No rest for the patched. - CyberWire Daily

Summary7 min read

CyberWire Daily: "No Rest for the Patched" – February 20, 2025

Introduction

In the February 20, 2025 episode of CyberWire Daily titled "No Rest for the Patched," host Dave Bittner delivers a comprehensive overview of the latest developments in the cybersecurity landscape. The episode delves into significant threats like the Ghost ransomware, notable industry and governmental shifts, critical software vulnerabilities, and insightful discussions with Stephen Hilt, Senior Threat Researcher at Trend Micro. This summary encapsulates the key points, discussions, insights, and conclusions presented throughout the episode.

Key Cybersecurity News

Ghost Ransomware Breaches Over 70 Countries

Timestamp: [00:02]

CISA and the FBI have issued warnings about the Ghost ransomware, which has compromised organizations across more than 70 countries. This sophisticated ransomware targets sectors critical to infrastructure, including healthcare, government, education, technology, and manufacturing.

Key Details:
- Active Since 2021: Ghost exploits outdated vulnerabilities in software such as Fortinet, ColdFusion, and Exchange.
- Adaptive Tactics: The ransomware operators frequently modify their malware, ransom notes, and email contacts, complicating attribution efforts.
- Access Methods: Utilizes publicly available exploits to infiltrate systems.
- Defense Strategies: Emphasize regular backups, prompt patching, network segmentation, and phishing-resistant multi-factor authentication (MFA).
Notable Quote:

"Ghost ransomware operators frequently change their malware, ransom notes, and email contacts, making attribution difficult." – Dave Bittner [00:02]
Nomination of John Eisenberg to DOJ's National Security Division

Timestamp: [02:01]

Former Trump White House legal adviser John Eisenberg is slated to lead the Department of Justice's National Security Division. Eisenberg's role is pivotal in overseeing efforts against terrorism, cyber espionage, and foreign surveillance under FISA.

Key Points:
- Impeachment Role: Eisenberg was instrumental during Trump's first impeachment, managing the controversial Ukraine phone call.
- Cybersecurity Oversight: His leadership is expected to steer cybercrime investigations and address foreign cyber threats effectively.
- Policy Implications: His appointment signals potential shifts in cyber policy, with possible favoritism towards loyalists in national security roles.
- FISA Scrutiny: Eisenberg will likely navigate debates surrounding the renewal of FISA's Section 702, a crucial tool for foreign surveillance.
Appointment of Kate Arrington as DoD's Chief Information Security Officer

Timestamp: [08:16]

Kate Arrington, a Trump ally and former Department of Defense (DoD) cybersecurity official, has been named the new Chief Information Security Officer (CISO) at the Pentagon. Her return comes amidst unexpected circumstances, including prior suspensions and significant budget cuts.

Key Insights:
- Past Controversies: Arrington faced suspension in 2021 over disputed allegations of disclosing classified information.
- Budget Constraints: Current budget cuts threaten the advancement of cybersecurity initiatives like the Cybersecurity Maturity Model Certification (CMMC).
- Zero Trust Implementation: Her role is crucial in promoting Zero Trust security frameworks and enhancing cyber hygiene practices within the DoD.
Expert Opinion:

"Her role is critical in advancing Zero Trust security and ensuring stronger cyber hygiene practices, but funding and personnel shortages could limit progress." – Dave Bittner [08:16]
Emergence of Nalao Locker Ransomware Strain

Timestamp: [08:16]

A new ransomware variant, Nalao Locker, has emerged, specifically targeting European healthcare organizations. Active between June and October of the previous year, it exploited a Checkpoint security gateway vulnerability.

Key Characteristics:
- Encryption Method: Utilizes AES256CTRL for file encryption.
- Ransom Notes: Notably omits mentions of data theft, raising suspicions of potential false flags or state-sponsored activities.
- Attribution Speculations: Analysts consider possibilities ranging from espionage mixes to state-backed hackers seeking profit.
Critical Vulnerabilities in Ivanti Endpoint Manager

Timestamp: [12:49]

Horizon 3 AI discovered four critical vulnerabilities in Ivanti Endpoint Manager. Initially patched in January, these path traversal flaws allow unauthenticated attackers to compromise machine account credentials and perform relay attacks, potentially leading to server compromises.

Recommendations:
- Patch Installation: Organizations must apply the latest patches to mitigate these risks.
- Operational Impact: Attackers could gain domain admin privileges, compromising all connected EPM clients.
Microsoft Patches Power Pages Vulnerability

Timestamp: [12:49]

Microsoft has addressed a critical improper access control vulnerability in Power Pages, its low-code platform for business websites. This flaw, already exploited in attacks, enabled attackers to elevate privileges and bypass user registration controls.

Mitigation Measures:
- Automatic Mitigation: Microsoft has neutralized the issue without necessitating additional patch installations.
- Advisory Actions: Affected customers are advised to review their sites for signs of compromise.
- Recent Research: This patch follows studies revealing misconfigured Power Pages that exposed sensitive data.
NSA Updates Ghidra Reverse Engineering Tool

Timestamp: [12:49]

The NSA has released Ghidra 11.3, a significant update to its open-source software reverse engineering framework. Enhancements include advanced debugging features, faster emulation, and improved integrations tailored for cybersecurity professionals.

Key Enhancements:
- Kernel-Level Analysis Tools: Facilitates the analysis of sophisticated threats manipulating the kernel.
- Cross-Platform Debugging: Supports macOS via LLDB and improves Windows kernel analysis using Microsoft's EXDI framework.
- Collaborative Workflows: Enhances team-based malware and vulnerability analysis.
- Performance Upgrades: Replaces Eclipse-based tooling with Visual Studio Code integration and accelerates P-code emulation through JIT compilation.
US Army Soldier Admits to Leaking Private Call Records

Timestamp: [12:49]

Cameron John Waginius, a former U.S. Army soldier, has confessed to leaking private call records from AT&T and Verizon. Planning to plead guilty to two counts of unlawfully transferring confidential phone records without a plea deal, Waginius is suspected of operating under the alias Khyber Phantom.

Criminal Activities:
- Data Compromise: Allegedly breached at least 15 telecom firms, threatening to release U.S. government call logs.
- Extortion Scheme: Collaborated with Alexander Connor Mocha and John Bins to extort $2 million from companies like AT&T and Ticketmaster.
- Legal Consequences: Faces up to 20 years in prison, while co-conspirators await extradition on multiple fraud and hacking charges.

Interview with Stephen Hilt from Trend Micro

Timestamp: [12:49 - 24:04]

In an in-depth conversation, Stephen Hilt, Senior Threat Researcher at Trend Micro, explores the evolving dynamics of the English cyber underground market and recent trends in penetration testing.

Market Evolution and Trends:

Shift in Marketplace Goods: Since 2015, there's been a decline in the sale of drugs and weapons on English-speaking forums. Instead, "access as a service" now dominates, accounting for over 50% of observed threads.
Stable Crimeware: Demand for malware and counter-anti-virus (AV) solutions remains steady.
Influence of Law Enforcement: Increased actions against forums selling illicit goods have pushed criminals towards more resilient and multilingual platforms, often blending English with other languages to create interconnected ecosystems.

Notable Insight:

"Cybercriminals are using AI technologies to help create phishing content and to help bypass security measures..." – Kurt Hems [15:35]

Technological Advancements:

AI Utilization: Cybercriminals are integrating AI to enhance phishing efforts and evade detection. While media hype may exaggerate the role of AI, its application in crafting sophisticated phishing attacks is evident.
Communication Platforms: Platforms like Telegram have become pivotal for underground communications, offering more secure and harder-to-take-down channels compared to traditional forums.

Globalization of Cybercrime:

International Operations: Cybercriminal groups are increasingly global, seeking English-speaking individuals in jurisdictions with lenient cybercrime regulations.
Impact on Law Enforcement: The international nature of these groups complicates enforcement, necessitating a more standardized global approach to combat cyber threats effectively.

Predominant Goods and Services:

Access as a Service: The primary offering, enabling criminals to gain unauthorized access to systems.
Ransomware and Cryptocurrency Services: Including money laundering and converting illicit cryptocurrency gains into legitimate currency.

Takeaways:

Evolving Market: Cybercrime has transformed from scattered individual actors to organized, corporate-like entities with structured operations.
Need for Global Cooperation: Addressing cybercrime's international scope requires unified regulations and collaborative enforcement efforts.

Concluding Quote:

"Cybercrime is changing, especially with technology changing... from some people on the Internet to very large cyber criminal organizations best compared to being a corporation." – Kurt Hems [24:04]

Concluding Remarks

The episode "No Rest for the Patched" underscores the relentless evolution of cyber threats and the adaptive strategies of both attackers and defenders. From the pervasive Ghost ransomware to the intricate dynamics of the cyber underground, the discussions highlight the necessity for continuous vigilance, robust security measures, and international collaboration in combating cybercrime. Insights from experts like Stephen Hilt provide a deeper understanding of the shifting landscape, emphasizing that cyber threats remain a persistent and growing challenge for organizations worldwide.

Notable Quotes:

Dave Bittner on Ghost Ransomware:

"Ghost ransomware has breached organizations in over 70 countries targeting critical infrastructure..." [01:57]
Stephen Hilt on Cybercrime Evolution:

"Cybercrime has been more, you know, you have these different factions of it and it's grown from... to very large cyber criminal organizations that are best compared to being a corporation." [24:04]

For more detailed insights and the full transcript, listeners are encouraged to visit the CyberWire Daily show notes.

Credits

Host: Dave Bittner
Guest: Stephen Hilt, Senior Threat Researcher at Trend Micro
Producers: Alice Carruth (Senior Producer), Liz Stokes (Cyberwire Producer)
Executive Producer: Jennifer Ivan
Publisher: Peter Kilby
Mixed By: Trey Hester
Music and Sound Design: Elliot Peltzman

This summary was crafted to provide a comprehensive overview of the CyberWire Daily episode "No Rest for the Patched." For more information and updates, subscribe to the CyberWire Daily podcast.

Loading summary

Transcript27 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network, powered by N2K. Your business needs AI solutions that are not only ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact. Secure AI agents connect Prepare and automate your data workflows, helping you gain insights, receive alerts, and act with ease through guided apps tailored to your role. Data is hard. Domo is easy. Learn more@AI.domo.com that's AI.domo.com CISA and the FBI warn that Ghost ransomware has breached organizations in over 70 countries President Trump announces his pick to lead the DOJ's National Security Division. A new ransomware strain targets European healthcare organizations. Researchers uncover four critical vulnerabilities in Avanti Endpoint Manager. Microsoft has patched a critical Improper Access Control, Vulnerability and Power pages. The NSA updates its Ghidra reverse engineering tool. A former U.S. army soldier admits to leaking private call records. Our guest is Stephen Hilt, senior threat researcher at Trend Micro, Sharing the current state of the English cyber underground market and the pen testers Breach was simulated. Their arrest was not.
[01:58]
Stephen Hilt
Foreign.
[02:01]
Dave Bittner
February 20, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. Our Cyberwire team is at the Threat Locker Zero Trust World 25 Conference in Orlando, Florida. CISA and the FBI warn that Ghost ransomware has breached organizations in over 70 countries targeting critical infrastructure healthcare, government, education, technology and manufacturing. Active since 2021, Ghost exploits outdated software vulnerabilities, including Fortinet, ColdFusion, and Exchange flaws. Ghost ransomware operators frequently change their malware, ransom notes and email contacts, making attribution difficult. The group, also known as Kring, Cryptor, Phantom and others, uses publicly available exploits to infiltrate systems. Defensive measures include regular backups, prompt patching, network segmentation and phishing Resistant MFA Ghost attackers have previously used Mimikatz, Cobalt, Strike and Certutil to evade detection. The advisory provides indicators of compromise and tactics to help defenders mitigate threats. Fortinet users were repeatedly warned to patch vulnerabilities, but Ghost continues to exploit them. Former Trump White House legal adviser John Eisenberg is set to be nominated to lead the DOJ's National Security Division, which oversees terrorism, cyber espionage and FISA surveillance. Eisenberg was a key figure in Trump's first impeachment, handling the Ukraine phone call that sparked the inquiry. He reportedly ordered the call's recording into a classified system, though he denied it. Eisenberg's nomination is highly relevant to cybersecurity, as he would oversee cybercrime investigations and foreign cyber threats. The division plays a crucial role in combating nation state hackers, ransomware groups and espionage operations. He's also expected to face scrutiny over FISA's Section 702, a critical foreign surveillance tool under debate for renewal. With recent leadership shakeups in the division, Eisenberg's appointment signals Trump's intent to install loyalists in key national security roles ahead of potential cyber policy shifts. Meanwhile, Kate Arrington, a Trump ally and former DoD cybersecurity official, has been appointed as the Department of Defense chief information security officer. Her return to the Pentagon is unexpected given her 2021 suspension over allegations of disclosing classified information claims she disputes, arguing that Biden appointees forced her out due to her Trump ties. Arrington, previously a champion of the Cybersecurity Maturity Model certification program, now faces major budget cuts that could hinder cyber defense initiatives. With an 8% defense, budget, reduction concerns grow that cybersecurity programs may be deprioritized. Experts warn that staff cuts could threaten the implementation of cmmc, crucial for securing defense contractors. Her role is critical in advancing Zero Trust security and ensuring stronger cyber hygiene practices, but funding and personnel shortages could limit progress. A new ransomware strain, Nalao Locker, has been used in attacks against European healthcare organizations Between June and October of last year, the attackers exploited a Checkpoint security gateway vulnerability to gain access and deploy malware linked to Chinese state sponsored groups. Though relatively unsophisticated, Nail Locker Encrypts files with AES256CTRL and drops a ransom note without mentioning data theft. Analysts suggest this could be a false flag, a mix of espionage and extortion, or state backed hackers moonlighting for profit. A shift in Chinese cyber tactics. Horizon 3 AI has disclosed four critical vulnerabilities in Ivanti Endpoint Manager. These path traversal flaws, patched in January can be exploited by unauthenticated attackers to coerce machine account credentials, enabling relay attacks that could lead to server compromise. Attackers can use these flaws to gain domain admin privileges and compromise all connected EPM clients. Ivanti initially released a patch that caused issues followed by a second update. Organizations should install the latest fix to mitigate the risk. Microsoft has patched a critical improper access control vulnerability in Power Pages, its low code software, as a service platform for business websites. The flaw already exploited in attacks allows attackers to elevate privileges and bypass user registration controls. Microsoft automatically mitigated the issue and notified affected customers, advising them to review their sites for signs of compromise. No additional patch installation is needed. The company has not disclosed details on the attacks. This follows recent research on misconfigured power pages exposing sensitive data the NSA has released Ghidra 11.3, a major update to its open source software reverse engineering framework, introducing advanced debugging, faster emulation and improved integrations for cybersecurity professionals. Key enhancements include kernel level analysis tools, cross platform debugging, and collaborative workflows, making Ghidra even more effective for analyzing malware and vulnerabilities. The update enhances low level debugging with Trace RMI connectors, supports macOS kernel debugging via LLDB, and improves Windows kernel analysis using Microsoft's EXDI framework. This is crucial for reverse engineering advanced persistent threats that manipulate the kernel to evade detection. Ghidra 11.3 also replaces Eclipse based tooling with Visual Studio code integration, accelerates P code emulation via JIT compilation, and improves binary visualization and processor support. Security teams can now analyze modern cryptographic algorithms, IoT firmware, and complex malware more efficiently. US army soldier Cameron John Waginius has admitted to leaking private call records from AT and T and Verizon. He intends to plead guilty to two counts of unlawfully transferring confidential phone records without a plea deal. Prosecutors suspect Wiginius is Khyber Phantom, a hacker who allegedly compromised at least 15 telecom firms and threatened to leak US government call logs. Authorities also link Wiginius to a major extortion scheme involving stolen data from 150 snowflake cloud accounts. He was allegedly recruited by Alexander Connor Mocha and John Bins, who extorted $2 million from AT& T, Ticketmaster and others. After Bins arrest, Khyber Phantom threatened further leaks unless AT and T negotiated. Waginius faces up to 20 years in prison. Mouka and Bins, arrested in Canada and Turkey, await extradition on multiple fraud and hacking charges. Coming up after the break minute, my conversation with Stephen Hilt from Trend Micro. We're discussing the current state of the English cyber underground market and the pen tester's breach was simulated. Their arrest was not. Stay with us. Cyber threats are evolving every second, and staying ahead is more than just a challenge, It's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try delete me. I have to say, delete me is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your DeleteMe plan when you go to JoinDeleteMe.com N2K and use promotion promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.com n2k and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. Stephen Hilt is senior threat researcher at Trend Micro. I recently caught up with him to discuss the current state of the English cyber underground market.
[12:50]
Kurt Hems
So Trend micro actually since 2011 have now published 49 branches into where we look into the underground marketplaces. The last one, this one would have been the 48th publication. Since then there's been one more on the Spanish underground. But we just like to keep tabs on where the cyber criminal underground is going and, you know, everything just around the underground. So where we can help protect our customers and the Internet at large. Just kind of get a gauge of where everything is and what cybercriminals are trying to do.
[13:30]
Dave Bittner
Well, let's dig into some of the details here. I mean, in terms of operations and offerings, what are some of the significant changes you all have tracked?
[13:39]
Kurt Hems
Yeah, since 2015 was the first English underground, there actually has been a notable decline in the sales of drugs and weapons, specifically on English speaking forums. While access as a service is dominating. Over 50% of the threads that we observe are about access as a service. And crimeware is pretty, pretty stable there, where people are trying to buy malware, counter AV solutions, things like that as well.
[14:13]
Dave Bittner
What about the activity of law enforcement? Has that had a significant influence on what you're tracking here?
[14:18]
Kurt Hems
Yeah, so I think that's one of the big reasons why you see drugs and weapons decline is there has been a lot of action against Forums that are selling those types of things specifically and law enforcement action obviously has helped hinder those operations. However, with that said, every time we there's a forum takedown, just like this week or last week, there was cracked and null have been taken down or disrupted in some way and even then something's going to come in its replacement. But it's the trust factor that guides the criminals to where they're going and whether they use it and adopt it in mass. I mean we constantly see this after takedowns is there's a shift in migration of which one's going to become the next big underground marketplace or underground forum for criminals to converse at.
[15:17]
Dave Bittner
Yeah, I guess age old game of whack a mole?
[15:21]
Kurt Hems
Pretty much, yes.
[15:22]
Dave Bittner
Yeah. What about technological advancements? I mean obviously everybody's talking about AI these days. Has that, has the dynamic of that had an effect on these cybercriminal communities?
[15:35]
Kurt Hems
Absolutely. Cybercriminals are using AI technologies to help create phishing content and to help bypass security measures as well as other things where there's you know, been talk about criminal AI itself, which are AI technologies that criminals are trying to train to be more on the malicious sides that gets around the walls of information that they're trying not to prevent or prevent from people to get. Like you can't go to major AI platforms and ask it to create you malware. However the criminal ones would allow you to do that just off, you know, without any of those handbrakes or anything like that involved. So yeah, AI is definitely something we're seeing an uptake in. However, it's still kind of hyped out to where it's not what you know, the media sometimes is saying it is, but they are using it. And you can see it as specifically when they're talking about using it for fishing exercise. You know, phishing attempts to, to make a better use of English speaking in the cases of that. So it doesn't matter, doesn't matter where you came from. You can do a pretty good English translation with AI.
[16:58]
Dave Bittner
Yeah. One of the things that caught my eye in the report was this idea that some of these English speaking forums will converge with the non English speaking ones. Can you explain that to us?
[17:12]
Kurt Hems
Yeah. So the idea is that as we do more disruptions and more takedowns, you're seeing people move into other forums that become more multilingual. And that's definitely due to the intensified law enforcement actions that migrated into jurisdictions with more lenient regulations. The shift is led to blending English speaking forums with other Languages you'll see on what used to be typically a Russian forum, sometimes you'll see English threads with what appears to be a native English speaker, not a trying to converse and create. By doing that, they're trying to converse more broadly and creating a more diverse and interconnected cyber criminal ecosystem.
[18:05]
Dave Bittner
Yeah. What are the predominant goods and services that you're seeing these days on these forums?
[18:11]
Kurt Hems
As we mentioned earlier, Dave, access as a service is dominating for sure and we're seeing a lot of, a little bit of ransomware here and there. But cryptocurrency, money laundering services, cash outs to convert your services to convert illicit gains into legitimate currencies as example, that's a lot of what we're seeing is, you know, in the English forums, everyone wants their money and how to get it out from being a stolen or acquired cryptocurrency. How can I make that into real money?
[18:55]
Dave Bittner
One of the things the reports touches on is the use of various platforms, you things like Telegram. How has that changed the way that these folks communicate since the last time you tracked it almost a decade ago.
[19:10]
Kurt Hems
Yeah, so Telegram is definitely a new and rising platform of communication for the underground. From 2020, 2015, when we originally released the English speaking underground research. Yeah, it's grown significantly. That's a, a large part of it. There was a little shift last year. People are using other services such as talks and have migrated to signal channels as well. But Telegram is a very important piece to track of where people are communicating. And that's one of the big reasons why cyber criminals are utilizing Telegram is because it's a little harder to take down that communication, easier for them to just move it into new channels. And also they're moving into more secure communication channels, which then reduces the exposure of sensitive information, such as if they're talking about their bitcoin addresses or emails or anything like that before, if you put that in an open forum, somebody could grab that where in these little more private chats, you may go under the radar for a little bit longer.
[20:33]
Dave Bittner
Yeah, I guess it makes it a little more challenging for law enforcement.
[20:36]
Kurt Hems
Yeah, that's kind of the, as we mentioned earlier, the whack a mole approach. Every time you hit the mole, the mole gets a little bit better at hiding itself.
[20:47]
Dave Bittner
Right, right. What about globalization? I mean these are English speaking forums, but it seems to me like, you know, when we see takedowns, they are international efforts. Is the globalization of these groups a growing concern?
[21:05]
Kurt Hems
Yeah, the globalization of groups does provide more of a concern. You'll actually see Some of this in cybercrime forums where they're actually trying to find English speaking people and they're well known that they're out of that country. They're trying to get somebody who speaks English to do the crime for them in that jurisdiction. They actually sometimes will go after teenagers trying to get them because they know that their crime is more leniently punished. And then once they hit 18, you know, then crimes become real, especially in the United States. Not real, but more penalized. So cyber criminals are increasingly operating in jurisdictions with more lenient regulations and then they create a diverse interconnected network of criminals. This tends to underscore the need for global approach to combat cybercrime and have more standardized regulations. You know, you can't, it's very hard for people to go after, you know, known criminals in that are orchestrating these crimes that are in areas where their regulations are a lot more lenient towards cybercrime.
[22:31]
Dave Bittner
What are the take homes for you from this report? What do you hope that folks get out of it from reading that?
[22:37]
Kurt Hems
It's an evolving market. The, the marketplace is ever evolving. Cybercrime is changing, especially with technology changing and you know, what was relevant 15 years ago or 10 years ago, you know, from 2011 to today, things have evolved, except for the one thing that hasn't really evolved is cyber crime itself is something that criminals are going to do. It has evolved to the point where cybercrime has been more, you know, you have these different factions of it and it's grown from, you know, just some people on the Internet and you know, little tiny groups here and there causing problems to very large cyber criminal organizations that are best compared to being a corporation. They'll have, you know, in ransomware groups, they have them, you know, employee of the month and HR groups and you know, how to handle with onboarding and offboarding. And it's not just, you know, you know, people just out there trying to make a little bit of money. It's people trying to make a mass amount of money trying to do crime and trying to harm people, you know, for whatever, for their own personal gains.
[24:05]
Dave Bittner
That's Stephen Hilt from Trend Micro. We'll have a link to their research in our show notes. And now a message from our sponsor. Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs. Yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools Expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools, It's time to rethink your security. Zscaler Zero Trust AI stops attackers by hiding your attack surface, making apps and IPs invisible eliminating lateral movement Connecting users only to specific apps, not the entire network Continuously verifying every request based on identity and context Simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more@zscaler.com Security.
[25:41]
Stephen Hilt
Imagine what's possible when learning doesn't get in the way of life at Capella University. Our game changing flexpath learning format lets you set your own deadline so you can learn at a time and pace that works for you. It's an education you can tailor to your schedule. That means you don't have to put your life on hold to pursue your professional goals. Instead, enjoy learning your way and earn your degree without missing a beat. A different future is closer than you think with Capella University. Learn more@capella.edu.
[26:16]
Dave Bittner
And finally, two penetration testers from Threat Spike Labs learned the hard way that miscommunication can be more dangerous than actual hacking. During a simulated breach at a corporate office in Malta, the duo successfully gained unauthorized access, stole a master keycard, and retrieved sensitive data, all part of an approved security assessment. But then things took a turn. The general manager who authorized the test panicked and called the police, convinced that real criminals were at work despite waiving their authorization documents. Like a backstage pass at a concert, the testers were arrested and hauled in for questioning. Later, Kurt Hems reflected on the experience, saying, penetration tests don't always end with a report. Sometimes they end with flashing lights and handcuffs. Lesson learned. Tell law enforcement about security tests before they happen. Ironically, the security test worked. The company's response was swift, even if it resulted in unnecessary arrests. And that's the Cyber Wire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. Were mixed by Trey Hester with original music and sound design by Elliot Peltzman Our executive producer is Jennifer Ivan. Peter Kilby is our publisher. And I, Dave Bittner. Thanks for listening. We'll see you back here tomorrow.