Orange you glad you didn't fall for this?

Dave Bittner

You're listening to the Cyberwire network, powered by N2K.

Lauren Buetta

Hey, everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K. A hacker claims to have stolen internal documents from a major French telecommunications company. A security breach hits Russia's financial sector. Cyber attacks targeting ICS and OT surged dramatically last year. Chinese group Silver Fox is spoofing medical software. The UK's Home Office's new vulnerability reporting policy risks prosecuting ethical hackers. Hackers. Ransomware actors are shifting away from encryption. A sophisticated macOS malware campaign is distributing. Poseidon Stealer, the light spy surveillance framework evolves into a cross platform espionage tool. A Chinese botnet is targeting Microsoft 365 accounts using password spraying attacks. Our guest today is Lauren Buetta, founder and CEO at Girl Security, discussing mentoring and intergenerational strategies. And there may be a back door in your front door. It's Tuesday, February 25th, 2025. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us here once again today. It is great as always to have you with us. A hacker going by the name Ray claims to have stolen 6.5 gigabytes of internal documents from Orange Group, a major French telecommunications company and digital services provider primarily affecting its Romanian branch. The breach exposed 380,000 unique email addresses, customer and employee data, invoices, contracts and partial payment card details. Ray, a member of the Hellcat ransomware group, says they accessed Orange's systems for over a month using compromise credentials and vulnerabilities in JIRA software. After exfiltrating data for three hours undetected. They attempted to extort Orange but were ignored. Orange confirmed the breach affected a non critical back office application, stating that customer operations were unaffected. The company is investigating and working with authorities. Ray denies that this was a Hellcat operation, though the group has previously targeted Schneider Electric and Telefonica. Russia's national coordination center for computer incidents, has warned the country's financial sector about a security breach at lanit, a major IT service provider. Lanit, Russia's largest system integrator, serves key government agencies, including the Ministry of Defense and military industrial complex firms like Rostec. The attack, which occurred on February 21, affected two subsidiaries, both specializing in banking technology, ATMs and payment systems. The breach could have serious implications for Russia's banking infrastructure. Authorities have not disclosed the attack's origin, method or impact, but the incident suggests a potential supply chain compromise rather than a typical DDoS attack on banks. Cyberattacks targeting industrial control systems and operational technology surged dramatically by 87% in 2024, according to Cybersecurity firm Dragos. Ransomware attacks on industrial infrastructure also increased by 60%, reflecting heightened geopolitical tensions involving conflicts like Russia, Ukraine and China. Taiwan experts warn that state sponsored groups such as China's Volt Typhoon are infiltrating critical infrastructure, preparing potential future disruptions. Volt Typhoon has notably identified strategic US targets, including power substations critical for military deployments. Alarmingly non state cybercriminals are gaining ICS expertise through collaboration with state actors, broadening attack capabilities and risks to critical infrastructure. The shift threatens more frequent, indiscriminate attacks as cybercriminal groups increasingly target industrial systems for financial or disruptive objectives. A Chinese government backed hacking group, Silver Fox, is spoofing medical software to infect hospital patients, computers with backdoors, keyloggers and crypto miners, according to forescout's Videri Labs. The malware mimics Philips dicom image viewers and other healthcare applications, tricking victims into installing Valleyrat, a remote access tool. The attack uses PowerShell commands to evade detection and downloads encrypted payloads from Alibaba cloud while targeting individuals. The malware could spread into hospital networks through infected patient devices, posing a major cybersecurity risk to healthcare organizations. The UK Home Office's new vulnerability reporting policy risks prosecuting ethical hackers even if they follow its guidelines due to the Computer Misuse act of 1990. Unlike the Ministry of Defense, which assures researchers they won't face prosecution, the Home Office offers no such protections, leaving them vulnerable to legal action. The Cyber up campaign warns that the outdated CMA criminalizes all unauthorized access, discouraging responsible disclosure. While other countries have modernized laws to protect researchers, critics worry the UK's delay is harming cybersecurity resilience. Ransomware actors are shifting away from encryption, with 80% of attacks in 2024 focusing solely on data exfiltration, which is 34% faster, according to ReliaQuest's annual cyber threat Report. Attackers achieve lateral movement in as little as 27 minutes, leaving defenders little time to respond. Service accounts were compromised in 85% of breaches, often due to poor security management. Insufficient logging was the top cause of breaches, while legitimate remote access tools were used in two thirds of critical intrusions, ReliaQuest advises. AI driven security better monitoring VPN security and rapid vulnerability patching automation is now essential, they say, as attackers move faster than ever. A sophisticated macOS malware campaign is distributing Poseidon Stealer via a fake Deepseek AI website, according to cybersecurity researchers. The malware bypasses macOS Gatekeeper and harvests sensitive data including browser credentials, cryptocurrency wallets and system keychains. Attackers use malvertising to lure victims to a counterfeit site delivering a malicious DMG file. Poseidon employs anti analysis techniques and exfiltrates stolen data via curl post requests. Security experts recommend restricting OSA script execution using next generation antivirus and educating users on terminal based threats to mitigate the risk. Meanwhile, a privilege escalation vulnerability in Parallel's desktop remains unpatched with two exploits publicly disclosed allowing attackers to gain root access on Macs. Security researcher Mickey Ginn bypassed Parallel's previous fix for a flaw stemming from missing code signals signature verification. Despite seven months of warnings, Parallels has not addressed the issue, leaving all known versions vulnerable. Gin urges users to take proactive security measures as attackers could exploit this in the wild. The Light Spy Surveillance framework has evolved into a cross platform espionage tool, now supporting over 100 commands to infiltrate Android, iOS, Windows, macOS, Linux and routers, according to new research. Originally targeting messaging apps, it now focuses on stealing Facebook and Instagram database files, exposing private messages, contacts and metadata. LightSpy also uses malicious plugins for keystroke logging, screen capture and USB monitoring. The framework's multi OS reach and advanced evasion tactics pose a significant cyber espionage threat, requiring behavior based detection strategies for effective defense. A Chinese botnet with over 130,000 compromised devices is targeting Microsoft 365 accounts using password spraying attacks that bypass multi factor authentication, according to Security Scorecard the botnet exploits non interactive sign ins which often go unnoticed in security logs, allowing attackers to access emails, documents and collaboration tools. The campaign, linked to Chinese infrastructure, poses a major threat to financial, healthcare, government and tech sectors. Attackers also risk business disruption by triggering account lockouts. Security teams should monitor non interactive sign in logs to detect this evolving attack. CISA has added an Oracle Agile PLM flaw to its known exploited vulnerabilities catalog. The high severity deserialization vulnerability, patched in January, allows low privileged attackers to execute arbitrary code. While no public reports confirm active exploitation, experts believe attackers likely use it post initial access. Oracle vulnerabilities, particularly weblogic flaws, remain frequent attack targets. Coming up after the break, my conversation with Lauren Buetta from Girl Security. We're discussing mentoring and intergenerational strategies and there may be a back door in your front door. Stay with us. And now a message from our sponsor Zscaler, the leader in cloud security Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue to rise by an 18% year over year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement Connecting users only to specific apps, not the entire network continuously verifying every request based on identity and context simplifying security management with AI powered automation and detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more at Zscaler.com Security Cyber threats are more sophisticated than ever. Passwords. They're outdated and can be cracked in a minute. Cybercriminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door, the login Yubico believes the future is passwordless. Yubikeys offer unparalleled protection against phishing for individuals, SMBs and enterprises. They deliver a fast, frictionless experience that users love. Yubico is offering N2K followers a limited buy one, get one offer. Visit yubico.com N2K to unlock this deal. That's Yubico. Say no to modern cyber threats. Upgrade your security today. Lauren Buetta is founder and CEO at Girl Security I recently caught up with her for insights on mentoring and intergenerational strategies.

Dave Bittner

Girl Security is working to advance girls and young women in the national security sector through skills based learning, mentorship and professional advancement. Central to our mission is an emphasis on educating girls about how technology is applied within the national security context. And in addition to that work, we also create outcomes and products for the entire security sector that can uplift the entire community as well.

Lauren Buetta

Well, can you give us some examples here?

Dave Bittner

So, for example, through an initiative that we launched about two years ago called the All Secure alliance, which is a group of industry leaders, we've honed in on a number of gaps within the security sector, specifically around building an intergenerational workforce where we see an opportunity for action. So for example, we created the first reverse mentorship toolkit that can be used within the security sector, but really by any industry. And the idea is to sort of flip the traditional mentorship model where you have junior people sort of mentoring up senior people. And we do that as a way to capture the sort of informal knowledge transfer that occurs between, among professionals in an intergenerational workforce. It's a really popular toolkit that we've had a lot of really positive feedback on. And then we're working on a second tool which is designed to capture knowledge primarily from senior security leaders that can help shape new decision making models for early entry career people.

Lauren Buetta

Well, help me understand the intergenerational thing where you have, you know, mid level folks informing folks who may be higher up, what, what are the sorts of knowledge that they're looking to transfer there?

Dave Bittner

Yeah, it's a great question. I mean, some of it, honestly, Dave, is just the technical knowledge that digital native generations bring into the workforce. You know, obviously using AI within the workplace is becoming increasingly popular. So there is that technical exchange of having younger people mentor up senior people on how to use those technologies. Also, younger people's educational experiences are different, perhaps more robust in certain sectors, certainly within cybersecurity, where they have a lot more training available, a lot more sort of formalized training, personalized training than other generations have had. So there's that sort of knowledge transfer that can occur as well between younger people in the workplace mentoring up, where they're actively sharing lessons around leadership, project management, communications that senior leaders just didn't have access to or don't have the bandwidth to continuously sort of upscale themselves in. And it's a efficient way of sort of building an ecosystem of mentorship and learning.

Lauren Buetta

Well, give us a little status report here. I mean, These are challenging times for an organization such as yours, I would imagine. How's it going?

Dave Bittner

I would say one of the benefits that we've really never taken for granted at Girl Security is that the demands for our programming have always been high. We have consistently held a wait list over the last six years. In theory, we would love to be an organization that says we're going to reach X number of girls by X year, but that's just not our model. We're really focused on supporting targeted communities of girls and young women and gender minority youth and showing through impact that securing pathways opportunities for them. And so the demand has always been high. The capacity is, you know, we always want to be bigger, we always want to be able to do more. And I think given the current moment, we're just seeing a further influx in interest and demand for the programs. So I think from a nonprofit perspective, our challenge, which is not necessarily new, is how do we leverage systems and the communities of people we serve to design for certain efficiencies? We may need to support as many people as we can.

Lauren Buetta

And what is the on ramp like for the young women who are looking to take advantage of the program? First of all, what age do are you looking for?

Dave Bittner

Yeah, absolutely. So our workforce training program starts as early as 16, 17 years old. We have two tracks. We have high school based after school national security clinics and we have a virtual access option. And that is a very robust 15 week workforce training program led by a diverse cohort of women and men and national security that touches on things like structured analytics, you know, economics and budgeting and finance with a balance of professional development skills around communications, networking, you know, job security, you know, job searching as well as, you know, basic things like building a LinkedIn profile and resume. So that program supports about 300 fellows every year. And that's primarily targeted with high school. We do have a small percentage of college students as well. And then our mentoring program is sort of what I describe as an overlay. It should catch as many people as we can because it's our flagship program and it's a low, like low operational output, high impact. And we're supporting about a thousand mentoring relationships every year, and that's ages 14 through 26. And those programs sort of work in concert with each other because we want to see participants come into the workforce training program and complete it. And then they can stay in the mentoring program until they're well into their career. And then if the model works as it has, they then pay back to the organization so it becomes this really dynamic, diffusive network of girls and women in security.

Lauren Buetta

And how do you measure success?

Dave Bittner

Oh, through all sorts of different tools and tricks that we've created. We do a lot of surveying and analysis through all across all of our programs, we're surveying people constantly. We're always evaluating just the programs themselves through for the workforce, program skills and core competencies, measuring levels of proficiency before and after, getting dynamic feedback from employers and other partners who end up supporting participants in our program retention and RE engagement rates, which are very high. We just had our annual survey, and both our satisfaction, referral, retention, re engagement is all above 90%. Actually, probably closer to 97%. And then in terms of placement into pathways for both programs, we're at about 87%. So that means that someone who's gone through our program has secured an opportunity in the security space. I mean, we'd always love to get that up into the 90s as well, but, you know, we're happy with those numbers.

Lauren Buetta

Yeah. So it's a passing grade, right?

Dave Bittner

Yes, I guess so. I don't know. My son tells me all kinds of things about grades, score, you know, scoring now, and I'm. I feel like I'm in the dark on purpose.

Lauren Buetta

No, I'm with you.

Dave Bittner

I'm with you.

Lauren Buetta

In terms of the mentors themselves, I mean, what's an ideal candidate for someone who wants to give back here?

Dave Bittner

Oh, I love that question. Because our mentors represent all ages, and in fact, we usually try to pair the youngest mentees with a younger mentor just because their experiences and education and culture will just be closer. You know, they'll. They'll. They'll identify more closely together. But our mentors are across the public and private sectors. Academia, national labs, stem, civil society. We're really just looking for people who have an understanding of what the security sector looks like, believes in the power of engaging young people in the sector and the promise of their contributions, and really someone who's a great listener, because I feel like mentorship is oftentimes less about talking and more about listening and trying to give really targeted responses to questions that young people encounter on a regular basis. So we just have such a fantastic mentoring community, and we're very fortunate.

Lauren Buetta

Well, before I let you go, forgive me for perhaps putting you on the spot here, but is there a particular story that you'd like to share, a success story about a young woman who came through the program and has seen some success?

Dave Bittner

Yeah, I'd love to. There's one young woman from one of our Chicago clinics a young woman by the name of Araya who overcame a lot of obstacles and showed up at one of our summer fellowships. So our summer fellowships are sort of a multi day sort of awareness raising before the full on intensive workforce Fellowship program. And Araya came one summer and then she came the next summer and then she ended up enrolling in our workforce training program and completed that 15 week program. And then she decided to specialize in cybersecurity and received a scholarship to the University of Chicago where she is currently studying cybersecurity and is engaged in the program. Still, she helped us design and implement the first White House global convening of girls and women in cyber. She stays involved in the mentoring program as an alumni and is just off doing remarkable things. So she's a more recent but really powerful success story.

Lauren Buetta

Well Lauren, best wishes for all of your efforts here. My personal take is that the things that you're doing here are needed more than ever and I really appreciate you taking the time for us here today.

Dave Bittner

Thank you for having me and creating the space for this. I appreciate it.

Lauren Buetta

That's Lauren Buetta, founder and CEO at Girl Security. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. But get this, more than 8,8000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for a thousand dollars off. And finally, imagine if the key to your front door was published in the installation manual and no one bothered to change it. That's basically what's happening with Hirsch's enterphone mesh door access system. A security researcher, Eric Daigle, discovered that dozens of buildings across the US and Canada are still using the default unchangeable by design password. And yes, it's right there in the manual for anyone to find. Hersh's response. That's not a bug, it's a feature. The company insists that customers should have read the instructions and changed the password themselves. Many didn't. As a result, elevators office doors and even entire residential buildings are just a login away from unauthorized access. The flaw now officially has a CVE number, and It's a perfect 10 on the oh no scale. But Hirsch says they're not going to fix it. Instead, they emailed customers a polite reminder to read the manual. Rtfm, my friends. Rtfm. And that's the Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carouse. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Heltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now, a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home? Blackcloak's award winning digital executive protection platform secures their personal devices, home networks and connected lives. Because when executives are compromised at home, your company is at risk. In fact, over one third of new members discover they've already been breached. Protect your executives and their families 247365 with BlackCloak. Learn more at BlackCloak IO.