FamousSparrow’s sneaky resurgence. - CyberWire Daily

Summary8 min read

CyberWire Daily: "FamousSparrow’s Sneaky Resurgence" Summary

Release Date: March 27, 2025
Host: Dave Bittner
Guest: Tal Skverer, Research Team Lead at Asterix

1. Episode Overview

In this episode of CyberWire Daily, host Dave Bittner delves into a spectrum of pressing cybersecurity issues, from the resurgence of the notorious hacking group Famous Sparrow to critical vulnerabilities in industrial systems. The episode features an insightful interview with Tal Skverer from Asterix, discussing the OWASP NHI Top 10 framework, and concludes with a heartfelt tribute to the late Matt Stevenson, a beloved figure in the cybersecurity community.

2. Resurgence of Famous Sparrow

[02:45] Dave Bittner: "The China-linked hacking group Famous Sparrow has resurfaced after years of apparent inactivity, now targeting a broader range of organizations across the U.S., Mexico, and Honduras."

Background: Famous Sparrow, once notorious for exploiting the ProxyLogon vulnerability and primarily targeting the hospitality sector, has expanded its targets to include governments, research institutions, and law firms.
Technical Evolution: The group employs enhanced versions of their signature SparrowDoor backdoor and has introduced the ShadowPad backdoor, traditionally associated with other Chinese Advanced Persistent Threats (APTs).
Operational Tactics: According to ESET's March 26 report, the resurgence began in June 2024, utilizing web shells on outdated Windows Server and Exchange systems. Their toolkit combines custom malware with shared resources linked to other Chinese-aligned threats, showcasing an evolving cyber espionage strategy.
Distinct Identity: Although Microsoft previously grouped Famous Sparrow with other entities like Ghost Emperor and Salt Typhoon, ESET categorizes it as a distinct group with limited overlap.

3. Data Exposure at Australian Fintech Firm Vroom by UX

[07:15] Dave Bittner: "Cybersecurity researcher Jeremiah Fowler uncovered a major data exposure involving Australian fintech firm Vroom by UX, formerly DriveIQ."

Incident Details: A misconfigured Amazon S3 bucket left 27,000 sensitive records, including driver's licenses, medical records, bank details, and partial credit card numbers, publicly accessible without password protection or encryption.
Extended Exposure: Additionally, a MongoDB instance containing 3.2 million documents was discovered, amplifying security concerns.
Company Response: Vroom swiftly secured the exposed data and committed to a post-incident review. The records spanned from 2022 to 2025, underscoring persistent risks in data management practices.
Recommendations from Fowler: Emphasized the necessity for fintech firms to implement end-to-end encryption, conduct regular security audits, and practice data minimization to mitigate risks like fraud, identity theft, and social engineering attacks.

4. Orpah Crab: A Sophisticated Linux-Based Backdoor

[10:50] Dave Bittner: "Researchers at Qianjin X Lab have unearthed Orpah Crab, a sophisticated Linux-based backdoor targeting industrial systems linked to fuel services."

Technical Insights: Discovered in January 2024, Orpah Crab utilizes the MQTT protocol for stealthy command and control (C2), blending malicious traffic with legitimate communications.
Persistence Mechanism: The malware maintains its presence through startup scripts and encrypts configuration data, employing DNS over HTTPS to evade detection.
Attribution: Linked to the Cyber Avengers hacking group, Orpah Crab has potentially compromised Gas Boy Fuel systems, threatening payment terminals and customer data integrity.

5. Blacklock Ransomware Group's Infrastructure Breach

[14:30] Dave Bittner: "Cybersecurity firm Resecurity identified a critical vulnerability in Blacklock Ransomware's data leak site, allowing infiltration of their infrastructure."

Breach Details: The vulnerability enabled Resecurity's Hunter team to access Blacklock's operations, network configurations, and storage methods, including the use of Mega accounts for data exfiltration.
Impact: Blacklock had compromised at least 46 organizations globally across various sectors before the breach.
Rival Exploitation: Early 2025 developments indicate that the rival ransomware group Dragonforce exploited similar vulnerabilities, leading to the defacement and shutdown of Blacklock's data leak site.
Implications: This highlights the volatile nature of cybercriminal enterprises and the continuous battle between competing ransomware factions.

6. Critical Vulnerabilities in Solar Inverters

[18:00] Dave Bittner: "Researchers at 4Scout's Videri Labs uncovered 46 critical vulnerabilities in solar inverters from top manufacturers like Sungrow, Growatt, and SMA."

Vulnerability Types:
- Remote Code Execution (RCE): SMA's Sunny portal allows RCE through malicious file uploads.
- API Exploits: Growatt inverters suffer from easily exploitable APIs.
- Architectural Flaws: Sungrow's inverters have multiple vulnerabilities, including stack overflows and hard-coded credentials.
Potential Risks:
- Grid Disruption: Attackers could remotely control inverter fleets, destabilizing power grids.
- Privacy Breaches: Compromised smart devices and hijacked user data.
- Ransomware: Potential launch of ransomware attacks leveraging these vulnerabilities.
Vendor Response: All affected vendors have issued patches, emphasizing the urgent need for enhanced security in renewable energy infrastructures.

7. Evolution of Credential Stuffing with Atlantis AIO

[21:10] Dave Bittner: "Credential stuffing has evolved with the advent of Atlantis AIO, an advanced automation tool facilitating mass account compromises."

Tool Capabilities: Atlantis AIO enables attackers to test millions of stolen credentials across cloud platforms and email services rapidly, requiring minimal expertise.
Evasion Techniques: Utilizes rotating proxies and distributed login attempts to bypass traditional detection mechanisms.
Underground Adoption: Since early 2025, Atlantis AIO has gained traction in underground forums, empowering both novice and seasoned attackers to execute large-scale account breaches, data theft, and fraudulent activities.

8. CISA Updates on Sitecore CMS Vulnerabilities

[24:25] Dave Bittner: "The Cybersecurity and Infrastructure Security Agency (CISA) has added two critical Sitecore CMS vulnerabilities to its Known Exploited Vulnerabilities catalog."

Vulnerability Details:
- Unauthenticated RCE: Exploits a deserialization flaw in Sitecore's Security Anti-CSRF module.
- Authenticated Exploitation: Uses the same attack vector but requires authentication.
Affected Versions: All Sitecore versions up to 9.1.0 are impacted.
CISA's Directive: Federal agencies must apply available patches or implement temporary access restrictions by April 16th to mitigate these vulnerabilities.

9. UK's National Crime Agency Warns of Sadistic Cybercrime Groups

[27:40] Dave Bittner: "The UK's National Crime Agency (NCA) has issued a stark warning about the rise of online groups involved in sadistic cybercrime and real-world violence."

Group Characteristics:
- Demographics: Predominantly teenage males engaged in cybercrime.
- Activities: Sharing extremist, violent, and child abuse content; committing phishing, SIM swapping, ransomware attacks, and fraud.
- Increase in Threats: A six-fold increase in reported threats between 2022 and 2024.
NCA's Concerns:
- Youth Involvement: A surge in homegrown youth participation poses new challenges, despite the dominance of foreign actors like those from Russia.
- Digital Spaces: These groups thrive in mainstream digital environments rather than hidden dark web forums.
- Victim Impact: Grooming of young girls into self-harm or abuse.
Law Enforcement Actions: Recent convictions highlight the severity of these groups, emphasizing the need for vigilant monitoring and intervention.

10. Arrests Linked to Ghost Encrypted Communication Platform

[30:55] Dave Bittner: "Authorities have arrested 12 individuals linked to the now-defunct Ghost encrypted communication platform."

Background: Ghost, launched in 2015, offered ultra-secure messaging through modified smartphones with layered encryption and self-destruct features. It was dismantled in September 2024 during a Europol-led international operation.
Criminal Activities: Used by organized crime groups to coordinate drug shipments between Spain and Ireland, specifically facilitating cocaine and marijuana smuggling via vehicles with hidden compartments and cloned license plates.
Investigation Outcome: Despite Ghost's strong encryption, investigators traced user accounts to suspects, leading to arrests. The takedown previously resulted in 52 global arrests, including its alleged administrator. Europol anticipates further arrests as digital evidence is analyzed.

11. Interview with Tal Skverer on OWASP NHI Top 10 Framework

[13:19] Dave Bittner: "My conversation with Tal Skverer focuses on the OWASP NHI Top 10 framework and the emerging challenges of non-human identities in cybersecurity."

Key Insights from Tal Skverer:

OWASP's Evolution: Originally renowned for the Top 10 Web Application Security Risks, OWASP has expanded to include projects like Mobile Security, API Security, and recently, LLM Top 10 Risks addressing challenges posed by large language models and AI agents.
Focus on Non-Human Identities (NHI): With the surge in automated processes and cloud services, NHIs have become increasingly prevalent, often outnumbering human identities by ratios ranging from 1:20 to 1:50.
Top Risk – Improper Offboarding:
- Description: Failure to properly disable or remove non-human identities when they are no longer needed or when associated human users depart the organization.
- Real-World Example: A forgotten service account on a Kubernetes cluster remains active, providing unauthorized access to the entire cluster.
- Mitigation Strategies:
  - Implement Robust Offboarding Processes: Ensure that all non-human identities are reviewed and appropriately handled during employee offboarding.
  - Automation: Integrate offboarding steps with HR systems to automatically manage the rotation or deactivation of NHIs.
Importance of Addressing NHIs: As organizations increasingly rely on automation and cloud services, managing NHIs is critical to maintaining security posture and preventing unauthorized access.

Notable Quote:

[18:20] Tal Skverer: "The number one risk is improper offboarding... Anyone gaining access to your pod that contains this service account now has access to your entire cluster."

12. Tribute to Matt Stevenson

[23:50] Dave Bittner: "The cybersecurity community mourns the loss of Matt Stevenson, a vibrant and influential figure known for his charismatic presence and impactful contributions."

Personal Remembrance: Matt was celebrated for his bold style, including his signature bow ties and curated sneakers. Described as the "voice," Matt's charisma and genuine connections left a lasting impression on colleagues and peers.
Professional Legacy: Matt made cybersecurity approachable and enjoyable, fostering connections through shared interests in music, comics, and technology. His storytelling and enthusiasm were instrumental in humanizing the field.
Final Moments: Matt's life was portrayed as a celebration of connections, adventures, and unwavering loyalty, leaving behind cherished memories and a quieter cybersecurity landscape.

Notable Tribute:

[23:50] Dave Bittner: "The cybersecurity world is quieter today without Matt's booming voice, his trademark style, and his unshakable warmth... Rest well, Matt Stevenson. You were unforgettable."

Conclusion

This episode of CyberWire Daily offers a comprehensive look into the evolving landscape of cybersecurity threats and defenses. From the resurgence of sophisticated hacking groups to critical vulnerabilities in emerging technologies, the discussions underscore the necessity for robust security measures and proactive threat intelligence. The interview with Tal Skverer provides valuable insights into managing non-human identities, a growing concern in today's automated environments. Additionally, the heartfelt tribute to Matt Stevenson serves as a poignant reminder of the human element within the cybersecurity community.

For more detailed stories and updates, listeners are encouraged to visit CyberWire Daily Briefing.

Transcript timestamps are approximate and based on the provided transcript content.

Loading summary

Transcript11 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K. Investigating is hard enough. Your tools shouldn't make it harder. Maltego brings all your intelligence into one platform and gives you curated data along with a full suite of tools to handle any digital investigation. Plus with on demand courses and live training, you your team won't just install the platform, they'll actually use it and connect the dots so fast cybercriminals won't realize they're already in cuffs. Maltego is trusted by global law enforcement, financial institutions and security teams worldwide. See it in action now@maltego.com China's famous sparrow is back A misconfigured Amazon S3 bucket exposes data from an Australian fintech firm. Researchers uncover a sophisticated Linux based backdoor targeting industrial systems, infiltrating the Blacklock Ransomware group's infrastructure solar inverters. In the security spotlight, credential stuffing gets automated CISA updates the known Exploited vulnerabilities catalog. The UK's NCA warns of online groups involved in sadistic cybercrime and real world violence. Authorities arrest a dozen individuals linked to the now defunct Ghost encrypted communication platform. Our guest is Tal Skverer, research team lead from Asterix, discussing the OWASP NHI Top 10 framework and remembering our friend Matt Stephenson. It's Thursday, March 27th, 2025. I'm Dave Bitt and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great to have you with us. The China linked hacking group Famous Sparrow has resurfaced after years of apparent inactivity targeting organizations in the U.S. mexico and Honduras, according to a March 26 report from ESET. Once known for exploiting the proxy logon flaw and focusing on hotels, the group has broadened its scope to include governments, research institutions and law firms. The group used upgraded versions of its signature Sparrow door backdoor and for the first time deployed the Shadow pad backdoor often associated with other Chinese APTs. Although Microsoft previously suggested Famous Sparrow as part of a larger cluster including Ghost Emperor and Salt Typhoon, ESET maintains it is a distinct group with limited overlap. The recent campaign began in June of last year through web shells on outdated Windows Server and Exchange systems. The tool set combined custom malware and shared resources tied to other Chinese Aligned Threat act, showing a renewed and evolving cyber espionage capability. Cybersecurity researcher Jeremiah Fowler uncovered a major data exposure involving Australian fintech Firm Vroom by UX, formerly DriveIQ, a misconfigured Amazon S3 bucket left 27,000 sensitive records, including driver's licenses, medical records, bank details and partial credit card numbers, publicly accessible without password protection or encryption. Fowler also found evidence of a MongoDB instance holding 3.2 million documents, raising additional security concerns. Vroom, an AI powered vehicle financing platform, quickly secured the exposed data and pledged a post incident review. The records dated from 2022 through 2025, highlighting ongoing risks in data handling. Fowler stressed the potential for fraud, including identity theft and social engineering, and urged fintech firms to adopt stronger security measures. He emphasized end to end encryption, regular audits and data minimization as key defenses. Researchers at Qianjin X Lab uncovered Orpah Crab, a sophisticated Linux based backdoor targeting or pack industrial systems tied to fuel services. Discovered in January 2024. The malware uses the MQTT protocol for covert command and control, blending in with legitimate traffic. It persists via startup scripts and encrypts configuration data. It also uses DNS over HTTPs to evade detection. Linked to the Cyber Avengers hacking group ORPA Crab may have compromised Gas Boy Fuel systems, posing risks to payment terminals and customer data. Earlier this month, cybersecurity firm Resecurity identified a critical vulnerability in the data leak site of Blacklock Ransomware, a ransomware as a service group active since March 2024. The flaw allowed Re Security's Hunter team to infiltrate Blacklock's infrastructure, gathering intelligence on their operations, network configurations and storage methods, including the use of mega accounts for exfiltrated data. The breach revealed that Blacklock had compromised at least 46 organizations across various sectors globally. Subsequent events in early 2025 suggest that rival ransomware group Dragonforce may have exploited similar vulnerabilities, leading to the defacement and shutdown of Blacklock's data leak site and associated projects. These developments underscore the dynamic and volatile nature of cybercriminal enterprises. Researchers at 4 Scout's Videri Labs uncovered 46 critical vulnerabilities in solar inverters from Sungrow, Growwatt, and SMA, three of the world's top manufacturers. These flaws could allow attackers to remotely execute code, hijack devices via cloud platforms, and even disrupt power grids by altering inverter output. One vulnerability in SMA's Sunny portal allows remote code execution through malicious file uploads. Grow Watt inverters are particularly exposed due to easily exploitable APIs, while Sungrow's architecture involves multiple vulnerabilities across components, including stack overflows and hard coded credentials. Exploiting these could let attackers control fleets of inverters, potentially destabilizing grid operations by coordinating power surges or drops. Beyond grid disruption, attackers could compromise user privacy, hijack smart devices, or launch ransomware attacks. All vendors have reportedly issued patches. The findings highlight the urgent need for stronger security in renewable energy infrastructure and the potential consequences of compromised smart energy systems. Credential stuffing A long standing cyber threat has become more dangerous with the rise of Atlantis aio, an advanced automation tool. This software allows attackers to test millions of stolen credentials rapidly across cloud platforms and email services requiring minimal expertise. Its modular design evades detection through rotating proxies and distributed login attempts. Abnormal Security reports that since early 2025, Atlantis AIO has gained popularity in underground forums, enabling both novice and advanced attackers to carry out large scale account compromises, data theft and fraud. CISA has added two critical sitecore CMS vulnerabilities to its known Exploited Vulnerabilities catalog due to confirmed active exploitation. The first allows unauthenticated remote code execution via a deserialization flaw in the sitecore Security anti CSRF module, while the second requires authentication but uses the same attack Vector. Both impact Sitecore versions up to 9.1.0. CISA has mandated that federal agencies patch affected systems by April 16th. Organizations should apply available fixes or implement temporary access restrictions immediately. The UK's National Crime Agency, the NCA, has issued a stark warning about the rise of calm networks online groups of sadistic, predominantly teen boys involved in cybercrime and real world violence. These loosely organized groups use social media and messaging platforms to share extremist, violent and child abuse content while engaging in crimes like phishing, sim swapping, ransomware and fraud. The NCA's latest National Strategic Assessment highlights a six fold increase in reported threats between 2022 and 2024. With thousands of offenders and victims in the UK and beyond, these networks often groom young girls, coercing them into self harm or abuse. While foreign actors, particularly from Russia, still dominate the cybercrime landscape, the rise in homegrown youth involvement is alarming. Offenders seek profit, status and notoriety. Recent convictions illustrate the danger and the NCA stresses these groups aren't hidden on the dark web. They thrive in mainstream digital spaces frequented by young users daily. Yesterday, Irish and Spanish authorities arrested 12 individuals linked to a high risk criminal network using the now defunct Ghost encrypted communication platform. Ghost, dismantled in September 2024 during a Europol led international operation, was used by organized crime groups to coordinate drug shipments between Spain and Ireland. Despite attempts to evade detection, investigators traced Ghost user accounts to the suspects who smuggled cocaine and marijuana using vehicles with hidden compartments and cloned license plates. Ghost, launched in 2015, offered ultra secure messaging through modified smartphones with layered encryption and self destruct features. The platform's takedown previously resulted in 52 global arrests, including its alleged administrator. Europol continues to support ongoing investigations and further arrests are expected as digital evidence from the platform is analyzed. Coming up after the break, my conversation with Tal Skverer, research team lead from Asterix. We're discussing the OWASP NHI Top Table Framework and remembering our friend Matt Stephenson. Stay with us. Do you know the status of your compliance controls right now? Like right now we know that real time visibility is critical for security, but when it comes to our GRC programs we rely on point in time checks. But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off.
[13:19]
Tal Skverer
Foreign.
[13:26]
Dave Bittner
Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com Tal Skverer is Research Team Lead from Asterix. I recently caught up with him to discuss the owasp NHI top 10 framework.
[14:22]
Tal Skverer
OSP really is a very well known organization in helping developers write secure code and write secure applications and they're most well known for the famous top 10 web application security risks. But since they made this and got really famous and everybody has been using this framework for a while now, you have all these automated processes and tools that help you mitigate risk that they work on. In this original project they actually started to host multiple projects top 10 project like mobile Security and API security. And even recently with the rise of LLMs and AI agents, they actually have the LLM top 10 risks which basically each of those projects is taking one big subject that is really relevant for a lot of developers and tackling this area from the web application security lens. And ever since the rise of the non human identity category in the past year or so, it only seemed natural to also look at the NHI problem from the development perspective and the application perspective. So that's totally prompt our initial communication with OWASP and suggesting this new top 10 project focusing on non human identities.
[16:07]
Dave Bittner
Well, I'm an old school guy, so when I hear the phrase non human identities I want to think about R2D2C3PO and maybe Eliza, but that's not what we're talking about here. What exactly is entailed with non human identities?
[16:23]
Tal Skverer
Right, so non human identities. Let me think of a good way to answer it because I can both speak on the essence of non human entities from the development perspective which the project focused on. But just in general, when you consider non human identities in an orgyze organization is basically every time you have an identity, a credential. Basically any access to your organization that is required by some automated process that doesn't need to have a human involved and that really ranges around a lot of different kind of access into an organization. It could mean a third party application to boost your business and help your salespeople improve their CRM experience, for instance, all the way to your development. Folks who will use it will use non human identities for their CI cd, the automatic deployments, et cetera, and also ending up in your cloud environments. Now today everybody is using cloud services and within those cloud services you need a lot of non human identities to facilitate the access of different kind of applications of services that are hosted on your cloud environments. And all those kind of identities basically fall into the category of non human. We kind of cheated in this name because we simply say anything that is not human. But really it's a very large amount of identities. Current estimations place non human identity at a ratio of about from 1 to 20 to 1 to 50. Depends on the environment in favor of the non humans. So really there's been explosion in this kind of identities.
[18:11]
Dave Bittner
Well, give us an idea of one of the common risks here with non human identities and what the potential mitigation could be.
[18:21]
Tal Skverer
Sure. So we'll go into the number one right straight to the top after we've been ranking the risk themselves. What ended up being the top positions? Which kind of Some people that worked on the project were surprised by this becoming the number one and others weren't. It depends on how much time have you spent looking at problems with non human identities. So the number one risk is improper offboarding. Which just as a background or the description of this risk, it means that you created a non human identity. So there's an identity being used somewhere in your organization. And then this non human is no longer needed, it's not used. And maybe the owner of this non human has left the organization. But the identity that was created for some kind of service was not offboarded from the organization either. It was completely forgotten about and nobody really tried to offboard it. Or maybe it's actually been offboarded improperly. Someone tried to offboard it but didn't do it fully and still left some access to this non human. And this was the number one risk that was eventually ranked at the first position. And just as an example to make more meaningful to anyone who's going to listen to this and wonder how it looks like in real life, consider that you have service account on your Kubernetes cluster. You created someone to test some new service, a new feature, and you kind of forgot about it. And it's still there, it still has access to your cluster. The cluster is still up. But the Kubernetes service account itself is not supposed to be offboarded. But it's still there, it still has access. And anyone with getting access to your pod that contains this service account now has access to your entire cluster. So this is just one example, another very common example that we see. We see employees creating personal access tokens or different kind of credentials during their work for work related reasons. And then those employees leave the organization. And this token stays somewhere within your organization, maybe facilitating some automated process. But it wasn't properly offboarded when the person who created it left the organization. Which is something that's supposed to happen because they might still have access to it. Maybe they saved the token on the local machine at home due this. In proper offboarding, your organization might be exposed to needless risk because now a non employee may have access to your internal and Dell processes. And when it comes to mitigation. So I'm actually going over the official website. These are the exact sections that we have for each risk. We have the description, we have example scenarios, and then we have the how to prevent section or the mitigation section where practitioners can use to mitigate the specific risk. So for improper offloading, first we have the necessity to have an offboarding process, an official offboarding process that basically reviews all non human identities that are associated with someone that is going to depart the organization. So let me give some knowledge from the non human identity world. There are basically two types of non human identities when it comes to offboarding. One the first type is non human entities that will be automatically disabled or removed once the employee is offboarded. The human identity of the employee will be offboarded. Those kind of non human entities are things like personal access tokens or auth apps that usually we like to call get disabled once the user the human user is disabled or offboarded during this process. And the other type is the type of non human identities that is not going to be offboarded once the human user is disabled and both can have different impact to the organization. So the first one is not from a risky perspective. It's not an issue, but it may break one of your core systems once this human user is going to leave the organization and and thus we see a lot of times where human users are still being kept alive to avoid breaking some important service because there's some non human identity associated with the human users and the organization is afraid to break something critical. The second type is actually the more the riskier one in which you have to apply a proper offboarding process to detect all those non human identities that the employee got exposed to during their work time. And once they leave the organization you have to create new identities. So you have to create this process and one way you can do it is actually to automate the offboarding steps that you have in your agile system or your human management system. Every time that an employee is going to leave the organization, all the non human identities that you see this employee is the owner of must be as part of the offboarding process, maybe sent to their manager to handle the rotation of and this is the main way to mitigate this risk.
[24:13]
Dave Bittner
That's Tal Skverer, research team lead from Asterix.
[24:20]
Tal Skverer
Foreign.
[24:34]
Dave Bittner
Is your AppSec program actually reducing risk? Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise. High impact threats slip through and surface in production costing 10 times more to fix. Aux Security helps you focus on the 5% of issues that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the application security benchmark from Ox Security. And finally, the cybersecurity community has lost a true original. Matt Stevenson has passed away. Always the boldest dresser in the room. The man with a bow tie. The bright suit the perfectly curated sneakers. And though he's gone, his impact remains vivid in the hearts and minds of everyone lucky enough to orbit his world. To me, Matt was more than a colleague or a professional voice. He was the voice. Charismatic, quick witted, endlessly curious, and instantly magnetic. He had a rare gift, the ability to make every interaction feel like a reunion with an old friend. Whether you were meeting him for the first time or the hundredth. His energy was larger than life. And yet it was never about him. It was about connection, finding common ground in music, comics, sports, tech, sneakers, or whatever topic would light up a stranger's face. Even in the most professional spaces, Matt brought levity and humanity. His presence made cybersecurity feel a little less intimidating, a little more approachable, and a whole lot more fun. He was a storyteller, a traveler, a collector, a showman, and from the stories shared by those closest to him, a fiercely loyal friend. He lived widely and openly, chasing memories across continents, from late night karaoke to early morning flights, from deep conversations to laugh until you cry, moments in bars with bad music and questionable food. He officiated weddings. He got lost in London. He made the ordinary feel epic. In the end, Matt was surrounded by the people he loved, wrapped in music, stories and shared memories. A fitting send off for someone who lived his life as a celebration. The cybersecurity world is quieter today without Matt's booming voice, his trademark style, and his unshakable warmth. But the echo of his laugh, the weight of his kindness, and the stories he left behind will carry on in every room he once lit up. Rest well, Matt Stevenson. You were unforgettable. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. Were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now, a brief message from Our sponsor, DropZone AI is your SoC drowning in alerts with legitimate threats sitting in queues for hours or even days. The latest San SOC survey report reveals alert fatigue and limited Automation are SOC team's greatest barriers. DropZone AI, recognized by Gartner as a cool vendor, directly addresses these challenges through autonomous recursive reasoning investigations, quickly eliminating false positives, enriching context, and enabling analysts to prioritize real incidents faster. Take control of your alerts and investigations with dropzone AI.