CISA keeps watch on Russia. - CyberWire Daily

Summary6 min read

CyberWire Daily Podcast Summary: "CISA Keeps Watch on Russia" | March 4, 2025

Hosted by N2K Networks

Introduction

In the March 4, 2025 episode of CyberWire Daily, hosted by Maria Varmazes, the focus centers on the ongoing cybersecurity landscape with a particular emphasis on the Cybersecurity and Infrastructure Security Agency’s (CISA) vigilance over Russian cyber threats. The episode delves into recent security vulnerabilities, notable cyberattacks, and previews upcoming segments that highlight expert insights and industry developments.

CISA’s Continued Monitoring of Russian Cyber Threats

The episode opens with a significant update from the U.S. Department of Homeland Security (DHS) concerning CISA’s stance on Russian cyber threats. Contrary to recent media reports, CISA reaffirms its commitment to monitoring and mitigating cyber threats originating from Russia.

Tricia McLaughlin, Assistant Secretary for Public Affairs at DHS, clarifies:

“CISA remains committed to addressing all cyber threats to US critical infrastructure, including from Russia. There has been no change in our posture or priority on this front.” [02:45]

This clarification comes in response to a The Guardian report alleging that CISA was redirected to prioritize Chinese threats, excluding Russia. McLaughlin refutes these claims, emphasizing that such a memo was never issued.

Furthermore, the episode touches upon unverified reports from Bloomberg about Defense Secretary Pete Heggestad ordering Cyber Command to halt offensive operations against Russia amid negotiations over the Ukraine war. Kim Zetter from Zero Day is mentioned for providing a comprehensive analysis that dispels these rumors, maintaining that no official stand-down order has been given.

Vulnerabilities and Patches: Broadcom and Google Respond

Broadcom and Google have been proactive in addressing critical security vulnerabilities:

Broadcom issued patches for three actively exploited zero-day vulnerabilities affecting VMware products. These vulnerabilities could enable a virtual machine to escape into the Hypervisor, allowing attackers with compromised guest OS access to escalate privileges.
Google released security updates for 43 vulnerabilities in Android, including two active zero days. Notably, one high-severity flaw in the Linux kernel's human interface device driver (CVE-2000, 24,503.02) was exploited by Serbian authorities using an exploit chain developed by Cellebrite.

Maria Varmazes highlights:

“CISA strongly recommends that all organizations, regardless of sector, prioritize the remediation of these vulnerabilities to mitigate potential exploitation risks.” [07:15]

The episode underscores the urgency for organizations to apply these patches promptly to safeguard their networks against potential exploits.

CISA Flags Critical Vulnerabilities

In addition to vendor patches, CISA has updated its catalog of known exploited vulnerabilities with several critical flaws:

WhatsApp Gold: A critical path traversal vulnerability allowing unauthenticated remote code execution.
Cisco Small Business RV Series Routers: A medium-severity command injection vulnerability, for which Cisco will not release a fix.
Hitachi Ventera Pentaho BA Server: Two vulnerabilities involving special element injection and authorization bypass.
Microsoft Windows win32k: An improper resource shutdown flaw enabling arbitrary code execution.

Federal agencies are mandated to address these vulnerabilities by March 24, 2025. CISA emphasizes the importance of prioritizing these fixes to protect organizational infrastructure.

Ransomware Attacks and Data Breaches

The episode reports on several notable cyber incidents:

Palau’s Health Ministry Ransomware Attack:

On February 17, Palau’s Ministry of Health and Human Services (MHHS) suffered a ransomware attack attributed to the Chilin ransomware gang. Data exfiltration occurred, but MHHS indicates no significant impact on individual Palauans’ security.

MHHS Statement:

“The attack was a heinous crime by greedy cybercriminals that has put our ability to provide critical medical care and life-saving emergency services at risk.” [10:05]

A Defend Forward team from US Cyber Command is assisting in the investigation.
Exposed Databases via Lost and Found Software:

Cybersecurity researcher Jeremiah Fowler uncovered 14 unprotected databases containing approximately 820,750 sensitive records from Lost and Found software used by airports across North America and Europe. The breach exposed detailed information on lost items and personally identifiable information (PII), increasing risks of identity theft and fraud.

Maria Varmazes notes:

“This incident underscores the critical need for robust data protection measures in handling sensitive customer information.” [09:20]
Lee Enterprises Ransomware Attack:

US newspaper publisher Lee Enterprises continues to grapple with the aftermath of a ransomware attack on February 3. The Qilin ransomware gang claimed responsibility, disrupting distribution, billing, and vendor payments. Freelancers and contractors have yet to receive payments since the attack.

TechCrunch Report:

“Attackers encrypted critical applications and exfiltrated certain files.” [10:45]

Upcoming Segments and Expert Insights

Threat Vector Segment Previews:

Maria Varmazes previews upcoming segments featuring expert discussions:

IoT Cybersecurity with Holly Hennessy:

On March 6, Holly Hennessy, Principal Analyst for IoT Cybersecurity at Omdia, will discuss how attackers exploit vulnerabilities in connected environments and strategies for risk mitigation.

Holly Hennessy states:

“We’ll discuss how attackers exploit vulnerabilities in connected environments and the best approaches for risk mitigation.” [17:00]
International Women’s Day Special:

Scheduled for March 13, the podcast will feature conversations with pioneering women from Palo Alto Networks, highlighting their journeys, challenges, and leadership insights in the cybersecurity field.

Holly Hennessy shares:

“They will share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation, and mentorship.” [20:03]

Featured Guests:

Christy Fredricks, Chief Partnerships Officer at Palo Alto Networks, discusses her transition into cybersecurity driven by a mission to safeguard the digital way of life.
Tanya Shastri, Senior Vice President of Product Management at Palo Alto Networks, elaborates on her journey from telecommunications to data analytics and security.
Salma Manchanda and Stephanie Regan from Unit 42 share their inspirations and experiences in the cybersecurity realm, emphasizing the importance of continuous learning and impact-driven work.

Emerging Threats: Deepfake Technology

Towards the episode's conclusion, a critical discussion emerges on the rise of deepfake technology:

Maria Varmazes warns:

“Deepfake attacks in video calls surged by a staggering 300%. Cybercriminals are using AI to impersonate people in real time, bypassing facial recognition systems and tricking even the savviest professionals.” [26:10]

The podcast highlights the sophistication of deepfake attacks, which now extend beyond elite hackers to crime-as-a-service markets, making identity spoofing and scams more accessible and prevalent. Traditional verification methods are becoming obsolete, necessitating multi-layered defenses and advanced detection tools.

Advice for Organizations:

“Companies need to implement multi-layered defenses, deploy advanced deepfake detection tools, and most importantly, train employees to spot these sophisticated scams.” [26:10]

Conclusion

The March 4, 2025 episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity threats, with a particular focus on CISA’s unwavering attention to Russian cyber activities. It underscores the importance of timely patching of vulnerabilities, highlights significant cyberattacks, and previews insightful discussions on IoT cybersecurity and the contributions of women in the field. Additionally, the episode raises awareness about the burgeoning threat of deepfake technology, urging organizations to adopt robust verification and defensive measures.

For those seeking to stay informed and ahead in the rapidly evolving cybersecurity landscape, this episode offers valuable insights and actionable information.

Notable Quotes:

“CISA remains committed to addressing all cyber threats to US critical infrastructure, including from Russia.” — Tricia McLaughlin [02:45]
“This incident underscores the critical need for robust data protection measures in handling sensitive customer information.” — Maria Varmazes [09:20]
“Deepfake attacks in video calls surged by a staggering 300%.” — Maria Varmazes [26:10]

Stay Informed: To keep up with the latest in cybersecurity news and analysis, subscribe to CyberWire Daily and never miss an episode.

Loading summary

Transcript23 lines

[00:02]
Maria Varmazes
You're listening to the Cyberwire Network powered by N2K.
[00:14]
David Moulton
We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need.
[02:01]
Maria Varmazes
CISA says it'll continue monitoring Russians cyber threats broadcom patches zero days that can lead to VM escape Google patches 43 bugs including two sneaky zero days CISA flags vulnerabilities exploited in the wild Palau's Health Ministry recovers from a ransomware attack Lost and found or lost and leaked on this week's Threat Vector segment, David Moulton previews an episode with Holly Hennessy on IoT Cybersecurity Risk Mitigation and next week's special International Women's Day episode featuring the trailblazing women from Palo Alto Networks sharing their cybersecurity journeys and leadership insights and Is that really you? Today is Tuesday, March 4, 2025. Maria I'm Maria Varmazes, host of T Minus Space Daily, in for Dave Bittner, and this is your Cyberwire Intel Briefing. Thanks for joining us on this lovely Tuesday. Let's get into our daily intel briefing. The U.S. department of Homeland Security says the Cybersecurity and Infrastructure Security Agency, also known as cisa, will continue monitoring cyber threats from Russia, asserting that media reports to the contrary are false. The Guardian reported over the weekend that CISA staff received a memo directing them to prioritize threats from China with no mention of Russia. Tricia McLaughlin, assistant secretary for public affairs at DHS, told CyberScoop that such a memo was never sent, adding, cisa remains committed to addressing all cyber threats to US Critical infrastructure, including from Russia. There has been no change in our posture or priority on this front. The Guardian's story is separate from reports that Defense Secretary Pete Hegsgeth ordered Cyber Command to halt offensive operations against Russia during negotiations over the war in Ukraine. The Pentagon hasn't officially commented on these reports, but Bloomberg cites an anonymous senior Defense official as saying that Hegsgath has neither canceled nor delayed any cyber operations directed against malicious Russian targets, and there has been no stand down order whatsoever from that priority. Kim Zetter at Zero Day has written up a useful summary that clarifies reporting on these two stories, and we have a link to that piece in our show. Notes for you Broadcom has issued patches for three actively exploited zero days affecting VMware, ESX and any products that contain ESX, including vSphere, Cloud foundation and Telco Cloud Platform, according to a report from Security Week. Broadcom warns that the vulnerabilities can lead to a virtual machine escaping, stating that this is a situation where an attacker who has already compromised a virtual machine's guest OS and gained privileged access administrator or root could move into the Hypervisor itself. In March 2025, Google released security updates addressing 43 vulnerabilities in Android, notably to zero days actively exploited in targeted attacks. One of them, identified as CVE 2000, 24, 503.02, is a high severity information disclosure flaw in the Linux kernel's human interface device driver. This vulnerability was reportedly leveraged by Serbian authorities using an exploit chain developed by Israeli firm Cellebrite to unlock confiscated devices. The exploit chain also included a USB video class zero day and an ALSA USB sound driver. Zero day, both discovered by Amnesty International Security Lab in mid 2024. Google had previously provided fixes for these vulnerabilities to OEM partners. In January, the Cybersecurity and Infrastructure Security Agency has updated its known Exploited Vulnerabilities catalog to include several critical security flaws, underscoring the importance of timely remediation to protect organizational networks, and the newly added vulnerabilities are a critical path traversal vulnerability in progress WhatsApp Gold, which could allow unauthenticated remote code execution A medium severity command injection vulnerability in Cisco Small Business RV series routers enabling arbitrary command execution or authentication bypass. Notably, Cisco has stated it will not release a fix for this issue. A pair of vulnerabilities both affecting Hitachi Ventera Pentaho BA Server, which could involve special element injection and authorization bypass, and an improper resource shutdown or release flaw in Microsoft Windows win 32k which could be exploited to execute arbitrary code. Federal agencies are mandated to address these vulnerabilities by March 24, 2025. CISA strongly recommends that all organizations, regardless of sector, prioritize the remediation of these vulnerabilities to mitigate potential exploitation risks. And we do have the CVEs for all these vulnerabilities in our selected reading for you should you need them. The island nation of Palau's Ministry of Health and Human Services, or mhhs, is recovering from a ransomware attack that it sustained on February 17. According to a report from the Record, the Ministry attributed the attack to the Chilin ransomware gang, adding that the crooks were able to exfiltrate data during the incident. The MHHS stated that based on the kind of information that's been stolen, MHHS and its cyber advisors do not perceive any significant impact to the security of individual Palauans. However, MHHS recommends that all Palawans remain vigilant against potential fraud and or phishing emails that may attempt to use this incident as a means of getting you to release personal information. The Ministry added that the attack was a heinous crime by greedy cybercriminals that has put our ability to provide critical medical care and life saving emergency services at risk. A Defend Forward team from US Cyber Command is on site assisting with the investigation. A recent security labs exposed 14 unprotected databases containing approximately 820,750 but who's counting? Sensitive records totaling 122 gigs from lost and Found software, which is utilized by airports across the United States, Canada and Europe. Discovered by cybersecurity researcher Jeremiah Fowler, the breach included detailed information on lost items such as medical devices, electronics, wallets and bags, and personally identifiable information of their owners. Notably, high resolution images of passports, driver's licenses and other identification documents were accessible, heightening risks of identity theft and fraud. Additionally, screenshots of payment confirmations, shipping labels and original receipts were exposed. Upon notification, the company promptly secured the databases and this incident underscores the critical need for robust data protection measures in handling sensitive customer information. US Newspaper publisher Lee Enterprises is still grappling with a ransomware attack that occurred on February 3rd. According to a report from TechCrunch, freelancers and contractors who work for the company told TechCrunch that they haven't been paid for their work since the attack took place. One contractor is owed thousands of dollars and has no timeline for when Li's payment system will be up and running again. LI Enterprises itself has avoided using the term ransomware, but it mentioned in an SEC filing that the attackers encrypted critical applications and exfiltrated certain files. The Qilin ransomware gang last week claimed responsibility for the attack, and the filing also noted that the incident disrupted distribution of products, billing collections and vendor payments. In response to Australia's recent legislation that bans social media access for children under 16, TikTok has criticized the government's decision to exempt YouTube from this ban, labeling it a sweetheart deal that is illogical, anti competitive and short sighted. This sentiment is echoed by other tech giants, including Meta Platforms and Snapchat, who argue that YouTube offers similar features to those that led to the band, such as algorithmic content, recommendations and exposure to potentially harmful material. Mental health experts have also raised concerns about YouTube's potential to expose children to addictive and dangerous content, questioning the consistency and fairness of the exemption. Coming up after our break, we've got our Threat Vector segment with host David Moulton from Palo Alto Networks. And even your zoom calls might be catfishing you.
[11:17]
David Moulton
And now a message from Blackcloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is is by targeting your executives and their families at home. Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 247365 with Blackcloak. Learn more at Blackcloak IO Foreign Cyber Threats are more sophisticated than ever passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door. The login. Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security today.
[12:56]
Maria Varmazes
Our Threat Vector segment has host David Moulton sharing previews of two upcoming episodes. On this Thursday's episode, he speaks with Holly Hennessy, who is the principal analyst for IoT cybersecurity at Omdia, to discuss how attackers exploit vulnerabilities in connected environments and the best approaches for risk mitigation. The next week, on Thursday, March 13, David shares four conversations with some of the trailblazing women at Palo Alto Networks in honor of International Women's Day and Women's History month.
[13:31]
Holly Hennessy
On Thursday, March 6th, I'm chatting with Holly Hennessey, principal analyst for IoT Cybersecurity at Omdia, to talk about OT security. We'll discuss how attackers exploit vulnerabilities in connected environments and and the best approaches for risk mitigation. Holly also shares her insights on the evolving risk posed by IoT devices, from industrial control systems to consumer technology. Plus, she has a great security joke.
[13:58]
Gail
Where did the threat actor go?
[14:00]
Holly Hennessy
I don't know. You're not going to want to miss this episode. Holly Hennessy, welcome to Threat Factor. I'm really excited to have you here today.
[14:11]
Gail
Hi Gail, thank you so much for having me.
[14:14]
Holly Hennessy
I was recently talking to a journalist about the underrated and the overrated, the underreported and the over reported in our industry. Do you look at OT as one of these areas that is underreported, underrepresented, overrepresented, over reported? How would you position it on that kind of quadrant?
[14:38]
Gail
Yeah, I think that's an interesting question. I think if you're looking at cybersecurity, IT security obviously gets all the kind of glamour and the glory. I would say IoT security is way smaller a space, so it's a lot more niche. I don't think everyone is as interested in it. I don't think everyone understands it as much. So in that sense it's kind of under focused on, I would say. I obviously find it incredibly interesting. I think it is super interesting for people who are kind of perhaps wanting to learn more about the space. There's a lot that is different to it, but there's also a lot in the cybersecurity space on the IT side in general that can kind of transfer over. I mean, if you think of any of the large events, you're way more likely to see it security focused talks, technology. There's way less on ot. So yeah, I would say it's perhaps underrepresented, but I think those that are in the space do a good job at showing how interesting it is and showing why it's so important to kind of focus on.
[15:39]
Holly Hennessy
Holly, your research highlights secure Remote Access, or sra, as this key feature in many OT security platforms. Why has SRA become such a critical capability and how does it impact risk management and operational resilience?
[15:58]
Gail
Yeah, so secureama access has a lot of promise. I think it's one of the fastest growing areas of the market. So, you know, a lot of organizations are looking for this technology, but there's still relatively decent sizable gap in the market for vendors to be filling. And so in the most recent report, there's, you know, quite a few vendors that are offering this natively. It's much more so than a couple of years ago. It was kind of few and far between and now there's also a lot partnering with specialists in the space because there are also more point products that are kind of offering this to meet that demand from customers. And I think it really stands out in OT security given that these environments and how they're working, how users are kind of connecting. There's been a lot of discussion around zero trust in ot, what that means and how that kind of translates or looks different to an IT sense. I think crucially part of that is including users and everything else that you shouldn't trust. But securement access is really kind of standing out in terms of that access. Also the R in that the remote I think has kind of now kind of expanded to access in general. So it's not necessarily remote users, but could be users who are regularly accessing equipment as well. So being able to monitor that activity I think is really useful. Obviously it enhances visibility again within the organization, but it can be a really useful way to mitigate risk and kind of reduce that likelihood of a threat in the environment. So, yeah, kind of adding that technology into the platform can be useful because, you know, you've already got technology there, you've got. It's already going to kind of factor into your monitoring and your threat detection activities. But there's a there, as I said, there are a lot more integrations as well with more of the point products in the space for secure access.
[17:57]
Holly Hennessy
So let's shift to look into the future a little bit. The report discusses ongoing convergence between IT and OT Security. Are we moving towards a fully unified Security Operations center or soc? And do you see IT and OT Security remaining separate, or do you see IT and OT Security remaining separate for the foreseeable future?
[18:22]
Gail
Yeah, so based on my research, it's a bit of a mix at this point in time. So I would say there are more who have a converged SOC covering Both IT and OT rather than a separate IT and OT SoC, but it's not the majority. So there's around 40% that have it converged. I would say 20% have OT only. And then you've got the rest that are doing it managed and they have a third party provider or they just have an IT soccer. Um, so I think something we do know is that the vast amount of organizations, whether you have got a separate SOC or not, you're using OT or IIoT specific tooling rather than it. So, you know, they much prefer to purchase specialist technology rather than IT and kind of utilizing that in in the space. So I think integrations are really important whether or not you're doing it separate or converged. What really stands out to me is that OT and industrial Internet of things have to be included from an IT point of view. I don't think you can be an industrial organization or a critical infrastructure organization and be looking at IT from just it. If you're looking at kind of your risk management, you need to be factoring in these devices. So integrating with specialist tech, regardless of who the kind of provider is, is going to be really important for a soc. On the other hand, you know, we know that many incidents originate in IT and then they impact OT in some roundabout way. So you also can't really silo OT and industrial Internet of things. So converging this up can alleviate some of those issues and kind of some of the reasons why more organizations are kind of going down that route.
[20:04]
Holly Hennessy
The next week, on Thursday, March 13, I'm sharing four conversations with some of the trailblazing women here at Palo Alto Networks. They'll share their journeys into cybersecurity. They will share their journey into cybersecurity. They'll share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation and mentorship. I cannot express how inspired I was by my peers and I am so eager to share those stories.
[20:35]
Christy Fredricks
Christy Fredricks, Chief Partnerships Officer at Palo Alto Networks can we say I've pursued a career in cybersecurity? When it's been about 14 months out of my career, I was inspired by a couple things. I have always been drawn to mission driven organizations. When I was early in my career, I thought that meant nonprofits. And I spent a little bit of time both in public education as well as in nonprofits. And I realized that I believed that I could have a better impact in the for profit sector. I started my career in consulting, having an impact on my clients and making sure their businesses were operating effectively so that they could have strong careers and add value to their customers. I moved into technology. My first operating role was in the observability space. And the mission of that company was to help software run and perform well. And when you think about how much of our day to day life is dependent on software, that felt like an important mission. But there's nothing that really beats keeping the digital way of life safe. So as I was working in observability and making sure software runs properly, you could see how much of an opportunity there was for bad actors to attack software and really impact people's livelihoods, people's experiences. And it just felt like a really important industry. And what better company to pursue than Palo Alto Networks?
[22:10]
Tanya Shastri
Tanya Shastri Senior Vice President of Product Management at Palo I lead our network security, platform and product operation. In my early part of my career I did a bunch of networking because I had studied telecommunications and networking and so on. I had also done some information theory in my master's and that course had always been something I wanted to go back to. So I was very intentional at one point in my career to move to more of a data analytics insights, you know, machine learning, AI, all those kinds of things. And through that process, securing data became very important to understand. And I started working on what we call malicious fault tolerant systems, Byzantine fault tolerance and so on. And that kind of segued my interest into security. And that's what actually brought me to Palo Alto through that interest in security. And it's been so interesting because when it all comes together, actually security, there's a lot of analytics and AI as part of security.
[23:19]
Salma Manchanda
My name is Salma Manchanda, I'm a consultant at unit 42. I think my main inspiration when it came to cybersecurity was the very first professor I actually had in cyber. I took a two unit elective in cyber and I just kind of didn't really know what to expect. Lo and behold, a semester later, I was totally hooked. I credit it all to that professor of mine, Joe from usc. He changed my outlook on so many different in so many different ways. He challenged me to like think a different way and opened me up to a whole new world of possibilities. And when I decided that I wanted to pursue cybersecurity also again, he was my mentor also during college. He really just was very, very encouraging in terms of like helping guide me through what classes to take, what kind of, you know, career opportunities there were, and so that whole program just totally changed my life in many different ways.
[24:19]
Stephanie Regan
My name is Stephanie Regan, Principal consultant on the IR team with unit 42. Generally, I have always had a mission driven desire to help others. So everything that we do day in, day out, whether it's working a ransomware recovery case, or building a better way to respond during crises, or improving protections to prevent crises from happening in the future, the work that we do day in and day out is impactful to the other people that are on the other side of our services. I was really attracted to cybersecurity and even just the tech field in general, based on the growth and opportunity that is presented in a rapidly evolving environment. So tech is changing every single day. We've seen the advent of AI, we've seen, gosh, so many different implementations of new technologies over the years that the hunger and desire to just keep learning and growing as the field evolves and change and pivot to the next technology or the next big thing is something that's really exciting. I just hate stagnation. So I'm a person that gets very bored or upset if I'm sitting still and not moving forward in my career, in my life. So I was really attracted to cyber and tech, which in its nature is constantly evolving. And I get to be a lifelong learner and continue to grow as the field develops.
[25:49]
Holly Hennessy
Don't miss the Full Episodes every Threat Vector Thursday. Subscribe now to stay ahead. Oh, and by the way, if you're in Austin, Texas for South by Southwest and want to meet up, email me at threatvectoraloaltonetworks.com I'm always looking for industry leaders and fascinating guests for the show.
[26:11]
Maria Varmazes
Don't miss the full episodes of Threat Vector every Thursday. You can find the link to subscribe in. Our show notes Deepfake technology is no longer a futuristic threat. It's very much here and it's already wreaking havoc. Last year, Deepfake attacks in video calls surged by a staggering 300%. Cybercriminals are using AI to impersonate people in real time, bypassing facial recognition systems and tricking even the savviest professionals. Even more troubling, these powerful tools are no longer just in the hands of elite hackers. They're now available in crime as a service markets, making it easier than ever for anyone to spoof an identity and launch a scam. The old tricks, like asking someone to look left to catch a distortion, just aren't cutting it anymore. This is a serious wake up call for businesses. Traditional identity verification methods are quickly becoming outdated. To keep up with these evolving threats, companies need to implement multi layered defenses, deploy advanced deepfake detection tools, and most importantly, train employees to spot these sophisticated scams. As deepfake technology continues to evolve at lightning speed, it is essential to rethink how we verify identities and stay one step ahead of cybercriminals. So stay vigilant because those video calls might not be as real as they seem. And that's the Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your teams smarter. Learn how@ntuk.com NTUK's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Piltzman. Our executive producer is Jennifer Ivan. Peter Kilby is our publisher and I'm Maria Varmazes in for Dave Bittner. Thanks for listening. We'll see you tomorrow.
[29:25]
David Moulton
Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.