Eavesdropping on America’s eyes and ears. - CyberWire Daily

Summary7 min read

CyberWire Daily: Episode Summary – "Eavesdropping on America’s Eyes and Ears"
Release Date: November 14, 2024
Host: N2K Networks

Introduction

In this episode of CyberWire Daily, host Dave Buettner delves into a range of pressing cybersecurity issues, from state-sponsored hacking to emerging threats in the healthcare sector. The episode also features an insightful conversation with Sarah Hutchins, a partner at Parker Po, discussing the complexities of state data privacy laws. Below is a comprehensive summary of the key topics covered, complete with notable quotes and timestamps for reference.

1. Chinese Penetration of US Telecom Wiretap Systems

Timestamp: [00:45]

The US Government has confirmed that a Chinese-linked hacking group, Salt Typhoon, breached several major US telecom providers, including AT&T, Lumen, and Verizon. This breach granted the hackers access to wiretap systems used by law enforcement agencies.

Dave Buettner reports:

“Hackers reportedly accessed networks for months, collecting Internet traffic and intercepting call records of targeted individuals, many of whom were involved in government or politics.”
[00:50]

The Cybersecurity and Infrastructure Security Agency (CISA) and the FBI released a joint statement highlighting the severity of the breach and urging other companies to bolster their cyber defenses. The group allegedly copied data subject to US Court orders for wiretaps, raising significant national security concerns.

2. Top Cybersecurity Challenges for the Trump Administration

Timestamp: [03:10]

Ann Neuberger, the White House Cyber Advisor, outlined the primary cybersecurity challenges facing the incoming Trump administration. Speaking at Columbia University, Neuberger emphasized the escalating cyber activities from China, particularly in pre-positioning within critical US infrastructure sectors to enable future disruptions.

She highlighted:

“Ransomware gangs are causing significant disruptions and rely heavily on cryptocurrencies, which facilitate ransom payments and fuel global cybercrime.”
[03:30]

Neuberger commended the Biden administration's efforts in establishing minimum cyber standards across industries such as pipelines, railways, and aviation through collaboration with industry leaders. However, she stressed the necessity for the Trump administration to address cryptocurrency regulation to mitigate its role in enabling cyber threats.

3. Jack Teixeira’s 15-Year Prison Sentence for Leaking Classified Documents

Timestamp: [05:20]

Jack Teixeira, a former Air National Guardsman, has been sentenced to 15 years in prison for leaking classified US military documents online. While serving as an IT specialist at a Massachusetts base, Teixeira shared sensitive information on a Discord server dedicated to gaming and firearms. The leaked documents exposed US and allied military strategies in Ukraine, Middle Eastern operations, and intelligence methods.

FBI Director Christopher Wray commented:

“This case serves as a stark warning to anyone handling national defense information about the severe consequences of unauthorized disclosures.”
[05:45]

The incident has led to disciplinary actions against 15 Air National Guard leaders and prompted the US Air Force to tighten protocols for accessing classified data.

4. Chinese National Sentenced for Money Laundering in Pig Butchering Scams

Timestamp: [07:15]

Darren Li, a Chinese national, faces up to 20 years in prison after pleading guilty to laundering over $73 million from pig butchering scams. These scams involve relationship-based cryptocurrency schemes where victims are enticed into fraudulent investments.

Authorities revealed:

“Li led a money laundering network that utilized 74 shell companies to funnel funds from victims, converting them into tether and redistributing the proceeds.”
[07:30]

Li’s arrest in April is part of a larger crackdown on organized Southeast Asian criminal groups involved in burgeoning US cryptocurrency fraud, which reached nearly $4 billion in 2023.

5. Security Vulnerabilities in Popular Pregnancy App "What to Expect"

Timestamp: [09:05]

Security researcher Ovi Lieber uncovered significant vulnerabilities in the pregnancy app "What to Expect." The app’s exposed API endpoint lacked proper authentication and rate limiting, making it susceptible to brute-force attacks that could lead to full account takeovers and exposure of sensitive reproductive health information.

Lieber noted:

“The exposed endpoints allow attackers to reset passwords easily and access email addresses of community forum administrators, heightening the risk of targeted harassment.”
[09:20]

Despite Lieber’s efforts to notify the app developers since October, no response has been received, raising ethical concerns about the company's commitment to user security.

6. NIST Misses Deadline for Clearing National Vulnerability Database Backlog

Timestamp: [10:50]

The National Institute of Standards and Technology (NIST) announced a delay in clearing its backlog of over 18,000 vulnerabilities in the National Vulnerability Database (NVD). The original goal to eliminate the backlog by September 30th was unmet due to incompatible data formats from authorized data providers.

A NIST spokesperson stated:

“We are developing new systems to streamline data processing and will provide updates on progress, though a new deadline has not been set.”
[11:10]

Despite hiring additional analysts and addressing all known exploited vulnerabilities, NIST continues to grapple with the extensive backlog.

7. Massive Data Leak from Demand Science Affects 122 Million People

Timestamp: [12:30]

A significant data breach has been confirmed at Demand Science, a B2B demand generation company, affecting 122 million individuals. The leaked data includes names, email addresses, phone numbers, job titles, and social media links, aggregated from public sources and third parties.

Security researcher Troy Hunt verified the authenticity of the data, leading to the addition of affected email addresses to the "Have I Been Pwned?" database for user notification.

Demand Science initially denied any breach but later acknowledged that the data originated from a decommissioned system. The company asserts that none of its current systems were compromised and continues to monitor the situation closely.

8. HHS Warns Healthcare Organizations About Godzilla Webshell

Timestamp: [14:00]

The Department of Health and Human Services (HHS) has issued an urgent warning to healthcare organizations regarding the Godzilla webshell, a Chinese-backed cyber tool. Godzilla enables attackers to manipulate files, execute commands, and evade detection using advanced encryption techniques.

HHS advises:

“Healthcare entities should adopt a multilayered defense strategy, apply timely software updates, and continuously review cybersecurity performance goals to strengthen their defenses.”
[14:15]

Though no direct cases have been reported yet, the American Hospital Association highlights the high frequency of cyberattacks in the healthcare sector, emphasizing the critical need for vigilance and proactive measures.

9. Moody's Assigns Highest Cyber Risk Ratings to Key Sectors

Timestamp: [16:45]

Moody's has designated the telecommunications, airline, and power generation sectors as the highest risk for cyberattacks. The digitization of these industries, coupled with their existing $7.1 trillion in debt, makes them particularly vulnerable.

Key points include:

Telecommunications: Significant breaches have been reported, including attacks on AT&T, Lumen, and Verizon by Salt Typhoon.
Airlines and Power Generation: Dependence on technology and previous incidents like a CrowdStrike software update failure underscore their susceptibility.
[16:50]

Moody's also noted increased risk levels in the automotive, education, manufacturing, energy, and port sectors, driven by similar vulnerabilities and weak cybersecurity practices.

10. Interview with Sarah Hutchins on State Data Privacy Laws

Timestamp: [18:00]

In an in-depth conversation, Sarah Hutchins, partner at Parker Po, discusses the complexities and challenges posed by the growing number of state data privacy laws. She highlights the fragmented regulatory landscape, where companies must navigate varying state-specific requirements alongside federal regulations.

Hutchins explains:

“Companies often find themselves subject to a multitude of state laws, some comprehensive like California’s, and others niche-specific, depending on the industry or data type involved.”
[18:15]

She further elaborates on the conflicts between state and federal laws, noting:

“There are instances where state laws may impose stricter requirements than federal statutes, leading to contradictory obligations for companies.”
[19:00]

Hutchins advises a holistic and continuous approach to compliance, emphasizing the importance of aligning policies across departments and ensuring that all stakeholders are involved in governance processes to effectively manage data privacy obligations.

11. Virgin O2 Introduces AI Daisy to Combat Scammers

Timestamp: [21:30]

Virgin O2 has launched Daisy, an AI-powered chatbot designed to engage and deter phone scammers. Daisy engages fraudsters in prolonged, unproductive conversations, effectively wasting their time and resources.

Daisy operates by:

“Discussing family drama and knitting tips, keeping scammers occupied while protecting real customers from fraudulent activities.”
[21:45]

Developed with assistance from YouTube’s scambaiter Jim Browning, Daisy is part of O2's Swerve the Scammers initiative. The company also collaborates with scam survivors like Amy Hart to raise awareness and urges the government to appoint a fraud minister and establish a national body to combat scams more aggressively.

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of the latest cybersecurity threats and regulatory challenges. From state-sponsored hacking incidents to innovative defenses against scammers, the discussions highlight the evolving landscape of cybersecurity and the critical need for robust defenses and proactive strategies. The conversation with Sarah Hutchins offers valuable insights into navigating the complex web of state data privacy laws, underscoring the importance of continuous compliance and cross-departmental collaboration.

For further details on each topic, listeners are encouraged to visit thecyberwire.com and explore additional resources provided in the episode's show notes.

Produced by Liz Stokes, mixed by Trey Hester, with original music and sound design by Elliot Peltzman. Executive Producer Jennifer Iban, Executive Editor Brandon Karp, President Simone Petrella, and Publisher Peter Kilpie contributed to this episode.

Loading summary

Transcript21 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire network, powered by N2K.
[00:14]
Sarah Hutchins
Hey everybody, Dave here. I want to talk about our sponsor, LegalZoom. You know, I started my first business back in the early 90s and oh, what I would have done to have been able to have the services of an organization like LegalZoom back then. Just getting all of those business ducks in a row, all of that technical stuff, the legal stuff, the registrations of the business, the taxes, all of those things that you need to go through when you're starting a business, the hard stuff, the stuff that sucks up your time when you just want to get that business launched and out there. Well, LegalZoom has everything you need to launch, run and protect your business all in one place. And they save you from wasting hours making sense of all that legal stuff. Launch, run and protect your business. To make it Official today@legalzoom.com you can use promo code CYBERTEN to get 10% off any LegalZoom business information product, excluding subscriptions and renewals that expires at the end of this year. Get everything you need from set up to success@legalzoom.com and use promo code CYBER10. That's legalzoom.com and promo code CYBER10. Legalzoom provides access to independent attorneys and self service tools. Legalzoom is not a law firm and does not provide legal advice except where authorized through its subsidiary law firm LZ Legal Services llc. The Feds confirm Chinese penetration of US Telecom wiretap systems. Ann Neuberger outlines top cybersecurity challenges facing the upcoming Trump administration. Former Air National Guardsman Jack Teixeira gets a 15 year prison sentence for leaking classified US military documents. A Chinese national faces up to 20 years in prison after pleading guilty to money laundering for pig butchering scams. Researchers say a popular pregnancy app has serious unaddressed security vulnerabilities. NIST misses its deadline for clearing the NVD backlog. A B2B demand generation company confirms a leak affecting 122 million people. HHS warns health care organizations to be on the lookout for Godzilla. Moody's designates the industry's at highest risk of cyberattack. Our guest is Sarah Hutchins, partner at Parker po, discussing the growing number of state data privacy laws. And an AI grandma keeps scammers on the line. It's Thursday, November 14th, 2024. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thank you for joining us here once again. It is always great to have you with us. The US Government has confirmed a Chinese linked hacking campaign breached several major US Telecom providers, giving hackers access to wiretap systems used by law enforcement. In a joint statement, the Cybersecurity and Infrastructure Security Agency and the FBI called this breach broad and significant. Hackers reportedly accessed networks for months, collecting Internet traffic and intercepting call records of targeted individuals, many of whom were involved in government or politics. According to reports, affected providers include AT and T Lumen and Verizon, though the agencies did not confirm specific names. The group, known as Salt Typhoon, allegedly copied data subject to US Court orders for wiretaps. While CISA and the FBI continue to provide technical support to affected organizations, they urge any companies that might suspect similar breaches to contact local FBI or CISA offices to help prevent further compromise and bolster cyber defenses. Yesterday, Ann Neuberger, White House Cyber Advisor, outlined top cybersecurity challenges facing the upcoming Trump administration. Focusing on China ransomware and cryptocurrency at Columbia University, Neuberger emphasized the escalation of China's cyber activities, including pre positioning in critical US Infrastructure, potentially setting up future disruptions. She also addressed ransomware gangs, noting their significant disruption and reliance on cryptocurrencies, which facilitate ransom payments and fuel global cybercrime. Neuberger praised the Biden administration's cybersecurity strategy, including minimum cyber standards across industries like pipelines, railways and aviation, achieved through collaboration with industry leaders. Now, 100% of critical pipelines meet TSA cybersecurity requirements. Cryptocurrency remains a contentious issue, funding rogue governments and ransomware attacks. Neuberger warned that the Trump administration must tackle crypto regulation given its role in global cyber threats. She also noted the Supreme Court's Chevron decision could impact future cyber regulations. Despite political divides, cybersecurity remains largely bipartisan, allowing for a smoother policy transition. Jack Teixeira, a former Air national guardsman, received a 15 year prison sentence for leaking classified US military documents online. As an IT specialist at a Massachusetts base, Teixeira shared sensitive information on a Discord server focused on gaming and guns. The leaked documents, which eventually spread online, revealed U.S. and allied military activities, strategies in Ukraine, Middle east operations and intelligence gathering methods. Teixeira initially memorized details, then escalated to printing classified documents to impress online friends. His actions, driven by ego rather than espionage, went undetected despite red flags until Discord provided his information to investigators following his arrest. The incident prompted disciplinary actions against 15 Air National Guard leaders and led the U.S. air Force to tighten classified data access protocols. FBI Director Christopher Wray emphasized this case as a warning to those handling national defense information. Chinese national Darren Li faces up to 20 years in prison after pleading guilty to laundering over $73 million from pig butchering scams, a fraud involving relationship based cryptocurrency schemes. Li, 41, led a money laundering network, creating 74 shell companies to funnel victims funds, converting them into tether for redistribution. Arrested in April, Li's case is part of a broader investigation into organized Southeast Asian criminal groups linked to rising U.S. crypto fraud, which totaled nearly $4 billion in 2023. Reportedly popular pregnancy app what to Expect has serious unaddressed security vulnerabilities that could lead to full account takeovers exposing sensitive reproductive health information. Security researcher Ovi Lieber revealed that an exposed API endpoint without authentication or rate limiting allows for easy brute force attacks on account password resets. The app also exposes email addresses of community forum administrators, increasing users risk of targeted harassment. Despite efforts to notify what to Expect since October, Lieber received no response, raising ethical concerns about the company's commitment to user security. Lieber stresses that when app owners ignore responsible disclosure, researchers may need to alert users and the security community to ensure their protection. This follows Lieber's earlier report of a similar vulnerability in the fertility app Glow, which was later addressed. The developers of what to Expect have not yet commented. NIST announced it's working through a large backlog of over 18,000 vulnerabilities in the national vulnerability database, but missed its original goal of clearing it by September 30th. Despite hiring more analysts and addressing all known exploited vulnerabilities, NIST struggled due to incompatible data formats from authorized data providers. NIST is developing new systems to streamline data processing and and pledged to provide updates on further progress, though it hasn't set a new deadline for clearing the entire backlog. A massive data leak of business contact information for 122 million people was confirmed to have originated from Demand Science, a B2B demand generation company. The data includes names, email addresses, phone numbers, job titles, and social media links aggregated from public sources and third parties. The data set was first sold by the hacker crypton Zambi in February of this year, who later made it available for free on a hacking forum. Demand Science initially denied any breach, but later acknowledged that the data came from a decommissioned system. Security researcher Troy Hunt verified the data's authenticity and added all affected email addresses to have I been Pwned? Allowing impacted individuals to receive notifications. Demand Science maintains that none of its current systems were compromised, but continues monitoring the situation. The U.S. department of Health and Human Services has issued an urgent warning to healthcare organizations about the Godzilla webshell, a Chinese backed cyber tool that enables attackers to manipulate files, execute commands and evade detection using advanced encryption. Publicly available on GitHub and actively maintained, Godzilla is a significant risk to healthcare systems, potentially leading to ransomware attacks that could compromise sensitive health data and disrupt hospital operations. The American Hospital association emphasized the threat's severity, noting the high frequency of cyberattacks in the healthcare sector. HHS advises healthcare entities to adopt a multilayered defense strategy, apply software updates and review cybersecurity performance goals to bolster defenses. Although no direct cases have been reported yet, security officials stress that vigilance and proactive measures are essential. Moody's has assigned a very high cyber risk rating to the telecommunications, airline and power generation sectors due to increasing digitization and weak cybersecurity practices. These industries collectively face $7.1 trillion in debt. Telecommunications, notably vulnerable, has seen major breaches, including attacks on AT&T Lumen and Verizon by China's Salt Typhoon Group airlines. Cyber risk rose after a crowdstrike software update failure exposed their reliance on tech. Other sectors including automotive, education, manufacturing, energy and ports also saw risk levels increase too high. Coming up after the break, my conversation with Sarah Hutchins, partner at Parker po. We're speaking about the growing number of state data privacy laws. Stay with us.
[13:02]
Unknown Sponsor Voice
And now a word from our sponsor, KnowBefore. It's all connected and we're not talking conspiracy theories. When it comes to infosec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. KnowBe4, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. KnowBe4's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco 35. Vendor integrations and Counting Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real time coaching campaigns targeting risky users based on those events from your network, endpoint, identity or web security vendors. Then coach your users at the moment the risky behavior occurs with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more@knowbefore.com SecurityCoach that's knowbefore.com SecurityCoach and we thank KnowBe4 for sponsoring our show.
[14:35]
Sarah Hutchins
Do you know the status of your compliance controls right now. Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off Sarah Hutchins is a partner at the law firm Parker Po. I recently spoke with her for the Caveat podcast about the growing number of state data privacy laws. From your position of expertise here, where do we find ourselves when it comes to the patchwork of state privacy laws?
[16:04]
Dave Buettner
Well, first off, thank you so much for having me, but I hate to disappoint, but I don't think you can call it level at all. We are not level setting. We and I think the clients that I represent, companies sort of all over the country, are dealing with an environment that I would say is really in flux. There are some federal guidance that's available to especially certain industries or focused on certain categories of people. But in large part we're dependent upon the states to give us regulatory guidance at least as to what is or is not okay with respect to individual data. And the challenge with that for a lot of companies is that while they may be in a certain state, their sort of digital presence is non jurisdictional. They're all over. And the laws are at the state level, are largely focused on where the individual lives. So companies find themselves subject to a whole host of different laws, some I would say comprehensive like California for example, and some that are maybe niche specific to them because they're in a certain industry or collecting on a certain type of person. And they have to balance that with all of the other types of laws that they are subject to in other states. And at the federal level, I'm curious.
[17:38]
Sarah Hutchins
Have you found there to be any situations where there are laws that are contradictory?
[17:45]
Dave Buettner
Oh absolutely. Now some of the state laws that we're seeing, and I would say we've got at this point, late October 2024, we've got about 19 state laws that have been enacted that I would sort of label as comprehensive. And there is some degree of guidance for each of these laws, although in some instances it's promised in future rulemaking as to preemption with other existing statutes, largely federal statutes. So, for example, financial data or data that's collected by an entity when they're offering credit to a consumer, in some instances, state laws will say that there's an entity level exception. So if you're subject to the Gramm, Leach Bliley act, because your financial institution, if it's an entity level exemption, then your entire entity is forgiven, essentially from complying with the state law. But sometimes it's only a data specific exemption, and that would just be the certain data that you collect that's subject to that federal law, is subject to one law, and then the rest of the data you have is subject to state laws relative to that specific person. And other times it's not specified yet, and you sort of have to try to comply with both. And they may, to your point, be in conflict. Another example would be employment information. There are lots of laws at the state and federal level that require long term retention of certain types of employee documents and information. But other laws that are directing you to adhere to a really strict data hygiene data minimization regimen, and those can also send conflicting messages to companies as well.
[19:33]
Sarah Hutchins
Hmm. Are there differences between the states in terms of how aggressive they are in pursuing these things?
[19:42]
Dave Buettner
Yeah, absolutely. And I think we saw that too at the state data breach laws. All 50 states have a data breach law that's going to dictate certain steps a company needs to go through and certain ways that they need to hold some of their data. And you would see certain attorney generals be much more aggressive than other states when something like that happens to their constituents if they're subject to a breach. We're seeing the same thing with the focus that some states have on the laws that they are enacting, and some are going, so far, we've got at least three that have created privacy offices, so to speak, that are solely focused and get additional resources to pursue adherence to their comprehensive data security data privacy statutes. And that's important, especially for consumers, because the vast majority of these statutes do not have a private right of action. So the way that you get companies to adhere to it is through enforcement by the attorney general's office and not necessarily through to civil litigation.
[21:00]
Sarah Hutchins
How are you and your colleagues recommending that folks approach this patchwork of regulations here? I mean, what, how do you take a practical approach to this?
[21:12]
Dave Buettner
It's certainly difficult and I think.
[21:17]
Sarah Hutchins
It'S.
[21:17]
Dave Buettner
Very important to have that be a continuous and constant element of the company's hygiene and governance process. It's not sort of a one and done. I think maybe the old adage is true that an ounce of prevention is worth a pound of cure. Unfortunately, a lot of clients, because I'm a litigator, come to me with a renewed focus on compliance, sort of post litigation, post learning a rather expensive and difficult lesson. But if you can highlight compliance, and it's especially important, I think for companies this time of year because it's usually budget season for the next year, you can hopefully make yourself unattractive to a regulator or unattractive to a plaintiff attorney for different types of statutes that do have a private right of action related to data to avoid that kind of litigation headache and frankly financial loss. So working on really making sure all of your stakeholders are at the table. It's not enough to have the legal department or frankly your outside attorney like me come in and draft a bunch of policies and procedures if they don't align with your actual practices. So making sure that marketing is at the table and HR and certainly your IT department, your information security professionals, and make it a holistic process. What kind of data do we have, how do we get it, what do we use it for and how do we dispose of it and share it if we do. And with those policies and procedures you can put into place the right processes, the right consents and the right disclosures that really make your sort of outward facing appearance show that you are in line with this myriad of statutes. But also internally you will have processes in place to deal with the data that you have to put in place, appropriate hygiene and in the event an incident occurs, you know what data you have and how you're going to respond.
[23:41]
Sarah Hutchins
You can listen to my full conversation with Sarah Hutchins from Parker PO over on the Caveat podcast. You can find a link to that in our show Notes. And now a word from our sponsor, NordPass. NordPass is an advanced password manager from the team behind NordVPN, designed to help keep your business safe from data leaks and cyber threats. It gives your IT professionals control over who has access to your company's data and makes it easy for everyone else on your team to use strong passwords. Right now you can go to www.nordpass.com cyberwire for 35% off the NordPass business yearly plan. Don't miss out on that. And finally, UK telecommunications provider Virgin O2 has a new anti fraud team member, Daisy is a clever AI with the personality of a chatty grandma, designed to keep scammers busy with rambling conversations to waste their time. Officially dubbed Head of Scammer Relations, Daisy keeps fraudsters on the line with tales of family drama and knitting tips, all while helping real customers avoid being scammed. Lets have a listen. I'm an AI created by O2 to waste phone scammers time. So W's then A dot 3 times.
[25:33]
Dave Buettner
W and then dot.
[25:35]
Sarah Hutchins
I think your profession is bothering people, right? I'm just trying to have a little chat. It's nearly been an hour. For the love of Gosh, how time flies. Developed with help from YouTube's scambaiter Jim Browning, Daisy is part of O2's Swerve the Scammers initiative aimed at fighting the UK's fraud epidemic. While Daisy keeps scammers occupied, O2 is urging the public to report suspicious calls, helping them block and track fraudsters. Reality star Amy Hart, a scam survivor, has joined the campaign to help raise awareness. O2 is also calling for the government to tackle fraud more aggressively by appointing a fraud minister and creating a national body to combat scams. So scammers beware. Daisy's got all the time in the world and she's more than willing to discuss her favorite fictional grandkids because while they're busy talking to me, they can't be scamming you. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@the cyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapid changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com we're privileged that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies, N2K makes it easy for companies to optimize your biggest investment your people. We make you smarter about your teams while making your team smarter. Learn how@n2k.com this episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Iban. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpie is our publisher and I'm Dave Buettner. Thanks for listening. We'll see you back here tomorrow. The IT world used to be simpler.
[28:33]
Unknown Sponsor Voice
You only had to secure and manage environments that you controlled.
[28:37]
Sarah Hutchins
Then came new technologies and new ways to work.
[28:40]
Unknown Sponsor Voice
Now employees, apps and networks are everywhere.
[28:44]
Sarah Hutchins
This means poor visibility, security gaps and added risk.
[28:48]
Unknown Sponsor Voice
That's why Cloudflare created the first ever connectivity cloud. Visit cloudflare.com to protect your business everywhere you do business.