Court puts the ‘spy’ in spyware. - CyberWire Daily

Summary6 min read

CyberWire Daily Podcast Summary
Episode: Court Puts the ‘Spy’ in Spyware
Release Date: December 23, 2024
Host: Dave Buettner, CyberWire Network
Guest: Sven Krasser, Senior Vice President of Data Science and Chief Scientist at CrowdStrike

1. NSO Group Held Liable for WhatsApp Hacks

A pivotal moment in cybersecurity legal accountability occurred as a federal judge in California ruled that NSO Group, the developer of Pegasus spyware, is liable for hacking 1,400 WhatsApp users. Targets included activists, journalists, and diplomats, marking the first instance of NSO being held responsible for spyware abuses.

Legal Basis: The court found NSO violated the Federal Computer Fraud and Abuse Act, California's Comprehensive Computer Data Access and Fraud Act, and WhatsApp's terms of service.
Judge's Critique: Judge Phyllis Hamilton highlighted NSO's failure to produce complete Pegasus source code, contributing to the imposition of sanctions.
NSO Admissions: During depositions, NSO executives acknowledged controlling data extraction from hacked devices and designing Pegasus to bypass WhatsApp's security measures.
Impact: Natalia Krapieva of Access lauded the ruling as a significant victory for digital security and human rights, setting a precedent for holding spyware companies accountable.

Quote:

"This ruling is a victory for spyware victims and signals increased accountability for spyware companies," said Natalia Krapieva of Access. (02:30)

2. China Accuses US of Cyberattacks on Tech Firms

China's National Cyber Incident Response Center (CN CERT) accused the US government of conducting cyberattacks targeting two Chinese technology firms to steal trade secrets.

Details of Accusations:
- First Attack (May 2022): Targeted a high-tech company in China's smart energy sector by exploiting Microsoft Exchange vulnerabilities to implant backdoors.
- Second Attack (August 2023): Infiltrated an advanced material research unit through a document management system vulnerability, infecting over 270 hosts with Trojans.
Context: These allegations come amid ongoing tensions, with mutual accusations of cyber espionage between the US and China.

Quote:

"The US intelligence agency exploited vulnerabilities to gain control over company systems," explained a representative from CN CERT. (05:15)

3. UK's Operation Destabilize Uncovers Vast Criminal Network

The UK's National Crime Agency (NCA) concluded Operation Destabilize, a four-year investigation that exposed a broad criminal network linking street-level drug dealing to global money laundering.

Key Findings:
- Ransomware Groups Involved: Including Ryuk and Conti.
- Financial Links: Connected to Russian businesses involved in espionage and sanction evasion.
- Significant Arrest: Fawad Saidi, a cash courier, was arrested for laundering over £15.6 million through a cash-for-crypto scheme tied to high-profile figures Ekaterina Zanova and George Rossi.
Outcome: The operation revealed extensive use of cryptocurrency by drug cartels, organized crime, and Russian elites to launder money and evade detection.

Quote:

"We tackled both street-level crime and high-level conspiracies, marking a significant step in combating global financial crime," stated Dave Buettner. (10:05)

4. Arrest of Alleged Lockbit Developer

Israeli authorities detained Rostolov Panev, the alleged developer behind Lockbit ransomware, a dual Russian-Israeli national accused by US authorities.

Charges: Panev faces 41 charges, including computer-related extortion and conspiracy.
Lockbit's Impact: Since 2020, Lockbit extorted over $500 million and infected 2,500 victims globally before its disruption in 2024.
Panev's Admission: Initially claimed ignorance of Lockbit's criminal use but later admitted to continuing his work for financial gain.

Quote:

"Panev developed malware to bypass antivirus protections, receiving $10,000 monthly from Lockbit's leader," reported Dave Buettner. (12:45)

5. Apache Releases Security Update for Tomcat Web Server

Apache has addressed a remote code execution vulnerability in its Tomcat web server, affecting multiple versions on case-insensitive file systems with default Servlet write enabled.

Vulnerability Details: A time of check, time of use race condition.
Recommendation: Users are urged to upgrade to the latest version, with future updates enforcing safer defaults to prevent similar issues.

Quote:

"Users should upgrade immediately to protect against potential exploits," advised Apache. (14:20)

6. Siemens Issues Critical Security Advisory

Siemens released a security advisory concerning a critical heap-based buffer overflow vulnerability in its user management component, impacting industrial control systems in manufacturing and energy sectors.

Risks: Exploitation could allow attackers to execute arbitrary code, disrupt operations, exfiltrate data, or manipulate critical systems.
Affected Products: Includes OpsCenter, Execution Foundation, Simatic PCs, Neo, and Synec NMS.
Mitigation: Siemens has issued patches for some products and advises restricting access to ports 4002 and 4004.

Quote:

"Exploitation of this vulnerability could compromise entire industrial operations," warned Siemens. (15:50)

7. Italy Fines OpenAI for Data Protection Violations

Italy's Data Protection Authority imposed a €15.6 million fine on OpenAI for unlawfully processing personal data to train ChatGPT and lacking transparency with users.

Findings:
- Data Processing Issues: Unlawful processing of personal data and inadequate age verification measures exposed minors to inappropriate content.
OpenAI's Response: The company deems the fine disproportionate, plans to appeal, and agrees to initiate a public awareness campaign to enhance privacy compliance.

Quote:

"The fine exceeds our revenue in Italy during the period under investigation," OpenAI stated. (17:10)

8. Researchers Bypass WPA3 Security Protocol

University of the West Indies researchers unveiled a method to circumvent WPA3, the latest Wi-Fi security protocol, by exploiting weaknesses in WPA3's transition mode.

Attack Method: Utilizes a downgrade attack to capture WPA3 handshakes, deauthenticate users, and create a rogue access point with a captive portal to steal passwords.
Implications: Highlights vulnerabilities in networks lacking protected management frames and underscores the need for enhanced user education and configuration.

Quote:

"Our findings stress the need for robust configurations to safeguard WPA3 against such exploits," stated the research team. (18:30)

9. Apple's Spyware Notification System Reviewed

Apple's system for notifying potential spyware victims directs users to nonprofit organizations for assistance, a move that has raised questions about the company's responsibility in handling spyware threats.

Functionality: Since 2021, Apple's alerts have notified users in over 150 countries about targeted attacks, often linked to spyware like Pegasus.
Criticism: Users and critics question why Apple, with its vast resources, does not provide direct technical assistance, leaving victims to rely on nonprofits like Access Now or Amnesty Tech.

Quote:

"While Apple assures that these attacks are rare, the hands-off approach leaves users seeking help elsewhere," observed Dave Buettner. (20:00)

10. Interview with Sven Krasser: Balancing AI and Human Intervention

Sven Krasser from CrowdStrike discussed the integration of AI in cybersecurity, emphasizing the necessity of balancing automated systems with human oversight.

AI in Cybersecurity: Krasser described AI as "table stakes" in the industry, essential for handling the increasing volume and complexity of data threats.
Human-AI Synergy: He highlighted the importance of human insights in training AI models, creating a "flywheel" where human analysis enhances AI effectiveness, which in turn frees up human analysts for more critical tasks.
Best Practices: Krasser advised organizations to leverage both traditional and generative AI to manage data-driven security challenges effectively.

Notable Quotes:

"Leveraging AI is table stakes right now," Krasser stated. (15:37)
"AI is not the panacea; we still need human review and ground truth," he added. (16:33)
"We're moving more information from 'looks fishy' to 'certainly good or bad,'" Krasser explained. (18:09)
"Cybersecurity is a battle of human minds against human minds," he noted. (23:15)

11. McDonald's McDelivery App Security Flaw

A security researcher exposed a significant vulnerability in McDonald's McDelivery app in India, allowing users to manipulate cart prices, hijack orders, and track delivery drivers in real time.

Exploited Vulnerabilities: Poorly secured APIs with broken object-level authorization.
Data Breach: Sensitive information such as driver names and license plates were publicly exposed.
Resolution: McDonald's addressed and fixed the issues within 90 days after receiving the detailed report from the ethical hacker.

Quote:

"This case underscores the need for stronger cybersecurity in consumer apps," stated Dave Buettner. (25:00)

Conclusion

This episode of CyberWire Daily covered significant developments in cybersecurity, from legal accountability for spyware companies to cutting-edge vulnerabilities in widely used technologies. The insightful interview with Sven Krasser highlighted the crucial balance between AI advancements and human expertise in combating cyber threats. Additionally, real-world incidents like the McDonald's app flaw emphasized the ongoing need for robust security measures in both enterprise and consumer applications.

For detailed insights and updates, listeners are encouraged to subscribe to the CyberWire Daily podcast.

Loading summary

Transcript17 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire Network. Powered by n2k.
[00:10]
Dutch Bros Sponsor
This episode is brought to you by Dutch Bros. Big smiles, rocking tunes and epic drinks, Dutch Bros. Is all about you. Choose from a variety of customizable handcrafted beverages like our Rebel Energy drinks, coffees, teas and more. Download the Dutch Bros app for a free medium drink plus find your nearest shop, order ahead and start earning rewards Offer valid for new app users only. Free medium Drink Reward upon registration. 14 day expiration terms apply. See Dutchbros.com.
[00:43]
Dave Buettner
Identity architects and engineers Simplify your identity management with Strata. Securely integrate non standard apps with any idp, apply modern MFA and ensure seamless failover during outages. Strata helps you avoid app refactoring and reduces legacy tech debt, making your identity systems more robust and efficient. Strata does it better and at a better price. Experience stress free identity management and join industry leaders in transforming their identity architecture with Strata. Visit Strata IO Cyberwire, share your identity challenge and get a free set of AirPods Pro. Revolutionize your identity infrastructure. Now visit Strata IO CyberWire and our thanks to Strata for being a longtime friend and supporter of this podcast. A federal judge finds NSO group liable for hacking WhatsApp China accuses the US government of cyber attacks the UK's Operation Destabilize uncovers a vast criminal network. An alleged lock bit developer says he did it for the money. Apache releases a security update for their Tomcat web server. Siemens issues a security advisory for their user management component. Italy's data protection authority fines OpenAI $15.6 million. Researchers demonstrate a method to bypass the latest WI FI security protocol. Apple sends potential spyware victims to a nonprofit for help. Our guest is Sven Krasser, CrowdStrike's senior vice president of data science and chief scientist, talking about balancing AI and human intervention and hackers supersize their McDonald's delivery orders. It's Monday, December 23rd, 2024. I'm Dave Buettner and this is your Cyberwire Intel Brief. Foreign thanks for joining us here today. Great to have you with us as always. A federal judge in California has ruled that NSO Group, the developer of Pegasus spyware, is liable for hacking 1400 WhatsApp users, including activists, journalists and diplomats. This marks the first time the company has been held accountable for its role in spyware abuses. Meta owned WhatsApp filed the lawsuit in 2019, alleging NSO exploited a bug in its platform to install spyware on users devices. NSO repeatedly bypassed WhatsApp's security defenses over two years, targeting victims globally. The court found NSO violated the Federal Computer Fraud and Abuse Act, California's Comprehensive Computer Data Access and Fraud act, and WhatsApp's terms of service. Judge Phyllis Hamilton criticized NSO for failing to produce complete Pegasus source code, a factor in her decision to impose sanctions. NSO executives admitted in depositions that the company controlled data extraction from hacked devices and designed Pegasus to circumvent WhatsApp's security measures. Court evidence showed NSO developed new malware even after WhatsApp sued them. This ruling is seen as a victory for spyware victims, signaling increased accountability for spyware companies. Natalia Krapieva of Access now hailed the decision, emphasizing its importance for digital security and human rights. Damages will be determined in March. NSO did not comment on the ruling, but WhatsApp and advocates for victims expressed hope that this decision would deter similar abuses by spyware developers in the future. China's National Cyber Incident Response center has accused the US government of cyberattacks targeting two Chinese tech firms to steal trade secrets. In a public notice, CN CERT claimed a U.S. intelligence agency was responsible, citing incidents in May 2022 and August 2023. One attack targeted a high tech company in China's smart energy sector, exploiting Microsoft Exchange vulnerabilities to implant backdoors and gain control over company systems. The second attack infiltrated an advanced material research unit by exploiting a document management system vulnerability, infecting over 270 hosts with Trojans. The allegations come amid heightened tensions with the US accusing China of cyber espionage and breaches of telecom networks. Cncert, which is tied to China's Ministry of Industry and Information Technology, has escalated claims of US cyberattacks in recent years. The UK's National Crime Agency recently unveiled Operation Destabilize, a four year investigation uncovering an unprecedented financial chain connecting street level drug dealing to global money laundering networks. This effort exposed links between ransomware groups like Ryuk and Conti, Russian businesses and entities funding espionage and sanctions evasion. The Investigation began in 2021 with blockchain analysis of ransomware payments. It soon expanded to reveal billions laundered through Russian entities Smart and TGR Group, led by high profile figures Ekaterina Zanova and George Rossi. A key breakthrough came in November 2021 with the arrest of cash courier Fawad Saidi, who had laundered over 15.6 million pounds in a cash for crypto scheme tied to Zanova. The operation uncovered vast networks, laundering money for drug cartels, organized crime and Russian elites utilizing cryptocurrency to evade detection. Despite challenges. The NCA tackled both street level crime and high level conspiracies, marking a significant step in combating global financial crime. Israeli authorities arrested alleged Lockbit ransomware developer Rostolov Panev, a dual Russian Israeli national, in August 2023 at the request of the United States. Panev faces 41 charges, including computer related extortion and conspiracy. US officials argue Panev developed malware for Lockbit, including tools to bypass antivirus protections and Deploy ransomware, receiving $10,000 monthly payments from Lockbit leader Dimitri Khoroshev. Lockbit, active since 2020, extorted over $500 million and infected 2,500 victims globally before its disruption in 2024. Hanev's arrest follows international efforts to dismantle the gang. Hanev admitted to coding for Lockbit from 2019, initially claiming ignorance of its criminal use but later acknowledging he continued for the money. Investigators found Lockbit source code and credentials on his computer linking him to the operation. Penev awaits extradition to the US to face charges. Apache has released a security update addressing a remote code execution vulnerability in the Tomcat web server. The issue a time of check, time of use race condition affects multiple Tomcat versions on case insensitive file systems with default Servlet write enabled. Users should upgrade and Apache says future updates will enforce safer defaults. Siemens has issued a security advisory for a critical heap based buffer overflow vulnerability in its user management component affecting industrial control systems used in manufacturing and energy sectors. Exploitation could allow attackers to execute arbitrary code, disrupt operations, exfiltrate data or manipulate critical systems. Affected products include OpsCenter, Execution Foundation, Simatic PCs, Neo and Synec NMS. Siemens has released patches for some products and advises restricting access to ports 4002 and 4004. Italy's Data Protection Authority fined OpenAI $15.6 million for unlawfully processing personal data to train ChatGPT and lacking transparency with users. The investigation also found inadequate age verification, exposing minors to inappropriate content. OpenAI called the fine disproportionate and plans to appeal, noting it exceeds their revenue in Italy during the period. The company agreed to run a public awareness campaign and remains committed to privacy compliance. The case highlights growing global regulatory scrutiny of AI systems like ChatGPT. Researchers from the University of the West Indies demonstrated a method to bypass WPA3, the latest Wi FI security protocol, to obtain network passwords. WPA3 was designed to improve on WPA2 by introducing features like simultaneous authentication of equals to prevent offline attacks. However, the researchers exploited weaknesses in WPA3's transition mode, which allows compatibility with WPA2 devices. Using a downgrade attack, they captured the WPA3 handshake and deauthenticated users and created a rogue Evil twin access point with a captive portal to steal passwords. The attack, requiring specific conditions and user interactions, highlights vulnerabilities in networks without protected management frames enabled. The findings stress the need for user education, proper configuration, and further investigation to strengthen WPA3 against technical exploits and social engineering. Picture THIS you receive a notification from Apple on your iPhone warning that spyware hackers are targeting you. The alert sounds serious, even alarming, but instead of offering help, Apple points you to a non profit organization for support. That's how Apple's spyware notification system works, and it's been quietly operating since 2021. Designed to warn individuals of highly targeted attacks, the system has notified users in over 150 countries. These attacks, often linked to mercenary spyware like Pegasus, target specific individuals based on who they are or what they do. While the notifications highlight the risk, Apple doesn't provide direct technical assistance, leaving victims to seek help from organizations like Apple Access now or Amnesty Tech for forensic analysis. For those who suspect spyware tools like the misecure app can scan devices for threats, offering capabilities comparable to those used by governments. Still, critics wonder why Apple, a tech giant with vast resources, redirects users to nonprofits rather than deploying its own expertise. Apple assures users that these attacks are rare and advises keeping devices updated and rebooting regularly to disrupt potential spyware. Still, the company's hands off approach raises questions about responsibility. Why point users elsewhere when the stakes are so high? For now, Apple remains tight lipped. Coming up after the break, Sven Krasser from CrowdStrike discusses balancing AI and human intervention, and hackers supersize their McDonald's delivery orders. Stay with us.
[13:52]
KnowBe4 Sponsor
And now a word from our sponsor. Know before it's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBeFor, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBe4's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike, and Cisco 35. Vendor integrations and counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this Information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint identity or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbe4.com SecurityCoach that's knowbe4.com SecurityCoach and we thank knowbe4 for sponsoring our show.
[15:26]
Dave Buettner
Sven Krasser is Senior Vice President of Data Science and Chief Scientist at CrowdStrike. I recently caught up with him to discuss balancing AI and human intervention.
[15:38]
Sven Krasser
I would say in the cybersecurity industry that leveraging AI is table stakes right now. Like, that's something that companies just need to take a look at. It is not necessarily an easy feat though. And I think one of the challenges is to build resilient and robust AI systems that can learn from human insights and improve over time. Right. Like basically you need to set up processes and flywheels that result not in just having a great AI model, but in having a process that produces better and better AI models as the threat landscape emerges and evolves and as adversaries adapt.
[16:23]
Dave Buettner
I'm curious, from your position as a scientist, what was it like to see these tools come along and grow in their prominence?
[16:34]
Sven Krasser
Yeah, I think there's quite some adjustment in the perception of it. Like, I remember when I got started with this, I don't think anybody was really interested in how the sausage was made. Like, I felt like we're using these very cool algorithms back there in our systems and people were more along the lines of, yeah, just keep me secure. Sounds interesting. I think that really changed, right? I think there is a heightened awareness about the utility of these types of tools. And I think in the public eye there is a lot more shared excitement now what these tools can do. And I think that is good in the sense that more people understand the promise and the importance of these types of technologies. On the other side, on the flip side of the coin, there's always a risk in trusting too much on just AI technology. It is not the panacea that really solves all of our problems as the human species. I think we still need human review, human input, human ground, truth to make the system successful. So that's something that sometimes gets lost in all the enthusiasm and hype that we're experiencing right now.
[17:57]
Dave Buettner
So how do you go about balancing those needs? How do you make use of the promise of AI but also keep the humans in the loop?
[18:09]
Sven Krasser
I think in our case that really is naturally evolving around how we set things up at CrowdStrike. I've been here since day one. So making this successful play to bring AI technology and has been something that has been on the forefront of my mind and the mind of all the other early employees that started here. So it's not something that we, that we bolted on, but that we considered as a design objective from the get go. And I think that that shows in the way how we're managing our offerings and services. Like any time human analysts are reviewing something for our, for managed services offerings, for our incident response offerings, that there's insights that these humans bring to the table about what the adversary has been doing, what the adversary has been attempting, and we're structuring our internal procedures in such a way that that information becomes fuel for the AI. And that's this flywheel that I was mentioning earlier. Right. Because these parts of the overarching system, the human aspect, the AI aspect, they really feed into each other. The better the AI is flagging abnormalities, the more efficiently humans can review and provide insights, and the more insights there are with firm and grounded review, the better the AI can be trained to give better results. So we're moving every day as we're doing our jobs here at CrowdStrike, we're moving more information, more potential threats from the domain of this looks fishy. Somebody needs to take a look at it into the domain of we are certain that this is good or we're certain that this is bad. Right. And that means we're freeing up times for the humans to take a look at the remaining less suspicious things to see if anything tries to fly under the radar there. And I think this is really what gets me excited about this technology every day. As you do your job. By virtue of how we have set this up, we can do a better job and we can do better countering the adversary.
[20:29]
Dave Buettner
When you look at the range of tasks that people are doing in cybersecurity, are there certain things that are more suited for assistance from AI and some things that maybe aren't as good a fit?
[20:43]
Sven Krasser
Yeah, I think there's a lot of work that needs to happen for effective security. Right. Like if you take this in two parts, right. Like there's the, like let's call it traditional predictive AI, there's the generative AI, the, the predictive AI classifiers that take a look at data and tell you if this data is good or bad. Those classifiers can work with a lot of input data at very, very high speeds and in very, very complex scenarios. I like to describe this as this high dimensional feature space where lots of records with lots of different dimensions can be analyzed very, very swiftly at line speed to basically stop the threat in its tracks. And then there is the generative AI aspect. Basically conversational systems, say, or systems that can now work with a lot of unstructured data and digest the essence out of that. Those systems, they tend to be a little bit slower just by virtue of how much more compute is required to pull that off. So they aren't necessarily working at line speed. However, they can take a lot of data that previously, say a human had to review and reason about that and point to the important aspects of the data or provide summaries or assessments. So it can really accelerate human workflows by using this generative AI technology, it can accelerate the human workflow. And for us, we're always on the clock, right? Like the time it takes an adversary to move laterally, like from establishing a beach head to basically entrenching itself in a victim network. Like that time has been trending down and down and down. And since this is a raise and we're on the clock, this is really a technology that can help the defender in large extents because it makes it very, very easy to review and reason about large chunks of unstructured information.
[22:57]
Dave Buettner
What about human intuition? Is there still a place for that where someone just looks at something, looks at some data, reads some research or something, and says to themselves, this just doesn't feel right. And I'm not sure, but I sense that I need to do some digging here.
[23:15]
Sven Krasser
Yeah, I mean, there's definitely something to it. And you know, it's cybersecurity is. It's a battle of human minds against human minds eventually, right? Like there's humans that want to steal something, information, say, from other humans. And AI is a tool in that, in that game, but it's still a game of human wit. So we need to leverage AI because the adversary certainly is looking for every edge that they can get. But I would say, you know, there is value in human intuition if I can kind of nail it down a little bit with a metaphor. There's some games that computer systems are very good at playing these types of games, like say chess, for example. Chess systems, very smart at this point. Other games, let's say poker, they are a lot harder for automated systems to excel in because there's a lot of reading the room, reading the situation as somebody bluffing, looking at contextual cues. So that might be a good matter for this concept of intuition that you're referring to.
[24:36]
Dave Buettner
Now, that's interesting. Do you have any advice for folks who are on this journey of trying to, to dial it in for their own organization of balancing the AI and the human intervention of what they should do in terms of best practices to get where they need to be?
[24:54]
Sven Krasser
I think everybody needs to take a look at how they can leverage this new technology that is out there with respect to generative AI. I think traditional AI has been around for quite a while and how they can get more value out of their data using traditional AI as well. So I think that's kind of the call to action. Right. The problems that we're facing, they're more and more data driven. We have more and more data that needs to get analyzed. And that's just something where you need to bring the right tools to the table. Right. Like when you need to excavate something, it's great if you have a shovel. It's better if you have an excavator. Right. So that's really what we're looking at.
[25:38]
Dave Buettner
That's Sven Krasser, CrowdStrike's senior vice president of Data science and chief scientist. And finally, imagine after all your holiday shopping, you are simply famished and you could get your Big Mac for just a penny. Sounds like a dream, right? Well, a Researcher discovered that McDonald's McDelivery app in India had a super sized security flaw allowing exactly that. With clever tinkering, users could manipulate cart prices, hijack orders and even track delivery drivers in real time. This wasn't just about cheap burgers. Sensitive data like driver names and license plates was publicly exposed. And hackers could redirect someone else's fries straight to their doorstep. It all boiled down to poorly secured APIs with vulnerabilities like broken object level authorization, allowing for these exploits. To McDonald's credit, they fixed everything within 90 days after receiving the hacker's detailed report. While this ethical hacker enjoyed a bounty instead of fries, the case underscores the need for stronger cybersecurity in consumer apps. Let's hope mixed security gets beefed up worldwide. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com well, friends, it is that time of year. The N2K CyberWire team is getting ready to settle into our long winter's nap. We will be taking a publishing break starting this Tuesday, December 24th through Wednesday, January 1st. Fret not. While we are out, we've got some fun surprises planned for you. In your podcast feeds. If you've got some downtime or want to pop those AirPods in and not engage in any more family togetherness, head over to your favorite podcast app and check out our goodies. We will emerge from our nap on January 2nd. We'll see you then. As we wrap up another incredible year at the Cyberwire, I want to take a moment to shine a spotlight on the amazing people who bring our stories to life every single day. This podcast is more than just a production. It's a labor of love, talent, and unwavering dedication. And none of it would be possible without our phenomenal team. To Liz Stokes, who produced today's episode and so many others with precision and care, thank you for your relentless commitment to delivering content that informs and inspires. To Trey Hester, our mixer, your technical expertise and creative touch make every episode shine. Elliot Peltzman, your original music and sound design give the Cyberwire its unmistakable rhythm and soul. We are endlessly grateful for your artistry Jennifer Ibin, our executive producer and Brandon Karpf, our executive editor. Your leadership and vision guide everything we do, keeping us focused on our mission. Simone Petrella, our president and Peter Kilpe, our publisher, your support and belief in this team enable us to grow and excel. To all of you, thank you for the hard work, late nights, and countless moments of collaboration this year. Here's to the stories we've told, the challenges we've tackled, and the milestones we've achieved together. I am proud to be part of our team and can't wait for all that lies ahead in the New Year. Happy Holidays and thank you for making the Cyberwire extraordinary. On behalf of all of us, Merry Christmas and Happy Holidays. I'm Dave Buettner. We'll see you back here next year. Sa.