SharePoint springs a leak. - CyberWire Daily

Summary8 min read

CyberWire Daily: "SharePoint Springs a Leak" – July 23, 2025

Hosted by N2K Networks

Introduction

In today's episode of CyberWire Daily, host Dave Bittner delves into a series of pressing cybersecurity issues, ranging from significant zero-day exploits affecting critical infrastructure to evolving ransomware threats and groundbreaking AI initiatives within the Department of Defense. The episode also features an insightful interview with Tim Starks from Cyberscoop, discussing recent UK sanctions on Russian cyber operatives.

Microsoft SharePoint Zero-Day Exploit

A major cybersecurity incident took center stage with the revelation of a zero-day exploit in Microsoft SharePoint, which has impacted over 50 organizations, including the National Nuclear Security Administration (NNSA).

Impact on NNSA: The NNSA, responsible for supplying nuclear reactors for US Navy submarines, was among the affected entities. According to Bloomberg, while multiple systems were breached, no classified data has been leaked. The Department of Energy attributed the limited impact to robust cybersecurity measures and the utilization of Microsoft 365 cloud services, leading to the restoration of the compromised systems.
Technical Details: The exploit is linked to two vulnerabilities unveiled during the Pwn to Own hacking contest. These vulnerabilities allowed attackers to gain remote access to SharePoint servers. Microsoft promptly issued patches for all affected versions.
Attribution: The breach is associated with Chinese state-affiliated actors, heightening concerns over foreign targeting of US critical infrastructure.

Congressional Hearing on Critical Infrastructure Security

A significant congressional hearing was held by the Homeland Security Subcommittee on Cybersecurity, commemorating 15 years since the Stuxnet worm discovery.

Expert Testimony: Journalist Kim Zetter, author of Countdown to Zero Day, provided a historical perspective, emphasizing the real-world implications of cyber-attacks on physical infrastructure.

Kim Zetter [03:57]: "Stuxnet was the first known case of malicious code designed to leap from the digital world to the physical realm, causing disruption and destruction of equipment and processes controlled by infected computers."
Robert M. Lee's Statement:

Robert M. Lee [04:55]: "We are not prepared for a major attack on our critical infrastructure. ... The results of continued failure could be catastrophic, including the loss of life."
Key Points:
- Operational Technology (OT) security remains inadequate, exposing sectors like water, energy, and transportation to ransomware, malware, and state-sponsored threats.
- Panelists advocated for the reauthorization of key laws such as the Cybersecurity Information Sharing Act and increased funding for state and local cybersecurity grants.
- Emphasis was placed on the necessity for federal guidance, public-private collaboration, and the development of OT-specific security strategies to prevent future catastrophic failures.

Healthcare and Critical Infrastructure Ransomware Threats

AMIOS Group Breach: On July 7, AMIOS Group, a major private healthcare provider in Central Europe, experienced a breach resulting in the shutdown of its digital systems across clinics in Switzerland, Germany, and Austria. While patient care remained unaffected, communications and data transmission were disrupted. The attack’s nature remains under investigation, with authorities alerting patients to potential phishing and scam threats.
FBI Warning on Interlock Ransomware: The FBI has issued warnings to healthcare and critical infrastructure providers about the Interlock ransomware group, active since late 2024. Interlock employs unconventional initial access methods such as drive-by downloads and fake browser updates. Notable targets include DaVita and a significant Ohio healthcare system. The group demands ransoms in Bitcoin and is suspected to be linked to the Raisita Group.

Dave Bittner [16:16]: "Interlock targets victims opportunistically and may be linked to the Raisita Group."

New York's Proposed Cybersecurity Regulations for Water Systems

New York State has introduced new cybersecurity regulations specifically targeting water and wastewater systems, accompanied by a $2.5 million grant program to aid compliance.

Regulatory Requirements:
- Systems serving over 3,300 residents must implement comprehensive cybersecurity programs, conduct regular risk assessments, report incidents within 24 hours, and train staff accordingly.
- Larger systems are mandated to appoint a dedicated cybersecurity executive.
Financial Implications: While the grant aims to mitigate compliance costs, major systems might incur expenses up to $5 million annually. The regulations align with EPA and CISA guidelines, addressing the escalating threats from ransomware and state-backed attacks.
Implementation Timeline: Public comments are solicited until September, with full compliance expected by 2027.

Dave Bittner [08:50]: "Officials emphasize the need for proactive security amid federal retreat from state-level support."

Crypto Mining Campaign SoCO404

Researchers at WIZ have identified an active crypto mining campaign named SoCO404, which targets cloud environments by exploiting misconfigurations and vulnerabilities, particularly in PostgreSQL databases.

Attack Mechanism:
- Exploitation of exposed Linux and Windows systems through fake 404 pages and compromised servers.
- Use of cron jobs and shell scripts for persistence.
- Delivery and concealment of malware via legitimate but compromised infrastructure and fraudulent crypto trading websites.
Payload and Impact:
- The malware eradicates competitor mining operations, obfuscates traces, and utilizes cryptocurrency pools for mining.
- The Windows variant leverages built-in tools like Certutil and PowerShell to enhance mining performance through embedded drivers.
Broader Implications: The campaign is part of a larger crypto scam network, indicative of long-term automated and opportunistic operations. With nearly 90% of cloud environments self-hosting PostgreSQL, SoCO404 poses a high-risk attack vector and remains active.

Dave Bittner [11:50]: "The campaign remains active, highlighting the persistent threats in cloud environments."

Coyote Banking Trojan Exploits Windows UI Automation

A new variant of the Coyote Banking Trojan is actively exploiting Microsoft's Windows UI Automation (UIA) framework to steal credentials from banking and cryptocurrency websites.

Exploitation Technique:
- UIA, initially designed for accessibility, is being abused to navigate and interact with UI elements, evading traditional detection methods.
- First observed in February 2025, this marks the inaugural real-world attack utilizing UIA for data theft.
Target Specifics: The Trojan is programmed to target 75 specific financial services, predominantly in Brazil, using UIA to identify and extract URLs from browser tabs when conventional methods fail.

Dave Bittner [12:55]: "This is the first real-world attack using UIA for data theft, showcasing innovative evasion tactics by cybercriminals."

Department of Defense's Agentic AI Project Thunderforge

The Department of Defense (DoD) is piloting Thunderforge, an agentic AI initiative designed to assist military planners in evaluating and enhancing war strategies.

Functionality:
- Utilizes multiple AI agents to analyze operational plans across various domains, including logistics, cyber, and intelligence.
- Identifies and flags potential weaknesses within military strategies.
Integration and Support: Thunderforge integrates with DoD simulations like DARPA's SafeSim and is supported by industry leaders such as Scale AI, Microsoft, and Anduril.
Operational Testing: Tested in June by Indopacom, Thunderforge aims to transition human users from micromanaging tasks to strategic oversight, enhancing decision-making efficiency.
Risks and Considerations: Experts caution against potential issues like opaque decision-making, hallucinated outputs, and over-reliance on potentially flawed models. Emphasis is placed on the necessity for explainability, continuous adversarial testing, and stringent human oversight to ensure resilience under wartime conditions.

Dave Bittner [15:20]: "While promising, Thunderforge must prove resilient in wartime conditions where systems face degraded information and adversarial interference."

Clorox Sues Former IT Service Provider Cognizant

In a significant legal move, Clorox has filed a lawsuit against its former IT service provider, Cognizant, seeking $380 million in damages due to a devastating cyber attack in August 2023.

Allegations:
- Cognizant is accused of negligence for failing to verify the identity of a caller before granting access to Clorox's network, thereby violating established password and authentication protocols.
- The attacker, associated with a known cybercriminal group, exploited these credentials to disrupt Clorox's operations, resulting in weeks-long outages and approximately $49 million in damages.
Impact on Clorox: The breach disrupted production, strained supply chains, and forced the company to scale back its 2030 sustainability goals.
Legal Proceedings: The lawsuit is filed in California Superior Court, with Clorox’s legal counsel describing Cognizant’s failure as "indefensible." Cognizant had been serving Clorox for over a decade under a longstanding IT services agreement.

Clorox’s Legal Counsel [18:14]: "The failure is indefensible and has caused significant operational and financial harm to our company."

Interview: Tim Starks on UK Sanctions on Russian Hackers and Spies

Guest: Tim Starks, Senior Reporter at Cyberscoop

Dave Bittner engages in a comprehensive discussion with Tim Starks regarding the recent sanctions imposed by the UK on Russian cyber operatives.

Sanction Details:
- The UK has sanctioned 18 Russian military officers and three military units, including both hackers and regular spies.
- Reasons include the use of cyber operations to support military actions in Ukraine and historical cyber activities dating back to 2013, such as the deployment of the X Agent malware.
Tim Starks [15:12]: "The malware specifically targeted in the UK, X Agent, was used against the DCCC and the DNC to interfere with the 2016 election."
Effectiveness of Sanctions:
- Starks expresses skepticism regarding the immediate efficacy of sanctions in deterring Russian cyber activities.
  
  Tim Starks [16:53]: "Sanctions like these are often seen as symbolic. They haven't dissuaded Russia from continuing their cyber operations."
Potential Shifts in Tactics:
- The UK warns that the GRU may alter its cyber tactics in response to increased pressure from sanctions, signaling a potential evolution in hybrid warfare strategies.
  
  Tim Starks [18:14]: "The GRU may shift their cyber tactics in response to this increased pressure."
International Implications:
- The UK’s proactive stance, acting independently without waiting for the US, underscores a collective approach to combating hybrid warfare.
- There is an anticipation of further sanctions and coordinated efforts from other allies to intensify pressure on Russian cyber entities.
US Response:
- Currently, no direct response from the US has been observed. However, there is bipartisan interest in the US Congress to impose similar sanctions.
  
  Tim Starks [20:15]: "I don't think we're going to see much in the way of actual response from the United States until some of those things start to coalesce."

Conclusion

Today's episode of CyberWire Daily highlights the multifaceted nature of current cybersecurity challenges, from sophisticated exploits targeting critical infrastructure to the strategic use of sanctions in international cyber warfare. The discussions underscore the evolving landscape of threats and the imperative for robust, collaborative defense mechanisms to safeguard crucial systems and data.

Notable Quotes:

Kim Zetter [03:57]: "Stuxnet was the first known case of malicious code designed to leap from the digital world to the physical realm..."
Robert M. Lee [04:55]: "We are not prepared for a major attack on our critical infrastructure. ... The results of continued failure could be catastrophic, including the loss of life."
Tim Starks [15:12]: "The malware specifically targeted in the UK, X Agent, was used against the DCCC and the DNC to interfere with the 2016 election."
Tim Starks [16:53]: "Sanctions like these are often seen as symbolic. They haven't dissuaded Russia from continuing their cyber operations."
Tim Starks [18:14]: "The GRU may shift their cyber tactics in response to this increased pressure."

Additional Information:

For more detailed analysis and ongoing coverage of these and other cybersecurity stories, subscribe to the CyberWire Daily briefing here.

Loading summary

Transcript23 lines

[00:02]
Dave Bittner
You're listening to the CyberWire network. Powered by N2K CISOs and CIOs know machine identities now outnumber humans by more than 80 to 1, and without securing them trust, uptime, outages and compliance are at risk. Cyberark is leading the way with the only unified platform purpose built to secure every machine identity, certificates, secrets and workloads across all environments, all clouds and all AI agents. Designed for scale, automation and quantum readiness, Cyber Arc helps modern enterprises secure their machine future. Visit cyberark.com machines to see how the National Nuclear Security Administration was among the organizations impacted by the SharePoint zero day experts testify before Congress that OT security still lags. The FBI warns health care and critical infrastructure providers about interlock ransomware. New York proposes new cybersecurity regulations for water and wastewater systems, along with grants to fund them. Researchers uncover an active crypto mining campaign targeting cloud environments. A new variant of the Coyote Banking Trojan exploits Microsoft's Windows UI automation framework for credential theft. The DoD pilots an agentic AI project aimed at helping military planners critique and enhance war plans. Clorox sues its former IT service provider for $380 million. Our guest is Tim Starks from Cyberscoop discussing sanctions on Russian hackers and spies and Pirate prime do the.
[02:08]
Tim Starks
Foreign.
[02:11]
Dave Bittner
July 23, 2025 I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us here today. It's great as always to have you with us continuing our coverage of the Microsoft SharePoint Zero Day Exploit. New reports reveal that the National Nuclear Security Administration was among the over 50 organizations impacted. Bloomberg reports that the agency, which supplies nuclear reactors for US Navy submarines, was affected by the vulnerability, though no classified data appears to have leaked. The Department of Energy credits its use of Microsoft 365 cloud services and strong cybersecurity security practices for limiting the breach's impact to just a few systems which are now being restored. The Exploit, tied to two bugs revealed at Mei's Pwn to Own hacking contest, allowed attackers remote access to SharePoint servers. Microsoft has since issued patches for all affected versions. The breach is linked to Chinese state affiliated actors, adding to growing concerns over foreign targeting of critical infrastructure. And speaking of critical infrastructure, a congressional hearing by the Homeland Security Subcommittee on Cybersecurity reviewed the growing threat to US critical infrastructure 15 years after the discovery of the Stuxnet worm. Journalist Kim Zetter, author of the book Countdown to Zero Day, shared her own insights.
[03:57]
Kim Zetter
Stuxnet was a first of its kind attack, the first known case of malicious code designed to leap from the digital world to the physical realm to cause disruption and destruction not of the computers it infected, but of equipment and processes these computers controlled, in this case the centrifuges at Natan. The same techniques Stuxnet used can be used against critical infrastructure in the US to disrupt services the public, government and military rely on, or to damage equipment that can also cause death either directly by causing passenger trains to collide, or indirectly by preventing patients from being treated at hospitals because the electricity is out.
[04:32]
Dave Bittner
Stuxnet marked the beginning of cyber tools causing real world physical damage targeting Iran's nuclear program. Experts testified that operational technology, the systems running critical services like water, energy and transportation remains dangerously vulnerable. Robert M. Lee, CEO of Dragos, shared this Let me be blunt.
[04:55]
Tim Starks
We are not prepared for a major attack on our critical infrastructure. We know that such an attack would be part of any major conflict with an adversary, but we are not doing enough to prepare and the results of continued failure could be catastrophic, including the loss of life.
[05:08]
Dave Bittner
Witnesses emphasize that OT security still lags behind it, leaving sectors exposed to ransomware, malware and state sponsored threats, especially from Iran and China. Calls were made to reauthorize key laws like the Cybersecurity Information Sharing act and to boost funding for the state and local cybersecurity grant program. Panelists urged clear federal guidance, public private collaboration and a shift from general IT approaches to OT specific strategies. They warned that without decisive action, the US Risks catastrophic failures in critical systems during future cyber conflicts. AMIOS Group, a major private healthcare provider in central Europe, reported a July 7 breach that forced a shutdown of its digital systems, disrupting communications and data transmission across clinics in Switzerland, Germany and Austria. Patient care and emergency services remained unaffected. The nature of the attack is unknown, with an investigation underway by police. AMIOS has notified data protection authorities and warned patients to watch for phishing and scams. The FBI is warning healthcare and critical infrastructure providers about Interlock, a ransomware group active since late 2024. Interlock uses unusual initial access methods, including drive by downloads and fake browser updates, to infect systems. It's targeted organizations in North America and Europe, including attacks on DaVita and a major Ohio healthcare system. The group's ransom notes lack payment details requesting contact Instead, officials say Interlock targets victims opportunistically and may be linked to the Raisita Group. Ransom demands are made in Bitcoin. New York has proposed new cybersecurity regulations for water and wastewater Systems alongside a $2.5 million grant program to help fund compliance. The rules would require Systems serving over 3,300 residents to implement cybersecurity programs, conduct risk assessments, report incidents within 24 hours and train staff. Larger systems must also appoint a cybersecurity executive. While the grants aim to ease costs, expenses could reach up to $5 million annually for major systems. The regulations aligned with EPA and CISA guidance for follow growing threats from ransomware and state backed attacks. Public comment is open through September, with full compliance expected by 2027. Officials acknowledge costs may burden taxpayers or ratepayers, but emphasize the need for proactive security amid federal retreat from state level support. Researchers at WIZ have uncovered an active crypto mining campaign dubbed SoCO404, targeting cloud environments via misconfigurations and vulnerabilities, especially in PostgreSQL. The attackers exploit exposed Linux and Windows Systems using fake 404 pages, compromised servers and process masquerading to deliver and hide malware. Persistence is achieved through cron jobs and shell scripts. Payloads are hosted on legitimate but compromised infrastructure and fraudulent crypto trading websites. Once inside, the malware removes competitors, hides traces and mines cryptocurrency using pools. The Windows variant uses built in tools like Certutil and PowerShell to deliver payloads and embeds a driver to boost mining performance. The campaign is linked to a broader crypto scam network showing signs of long term automated and opportunistic operations. Nearly 90% of cloud environments self host PostgreSQL, making this a high risk attack vector. The campaign remains active. A new variant of the Coyote Banking Trojan is actively exploiting Microsoft's Windows UI Automation framework to identify banking and cryptocurrency websites for credential theft. Uia, designed for accessibility, allows apps to inspect and interact with UI elements, features now being abused to evade detection. First observed in February of this year, this marks the first real world attack using UIA for data theft. Coyote is hard coded to target 75 specific financial services, mostly in Brazil, and uses UIA to detect URLs in browser tabs when traditional methods fail. The US DoD's Defense Innovation Unit is piloting Thunderforge, an agentic AI project aimed at helping military planners critique and enhance war plans. Thunder Forge uses multiple AI agents to analyze plans across domains like logistics, cyber and intelligence, flagging potential weaknesses. The System integrates with DoD simulations like DARPA's SafeSim and is backed by Scale AI, Microsoft and Anduril. Tested in June by Indopacom, Thunderforge is designed to shift human users from micromanaging tasks to strategic oversight. However, experts warn of risks including opaque decision making, hallucinated outputs and over reliance on flawed models. Researchers emphasize the need for explainability, continuous adversarial testing and human oversight benchmarking. Studies show LLMs vary in bias and escalation tendencies, underscoring the importance of model selection. While promising, Thunder Forge must prove resilient in wartime conditions where systems face degraded information and adversarial interference. Human commanders retain final authority in all operational decisions. Clorox is suing its former IT service provider Cognizant for $380 million, claiming the firm's negligence enabled a devastating August 2023 cyber attack. Filed in California Superior Court, the lawsuit alleges Cognizant failed to verify the identity of a caller before granting access to Clorox's network, violating established password and authentication protocols. The attacker, linked to a known cybercriminal group, used the credentials to disrupt Clorox's operations, causing weeks long outages and at least $49 million in damages. Call recordings reportedly confirm Cognizant handed over access without security checks. Clorox's legal counsel described the failure as indefensible. The breach halted production, strained supply chains, and forced Clorox to scale back its 2030 sustainability goals. Cognizant had served Clorox for over a decade under a long standing IT services agree. Coming up after the break, Tim Starks from cyberscoop discusses the latest sanctions on Russian hackers and spies and Pirate prime do the time Stay with us. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly 9 out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com Krogle is AI built for the enterprise SOC. Fully private schema, free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C-R-O GL.com and it is always my pleasure to welcome Back to the show. Tim Starks. He is a senior reporter at cyberscoop. So we touched last week here at the Cyber Wire on these sanctions from the UK against some of the GRU's cyber operators. Here you have an article in Cyberscoop that really digs into some of the details quite a bit here. Can we start with the basics? What are we talking about here, Tim?
[15:12]
Tim Starks
Sure, yeah. The UK sanctioned 18 military officers from Russia and three military units. Some of these were hackers. Some of them were just regular kinds of spies without a hacking angle. But there were a couple different reasons that the UK decided to do this, that related to the cyber front. One was the use of hacking as a. As a way to support military operations in Ukraine, in the Ukraine war. Another was a little bit more interesting to me. I mean, nothing against, you know, the interestingness of Ukraine and what's going on there, but just we've seen that before. The other thing that was interesting is that they went back to 2013 on something essentially where there was a person, a double agent for the. For the British government working in Russia who came over to the UK with his daughter. And they had found that in 2013, five years before that happened, and then there was a subsequent assassination attempt on UK soil, that the phone of the daughter, Yulia Skripal, if I believe I'm saying the name right, that they found malware on that, and so this was actually trying to punish them for that.
[16:16]
Dave Bittner
Yeah, I mean, I remember those stories of the poisonings, you know, back then. It's interesting that they've gone all the way back to loop that in with this.
[16:25]
Tim Starks
It is. And, you know, for a domestic audience, if you're talking about just the US audience that I have, not that we don't welcome people from all countries, but a largely, largely domestic audience for our publication, the malware that they specifically targeted in the UK that was used by these Russian hackers was called X Agent, which, if you go back to our 2016 election, that malware was used against the DCCC and the DNC to interfere with the 2016 race.
[16:54]
Dave Bittner
Wow. So, I mean, sanctions like these are often seen as symbolic. How effective do you think this will ultimately be?
[17:03]
Tim Starks
You know, it doesn't seem like it's dissuaded Russia from doing what it's been doing. So that's the ultimate test, right? That's the ultimate evaluation. Have they stopped doing it? No, they have not stopped the war in Ukraine. They're still doing all the hacking that we talked about. There's, you know, There's a. The Russian military units in particular that they went after are involved in some of the most infamous incidents in cybersecurity history. Things like the Notpetya attack or the successful turning out of the lights in Ukraine, way, way, way, way back, way back. Hacking of elections all over the country, all over the world. And so if you're just going by that judgment, then, yeah, no, they're not working. But if you think that each additional twist of the dial or turn of the dial leads to more pressure, and there's pressure coming from other directions as well, this is part of the toolkit. And I think if this does something. If something does happen where it ends and this leads to yet more sanctions from the United States, which is another thing that's on the table here, then you can say, yeah, that was actually a factor in doing that. But now, no, not yet.
[18:05]
Dave Bittner
Your reporting points out that the UK warned that the GRU may shift their cyber tactics in response to this.
[18:14]
Tim Starks
Exactly.
[18:14]
Dave Bittner
Any speculation of what type of scenarios we could be looking at if this threat spills over beyond Ukraine?
[18:21]
Tim Starks
No, they didn't talk much about it in terms of details about the kinds of scenarios that they saw, but just that it was a possibility. I think you can obviously look at the warning that they put out, because there were two things they announced on Friday. One was that they were issuing these sanctions, and another was an alert about the hybrid cyber threats, the UK and others, detailing the specifics of these incidents and saying, hey, look, the Russian threat's going to keep morphing the more pressure we put on them, essentially. So be on the lookout for these kinds of things is what the alert said.
[18:50]
Dave Bittner
What kind of message does this send to the international community about hybrid warfare?
[18:55]
Tim Starks
You know, one of the things I thought was interesting about this is that they didn't wait for the United States. There's been an awful lot of coordinated action in the past administration, certainly I think even some in the. In the first Trump administration, where the sanctions were uk, US five allies, countries, the occasional other partner, this was the UK saying, let's get going on this. I think. I think that's the message they were trying to send is we're not going to wait for anybody else. We think this is important enough. We feel like we need to protect Ukraine, we feel like we need to protect ourselves. We think we need to protect Europe. And there was a call to others to join in on this that they said they didn't call it the United States specifically, but the language was to the extent of, hey, We've got to do this together. So I think with the fact that Congress is looking at some more sanctions on Russia, Trump himself, who has been very generous to Vladimir Putin on his intentions, has actually been more outspoken of late about being impatient with Vladimir Putin. He has talked about more sanctions. I think that this might be just, we were talking about, again, that sort of twist, the turn of the dial. This is another thing that could maybe put a little bit more pressure on the United States and other allies of the UK to say, look, we got to, we really need to correct, we need to keep going harder at Russia. They're not stopping doing what we want them to stop doing. We've got to go after them. This was a little bit of a let's get started.
[20:09]
Dave Bittner
And what response, if any, have we seen from the US to this move by the UK Nothing yet.
[20:16]
Tim Starks
You know, I think that because, you know, Congress had already kind of been talking about this, there's some bipartisan interest in doing this. Trump had said, you know, just the day before, I'm giving him 50 days. So I don't think we're going to see much in the way of actual response from the United States until some of those things start to coalesce.
[20:34]
Dave Bittner
All right, well, Tim Starks is senior reporter at cyberscoop. Tim, thanks so much for joining us.
[20:40]
Tim Starks
Thank you, Dave. Foreign.
[20:58]
Dave Bittner
Regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots, and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust so you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's V A N T A dot com Cyber hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Delete Me team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K and finally, Christopher Lee Dahlman, founder of the pirated streaming empire Jetflix, has earned himself a seven year federal sentence. Less binge worthy, perhaps than the 183,000 TV episodes his platform once offered, but certainly more exclusive. Jetflix, which operated from 2007 to 2019, was essentially Netflix without the licensing fees or moral overhead. Dahlman and his colleagues automated the theft of shows from legitimate sources like Hulu and Amazon, repackaging them for tens of thousands of paying subscribers, and called it all innovation. The Justice Department estimates The operation caused $37.5 million in damages, roughly the cost of a mid tier prestige drama minus the Emmy Awards. Dahlman was convicted of money laundering and various flavors of copyright infringement. His setup delivered shows faster than most legal platforms, which is impressive in a way, if entirely illegal. Prosecutors say the scheme eroded creative industries and flouted the rule of law. Dahlman, for his part, has now secured a much more confined viewing experience. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of August. There's a link in the show notes. Please take a moment and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. Were mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilby is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now a word from our sponsor. ThreatLocker. The powerful zero Trust enterprise solution that stops ransomware in its tracks. Allow Listing is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy, ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat locker.