CyberWire Daily – "Prosper’s not so prosperous week."

Date: October 17, 2025
Host: Maria Varmazes (in for Dave Bittner)
Podcast Network: N2K Networks

Brief Overview

This episode of CyberWire Daily delivers a packed rundown of the week’s most consequential cybersecurity news and trends, including a major breach at Prosper affecting over 17 million accounts, evolving ransomware tactics targeting Microsoft Teams, rootkit deployments exploiting Cisco vulnerabilities, critical warnings for remote monitoring tool ConnectWise, a major Europol cybercrime bust, new North Korean threat actor strategies, and sweeping new content moderation laws in Singapore. The Industry Voices segment features Danny Jenkins, CEO and co-founder of ThreatLocker, who discusses the growing importance of Zero Trust in the age of AI-powered threats.

Key Discussion Points & Insights

Major News Stories & Analysis

1. Prosper Data Breach: Over 17 Million Accounts Affected

• Summary:
  Prosper, a financial services company, disclosed a significant data breach reported to have impacted 17.6 million accounts. According to Have I Been Pwned, exposed data includes social security numbers, names, government IDs, employment and credit status, addresses, and more.
• Impact:
  The breach is still under investigation. Prosper has not verified the precise numbers reported by Have I Been Pwned.
• Quote:

  “Prosper spokesperson told Bleeping Computer that the company ‘is not able to validate HaveIBeenPwned’s report, adding the investigation to determine what data was affected and to whom it belongs remains ongoing.” (03:10)

2. Microsoft Revokes Certificates in Rysida Ransomware Operation

• Summary:
  Microsoft revoked 200+ certificates used by “Vanilla Tempest” (financially motivated threat actor) to fraudulently sign malicious Teams installers and post-compromise tools, distributing the Oyster backdoor.
• Notable TTP:
  Attackers abused Trusted Signing, SSL.com, Digicert, and GlobalSign code signing services.
• Significance:
  Ransomware operators increasingly use legitimate signing tools to evade detection.

3. Cisco Vulnerability Exploited to Deploy Linux Rootkits ("Zero Disco")

• Summary:
  Trend Micro exposed attackers exploiting a Cisco SNMP vulnerability to deploy Linux rootkits, targeting legacy hardware including Cisco 9400, 9300, and 3750G devices.
• Detection Challenge:
  No universal tool exists to reliably detect these compromises.
• Guidance:

  “If you suspect a switch is affected, we recommend contacting Cisco TAC immediately and asking the vendor to assist with a low level investigation of firmware, ROM and boot regions.” (04:35)

4. Critical Vulnerabilities in ConnectWise Remote Monitoring

• Summary:
  Flaws allow unauthorized access, command execution, and privilege escalation.
• Risk:
  Exploiting such tools allows attackers broad and privileged access to client environments, making RMM platforms a "force multiplier" for attackers.
• Recommendations:
  Immediate patching, auditing privileges, and intensified log monitoring.

5. Europol Busts Cybercrime-as-a-Service SIMbox Ring

• Summary:
  Five Latvians were arrested for operating a service selling phone numbers used to create fake accounts for cybercrime. Authorities seized 1,200 SIMboxes and 40,000 active SIM cards.
• Broader Impact:
  Enabled scammers worldwide to establish accounts that obscured their identity and location.

6. North Korean Threat Actors Evolve Tactics (Beavertail & Otter Cookie)

• Summary:
  Cisco Talos and Google’s Threat Intelligence Group report a merger of modular malware strains “Beavertail” and “Otter Cookie.”
• Key Features:
  • Modular, evasive, and rapidly changing tactics
  • Job seekers targeted with trick loaders
  • Payloads for info-stealing, ransomware, and crypto theft
  • Use of AI to automate and obscure attacks
• Tactic:
  Attackers frequently rotate toolsets and servers to frustrate defenders.

7. Singapore Passes Broad Online Content Law

• Summary:
  New law gives the Infocom Media Development Authority authority to block “harmful” content and fine platforms up to 1 million SGD (~$740,000 USD). The state may order immediate removals and require proactive monitoring.
• Critics’ Concerns:
  Risk of overreach, vague definition of "harmful," and chilling effects on legitimate online discourse.

[Industry Voices] Defending Against AI with Zero Trust (11:40 – 23:10)

Guest: Danny Jenkins (CEO & Co-founder, ThreatLocker)

Interviewer: Dave Bittner

Theme: The importance and evolving implementation of Zero Trust in combating AI-fueled cyber threats.

Key Insights & Noteworthy Quotes

• Defining Zero Trust:

  “The idea of zero trust is to allow what is needed and block everything else, essentially least privilege.” – Danny Jenkins (12:08)

  • Applied to applications, only let necessary programs run and access the resources they require.

• Zero Trust: Usability Advances

  • Zero Trust used to be complex, especially for mature organizations with legacy environments.
  • Modern solutions and application learning now enable faster, less arduous deployments.

• Why AI Increases the Need for Zero Trust:

  “Anyone with a computer… can create malware. That malware has never been seen before. It’s very hard to determine if its intent is good or bad… Zero trust is so much more important because this unknown is going to be blocked by default.” – Danny Jenkins (13:24)

  • AI dramatically lowers the bar for malware creation and unique attacks.
  • Signature-based defenses lag behind; blocking by default is essential.

• AI-Enabled Social Engineering & Voice Fraud

  “It’s a lot easier for an attacker to send you a convincing email… Now every time you go into AI… it’ll write a really well crafted email… Even voice AI we’re seeing sometimes… simulating someone’s voice to call and say, can you run this on your machine?” (14:20)

• New Organizational Risks: Shadow AI Use

  • Employees unwittingly leaking company data into LLMs (large language models).
  • Organizations struggle to identify and control user interactions with public AI tools.

• Zero Trust as a Mindset, Not Just a Tool

  “Technology is a tool… the starting point… is not to buy the tool, but what do I want to achieve, how do I achieve it?… It’s not just about stopping untrusted software. It’s also about making sure your marketing team don’t have access to your source code.” (18:21)

  • Zero Trust is as much about organizational policy as technology.

• Anecdote: Ransomware and Network Segmentation Payoff

  “The entire business was encrypted… except one share. And that was the payroll share. And the reason the payroll share wasn’t encrypted was because someone… removed domain admin permissions from payroll.” (19:10)

  • Demonstrates how least privilege can prevent certain data loss even during extensive breaches.

• AI, Data Poisoning & False Sense of Security

  “AI is incredibly bad at detecting malicious intent… If you created a piece of malware, put it on the Internet, wrote a blog post about it… and then you asked AI to research that… it’s going to go to the one source on the Internet, which is the attacker’s source.” (17:05)

• Outlook: The Future of Security Is Least Privilege

  “Do we think MGM... didn’t have a SOC and some of the best detection tools in the world, and yet we saw them completely shut down from someone running a piece of malware... The future of security is about blocking first, setting controls, making sure people don't have access to more than they need to.” (21:01)

• Customer Perceptions & Education

  “Nearly 99% of our customers think this is going to be a complete disaster… always starting with fear and then always being pleasantly surprised that with the right tool set, the implementation doesn’t have to be.” (22:21)

Memorable Moments

• "Who Let the Bots Out?" – a recurring joke during the AI discussion.
• Anecdote of a ransomware attack where payroll data’s isolation (from lack of domain admin permissions) was the lone reason for its survival.
• Dave Bittner praises the Zero Trust World conference and live “Hacking Humans” show:

  “Just a tip of the hat, how much me and my crew enjoyed being at Zero Trust World last year in Florida...” (22:49)

Noteworthy Timestamps

• 02:01 - Main news rundown begins: Prosper breach, Microsoft ransomware ops, Cisco flaw, ConnectWise vulnerabilities, Europol bust, North Korean threat updates, Singapore law.
• 11:40 - [Industry Voices] Interview with Danny Jenkins (ThreatLocker) on Zero Trust & AI
• 12:08 - Jenkins defines Zero Trust
• 13:24 - AI’s impact on malware and defense needs
• 14:20 - AI-enabled social engineering & scamming
• 18:21 - Zero Trust as mindset not just technology
• 19:10 - Jenkins’ ransomware anecdote illustrating least privilege
• 21:01 - Jenkins' forecast on the future of Zero Trust and cyber defense

Final Feature Story

• Niantic’s AR Game "Peridot" Gets Chatty AI Pets (24:27)
  • Peridot’s virtual pets can now “talk” using AI, acting as companions and guides in augmented reality—highlighted as a demonstration of AI’s expansion into everyday interactive experiences.

Summary

This episode showcased the increasingly complex threat landscape—where AI supercharges criminal tactics, basic cyber hygiene still makes the difference in real-world incidents, and high-profile breaches demonstrate that even mature organizations aren’t immune. The deep dive with Danny Jenkins emphasized the shift toward Zero Trust as both a technical approach and organizational philosophy, especially in a world where AI lowers the barriers for novel and sophisticated attacks. The episode closes with a lighthearted glimpse into the AI-augmented future via Niantic’s new AR pet, reminding us that the boundary between security and technological wonder is ever-shifting.