Lights out, lines down. - CyberWire Daily

Summary6 min read

CyberWire Daily – Episode: "Lights Out, Lines Down"
Release Date: April 28, 2025
Host: Dave Bittner, N2K Networks

1. Major Cybersecurity Incidents

a. Massive Power Outage in the Iberian Peninsula

At approximately 12:30 PM local time, a significant power outage disrupted the Iberian Peninsula, affecting Spain, Portugal, southern France, and Andorra. The blackout resulted in Spain's power demand plummeting by half instantly, leading to a total grid failure. Critical infrastructure, including airports, metros, telecommunications, and traffic systems, experienced severe impacts.

Spain's Prime Minister, Pedro Sanchez, visited Red Electrica's control center to oversee emergency restoration efforts, primarily focusing on hydroelectric power as gas and nuclear sources remained offline. The region saw a substantial decline in internet traffic, dropping by nearly 37%. The Spanish Cybersecurity Coordination Office is investigating the incident, with authorities considering a cyberattack as the likely cause. This event underscores the escalating threat of cyberattacks on utility infrastructures, which have more than doubled globally in recent years.

Quote:

"[The outage] highlights growing concerns as cyberattacks on utilities have more than doubled globally in recent years."
— Dave Bittner [02:06]

b. Iran Repels Cyberattack on National Infrastructure

Iran announced the successful defense against a widespread and intricate cyberattack targeting its national infrastructure. Bezad Akbari from Iran's telecommunications infrastructure company provided limited details, noting no confirmed link to the deadly explosion at Rashid Rajeh port the previous day, which resulted in significant casualties. While maritime experts attribute the explosion to mishandled ballistic missile fuel, Iran maintains its stance amid tense nuclear negotiations with the U.S. The country has a history of facing major cyberattacks, often attributed to U.S. and Israeli forces.

c. SAP Netweaver Systems Vulnerable to Zero-Day Exploit

Security researchers from ReliaQuest discovered a critical zero-day vulnerability in approximately 454 SAP Netweaver systems. This flaw allows unauthenticated file uploads and complete system compromise by targeting the metadata uploader component. The vulnerability has already been weaponized, enabling attackers to deploy web shells through insufficient authorization checks. SAP released an emergency patch on April 24th, urging organizations to apply it immediately or use temporary passwords to mitigate the severe risks posed to exposed SAP environments.

d. Breach of VeraSource Services Exposes Personal Data

VeriSource Services disclosed a breach in 2024 that compromised the personal data of 4 million individuals associated with companies using its employee benefits platform. The exposed information includes names, birth dates, addresses, and Social Security numbers. Although the breach was quickly discovered, a comprehensive impact analysis took over a year, with final notifications issued in April 2025. While no misuse has been reported thus far, VeriSource is offering free credit monitoring to affected individuals. Experts warn that the prolonged exposure increases the risk of identity fraud and theft.

e. Surge in Global Automated Scanning Activities

According to the FortiGuard Labs 2025 Global Threat Landscape Report, global automated scanning activities increased by 16.7% in 2024, revealing significant digital vulnerabilities. Threat actors are conducting approximately 36,000 scans per second, targeting services such as SIP, RDP, and IoT protocols. Cybercrime marketplaces have introduced 40,000 new vulnerabilities and witnessed a 500% rise in infostealer malware logs, contributing to the theft of 1.7 billion credentials. Critical sectors like manufacturing and business services are increasingly under threat, with the U.S. absorbing 61% of these attacks. The report emphasizes the importance of intelligence-led defense strategies, including attack surface management, real-world adversary simulations, and dark web monitoring, to counter evolving cyber threats effectively.

Quote:

"Global automated scanning surged 16.7% in 2024, exposing major digital vulnerabilities."
— Dave Bittner [08:45]

2. Legal Developments

a. WhatsApp vs. NSO Group Trial

The ongoing lawsuit between WhatsApp and NSO Group has reached a critical phase. WhatsApp alleges that NSO Group engaged in unauthorized surveillance of approximately 1,400 of its users, violating the Computer Fraud and Abuse Act (CFAA) and invading privacy. NSO Group contends that it merely provides technology for governments to combat terrorism and crime, distancing itself from direct hacking activities.

This week, a significant ruling was issued, finding NSO Group guilty of the alleged misconduct. The judge imposed restrictions on NSO Group, preventing them from disclosing their clients' identities or the professions of the alleged victims. This decision undermines NSO Group's defense strategy of portraying themselves as facilitators for legitimate governmental actions. As a result, the trial is now expected to focus more on NSO Group's conduct rather than the actions of their clients.

Quote:

"NSO Group can no longer bring up who their clients are or the identities of the alleged victims."
— Tim Starks [14:34]

b. Appointment of New Deputy Director at CISA

Tim Starks highlighted the appointment of Gatumakala as the new Deputy Director at the Cybersecurity and Infrastructure Security Agency (CISA). Confirmed by CISA, Gatumakala will assume his role after transitioning from his current position in South Dakota's state government on May 16th. Unlike some previous appointments lacking extensive cybersecurity expertise, Gatumakala brings a robust technical background, enhancing CISA's leadership capabilities. His appointment is seen as a positive step towards strengthening the agency's cybersecurity initiatives.

3. Industry Insights and Trends

a. Rise of AI-Driven Cyber Threats

The integration of AI in cyberattacks has intensified phishing and credential stuffing campaigns. Tools like Fraud GPT leverage artificial intelligence to craft more convincing and targeted attacks, making them harder to detect and mitigate. Fortinet advocates for the adoption of real-time AI-powered security solutions to stay ahead of these sophisticated threats and prevent operational disruptions.

b. Shift Towards Continuous Penetration Testing

Traditional penetration testing has been criticized for being resource-intensive, slow, and providing only a snapshot of an application's security. Outpost 24 introduces a continuous penetration testing service, offering year-round protection through recurring manual tests conducted by Crest-certified testers. This approach ensures that web applications remain secure by proactively identifying and addressing vulnerabilities between development cycles.

Quote:

"Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities."
— Dave Bittner [00:02]

4. Expert Interviews

Tim Starks from Cyberscoop

Tim Starks, a senior reporter at Cyberscoop, provided in-depth analysis of the NSO Group trial and the proliferation of cyber threats fueled by bad scans and AI misconceptions. He discussed the implications of the recent court ruling against NSO Group, emphasizing the challenges the company faces in defending its role in providing surveillance technology. Starks also shed light on the appointment of Gatumakala at CISA, highlighting the importance of experienced leadership in combating emerging cyber threats.

Quote:

"This outage highlights growing concerns as cyberattacks on utilities have more than doubled globally in recent years."
— Tim Starks [02:06]

5. Conclusions and Takeaways

Escalating Threats to Critical Infrastructure: The recent power outage in the Iberian Peninsula and Iran's defense against cyberattacks underscore the increasing targeting of national infrastructure by sophisticated cyber adversaries.
Vulnerability Management is Crucial: The discovery of critical vulnerabilities in SAP Netweaver systems and the breach of VeraSource Services highlight the need for timely patching and robust security measures to protect sensitive data.
Legal Accountability in Cybersecurity: The WhatsApp vs. NSO Group case sets a precedent for holding technology providers accountable for the misuse of their tools, potentially reshaping the landscape of cybersecurity litigation.
Adoption of Advanced Security Strategies: As cyber threats evolve with AI advancements, organizations must embrace intelligence-led defense strategies and continuous security assessments to safeguard their assets effectively.
Leadership and Expertise Matter: The appointment of experienced individuals like Gatumakala to pivotal roles in agencies like CISA is essential for enhancing national cybersecurity resilience.

Notable Quotes:

"Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities." — Dave Bittner [00:02]
"Global automated scanning surged 16.7% in 2024, exposing major digital vulnerabilities." — Dave Bittner [08:45]
"NSO Group can no longer bring up who their clients are or the identities of the alleged victims." — Tim Starks [14:34]
"[The outage] highlights growing concerns as cyberattacks on utilities have more than doubled globally in recent years." — Dave Bittner [02:06]

Final Thoughts:
The "Lights Out, Lines Down" episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity landscape, highlighting significant incidents, legal battles, and emerging trends. With expert insights and in-depth analysis, listeners gain a nuanced understanding of the challenges and strategies essential for navigating the ever-evolving threat environment.

Loading summary

Transcript43 lines

[00:02]
Dave Bittner
You're listening to the CyberWire network. Powered by N2K, traditional pen testing is resource intensive, slow and expensive, providing only a point in time snapshot of your application's security, leaving it vulnerable between development cycles. Automated scanners alone are unreliable in detecting faults within application logic and critical vulnerabilities. Outpost 24's continuous pen testing as a service solution offers year round protection with recurring manual penetration testing conducted by Crest certified pen testers, allowing you to stay ahead of threats and ensure your web applications are always secure.
[01:05]
Tim Starks
A massive power outage strikes the Iberian Peninsula. Iran says it repelled a widespread and complex cyber attack targeting national infrastructure. Researchers find hundreds of SAP netweaver systems vulnerable to a critical zero day. A British retailer tells warehouse workers to stay home following a cyber attack. Verisource Services discloses a breach exposing personal data of 4 million individuals. Global automated scanning surged 16% in 2024. CISA discloses several critical vulnerabilities affecting Planet Technologies, industrial switches and network management products. A Greek court upholds a VPN provider's no logs policy. Law enforcement dismantles the Joker OTP phishing tool. Our guest is Tim Starks from cyberscoop with developments in the NSO Group trial and how bad scans and AI spread a scientific urban legend.
[02:06]
Unknown Guest
Foreign.
[02:12]
Tim Starks
28Th, 2025 I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us here today. We are coming to you live and on location from RSAC20 right here in beautiful San Francisco. The Moscone center is buzzing with the latest in cybersecurity innovation, critical discussions and of course a few caffeine fueled debates about AI quantum threats and how to finally get rid of passwords for good. We've got a packed week ahead with interviews from industry leaders, quick takes on major announcements and a look at the trends shaping the future of cyber defense. So whether you're joining us from the show floor or tuning in from afar, stick around. You don't want to miss what's coming up this week. Let's dive in. A massive power outage struck the Iberian Peninsula today, cutting electricity across Spain, Portugal and parts of southern France and Andorra. The blackout, which began around 12:30pm local time, caused Spain's power demand to collapse by half within moments. A total grid failure. Sources suggest a cyberattack is the likely cause of though authorities have not confirmed this critical infrastructure was severely impacted, including airports, metros, telecommunications and traffic systems. Spain's Prime Minister Pedro Sanchez visited Red Electrica's control center as emergency restoration efforts began focusing on hydroelectric power, while gas and nuclear power remained offline. Internet traffic dropped by nearly 37% across the region. The Spanish Cybersecurity Coordination Office is investigating, but officials warn it's too early to draw conclusions. This outage highlights growing concerns as cyberattacks on utilities have more than doubled globally in recent years. Recovery is expected to take time. Meanwhile, Iran says it repelled a widespread and complex cyber attack targeting national infrastructure, according to Bezad Akbari of the government's telecommunication infrastructure company. Few details were shared, and there's no confirmed link to a deadly explosion at Rashid Rajeh port the previous day, which killed 28 and injured 800. Maritime experts attribute the explosion to mishandled ballistic missile fuel, though Iran denies this. The incident comes amid tense nuclear negotiations between Iran and the us. Iran has faced several major cyber attacks in recent years, including ones on its fuel system and steel mills often blamed on US And Israeli forces. Without evidence, groups like Predatory Sparrow have claimed past attacks, raising suspicions of state backing due to the precision involved. Iran's officials continue to cite cyber threats as key national security concerns. Shadow servers found 454 SAP Netweaver systems vulnerable to a critical zero day flaw allowing unauthenticated file uploads and full system Compromise. Discovered by ReliaQuest in April. The bug targets the metadata uploader component and has already been weaponized in the wild. Attackers upload Web shells via a missing authorization check. SAP issued an emergency patch on April 24th. Organizations are urged to patch immediately or apply temporary passwords as the flaw poses a severe risk to exposed SAP environments. British retailer Marks and Spencer has told around 200 agency workers not to report to its main warehouses as it manages a growing cyber attack crisis. Online shopping remains paused, with Ms. Apologizing for the disruption but assuring customers that stores are still open. The incident, first disclosed last week, has already led to an 8% drop in Ms. Shares. The company says its internal team and external cyber experts are working urgently to restore online and app services. VeraSource Services disclosed that a 2024 breach exposed personal data of 4 million individuals tied to companies using its employee benefits platform. Stolen data includes names, birth dates, addresses and Social Security numbers. Although discovered quickly, full impact analysis took over a year, with final notifications issued this month. No misuse has been reported yet, but verisource is offering free credit monitoring. Security experts stress the prolonged exposure window raises heightened risks of identity fraud and theft. Global Automated scanning surged 16.7% in 2024, exposing major digital vulnerabilities, according to FortiGuard Labs 2025 Global Threat Landscape Report. The threat actors now execute 36,000 scans per second targeting services like SIP, RDP and IoT protocols. Cybercrime marketplaces added 40,000 new vulnerabilities and drove a 500% rise in infostealer malware logs contributing to 1.7 billion stolen credentials. Critical sectors like manufacturing and business services are increasingly targeted with the US absorbing 61% of attacks. AI driven threats such as fraud GPT are intensifying phishing and credential stuffing campaigns. Fortinet urges organizations to shift to intelligence led defense strategies emphasizing attack surface management, real world adversary simulation and dark web monitoring. Experts stress that real time AI powered security solutions are crucial to countering today's evolving cyber threats and preventing operational disruptions. Several critical vulnerabilities affecting Planet Technologies, industrial switches and network management products have been disclosed by cisa. The flaws allow remote unauthenticated attackers to gain admin access, create accounts and execute OS commands. Researcher Kevin Breen, who reported the issues, noted hundreds to thousands of exposed devices globally, including in critical manufacturing. Planet Technology patched the vulnerabilities this month and no active exploitation has been reported so far. Windscribe, a privacy focused VPN and cybersecurity provider, has scored a major legal victory as founder Igor Sack was acquitted by a Greek court. The case, triggered by the cyber incident involving a Windscribe server, could have set a dangerous global precedent by criminalizing infrastructure ownership. Thanks to Windscribe's strict no logs policy. The court found no evidence linking Mr. Sack or the company to any wrong. The ruling reaffirms that privacy providers cannot be held responsible for user actions when no data is collected. Windscribe, founded in 2016, remains a fierce defender of online freedom, vowing to resist any pressure to compromise user trust. Mr. Sack called the case a critical stand against government overreach, warning, today it's hacking, tomorrow it could be criticizing a dictator. Two men have been arrested in the UK and the Netherlands as part of a major international operation dismantling Joker otp, a phishing tool used to steal over seven and a half million pounds. The tool tricked victims into revealing two factor authentication codes by impersonating trusted institutions like banks and cryptocurrency platforms. Joker OTP was deployed in over 28,000 phishing attacks across 13 countries. The investigation, led by Cleveland police's Cybercrime unit and supported by Europol and the Dutch National Police, marks one of the UK's largest cyber fraud cases. The suspects, operating online as Spit and DePhone123 face charges including fraud, unauthorized access, money laundering and blackmail. Authorities have begun shutting down the infrastructure supporting Joker otp, warning users of the platform that further law enforcement actions are underway. Coming up after the break, Tim Starks from cyberscoop shares developments in the NSO Group trial and how bad scans and AI spread a scientific urban legend. Stay with us.
[11:51]
Dave Bittner
Let's be real. Navigating security compliance can feel like assembling Ikea furniture without the instructions. You know you need it, but it takes forever and you're never quite sure if you've done it right. That's where Vanta comes in. Vanta is a trust management platform that automates up to 90% of the work for frameworks like SoC2, ISO 27001 and HIPAA, getting you audit ready in weeks, not months. Whether you're a founder, an engineer, or managing it and security for the first time, Vanta helps you prove your security posture without taking over your Life. More than 10,000 companies, including names like Atlassian and Quora, are trust Vanta to monitor compliance, streamline risk, and speed up security reviews by up to five times and the roi. A recent IDC report found Vanta saves businesses over half a million dollars a year and pays for itself in just three months. For a limited time, you can get $1,000 off vanta@vanta.com cyber that's v a n t a dot com.
[13:03]
Unknown Guest
Foreign.
[13:12]
Tim Starks
Secure.
[13:13]
Dave Bittner
Access is crucial for US public sector missions, ensuring that only authorized users can access certain systems, networks or data. Are your defenses ready? Cisco's security service Edge delivers comprehensive protection for your network and users. Experience the power of zero trust and secure your workforce wherever they are. Elevate your security Strategy by visiting cisco.comgo.sse that's cisco.comgosse it is always my pleasure.
[14:00]
Tim Starks
To welcome back to the show Tim Starks, senior reporter at cyberscoop. Tim, welcome back.
[14:05]
Unknown Guest
It's always my pleasure to be back.
[14:07]
Tim Starks
Well, Tim, you recently had an article over on Cyberscoop about the WhatsApp vs. NSO group case.
[14:16]
Dave Bittner
Some of the legal ramblings that are going on there. Wranglings, I should say.
[14:21]
Tim Starks
Paging Dr. Freud. Wranglings, I should say. Bring us up to date here.
[14:29]
Dave Bittner
Well, I guess before we do, just.
[14:31]
Tim Starks
Briefly explain what the lawsuit between WhatsApp and NSO Group is all about.
[14:35]
Unknown Guest
Yeah, there's a couple different cases that are happening. Well, there's more than a couple, but there are a couple particularly big ones that have had some happenings of late. One of Them and I think the biggest of them, the biggest of all the lawsuits really against CNSO Group or any spyware maker for that matter is WhatsApp versus NSO group. And WhatsApp alleged and hearing that case that began several years ago that NSO Group is guilty for spying on something like 1,400 of its users, Innocent Group is saying that's illegal under the cfaa, the sorry Computer Fraud and Abuse act and some other reasons. Privacy invasive. NSO Group says essentially we're not the people who hack anyone. We're just the people who make the, and make the technology that hacks people. And there's the rub. So that's what the case is about. There was a hearing, or rather say an order that came that was handed down this week that was important to how things were going to proceed. So a judge said, we find NSO to be guilty of this behavior. So now they're in the damages phase, deciding how much anybody's going to get out of this. And so a ruling came down this week on what kind of evidence could be happening, what each side could enter when making their case. That's what the ruling was this most recent week.
[16:00]
Dave Bittner
Well, what is significant that NSO can no longer bring up.
[16:06]
Tim Starks
What are they restricted?
[16:09]
Unknown Guest
It's fairly penalizing just by my read. They can't talk about who their clients are. They can't talk about the professions or identities of the alleged victims. And those are pretty big. You know, one of the people I talked to for the story said this kind of goes to the strategy of, the basic fundamental strategy of what NSO Group was going to try to argue, which is, hey, we're, we're representing governments that are doing things that, to crack down on terrorists and criminals. And this really limits what they can argue on that front. There are some other limitations as well on the other side, but they're not as strict. And there were some restrictions I touched on in the story that go to both the plaintiff and the defendant in this case saying essentially, we're leaving reputational harm out of this entirely. We're just not going to get into it on both sides. So it's a really fascinating ruling. As someone who's been following the legal ramifications, the legal battles over spyware, it was a really fascinating ruling saying, hey, innocent group, you're going to try to say we're the good guys. We're not going to let you really say that. And one of the things that was interesting about the ruling is that the judge was really skeptical of NSO Greep's argument, they're saying, hey, look, we're the good guys. We're helping these people catch terrorists, but we can't actually say who the people we work for are. But also, we're the good guys. It was kind of this sort of circular argument that made it so that the judge said, look, you're just not gonna be able to do any of that. Like, you can't be saying, oh, we represent the good guys, but not say who the good guys are. And you can't say, oh, we don't know what they're doing, but we also know that they're doing good things. It was kind of a circular argument that the judge was like, nope, you're not gonna be able to do this.
[17:52]
Dave Bittner
So does this shift the focus of.
[17:54]
Tim Starks
The trial towards.
[17:57]
Dave Bittner
NSO group's conduct rather than their client's conduct?
[18:01]
Unknown Guest
Yeah, big time. I mean, one of the. One of the issues. One of the big issues involved in this case was how. How guilty is NSO group for the behavior of the people who use this technology? And. And this. This. This really makes it harder for them to say, you know, we're hands off. We're not. This isn't anything to do. We license. But the judge is basically putting them in a position of saying, you know, look, you are responsible. So now we're just. Now it's just coming down to how much damage are we going to award to the plaintiffs, because we've already found you responsible, and any of the arguments they might have used to mitigate that even, are somewhat restricted now.
[18:41]
Dave Bittner
All right, well, before I let you.
[18:43]
Tim Starks
Go, you also recently reported on a new, I guess, second in command over at cisa. Who do we have here?
[18:52]
Unknown Guest
Oh, no, I actually haven't said his name aloud. So I've got to.
[18:56]
Tim Starks
Oh, I see. Oh, I see a print guy on a podcast. The advantage is mine.
[19:04]
Unknown Guest
Okay. I'm gonna do my best, and I apologize. To the future. To the future. SISA number two, Gatumakala.
[19:12]
Tim Starks
I think that's pretty good.
[19:13]
Unknown Guest
I think that's pretty good. But I had not said it out loud because what's interesting is, you know, that they. This. Actually, this wasn't announced by CISA originally. It was announced by. By South Dakota. He's the former CIO and head of their, like, sort of technology division there, the state government. So a lot of this kind of, like, broke late Thursday that he was going to be the person. And I really just had email exchanges with anybody trying to figure out who he was and whether it was true. Cisa has confirmed he is in fact going to be the new deputy director. It's something that's probably a month or more away because he doesn't leave his job in the state position until May 16th. But he's someone who does have a tech background. You and I have talked about some of these appointments, some of these appointments from the Trump administration have not had much in the way of tech or cyber experience. He definitely does have that in multiple jobs. So he looks to be someone who isn't just hired just because. Although I'm sure it has a connection to the fact that he worked for Christian Ohm, who is now the Secretary of Department of Homeland Security and had been the South Dakota governor. So looks like a candidate coming in who has some experience, but we might not get him for more like a month.
[20:22]
Tim Starks
Okay.
[20:23]
Dave Bittner
All right. Well, progress underway, I suppose. And as they say, time will tell.
[20:28]
Unknown Guest
Time will tell. We say it often, you and I, Dave.
[20:31]
Tim Starks
We do. We do.
[20:33]
Dave Bittner
Because it's true.
[20:34]
Unknown Guest
Because it's true. That's why we do it. That's right.
[20:36]
Dave Bittner
That's right.
[20:37]
Tim Starks
All right. Tim Starks is senior reporter at cyberscoop.
[20:40]
Dave Bittner
Tim, thanks so much.
[20:41]
Unknown Guest
Thank you.
[20:58]
Dave Bittner
And now a word from our sponsor, ThreatLocker. Keeping your system secure shouldn't mean constantly reacting to threats. ThreatLocker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com.
[21:41]
Tim Starks
And finally, ever heard of vegetative electron microscopy? No. Good, because it's total nonsense. But thanks to a string of scanning errors, translation mixup, and a little AI mischief, this completely made up scientific term has wormed its way into real academic papers. It all started when 1950s research got poorly digitized, blending unrelated words into something that sounded impressive but meant absolutely nothing. Then, a tiny mistranslation in Farsi helped the error spread even further. Now large AI models, including GPT3 and GPT4, faithfully regurgitate the fake term as if it's a cornerstone of modern science. Researchers are calling it a digital fossil, a mistake now permanently trapped in the AI training ecosystem. And fixing it is next to impossible. So the next time someone drops vegetative electron microscopy in a paper, just know. Science, courtesy of AI sometimes makes stuff up, too. And that's the Cyberwire for links to all of today's stories, check out our daily briefing@thecyberwire.com we got a programming note. There's a special edition that explores the benefits of the cyber startup ecosystem with our partners at Microsoft. You can catch the details of it in our show notes and find it in your cyberwire daily Podcast feed in your favorite podcast app. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the Show Notes or send an email to cyberwire2k.com don't forget to check out the Grumpy Old Geeks podcast where I contribute to a regular segment on Jason and Brian Show Every week. You can find Grumpy Old Geeks where all the fine podcasts are listed. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.
[24:40]
Dave Bittner
And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's Holistic Identity Threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire.