better understanding of what you need to do, you've got a better chance of making a business case to go to management and say, look, here's the risk we think we have. We're not trying to blow the ocean, we're not trying to make everything without risk. But now that we've got an idea as to the context of how many assets I have and what their end of life status is and how many bonds and expectations and how well I'm able to back them up. And by the way, four or five of these are mission critical. You now have the ability to potentially get some more budget or municipal funding to start to put in maybe a managed service or some of these boutique sort of offerings that are helping to come in. And we'll have the expertise and we'll give it to you in a periodic phase that you need and then we'll get out of the way so you don't have to onboard people. But you now you're right. Sizing your program by understanding the context, I mean, nobody goes to zero risk in an operational environment. The challenge is how much do I have and how far do I need to go and how much will that cost me? And that context helps you decide where to spend the day. It also helps you build a business case.
[24:10]
A
That's Rick Kahn from Rockwell Automation.
[24:25]
C
Abercrombie is an official fashion partner of the NFL. And I'm CeeDee Lamb, wide receiver for the Dallas Coys. You know, I'm here for Abercrombie's Cowboys gear. That's not a question, but I need a whole wardrobe to go with it. No shade to the guys, but I'M used to having the best tunnel fits this season. Abercrombie has me covered. Shop NFL by Abercrombie in the app, online and in store. Lowes knows you've got a job to do and we help get it done with the Mylowes Pro Rewards program. Eligible members save more with volume discounts on qualifying orders through a quote of $2,000 or more. Join for free today. Lowe's we help you save offer can't be combined with any other discount contract and or special pricing exclusions. More terms and restrictions apply. Details@lowe's.com Terms subject to change.
[25:28]
A
And finally, reports of a catastrophic Gmail breach had the Internet clutching its digital pearls this week, with headlines warning all 2.5 billion users to reset their passwords immediately. Some cybersecurity firms even joined the chorus, amplifying what seemed like an urgent warning from Google. We reported the story here. There's one problem. Google never said that. In a politely exasperated blog post, the company clarified that Gmail wasn't hacked, the password reset alert never existed, and contrary to rumor, the sky remains firmly in place. Google reminded everyone that gmail blocks over 99.9% of phishing and malware and suggested pass keys for extra safety. The incident is a good reminder that it's easy to get caught up in the hype of a breathless story, and it would do us all well to pause, take a breath and do some fact checking. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. Were mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.