SSH-attered trust. - CyberWire Daily

Summary6 min read

Podcast Summary: CyberWire Daily – “SSH-attered Trust”

Release Date: April 18, 2025
Host: Dave Bittner
Published by: N2K Networks

1. Critical Vulnerability in Erlang OTP SSH

At the outset of the episode, Dave Bittner highlights a severe security flaw in the Erlang OTP SSH implementation. This vulnerability, rated with a maximum CVSS score of 10, allows unauthenticated remote code execution on affected devices.

Key Details:

Affected Systems: Widely used in high-availability systems such as telecommunications, IoT, and embedded devices.
Exploit Mechanism: Improper handling of pre-authentication SSH messages permits attackers to execute commands as root via the SSH daemon.
Recommendation: Immediate upgrading is urged. For systems where patching isn't feasible, restricting access to trusted IPs or disabling SSH entirely is advised.

Quote:
“The flaw stems from improper handling of pre authentication SSH messages, enabling attackers to run commands often as root, via the SSH daemon.” – Linda Gray Martin [02:00]

2. Bipartisan Effort to Renew Cybersecurity Information Sharing Act

Senators Gary Peters (D-Michigan) and Mike Rounds (R-South Dakota) are spearheading the renewal of the Cybersecurity Information Sharing Extension Act. This bipartisan initiative aims to extend a crucial 2015 law that facilitates the sharing of cyber threat data between businesses and the government.

Key Points:

Purpose: Encourages companies to report threats like malware and vulnerabilities to the Department of Homeland Security (DHS) while providing legal protections.
Impact: Enhances real-time collaboration between private firms and agencies such as CISA, aiding responses to major incidents like SolarWinds.
Expert Opinion: The renewal presents an opportunity to update the law to address modern challenges related to privacy, supply chains, and evolving threats.

Quote:
“Senator Rounds warned that letting it lapse would harm national cyber defenses.” – Dave Bittner [04:30]

3. Newly Discovered Linux Kernel Vulnerability

A newly identified vulnerability in the Linux kernel poses a significant risk by allowing local attackers to escalate privileges and potentially gain root access.

Key Details:

CVSS Score: 7.8
Affected Component: Bitmap IP set type in the netfilter subsystem.
Exploit Mechanism: Allows out-of-bounds writes, bypassing castler, and executing kernel-level code.
Recommendation: System administrators are strongly urged to apply available patches immediately to mitigate the risk.

Quote:
“The exploit code enables attackers to perform out of bounds writes, bypass castler, and execute kernel level code.” – Linda Gray Martin [05:15]

4. Risky Chrome Extensions Uncovered

Security researcher John Tuckner has identified 57 Chrome extensions deemed risky, collectively serving around 6 million users. These extensions often request excessive permissions and have the potential for surveillance or malicious activities.

Key Concerns:

Functionality: Extensions claiming to offer privacy or ad-blocking can monitor browsing behavior, access cookies, modify search results, and execute remote scripts.
Notable Example: The "Fire Shield" extension was found to be heavily obfuscated and communicates with suspicious domains.
Action Taken: Google is investigating, and users are advised to remove flagged extensions and reset passwords as a precaution. Some extensions have already been removed from the Chrome Web Store.

Quote:
“These extensions, often unlisted from the Chrome Web Store and only installable via direct link, claim to offer privacy or ad blocking services but can monitor browsing behavior.” – Linda Gray Martin [06:45]

5. Strela Stealer Malware Campaigns

Strela Stealer, a credential-stealing malware targeting email clients like Microsoft Outlook and Mozilla Thunderbird, has been active since 2022. Attributed to threat actor Hive0145, recent campaigns have intensified with improved obfuscation and new delivery methods.

Campaign Highlights:

Distribution: Phishing emails containing zip files with malicious JavaScript that downloads a DLL payload.
Recent Activity: Over 100 organizations across Europe and the US targeted with enhanced delivery methods involving PowerShell and WebDAV.
Defense Measures: AttackIQ has released simulations to help organizations test and strengthen their defenses against Strela Stealer.

Quote:
“Attackers use stolen credentials in nearly nine out of 10 data breaches.” – Dave Bittner [08:00]

6. Legends International Data Breach

Legends International, a prominent live events service provider, has informed employees and customers about a data breach identified in November. The breach exposed sensitive information, including Social Security numbers, driver's licenses, payment card details, and medical records of over 8,000 Texans.

Key Points:

Response: Systems were taken offline upon discovery, and affected individuals are offered two years of free identity protection.
Legal Outcome: The airport retailer has agreed to a $6.9 million settlement to resolve a class action lawsuit related to the breach.
Attribution: No group has claimed responsibility for the attack.

Quote:
“The company took systems offline and found that attackers exfiltrated files containing sensitive data.” – Linda Gray Martin [10:00]

7. CISA Warning on Actively Exploited SonicWall Vulnerability

The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning to US Federal agencies about a high-severity remote code execution vulnerability affecting SonicWall SMA100 series appliances.

Vulnerability Details:

Impact: Allows low-privileged remote attackers to execute arbitrary code via the SMA 100 management interface.
Status: Initially classified as a denial of service issue, it has been upgraded in severity after confirming active exploitation.
Recommendation: Agencies must apply patches by May 7th, and all organizations are urged to act swiftly to prevent potential breaches.

Quote:
“CISA warns of an actively exploited SonicWall vulnerability.” – Dave Bittner [11:25]

8. Ransomware Settlement with Paradis Shops

Paradis Shops, an airport retailer, has agreed to a $6.9 million settlement to resolve a class action lawsuit following a 2020 ransomware attack. The breach compromised personal data of 76,000 current and former employees, including names and Social Security numbers.

Legal Proceedings:

Allegations: Plaintiffs accused Paradis Shops of negligence and delayed notification post-breach.
Resolution: The company chose to settle to avoid prolonged litigation, reflecting a growing trend of post-breach class action lawsuits.

Quote:
“Paradis opted to settle to avoid prolonged litigation.” – Linda Gray Martin [12:10]

9. RSAC 2025 Conference Preview

In the latter portion of the episode, Linda Gray Martin and Britta Glade provide an extensive preview of the upcoming RSAC 2025 conference, emphasizing new features and offering tips for attendees.

Conference Highlights:

New Branding: RSA Conference is now rebranded as RSAC Conference, with updated materials across the campus.
Expanded Campus: Incorporation of the Yerba Buena Center for the Arts, accommodating the 20th anniversary of the Innovation Sandbox Content contest.
Keynote Program: The newly named YBCA Keynote Program will feature speakers in a state-of-the-art theater setting.
Interactive Experiences: Introduction of DARPA's AI Cyber Challenge, an immersive journey set in a fictional city to demonstrate AI-driven cybersecurity.
Early Stage Expo: Expansion to include nearly 70 startups, fostering innovation and networking opportunities.

Tips for Attendees:

Plan Ahead: Utilize the RSAC website to filter and schedule sessions, reserve seats, and map out vendor visits.
Networking Opportunities: Attend the first-timers' reception on Sunday night to connect with peers and industry leaders.
Stay Flexible: With over 400 sessions across 29 tracks, prioritize key events and maintain a backup plan.
Comfort Matters: Wear comfortable shoes and stay hydrated to navigate the extensive conference layout efficiently.

Notable Quotes:

“Come with a plan... reserve seats, and see which vendors are in the expo hall.” – Britta Glade [19:10]
“The networking opportunity and the ability to impact this, your cohort for life, cannot be understated.” – Dave Bittner [20:24]

10. DNS Disruption Incident with Zoom

The episode briefly touches on a DNS disruption incident where Zoom experienced significant connectivity issues not due to cyberattacks but a miscommunication between Zoom's domain registrar and GoDaddy. The incident resulted in millions being unable to access Zoom services for nearly two hours.

Incident Summary:

Cause: GoDaddy accidentally disabled Zoom's domain, removing it from the internet.
Effect: Users received error messages, leading to widespread confusion during ongoing meetings.
Resolution: DNS cache delays extended the recovery time, and Zoom implemented a registry lock to prevent future occurrences.

Quote:
“A miscommunication between Zoom's domain registrar and GoDaddy... making it disappear from the Internet.” – Dave Bittner [23:00]

This episode of CyberWire Daily delves into pressing cybersecurity vulnerabilities, legislative efforts, recent breaches, and offers a comprehensive preview of the upcoming RSAC 2025 conference. Through expert analysis and detailed reporting, listeners are kept informed on the latest threats and industry developments essential for maintaining robust cybersecurity defenses.

Loading summary

Transcript20 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network powered by N2K.
[00:13]
Linda Gray Martin
Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. A critical vulnerability in Erlang OTP SSH allows unauthenticated remote code execution There's a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. Attack IQ shares Strella stealer simulations a major live event service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade and Zoom A zoom Zoom. It's always.
[01:55]
Britta Glade
Foreign.
[02:01]
Linda Gray Martin
April 19, 2025 I'm Dave Bittner and this is your CyberWire Intel Briefing. Happy Friday and thanks for joining us here today. Great to have you with us. Olang OTP SSH is widely used in systems that demand high availability and concurrency, particularly in telecommunications, IoT and embedded devices. Its integration into Erlang's ecosystem makes it a preferred choice for developers building distributed systems requiring secure remote access. A critical vulnerability in Erlang OTP SSH allows unauthenticated remote code execution on affected devices. Discovered by researchers at Ruhr University Bauchem, it carries a maximum CVSS score of 10. The flaw stems from improper handling of pre authentication SSH messages, enabling attackers to run commands often as root, via the SSH daemon. Horizon 3's security team confirmed the exploit is easy to reproduce and could soon see public proof of concepts. All systems using Erlang OTP's SSH are impacted. Erlang relies on the OTP stack for components like ssh. Users are urged to upgrade immediately. For systems that can't be patched, access should be limited to trusted IPs or SSH disabled altogether. Senators Gary Peters, a Democrat from Michigan, and Mike Rounds, a Republican from South Dakota, who have introduced the Cybersecurity Information Sharing Extension act to renew a key 2015 law encouraging businesses to share cyber threat data with the government set to expire in September. The original Cybersecurity Information Sharing act helped companies report threats like malware and vulnerabilities to DHS while receiving legal protections. The law supports real time collaboration between private firms and agencies like CISA through efforts like the Joint Cyber Defense Collaborative. It's credited with aiding responses to major incidents like Solar Winds and Volt Typhoon. Senator Rounds warned that letting it lapse would harm national cyber defenses. Experts agree the law has boosted operational partnerships, but say the renewal is a chance to update it for modern privacy, supply chain and threat realities. A newly discovered Linux kernel vulnerability poses a serious risk by allowing local attackers to escalate privileges and potentially gain root access. With a CVSS score of 7.8, the flaw affects the bitmap IP set type in the netfilter subsystem due to improper handling of IP range parameters. The exploit code enables attackers to perform out of bounds writes, bypass castler, and execute kernel level code. Patches are available and system administrators are urged to update immediately. Security researcher John Tuckner has uncovered 57 risky Chrome extensions with a combined 6 million users, many of which have excessive permissions and could be used for surveillance or malicious activity. These extensions, often unlisted from the Chrome Web Store and only installable via direct link, claim to offer privacy or ad blocking services but can monitor browsing behavior, access cookies, modify search results, and execute remote scripts. The most notable Fire shield extension protection is heavily obfuscated and communicates with a suspicious domain. Tuckner found multiple extensions linked to the same domain, raising concerns about their potential use as spyware. Google is currently investigating the report, and users are advised to remove any of the flagged extensions and reset their passwords as a precaution. Some extensions have been taken down, but others remain active. Strela Stealer is a credential stealing malware targeting email clients like Microsoft Outlook and Mozilla Thunderbird. Active since 2022 and attributed to the threat actor Hive0145, it spreads via phishing emails containing zip files with malicious JavaScript that downloads a DLL payload. Recent campaigns have hit over 100 organizations across Europe and the US with enhanced obfuscation and new delivery methods involving PowerShell and WebDAV. AttackIQ has released attack graphs that simulate Strellus Dealer's behavior, covering its initial infection, system discovery, and data exfiltration to help organizations test and improve their defenses. These scenarios highlight the importance of monitoring native Windows utilities like Rundll32 and REG Server32, which are used to launch the malware security teams are urged to use these tools to validate detection and mitigation strategies against this growing threat. Legends International, a major live events service provider, is notifying employees and customers of a data breach discovered on November nint of last year. The company took systems offline and found that attackers exfiltrated files containing sensitive data, including Social Security numbers, driver's license details, payment card info and medical records. Over 8,000 Texans were affected, though the full scope remains unknown. While there's no evidence of misuse, impacted individuals are being offered two years of free identity protection. No group has claimed responsibility. CISA has warned US Federal agencies to patch a high severity remote code execution vulnerability affecting SonicWall SMA100 series appliances. The flaw allows low privileged remote attackers to execute arbitrary code via the SMA 100 management interface. Initially considered a denial of service issue, Sonicwall recently upgraded its severity and confirmed it is being actively exploited. Agencies must patch by May 7th and all organizations are urged to act swiftly to prevent potential breaches. Airport retailer Paradis Shops has agreed to a $6.9 million settlement to resolve a class action lawsuit stemming from a 2020 ransomware attack that exposed personal data of 76,000 current and former employees. The breach, linked to the Arevil Ransomware Group, compromised names and Social Security numbers after hackers accessed systems for five days. Plaintiffs accused the company of negligence and delayed notification while denying wrongdoing. Paradis opted to settle to avoid prolonged litigation. The deal follows a growing trend of post breach class actions. Coming up after the break, a preview of RSAC 2025 with Linda Gray Martin and Britta Glade and Zoom A zoom Zoom. It's always DNS. Stay with us. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com foreign what's the common denominator in security incidents? Escalations and lateral movement? When a privileged account is compromised, attackers can seize control of critical assets with bad directory hygiene and years of technical debt. Identity attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with attack path management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise powered by Spectrops. Head to Spectrops IO today to learn more Spectre Ops. See your attack paths the way adversaries do. The RSAC 2025 conference in San Francisco is right around the corner. And today I speak with Linda Gray Martin and Britta Glade from RSAC Conference with a preview of this year's activities. Well, Linda and Britta, welcome back. It is always a highlight when we get to get together year after year to preview the upcoming RSAC conference, and this year is no exception. Welcome back, ladies.
[12:16]
Britta Glade
Thank you for having us. Nice to speak to you again.
[12:20]
Linda Gray Martin
So let's start off with some of the things that are new for this year at RSAC 2025 real. We've got some new branding for RSAC this year. Do we want to touch on some of the differences there that folks might notice as they're wandering around?
[12:38]
Britta Glade
Yes. Well, I think the first one actually people probably heard when you did our introduction and that is that RSA Conference is now known as RSAC Conference. So you will see that branding change everywhere throughout the campus when you're at the conference.
[12:56]
Linda Gray Martin
And what are some of the other things that we can expect from this year's conference in terms of what's new or what you want to bring to people's attention?
[13:04]
Britta Glade
Yeah, well, maybe I can jump in here and start and then Britta can talk about some of the content stuff that we're doing this year. Always new and exciting. So we do have a lot of new and big going on this year. So apart from having refreshed sessions and tracks and content, which I mentioned Britta will dig into, there's a couple of other things I'd like to highlight. Number one is that we're expanding our campus and for the very first time, we are using the Yerba Buena center for the Arts, which is directly adjacent to Moscone North. If you're looking at it head on, it's to the right and you see that the big blue shield theater there. So, you know, one of the things driving that, and I'll come back to telling you about what is in YBCA in a minute, but it is the 20th anniversary of our Innovation Sandbox Content contest this year and I know you're speaking with Cecilia next year week, so I won't steal her thunder. But we do have a larger footprint for that event to celebrate the 20th anniversary, amongst other things, which she will go into. And so that has caused us to make some shifts to our space. So over on YBCA we have the newly Named YBCA Keynote Program, formerly South Stage Keynote. So that will be in the really beautiful theater there. It holds just under 800 people and it's what I call a performance theatre. So it, you know, it has a beautiful stage, lovely auditorium seating. It's going to be a real highlight and I think it's going to really provide a lovely experience for both the speaker and the attendees. Our Sandbox program is also going to be over on YBCA which hopefully you're familiar with, that offers our attendees hands on experiences that range from things like capture the flags to an escape room. This year, but very excitingly, we're also partnering with DARPA and they are bringing their AI Cyber Challenge to RSAC conference this year. And just in a nutshell, what that is is attendees can go on an immersive journey that transports them to a fictional city which is called Northbridge. And it's designed to showcase the importance of AI driven cybersecurity and protecting our critical infrastructure. And attendees will literally go on a little simulated train into this space. So it's a fantastic program and we are so thrilled to have that come to RSIC this year. And then finally Early Stage Expo, which is kind of always near the innovation Sandbox space that also has an expanded footprint. So we have nearly 70 startups participating in that space this year. So those are kind of some of the operational, logistical new things. Britta, do you want to talk about some of the new content stuff?
[15:55]
Dave Bittner
Absolutely. So we have well over 400 sessions that are spread, as Linda said. We have Moscone west, we have north, south and then the Yerba Buena center for the Arts. And these sessions are spread across all of those areas, across 29 different tracks. And Dave, what we try to do is we really look at what content is carefully accessed in our library. We also do year round programming and then as we look at the call for speakers that come in and working with our program committee that drives what kind of sessions are we going to have, how much are we going to have on certain topics, et cetera, et cetera. And during the course of that we landed on a couple of interesting expansion areas for content. One is protecting home and family. This will be a mini track, if you will, that's running on Monday, you'll hear me say Monday several times because we are expanding a lot of the content on Monday. We have so many folks on our campus on that first day of programming, we wanted to make sure there were many, many options for those individuals. So protecting home and family will be exactly what it sounds like, right, you would think that we as cybersecurity professionals have everything under control under our own roof. And the reality is, nope, we could probably take some pointers on how to make sure we're very secure on our own home front. So we have five wonderful sessions that are part of that. We're also bringing back our security foundations track, which again, you might say, goodness, you have such experienced attendees at rsac, do you really need to cover foundations? And the answer is yes, this is heavily sought after information. It's nice to have a primer on topics like generative AI, identity, application security. So again, five sessions on that that are a great starter for the week, refresher to return to great content there. And then lastly, also on Monday, we are partnering with USNIX several of their papers from their security 24 Distinguished Papers Honorees are presenting at RSAC as well. So that's a really nice academic researcher's view of very critical issues that will be presented to our audience. So those are some particularly new ones that will be part of our content programming this year.
[18:30]
Linda Gray Martin
Well, before I let you all go, let's talk about the conference for folks for whom this is their first time there. It can be a bit overwhelming. The scale of RSAC conference is huge. So when you walk into that show floor, when you look at the schedule and you try to figure out what you want to see and make it all happen, it's easy to feel a little overwhelmed. Do you ladies have any tips for the first timer or for maybe people who haven't been in a few years?
[19:03]
Britta Glade
Yeah, we do. So I think you hit two really important things there, Dave, and it can be overwhelming. We understand that and we try really hard to kind of make everything as accessible as we can. So a couple of tips that we have. First of all, before you head to San Francisco, come with a plan. And I think that makes it a little less overwhelming. So, you know, you can go onto our website, you can filter on all the different kinds of session types that you want to go to, you can build out your schedule, you can reserve seats, you can see which vendors are in the expo hall, you can really plan your time. And I think that is really going to serve you well and help you maximize your time. The other thing I wanted to just point out is that on the Sunday night we do have a reception for first timers. So people who have never been before, along with our loyalty plus attendees, so people who have been multiple times and it's a really great opportunity to make some connections that honestly, I think, you know, people make connections and have them for life after they've been to RSA conference networking, talking to peers, understanding challenges that others are going through. It's such an important, important point of the conference experience. So a little shout out for that reception on the Sunday night.
[20:24]
Dave Bittner
Definitely. And I love, you know, Linda pointed out, reserve a seat. Any of the content sessions you have the ability to reserve a seat, or if it's one of our larger areas, like our keynotes, our keynote area, you can add it to your favorites. So have a plan, have a backup plan. Have a backup, backup plan, which also serves you well. Dave, when you go back to all of this great content, no one is going to be in 400 plus sessions. You can't do that. But you've gone through, you've looked at everything, all of your favorites, give you a map for things you want to return to, something you might want to share with a colleague, et cetera, et cetera. And then, as Linda mentioned, but I'll put a big exclamation point on it, honor that time to get to know other people as well. Someone you're standing in line next to, waiting to get into a session, someone that you're seated next to. The networking opportunity and the ability to impact this, your cohort for life, if you will, cannot be understated. The opportunity that RSAC presents to you to find like minds, to find people with different minds, different perspectives, different disciplines, all of those people are together in San Francisco during this week, and it is an excellent opportunity to immerse yourself with all of these great minds.
[21:48]
Linda Gray Martin
You know, it's a great point. And I have some colleagues who are on the east coast like I am, and they may be close by to where I work, but we joke about how the main place we get to see each other every year is at RSAC conference because we're all going to be there. It's just how it works, right?
[22:08]
Britta Glade
It is. And I think that's the exciting part about it, Dave, Honestly, I think, you know, I was talking to somebody earlier. We just get so excited when we go and that we have just such a vibrant community, you know, and people just find joy in spending time with each other.
[22:26]
Linda Gray Martin
Yeah. Well, let me close it out. Just by suggesting to everybody wear comfortable shoes, right?
[22:34]
Dave Bittner
Indeed. Hydrate. Yes, hydrate.
[22:38]
Linda Gray Martin
Wear comfortable shoes. Yes. You will thank us. All right, ladies, thanks so much for taking the time. It's always fun to catch up. I appreciate it. And I will see you in San Francisco.
[22:48]
Britta Glade
See you very soon. Take care. Thank you.
[23:06]
Linda Gray Martin
Do you know the status of your compliance controls right now? Like right now? We know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. Get this more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. And finally, our it's always DNS desk reports that earlier this week, millions of people found themselves staring into the void of a broken Zoom link. The beloved video call platform went dark for nearly two hours, not because of hackers or server meltdowns, but due to a digital game of telephone gone wrong. The culprit? A miscommunication between Zoom's domain registrar mark monitor and GoDaddy, registry keeper of the US domain. In short, GoDaddy accidentally hit the off switch on Zoom US, making it disappear from the Internet. While those already mid meeting continued blissfully unaware, the rest of us were left refreshing error messages and briefly wondering if the apocalypse May had begun. DNS cache delays meant the fix took a while to ripple across the web, and Zoom had to walk users through techy tasks like flushing their DNS. Zoom has since slapped a registry lock on its domain. Better late than never. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with Nick Cern, security consultant from Bishop Fox. We're discussing Rust for malware development. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzer. Our executive producer is Jennifer Ibin, Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com.