Jedai tricks, human risks. - CyberWire Daily

Summary8 min read

CyberWire Daily Summary: "Jedai Tricks, Human Risks"
Release Date: June 10, 2025
Host: N2K Networks

1. Key Cybersecurity Developments

The latest episode of CyberWire Daily, titled "Jedai Tricks, Human Risks," delves into several critical cybersecurity incidents and trends shaping the landscape as of June 2025.

Unsecured Chrome Database Exposes Canva Creators' Information
A significant data breach compromised the personal details of 571 Canva creators due to an unsecured Chrome database managed by the Russian AI firm, My Jedi. This database, utilized for training AI chatbots, included sensitive survey responses encompassing professional and financial data. UpGuard uncovered the breach, highlighting the vulnerabilities within the rapidly expanding AI supply chain. The incident underscores the risks posed by the swift deployment of AI tools like Chroma without robust security measures. My Jedi responded by securing the data within 24 hours of notification, marking the first known leak related to Chroma and emphasizing the urgent need for mature security practices in AI development.
Google's Authentication Flaw Exploited by White Hat Hacker Brutecat
A white hat hacker, known as Brutecat, identified a flaw in Google's authentication process that exposed users' phone numbers to brute force attacks. The exploit required only an email address and leveraged Google's account recovery hints to deduce phone numbers, facilitating potential SIM swapping attacks. Brutecat circumvented Google's protections by utilizing cloud services and Google Looker Studio, exploiting a non-JavaScript recovery form, and leveraging IPv6 to bypass IP-based rate limits through automation. Google promptly patched the issue and awarded a $5,000 bounty, though the incident highlights the necessity for enhanced safeguards in account recovery workflows and the risks associated with legacy systems.
Salesforce Industry Cloud Faces Multiple Vulnerabilities
AppOmni researchers unearthed five zero-day vulnerabilities and 15 serious misconfigurations within Salesforce Industry Cloud, potentially affecting tens of thousands of organizations. Tailored for sectors like healthcare, finance, and government, the platform's low-code tools can lead to risky default settings. While Salesforce addressed three of the five flaws directly, the remaining issues require customer intervention. Common misconfigurations by non-technical users pose significant risks, including exposure of sensitive health and financial data, raising concerns about the security of low-code enterprise platforms prioritizing speed and simplicity.
Librarian Ghouls APT Group Targets Russian Organizations
The Librarian Ghouls Apt group, also known as Rare Werewolf or Rezit, has been actively targeting Russian and CIS organizations through a sophisticated malware campaign extending into May 2025. Utilizing legitimate third-party software, PowerShell scripts, and phishing emails, the group deploys password-protected archives containing fake business documents to initiate multi-stage attacks. Once infected, systems are exploited for credential theft, data exfiltration, and cryptocurrency mining. The campaign, which employs scheduled tasks, AnyDesk for remote access, and disables security tools, has impacted hundreds of institutions, including industrial and educational entities, highlighting the group's adept use of social engineering and technical execution.
SAP Issues Critical Security Patches
On June 2025 Security Patch Day, SAP released 14 security patches, including a critical fix for a NetWeaver bug rated 9.6 on the CVE scale. The flaw allows privilege escalation via a missing authorization check in the RFC framework, posing severe risks to application integrity and availability, as warned by Onapsis. Immediate patching is strongly recommended despite no active exploitation reports. SAP also addressed five high-severity and multiple medium and low-severity flaws across various components.
Sensata Technologies Suffers Ransomware Attack
Sensata Technologies confirmed a ransomware attack in April 2025 that resulted in the theft of sensitive personal data. The attackers accessed information from March 28 to April 6, exfiltrating files containing names, Social Security numbers, financial, and health data, likely belonging to employees and affecting at least 362 Maine residents. Although the company hasn’t appeared on known ransomware leak sites, it's unclear if a ransom was paid. The breach disrupted operations and raised concerns about the security of personal data within global electrical component suppliers.
SentinelOne Warns of China-Linked Cyber Espionage
SentinelOne has alerted the cybersecurity community to targeted cyber espionage attempts by China-linked threat actors APT15 and APT41. The first campaign, Purple Haze, involved reconnaissance on SentinelOne servers and attacks using Avanti Zero Day Flaws and the Gore Shell backdoor. A subsequent operation tied to APT41 aimed to infiltrate a SentinelOne supplier via Shadowpad malware in a suspected supply chain attack. These incidents highlight a trend of cybersecurity vendors becoming direct targets, with SentinelOne emphasizing the importance of vigilance against stealthy, long-term intrusions focused on high-value infrastructure.
Skitne Toolkit Gains Traction Among Ransomware Gangs
Skitne, also known as Boss Net, has rapidly become a preferred tool among ransomware groups, including Black Basta and Cactus, in 2025. Marketed as a user-friendly post-exploitation toolkit, Skitne fills a gap left by the takedown of major botnets like Quackbot. Distributed via underground forums such as Ramp, Skitne's Malware-as-a-Service (MaaS) model enables even low-skilled actors to launch advanced attacks. The toolkit employs a Rust loader and Chacha20 encrypted NIM payload to establish stealthy DNS-based reverse shells, using persistence techniques like DLL hijacking and startup shortcuts. Its anti-forensic measures and living-off-the-land tactics make detection and attribution challenging, underscoring the industrialization of cybercrime and the urgent need for proactive defense strategies.
UK's NHS Appeals for Blood Donors Amid Cybersecurity Challenges
The UK's National Health Service (NHS) has issued an urgent appeal for 1 million blood donors due to critically low national blood supplies, particularly for O negative blood. This shortage follows a 2023 ransomware attack on pathology provider Synovus, which disrupted services and forced hospitals to rely heavily on O-type blood, thereby straining the supply chain. The NHS is specifically seeking O negative donors and those of Black heritage, essential for treating conditions like sickle cell disease. The Synovus breach impacted over 900,000 patients, exposing sensitive medical data, including cancer and STI records. Despite legal obligations to notify those affected, many remain uninformed. The NHS warns that without immediate donor support, the system risks entering a red alert state, jeopardizing patient care and public safety.

2. In-Depth Interview: Protecting Digital Privacy with Arjun Bhatnagar, CEO of Cloaked

A prominent segment of this episode features David Moulton, host of the Threat Vector podcast, engaging in a comprehensive discussion with Arjun Bhatnagar, CEO and co-founder of Cloaked, about the escalating urgency of digital privacy in today's interconnected world.

Arjun Bhatnagar's Journey to Privacy Advocacy

Arjun shares his personal journey, detailing how his passion for privacy was ignited during the COVID-19 pandemic. In 2020, driven by curiosity about his own data, he embarked on a project to create an AI data box to monitor and analyze his health and personal information. This involved integrating various data sources, including Google Calendar, Facebook, iMessage, and health and financial data, into a centralized system. The AI began providing insights and recommendations, such as reminding him about missed workouts or suggesting lifestyle changes. A pivotal moment occurred when the AI autonomously engaged in a conversation with his then-girlfriend, revealing how interconnected and accessible his personal data had become without his explicit control. This realization propelled Arjun to found Cloaked, focusing on enhancing data ownership and privacy in the age of AI.

"I realized that I didn't own any of my own data and that we're headed into an AI future. It's going to be important to figure out what data ownership and privacy mean."
— Arjun Bhatnagar [16:21]

Demonstration of Cloaked's Capabilities

A highlight of the interview was Arjun's demonstration at South by Southwest (SXSW) in Austin, where he showcased Cloaked's tools by allowing the audience to call a phone number linked to their personal data. Attendees were astonished to hear their names, partial Social Security numbers, and other personal details revealed through a simple phone call, underscoring the vast amount of data accessible from seemingly innocuous information like a phone number.

"It's such a powerful tool because it's visceral. You feel it right then and there."
— Arjun Bhatnagar [24:58]

Password Management and Best Practices

The conversation then shifted to the topic of password security. Arjun emphasized the importance of using unique, strong passwords for different accounts and advocated for the adoption of password managers to alleviate the burden of managing multiple credentials. He criticized the conventional advice of complex passwords laden with symbols and instead promoted the use of longer passphrases that are both memorable and secure.

"A long password is actually much safer than a short one with a bunch of random symbols in it."
— Arjun Bhatnagar [19:07]

Arjun also highlighted the dangers of password reuse, explaining how compromising a single weak account can provide access to more critical services like banking or email, facilitating a cascade of security breaches.

"Password reuse is a big problem because I'm just going to find the weakest website that has not the best security, find that compromise, and use that to work my way to your Gmail or use your bank account."
— Arjun Bhatnagar [19:07]

Urgency of Data Privacy in the AI Era

Arjun stressed that as AI technologies advance and integrate deeper into daily life, the importance of data ownership and privacy becomes paramount. He pointed out that individuals must take proactive steps to control their personal information to prevent unauthorized access and misuse.

"If AI and big tech get into AI and my personal data, it's going to be crazy."
— Arjun Bhatnagar [16:21]

3. Leadership Update: FBI's Cyber Division Welcomes New Head

In a significant organizational update, the FBI's Cyber Division has appointed Brett Leatherman as the new Assistant Director, succeeding the retiring Brian Vorndren. Leatherman brings over 20 years of experience within the FBI, having served in various capacities from field offices to leading cyber operations. Most recently, he was the Deputy Assistant Director for Cyber Operations.

In a LinkedIn post, Leatherman expressed his gratitude for the opportunity and his commitment to disrupting cyber threats and supporting victims. Renowned for his collaborative and forward-looking approach, Leatherman aims to build upon Vorndren's legacy, which included modernizing the FBI's cyber strategy, disrupting hacking groups, and enhancing victim support mechanisms. The cybersecurity community is closely monitoring Leatherman's leadership, anticipating his efforts to make cybercrime more unsustainable through strategic initiatives and robust defense measures.

"I am grateful for the opportunity to lead and pledge to disrupt cyber threats and support victims."
— Brett Leatherman [Timestamp Unavailable]

Conclusion

This episode of CyberWire Daily offers a comprehensive overview of pressing cybersecurity issues, from significant data breaches and vulnerabilities to the evolving tactics of cybercriminal groups. The in-depth interview with Arjun Bhatnagar provides valuable insights into personal digital privacy and best practices for safeguarding personal information in an AI-driven era. Additionally, the leadership transition within the FBI's Cyber Division marks a pivotal moment for national cybersecurity strategies. For those seeking to stay informed on the latest in cybersecurity, this episode delivers critical information and expert perspectives essential for navigating the complex digital landscape.

For more detailed coverage and expert interviews, listen to the full episode of "Jedai Tricks, Human Risks" on the CyberWire Daily platform or your preferred podcast service.

Loading summary

Transcript13 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed Indeed Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored Jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed. Plus with Sponsored Jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indee indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need. An unsecured Chrome database exposes personal information of Canva creators A researcher brute forces Google phone numbers 50 day vulnerabilities in Salesforce industry cloud are uncovered. Librarian ghouls target Russian organizations with stealthy malware. SAP releases multiple security patches, including a critical fix for a Netweaver bug. Sensada Technologies confirms the theft of sensitive personal data during an April ransomware attack. Sentinel 1 warns of targeted cyber espionage attempts by China linked threat actors. Skitne gains traction amongst ransomware gangs. The UK's NHS issues an urgent appeal for blood donors on today's Threat Vector host David Moulton talks with Arjun Bhatnagar, CEO of Cloaked, about why protecting your digital privacy is more urgent than ever. And the FBI's Cyber Division welcomes a new leader. Hi, it's Tuesday, June 10th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us. A data breach exposed personal information from 571canva creators after a Russian AI firm My Jedi, left a Chrome database unsecured. The database used to train AI chatbots included survey responses detailing creators, professional and financial data posing phishing and competitive risks discovered by upguard. The breach highlights vulnerabilities in the fast growing AI supply chain where tools like Chroma are deployed rapidly without mature security practices. My Jedi secured the data within 24 hours of notification. This marks the first known Chroma related leak and underscores how the rush to adopt AI has sometimes outpaced safeguards, increasing the risk of misconfigurations and data exposure. A white hat hacker known as brutecat uncovered a flaw in Google's authentication process that exposed users phone numbers to brute force attacks. The exploit required only an email address and used Google's account recovery hints to deduce phone numbers enabling potential SIM swapping attacks. Brutecat bypassed protections using cloud services and Google Looker Studio, exploiting a non JavaScript recovery form and leveraging IPv6 to sidestep IP based rate limits by automating the process. Phone numbers could be cracked in seconds to minutes depending on the region. Despite the severity, Google awarded a modest $5,000 bounty, though they quickly patched the issue. The incident highlights the need for stronger safeguards in account recovery workflows and how overlooked legacy systems can create significant security risks. Security researchers at Appomni uncovered five zero day vulnerabilities and 15 serious misconfigurations in Salesforce Industry Cloud, potentially impacting tens of thousands of organizations. Salesforce Industry Cloud offers low code tools tailored for sectors like healthcare, finance and government, but its ease of use can lead to risky default settings. Three of the five flaws were fixed by Salesforce directly, while two require customer action. The remaining issues stem from common misconfiguration traps often caused by non technical users unknowingly applying insecure access settings. These missteps could lead to major data breaches including exposure of sensitive health or financial data, App Omni's scans show. These risks are widespread among industry cloud users, raising serious concerns about security in low code enterprise platforms designed for speed and simplicity. The Librarian Ghouls Apt group, also known as Rare Werewolf or Rezit, has been actively targeting Russian and CIS organizations through a stealthy and persistent malware campaign extending into May of this year. This group leverages legitimate third party software, PowerShell scripts and phishing emails to avoid detection. Victims receive password protected archives containing fake business documents, initiating a multi stage attack that installs legitimate looking tools like 4T Tray Minimizer to conceal activity once infected. Systems are exploited for credential theft, data exfiltration and cryptocurrency mining. Targets include industrial and educational institutions suggesting an intent to steal intellectual property. The campaign uses scheduled tasks Anydesk for remote access and disables security tools to ensure persistence. Hundreds have been affected by highlighting the group's sophisticated social engineering and technical execution. SAP released 14 security patches in its June 2025 Security Patch Day, including a critical fix for a Netweaver bug rated 9.6 on the CBSS scale. The flaw allows privilege escalation through a missing authorization check in the RFC framework. Onapsis warns it could severely impact application integrity and availability. SAP also addressed five high severity and multiple medium and low severity flaws affecting various components. No active exploitation has been reported, but immediate patching is strongly recommended. Sensata Technologies confirmed that hackers accessed and stole sensitive personal data during a ransomware attack that disrupted operations in April. The attackers had access from March 28 through April 6 and exfiltrated files containing names, Social Security numbers, financial and health data likely belonging to employees. At least 362Maine residents are affected. The Massachusetts based firm, which supplies electrical components globally, hasn't appeared on any known ransomware leak sites and it remains unclear if a ransom was paid. Sentinel 1 is calling for greater industry transparency after revealing targeted cyber espionage attempts by China linked threat actors APT15 and APT41. The first campaign, Purple Haze, involved reconnaissance on Sentinel One servers and attacks using Avanti Zero Day Flaws and the Gore Shell backdoor. A second operation tied to APT41 aimed to infiltrate a SentinelOne supplier via Shadowpad malware in a suspected supply chain attack. These incidents highlight a growing Cybersecurity vendors are becoming direct targets. SentinelOne warns the industry to stay vigilant, citing a pattern of stealthy long term intrusions focused on high value infrastructure. Skitnet, also known as Boss Net, has rapidly become a favored tool among ransomware groups this year, notably Black Basta and Cactus. Marketed as a user friendly post exploitation toolkit, it gained traction following a takedown of major botnets like Quackbot, filling a gap in the cybercrime ecosystem. Distributed via underground forums like Ramp, Sketnet's Malware as a service model enables even low skilled actors to launch advanced attacks. Technically sophisticated, it uses a rust loader and Chacha 20 encrypted NIM payload to establish stealthy DNS based reverse shells. Its persistence techniques include DLL hijacking, startup shortcuts and use of tools like AnyDesk and PowerShell. The malware also features anti forensic measures, log wiping and living off the land tactics making detection and attribution difficult. Skitnet's rise underscores the growing industrialization of cybercrime and the need for proactive defense strategies. The UK's NHS has issued an urgent appeal for 1 million blood donors as national blood supplies remain critically low, especially for O negative blood, following a 2023 ransomware attack on pathology provider Synovus. The attack disrupted services, forcing hospitals to rely heavily on O type blood, leading to a fragile supply. The NHS is particularly seeking O negative donors and those of black heritage, crucial for treating conditions like sickle cell disease. Meanwhile, over 900,000 patients were impacted by the Synovus breach, which exposed sensitive medical data, including cancer and STI records. Despite legal obligations to notify affected individuals, many remain uninformed. The NHS warns that without immediate donor support, the system risks entering a red alert state where demand exceeds supply, threatening patient care and public safety. Coming Coming up after the break on today's Threat Vector, David Moulton speaks with Arjun Bhatnagar, CEO of Cloaked, about why protecting your digital privacy is more urgent than ever. And the FBI's Cyber Division welcomes a new leader. Stay with us.
[12:36]
David Moulton
Foreign.
[12:41]
Dave Bittner
Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. DeleteMe also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal. 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. And now a word from our sponsor, Threat Locker. Keeping your system secure shouldn't mean constantly reacting to threats. ThreatLocker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com on this week's Threat Vector segment, host David Moulton speaks with Arjun Bhatnagar, CEO of Cloaked. They're speaking about why protecting your digital privacy is more urgent than ever.
[14:55]
Arjun Bhatnagar
Hi, I'm David Moulton, host of the Threat Vector podcast, where we explore the evolving cybersecurity landscape and bring you insider insights into the threats and opportunities shaping the future of digital security. In our next episode, I sat down with Arjun Banagar, CEO and co founder of Cloaked and someone who's been hacking and building since he was 12 years old, to talk about something that we all take for granted, our privacy. Arjun shares how building an AI to track his own health data during the pandemic led to a much bigger discovery. Your phone number might be all someone needs to find your Social Security number, your home address, and your most personal details. That one data point could be the key to your entire digital identity. If you've ever wondered what a hacker sees when they look at your digital life, this is the episode that you can't afford to miss. Check it out wherever you get your podcasts. Arjun, you've been developing and hacking since you were, what, 10 years old? And then it was like the pandemic where your interest in or your journey to privacy really took off thanks to this, like, AI data box that you built for your own health. Can you take me back to that moment and walk us through how that experience sparked the idea for Cloaked?
[16:21]
David Moulton
Absolutely, and I'm excited to talk about it. It's been an interesting journey for me learning about privacy. I've always been privacy centric, but that moment really clarified for me what I really wanted to do. So back in 2020, I was really interested in my own data. What does my data look like? Where does it live? What's going on with it? Because I wanted to see if there's a way to correlate different things about me to make me feel better, understand what can I do better to ultimately be happier or minimize issues or kind of keep track of things around health that I should pay attention to. So I ended up getting a Mac Mini, putting in my apartment and I wrote integrations into everything about myself. Basic stuff like Google Calendar, my Facebook data, I hacked iMessage, my Google calendar, my health data, my eating data, my banking data, my GPS data, movement data. Everything about me I put in this box. And in that box as it's pulling everything, I started writing some crude models to start analyzing this data and telling me what's going on, what can I do about it and can you help me take some actions? And without me even realizing it very quickly, it started doing things. It said, hey, I noticed you missed your workout yesterday. Do15 push between these two meetings based on my spending habits. It said let's cut back on the alcohol and the Chinese food. But it hit me in the face one day when I was at lunch with somebody and I put my phone down end of lunch. I picked up my phone, realized my really crude AI had a full conversation with that then girlfriend. It told her I love you, it sent her memes and it did the entire conversation while I was eating. And I picked up my phone, realized holy cow, this is crazy. But I realized in that moment that I didn't own any of my own data and two that we're headed into some AI future. It's going to be important to figure out what data ownership my privacy means because if I can do this in my backyard type of thinking, well, when AI and big tech gets into AI and my personal data, it's going to be crazy.
[18:23]
Arjun Bhatnagar
Well, it wouldn't be a safe summer type of podcast if we didn't talk about passwords and the headache of passwords. We know we need them, but I know a lot of people struggle to manage them. I've used a password manager for years. I've tried to insist on that within the the area where I'm the the resident geek and as far out as I can. But just creating strong passwords isn't enough. You know, we need unique ones, we need different ones for different accounts. Can you talk about why it's worth the hassle to have unique passwords and why a password manager may be the right choice for a lot of folks who have maybe resisted it.
[19:08]
David Moulton
So I'll break this into a few different points around the password headaches. I totally get it and I'm a little contrarian here where their security professionals will just say you need complex individualized passwords to every service, full stop. But the problem is when you make that statement, it's a big leap from where people are today. So what I'd say is that how do you progressively get better link your passwords? I'd say people have heard of password managers and it's definitely a great tool. I'll get to that in a second. The real part is how do you think about passwords? One, we want to create the distinct nature and I'll explain why that's important when you have a password. If someone wants to compromise an individual and hack into their account, etc they're not going to necessarily try to hack into your bank account, your JP Morgan account, et cetera, because that account party probably is pretty secure. They have a lot of incidents. However, when you do use the same password, I'm going to go compromise the gene shop you bought gene from recently because their security might be weak and they're not investing in a massive security team to make sure your information is safe. But somebody might go find a compromise there or they might have been already compromised. And if you use the same password, well, somebody's just going to use that to then get into your bank account. And this is where password reuse is a big problem because I'm just going to find the weakest website that has not the best security, find that compromise, and then use that to work my way to your Gmail or use your bank account, primarily your Gmail or your Verizon or phone bill company, because I can use those to compromise other accounts and become the chain of attacks. So that's why password use is bad. But then what do you do about it? I'd say coming back to habits, having a habit around about passwords is really important. So what I would say is first off, thinking about the different types of passwords you want to have, that's the first way of approaching this. So for example, my computer password is unique to my computer and I do not use that anywhere else. So fundamentally and I do not use it anywhere online because it's offline my computer. And if you get into my computer, you basically have gotten the keys to the kingdom there. So that one is unique. I do then say for my bank account, my Gmail, my Apple, like these things have distinct passwords. And I, I'll tell you about kind of ways think about passwords in a second. But that that information of like these are very sensitive things that can compromise me. I make those distinct and then for asking into other accounts, I just create password habits to make them, to make them useful. Now I use password manager cloaked as my password manager. But I'd say that what I've always done is just following these rules coming into making a password. When people realize that it's a famous comic, that your password is teaching you 12 characters, a symbol and all that stuff, that's not the best password. A long password is actually much safer than a short one with a bunch of random symbols in it. You adding an extra dollar sign. Your password is not making it that much harder for someone to crack it. It's really the length of it is what makes it really hard. So in front of me, like I'm looking at things like I've got a napkin, a remote marker, and a cable. Napkin, remote marker, cable, one exclamation point. Great password. It's easy to remember and it's going to fit all the criteria and very hard to crack. And it should be. You make it easy to remember, but then also harder to compromise. That's how I do my passwords is to kind of have a pass phrase or system. Things that you can remember, but they're really hard to compromise.
[23:02]
Arjun Bhatnagar
At south by in Austin, you gave a demonstration where you asked the crowd to call a phone number that's part of Cloaked. And I have to say it was the best demonstration of software I'd seen because I lost count of the number of gasps from the crowd as people were listening to the message that came up. And they were hearing their name, they were hearing most of the Social Security number. They were hearing information about themselves. And I think it was really back to our opening conversation about how being able to see your data can change your behavior. In this case, you can hear what data is publicly available about you just from your phone number. I believe people left that demonstration with a different mindset about what they're going to give away and what they wanted to do to feel comfortable to operate in the modern world where data is just flowing out and if they wanted to control their privacy. So if you're out there and you're thinking, I got to see what this Dynamo is that RGB and gave or Dave's talking about that's on the website. And I gotta say, I recommend going and giving it a try. It was jaw dropping, man.
[24:15]
David Moulton
Well, I think this is. I'm glad you appreciated it. The demo is really focusing on the point that we know our data's out there, but we don't really understand the extent of how much that is. And we don't have any of this data they and all these companies are aggregating, selling, but it's so easy to find it. And I don't know if you want, I can share on this or we can point@cloak.com but it's such a powerful tool because it's visceral. And we made the phone number because, like, hey, just call it. No information needed. You know, to type anything. You feel it right then and there.
[24:58]
Arjun Bhatnagar
The episode is called A Hacker's Insights on youn Privacy. And it dropped June 5th. Catch it in your Threat Vector feed and find out what your phone number is really saying about you.
[25:16]
Dave Bittner
And of course, do check out the entire episode of Threat Vector right here on the N2K CyberWire network or wherever you get your favorite podcasts.
[25:28]
David Moulton
Foreign.
[25:39]
Dave Bittner
Compliance regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear. There is a better way. Vanta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger, yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com cyber and finally, the FBI's Cyber Division is welcoming a new leader. Brett Leatherman, a longtime FBI veteran with deep cyber expertise, will step in as Assistant director following Brian Vorndren's retirement. Leatherman brings more than 20 years of experience from field offices to leading cyber operations, and recently served as Deputy Assistant Director for Cyber operations. In a LinkedIn post, he expressed gratitude for the opportunity to lead pledging to disrupt cyber threats and support victims. Known for his collaborative, forward looking approach, Leatherman aims to build on the FBI's mission to make cybercrime unsustainable. He steps into big shoes Vorndrin helped modernize the FBI's cyber strategy, taking bold steps to disrupt hacking groups and boost victim support. The cyber community will be watching closely as Leatherman carries the torch forward with fidelity, bravery and integrity. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August this year. There's a link in the show Notes. Please take a moment and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing. To neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate darknet exposure report@spycloud.com cyberworld and see what attackers already know. That's spycloud.com cyberwire.