Summary6 min read

CyberWire Daily Podcast Summary

Episode Title: That Shield Has Cracks in It.
Date: May 21, 2026
Host: Dave Bittner, N2K Networks
Guest Interview: Jake Moore, Global Cybersecurity Advisor, ESET (interviewed by Maria Varmazis)

Episode Overview

This episode delivers a fast-paced roundup of the latest cybersecurity news, major vulnerabilities, law enforcement actions, and shifting trends in cyber threats. A featured interview with Jake Moore spotlights the evolving risks of deepfakes in job interviews, offering a compelling real-world test of AI's ability to impersonate applicants and illustrating the growing cat-and-mouse dynamic between attackers and defenders. The episode closes with a memorable cautionary tale highlighting the persistent risks of poor offboarding practices and dormant privileged accounts.

Key News & Analysis

1. Microsoft Defender Flaws Under Active Exploitation

[02:00 – 03:05]

Two Vulnerabilities Announced:
- Local privilege escalation in the Microsoft Malware Protection Engine.
- Denial of service that disrupts endpoint protection.
Impact: Widely deployed in enterprise and government; both flaws are actively exploited in the wild.
Response:
- Immediate patches available.
- CISA adds vulnerabilities to its Known Exploited Vulnerabilities catalog.
- Federal agencies ordered to patch or remove affected products by June 3.

"Microsoft says both flaws are publicly disclosed and exploited in the wild. Patches are available in updated Defender engine and platform releases." — Dave Bittner [02:42]

2. Europol Seizes “First VPN” Used by Ransomware Gangs

[03:05 – 04:05]

Operation Safran: 16-country effort; servers and domains seized, administrator interviewed in Ukraine.
Details:
- VPN marketed on Russian-speaking cybercrime forums.
- Infrastructure designed to evade law enforcement; supported anonymous payments.
- Investigators obtained user database tied to thousands of suspects.
Trend: Focus shifts to disrupting support infrastructure, not just arresting operators.

"Seized customer data could support future ransomware, fraud, and data theft investigations across multiple countries." — Dave Bittner [04:00]

3. Nine-Year-Old Linux Kernel Bug Exposes SSH Keys & Password Hashes

[04:06 – 05:06]

Discovered by Qualys: Flaw in ptrace mechanism, present since 2016.
Risk: Allows unprivileged users to access sensitive files (SSH keys, password hashes) in Debian, Fedora, Ubuntu.
Vulnerability: Exploits a race condition tied to credential changes.
Mitigation: Kernel patches released, tighter ptrace restrictions recommended.
Particularly dangerous: Shared hosting and multi-tenant environments.

4. Cisco & Drupal Patch Critical Vulnerabilities

[05:07 – 06:05]

Cisco Secure Workload:
- CVSS score: 10 (maximum).
- Internal REST API endpoints allow data exposure/modification across tenants.
- SaaS and on-prem affected; web UI not vulnerable.
- Patches available; no active exploitation detected.
Drupal:
- Highly critical SQL injection flaw in PostgreSQL API sanitization.
- Allows unauthenticated attackers to exfiltrate data, escalate privileges, or execute code.
- Swift patching urged.

5. Android Premium SMS Malware Campaign

[06:06 – 07:23]

Discovered by Zimperium Z Labs: ~250 malicious apps that sign victims up for premium SMS services without consent.
Tactics & Targets:
- Impersonates popular brands (TikTok, Minecraft, Facebook Messenger).
- Targets carriers in Thailand, Croatia, Romania, Malaysia.
- Uses SMS Retriever API for OTP interception, disables WiFi to force carrier billing.
- Some variants exfiltrate data via Telegram.
Duration: 10-month campaign; demonstrated evasion and scale of threat.

6. Webworm Espionage Actors Expand Tools and Targets

[07:24 – 08:50]

New Activity by ESET Researchers:
- Chinese-aligned Webworm group shifts from Asia to European governments.
- Two new backdoors: EchoCreep (Discord C2), Graph Worm (Microsoft Graph API).
- Over 400 decrypted Discord messages; evidence of targeting Belgium, Italy, Poland, Serbia, and South Africa.
- Uses GitHub and compromised AWS S3 for malware delivery/exfiltration.
- Adopts blending of attack traffic with legitimate cloud/collab services to evade detection.

7. China and Russia Deepen Strategic Cyber Alignment

[08:51 – 10:10]

Summit in Beijing: Xi Jinping & Vladimir Putin announce enhanced partnership on AI, cybersecurity, satellite systems, Internet governance.
Focus:
- Interoperability of satellite navigation systems (GLONASS & Beidou).
- Reduce dependency on Western tech, promote "Internet sovereignty."
- Respond to rising concern over AI's military and cyber roles.

"Both governments reaffirmed support for Internet sovereignty, which gives states broader control over domestic digital environments." — Dave Bittner [09:49]

Featured Interview: Jake Moore, Global Cybersecurity Advisor for ESET

[13:15 – 24:17]

Topic: Deepfake Interviews — How AI Is Disrupting Hiring

Key Segments

Jake Moore’s Background and Experiment
[13:28 – 15:03]
- Extensive cybersecurity & law enforcement experience.
- Fascinated by cybercrime tactics, enjoys "testing what cybercriminals are up to."
- Recently attempted to use deepfake technology in job interviews to test detection.
The Deepfake Job Interview Experiment
[15:03 – 17:08]
- First tried deepfakes two years ago and failed; tech has since vastly improved.
- With a CEO’s consent, successfully completed remote interview as a fake persona and was offered a job — even using AI-generated presentations.
- Technology fooled human interviewers completely.
"Within a few minutes I realized that the deepfake technology that I was using had ultimately fooled them into thinking that I was a real person." — Jake Moore [16:20]
The Growing Arms Race: Detection vs. Evasion
[17:09 – 19:33]
- Traditional detection (e.g., “wave your hand in front of your face”) is obsolete as tech rapidly advances.
- Criminals adapt promptly to new detection methods.
- HR departments, not just cybersecurity pros, are primary targets — many are unaware of deepfake risks and already use AI to screen candidates.
- Sometimes, AI interview avatars are used on both sides: "It was AI talking to AI. It felt so strange. It was like an episode of Black Mirror." — Jake Moore [19:34]
Broader Implications for Hiring & Security
[19:34 – 22:42]
- Remote interviews are a necessity (high volume, global hiring), but require in-person verification at some stage.
- Attackers may use deepfake methods to receive company devices, then attack from the inside.
- The emotional and social engineering aspect makes people less skeptical: "That emotional investment... can be abused." — Jake Moore [21:24]
Advice for Organizations Facing Deepfake Threats
[21:24 – 23:56]
- At least one in-person verification step is essential.
- Caution against total reliance on remote/intermediated hiring.
- Recognize social engineering tactics embedded in deepfake attacks.
- Stresses the importance of slowing down and retaining “trust, but verify” attitudes.

Notable Closing

"Can we trust anyone these days? Is seeing believing? Or I can promise you this, on stage, it will be the real me. No deep fakes there." — Jake Moore [23:56]

Memorable Anecdote: Dormant Accounts Lead to Real-World Breach

[25:47 – End]

Incident Recap: Nicole Beckwith (Cribble) investigated a case where attackers accessed city infrastructure (including water utilities) via an old privileged account belonging to a long-gone employee, "Greg from Auditing."
- Credentials likely found from a prior data leak; excessive privileges not revoked.
- Attackers “toured” systems before landing on critical controls.
- Highlights the severity of persistent, forgotten accounts.

"Every forgotten account is just one bad day away from the evening news." — Nicole Beckwith [25:47]

Key Takeaways

Patching and vigilance remain critical as attackers rapidly exploit new and old weaknesses.
Threat actors are evolving — using cloud, collaboration, and AI tools to evade traditional detection.
Deepfakes now pose a credible threat to remote hiring; human verification, and not just technical safeguards, are needed.
Legacy problems (like dormant credentials) still create openings for devastating breaches.
“Trust, but verify” is more urgent than ever in the digital age.

Notable Quotes

On Deepfake Recruitment:

“Anyone could fall for this. It’s not to point fingers… because it’s not known, especially in HR.” — Jake Moore [21:14]
On Defending Against Deepfakes:

“It’s difficult to say, hey, do this one thing. And it’s foolproof, because as it’s technology, it improves all the time.” — Jake Moore [17:50]
On Offboarding Risks:

“Every forgotten account is just one bad day away from the evening news.” — Nicole Beckwith [25:47]

Suggested Listening

For more on space-cyber connections, check out Maria Varmazis hosting the “T Minus Space Cyber Briefing.”

Useful Timestamps

Main News Roundup: 01:12 – 13:15
Deepfake Interview Segment: 13:15 – 24:17
Offboarding/Account Breach Story: 25:47 – End

Loading summary

Transcript38 lines

[00:02]
Maria Varmazis
You're listening to the Cyberwire Network powered by N2K. Do you know how the space and cybersecurity domains connect? T Minus Space Cyber Briefing is your guide through the space based systems that expand the attack surface. I'm Maria Varmazis host here at N2K CyberWire and I'm excited to share that T Minus is back now as a weekly podcast, the T Minus Space Cyber Briefing. We have a new dedicated focus on two great things that are even better together. Space and cybersecurity. Because whether we realize it or not, we all depend on space based systems that are, by the way, increasingly Internet enabled. We're talking cybersecurity technologies, policies and organizations that are securing the critical space based infrastructure that powers, protects and connects our lives here on Earth. So join me for T Minus Space Cyber Briefing. New episodes every Sunday.
[01:13]
Dave Bittner
Quick Question have you watched Project Hail Mary yet? Humanity is facing an existential threat and racing to solve it with the clock ticking for security teams, that probably hits close to home with AI use rapidly spreading. Everyone's using AI marketing, sales, engineering, Chris the intern without security even knowing about it. That's where Nudge Security comes in. Nudge finds shadow AI apps, integrations and agents on day one and helps you enforce policy without blocking productivity. Try it free@nudgesecurity.com cyberwire. Microsoft confirms active exploitation of two Defender flaws Europol dismantles a VPN service tied to ransomware gangs. A nine year old Linux kernel bug exposes SSH keys and password hashes. Cisco patches a critical secure workload vulnerability while Drupal fixes a highly critical SQL injection flaw. Android malware quietly signs victims up for premium SMS scams. Webworm upgrades its espionage toolkit with Discord and Microsoft graph backdoors. China and Russia deepen cooperation on AI, cybersecurity and satellite systems. Our guest is Jake Moore, Global CyberSecurity Advisor for ESET sharing a glimpse into his Infosecurity Europe keynote, the Deepfake interview and Greg? Greg doesn't even work here anymore. It's Thursday, may 21, 2026. I'm dave buettner and this is your cyberwire intel briefing. Thanks for joining us here today. It's great as always to have you with us. Microsoft says attackers are actively exploiting two Microsoft Defender vulnerabilities, prompting action from both Microsoft and cisa. The first is a local privilege escalation flaw in the Microsoft malware protection engine. Successful exploitation could grant attackers system level privileges. The second vulnerability can force Microsoft Defender into a denial of Service state, potentially disrupting endpoint protection. Microsoft says both flaws are publicly disclosed and exploited in the wild. Patches are available in updated Defender engine and platform releases. Microsoft Defender is widely deployed across enterprise and government environments. CISA has added both vulnerabilities to its known exploited Vulnerabilities catalog and ordered federal civilian agencies to patch or discontinue affected products by June 3. European law enforcement agencies have seized First VPN, a private service investigators say was widely used by ransomware gangs and other cybercriminal groups to conceal operations online. The operation, called Operation Safran, involved authorities from 16 countries with support from Europol and Eurojust. Investigators seized 33 servers, shut down multiple domains and interviewed the alleged administrator in Ukraine, according to Europol. The VPN advertised heavily on Russian speaking cybercrime forums and offered anonymous payments and concealed infrastructure designed to evade law enforcement. Authorities also gained access to the server's user database, which investigators say contains information tied to thousands of suspected criminal users. The takedown highlights a growing law enforcement focus on disrupting the infrastructure that enables cybercrime, not just the operators behind the attacks. Seized customer data could support future ransomware fraud and data theft investigations across multiple countries. Researchers at Qualys have discovered a Linux kernel vulnerability that could allow unprivileged local users to access sensitive files, including SSH, private keys and password hashes on default Debian, Fedora and Ubuntu systems. The flaw has existed in the Linux kernel since 2016. Qualys says the bug affects the kernel's PTrace mechanism, which manages process, tracing and debugging. By exploiting a race condition tied to credential changes, attackers can inherit access to protected file descriptors from privileged processes. Qualys demonstrated proof of concept exploits exposing SSH host keys and shadow password hashes. Researchers warn the issue is especially dangerous in shared hosting and multi tenant environments where untrusted users can obtain local shell access. Kernel patches are available and Ubuntu and Qualys recommend tightening ptrace restrictions as a temporary mitigation. Cisco has patched a critical vulnerability in Secure Workload with a maximum CVSS score of 10. The flaw affects internal REST API endpoints and could allow attackers to access sensitive information and modify configurations across tenant boundaries with site admin privileges. Cisco says the issue impacts both SaaS and on prem deployments, but does not affect the Web management interface patches are available. Cisco has also addressed three medium severity flaws affecting Thousand Eyes products and and Nexus switches. The company says it has not observed active exploitation. Researchers at Zimperium Z Labs have uncovered a large scale Android malware campaign that secretly subscribed victims to premium SMS services without their consent. The operation involved roughly 250 malicious apps impersonating popular brands including TikTok, Instagram Threads, Minecraft and Facebook Messenger. The malware targeted mobile carriers in Thailand, Croatia, Romania and Malaysia by checking SIM card details before activating fraud routines. Researchers say the app's disabled WI fi intercepted one time passwords using Google's SMS Retriever API and automated hidden subscription workflows through Background Webviews. One malware variant also exfiltrated victim data and subscription confirmations through Telegram. The campaign highlights how attackers continue to weaponize legitimate mobile platform features and weak SMS based authentication systems to support long running fraud operations. Researchers say the infrastructure operated for nearly 10 months and was optimized to evade detection while maximizing carrier billing abuse. Drupal has released patches for the highly critical SQL injection vulnerability affecting sites that use PostgreSQL databases. The flaw exists in an API responsible for sanitizing database queries and could allow unauthenticated attackers to obtain sensitive information, escalate privileges or potentially achieve remote code execution. Drupal warned users before disclosure that exploit code could emerge quickly after patches became public. Updates are available for multiple versions. The release also addresses additional vulnerabilities in symphony and twig dependencies. Researchers at ESET say the China aligned Webworm threat group has significantly evolved its operations in 2025, shifting focus from Asia toward European government organizations and deploying new stealth focused malware and proxy infrastructure. The group introduced Two new backdoors, EchoCreep and Graph Worm, which used Discord and Microsoft Graph API for command and control communications. Researchers decrypted more than 400 Discord messages tied to EchoCrief and uncovered evidence of targeting in Belgium, Italy, Poland, Serbia and South Africa. Webworm also expanded its use of custom proxy tools designed to create layered encrypted traffic chains across compromised systems. ESET says the group stages malware through GitHub repositories and used a compromised Amazon S3 bucket for configuration retrieval and data exfiltration. The findings reflect a broader trend among advanced persistent threat groups toward blending malicious activity with legitimate cloud services and collaboration platforms to evade detection. Researchers also identified reconnaissance activity using open source vulnerability scanners and web directory brute forcing tools against dozens of targets across Europe and Africa. Chinese President Xi Jinping and Russian President Vladimir Putin pledged deeper cooperation on artificial intelligence, cybersecurity, satellite systems and Internet governance during a summit in Beijing. In a joint statement, the two countries outlined plans to expand collaboration on satellite Internet technologies, open source software, and joint development initiatives aimed at reducing dependencies on Western technology. Moscow and Beijing also agreed to improve interoperability between Russia's GLONASS and China's Beidou satellite navigation systems and coordinate more closely on cyber policy and information security. Both governments reaffirmed support for Internet sovereignty, which gives states broader control over domestic digital environments. The agreement reflects a growing strategic alignment between China and Russia in cyberspace and emerging technologies, particularly as both countries seek alternatives to Western controlled infrastructure and standards. The announcement also comes amid increasing concerns over the military and cyber applications of artificial intelligence. Coming up after the break, Maria Ramazes speaks with Jake Moore, Global CyberSecurity advisor for ESET, sharing a glimpse into his Infosecurity Europe keynote, the Deep Fake Interview. And Greg, Greg doesn't even work here anymore. Stay with us.
[12:40]
Maria Varmazis
When you need to build up your team to handle the growing chaos at work, use Indeed Sponsored jobs. It gives your job post the boost it needs to be seen and helps reach people with the right skills, certifications and more. Spend less time searching and more time actually interviewing candidates who check all your boxes. Listeners of this show will get a $75 sponsored job credit@ Indeed.com podcast. That's Indeed.com podcast. Terms and conditions apply. Need a hiring hero? This is a job for Indeed Sponsored Jobs.
[13:16]
Dave Bittner
Jake Moore is Global CyberSecurity advisor for ESET. Our own Maria Vermazes caught up with him to get a glimpse into his recent Infosecurity Europe keynote, the deepfake Interview.
[13:28]
Maria Varmazis
All right, Jake, thank you so much for joining me today. It's a lovely I'm so glad to meet you. I do so much about you, so I appreciate it. Well Jake, you are to me a very well known person, so I feel a little silly asking you to introduce yourself. But you've done a lot of public speaking so I know this is de rigueur. So if you wouldn't mind starting us off with an intro, brag a little bit, tell us about how awesome you are.
[13:48]
Jake Moore
Well, I'm not going to do that, but thank you ever so much. It's always great to be chatting to you and it's amazing to be at Infosec this year.
[13:57]
Maria Varmazis
Yeah.
[13:57]
Jake Moore
Okay. I can always start with the fact I love crime because I genuinely do, but I like to test what cyber criminals are up to. I always like to look into the future a little bit as well and see what's coming around the corner that's maybe going to affect businesses in the future. And I'm lucky Enough to test a lot of it out. So really I've got this huge long background and just enjoying watching how criminals work. But now I can ethically play around with those tools and really see how businesses can be protected. So it's a great win win for everyone. I get to have fun. And hey, all in the good spirit of learning about good old cyber education.
[14:38]
Maria Varmazis
Yeah. And the work that you've done has been so fascinating to follow over the years. So I'm thrilled to hear that you're doing a keynote at Infosec Europe this year where you're going to be sharing some of your findings that I feel almost obligatory. AI mentioned they are AI related.
[14:52]
Jake Moore
Of course there has to be these dances.
[14:53]
Maria Varmazis
Of course they have to be. Yes, indeed. Yeah. So maybe we start with the elevator pitch for your keynote. I know we don't wanna give too much away, but. So what are you gonna be sharing with the audience this year?
[15:04]
Jake Moore
Well, it's pretty much what it says in the talk. It's a deepfake interview. I thought this year, why not just say exactly what it is? I've been fascinated with these deepfake interviews for a couple of years. Knowing that it's been possible that been actually getting jobs as other people. I've been trying it for a couple of years and I did try it two years ago and failed miserably. It was so bad, I just couldn't get it right. Using the deepfake technology that was available then. Moving on, I've been able to actually do it. And then I came up with this idea that I'd actually try it on someone, see if I could actually manipulate someone. So with permission from the CEO of a business, they let me try for a job and I got through a first interview which I was so nervous about. So not just because I was using technology that could have failed at any moment, but I realized I hadn't been for many interviews in my life. I worked in the police force for 14 years. I only really had one interview. And then I've been working at ESET for eight years and yeah, I only had one interview at the start then. So it all came back to me,
[16:17]
Maria Varmazis
all those nerves, that terrible feeling.
[16:20]
Jake Moore
Do you know what? I thought that might help, that I was nervous. Of course, if you're in an interview, you might be nervous. So I went with it and I had some fun. And within a few minutes I realized that the deep fake technology that I was using had ultimately fooled them into thinking that I was a real person. They weren't asking Me to do any tests or anything. Ironically, we even start talking about AI in the interview. It's brilliant. I was trying not to laugh. We had lots of fun. But yeah, I got around to another interview. I started doing a presentation, I got AI to write this PowerPoint. We had loads of fun. And ultimately I did get offered the job. But it actually doesn't stop there.
[17:01]
Maria Varmazis
Oh my gosh.
[17:01]
Jake Moore
That isn't actually the ending of the whole talk. There's more to it, but I don't want to give away too much more. It gets funnier.
[17:08]
Maria Varmazis
That is wild. And yeah, definitely. So, folks who are going to be attending at Infosec Europe, you're going to, you have to tell me what happens next because I, I have been so fascinated to be following these stories about deepfake interviews, seeing the viral videos from, often the other end when someone goes, I caught someone trying to apply for this job wreck that I had open. And it's been like so many things in Infosec, that cat and mouse game. But the pace at which the technology has developed has been really astounding. Especially when I think of the techniques that people have been told to sort of try and spot a deepfake interviewer, but very quickly those techniques don't work anymore. What are your thoughts on all those kinds of things that you've been seeing there? I'm just curious because you've been in that world so, so much.
[17:51]
Jake Moore
Yeah, you've hit the nail on the head right there. There are loads of techniques, like you can ask people to wave their hand in front of their face or, or talk about North Korea, funnily enough, what their thoughts are about the government. I mean, it's, it's kind of funny. But these don't always work, you know, because there are workarounds and the technology improves. I mean, I've seen that myself with the software that I've been using, how it improves over time. And I just think, gosh, in two years time, it's going to be even better. So it's difficult to say, hey, do this one thing. And it's foolproof, because as it's technology, it improves all the time. And criminals know exactly how to get around things because we as people in the industry are saying, oh, this is what you might need to look out for. And they go, right, okay, that's what we're going to do with version two. And they're very good at doing that. And so really it comes down to verifying who people are in much better ways. But what I found is Speaking to. In fact, I've been doing a lot of work with HR departments in different industries, which has been a brilliant insight for me, because it's not just cybersecurity professionals that I've been dealing with here. So it's HR people who are brilliant people. People, they know how to talk, they know how to get people to talk themselves, but they're not always aware of the technology that's available, and they are inundated with people going for their jobs that they have on offer, and so they've got to speed up the process. And lots of them, ironically, are also using AI. In fact, one of the interviews I went to, I actually spoke to an AI avatar in my very first interview.
[19:34]
Maria Varmazis
Oh, my goodness.
[19:34]
Jake Moore
And I was using an AI avatar as a female, so it was AI talking to AI. It felt so strange. It was like an episode of Black Mirror. But it was fun.
[19:47]
Maria Varmazis
Yeah, I was gonna say, I think from the infosec point of view, that is fun. And then zooming out, I go, what on earth does this mean for not just companies, but job seekers and for all of us and humanity? I mean, are we just gonna go, no more remote interviews. Everybody come back in person because we can't trust anything on the screen anymore? I really wonder.
[20:06]
Jake Moore
Well, I think we need a bit of both. So remote interviews, of course, they do so much to help the industry because some jobs, they have a thousand applicants go for this one role. So they're using lots of technology and remote interviews to whittle it down to the right numbers. But there has to be an element of human interaction at some point. I've spoken to huge companies, global companies, that say that this is impossible. But then they're starting to see the help that is on offer with third parties that get involved in other countries that might have contractors that before they go and send out a laptop, because that's ultimately what they're wanting here. It's not just to get a job, to get maybe your first month's paycheck. They want that laptop so they can break in from within. And that's what's powerful here. And that has been done. And so this really was a way to prove that anyone could fall for this. It's not to point fingers at those people that are on the other end of the interview, because so many people would fall for it and don't question it because it's not known, especially in hr.
[21:14]
Maria Varmazis
Yeah, Yeah. I wonder what. I imagine the advice would be changing almost day to day at this point. Or is it actually Maybe I should not assume. What is the advice that we give organizations at this point?
[21:25]
Jake Moore
Yeah, to have. At some point in that process to meet people in real life, the best thing would be to say, just come to our head office and we can give you that laptop and we can check all their credentials. But at some point, that can be manipulated. This is social engineering at the highest level. There's always a reason. And by that time, they've created a friendship. I mean, in one of my interviews, one of the HR people would say, oh, my goodness, you'd so fit in here. Because I pretended that I had a teaching background. She was saying, oh, Janet used to be a teacher. You'd really get on with her. And by then, I'm feeling that, like, I know extra people in the organization. And so if I then come up with a wonderful story about even just the trains are out today and I'm not gonna be able to get down on my. My family member has a problem. Just like all those scams we hear in, say, romance scams, for example, by the time you've got that emotional investment in there, then it can be abused. And that's what I'm really trying to hit on. And it comes out. I use loads of the footage from the interviews because it really. How these people get attached in these interviews.
[22:43]
Maria Varmazis
Oh, gosh, yeah. Because people want to trust. People want to create that connection.
[22:46]
Jake Moore
That's it.
[22:48]
Maria Varmazis
It's the beautiful part of humanity. But unfortunately, it is so often exploited, and AI is such a fascinating accelerant of good and bad. I feel like sometimes the best advice is for everyone to slow down, but that is tough advice to follow in today's business world. So I don't really know how that would work. So, yeah, I love AI.
[23:09]
Jake Moore
I think everyone is playing with it, and that's great. And if it can be used for efficiency, then fantastic. But, yeah, we do need to have some of that time back because I think a lot of people are saying, oh, it can make me more productive. Well, then don't do more in that extra time you've been given back. Take some time away. If it's doing, say, a certain proportion of your job, that should be, therefore, something that we should take hold of and go and play with the kids, play with the dog, go and see some friends or family. That is when AI really helps out.
[23:39]
Maria Varmazis
Yeah, that's what I'm waiting for is that part. So that's what I want to see as well. Yeah. Well, Jake, it's been a joy speaking with you. I want to make sure that you get the last word. And again, you're going to be doing the keynote at Infosec Europe. So folks who are going to be attending that you're in for a treat for sure. Anything else you want to mention to our audience today?
[23:56]
Jake Moore
Jake well, I think you mentioned the big word there. It's all about trust. Can we trust anyone these days? Is seeing, believing Or I can promise you this on stage, it will be the real me. No deep fakes there. It won't be my avatars. It will be the real Jake more and I'm hoping we get lots of people there. It'd be great to see you all there.
[24:15]
Dave Bittner
Wonderful.
[24:16]
Maria Varmazis
Thanks so much for speaking with me today, Jake. Appreciate it.
[24:18]
Jake Moore
Thank you.
[24:19]
Dave Bittner
And of course Maria Vermazes is host of the T Minus Space Cyber Podcast. You can find that right here on our network or wherever you get your favorite shows.
[24:40]
Jake Moore
Study and play come together on a Windows 11 PC and for a limited time, college students get the best of both worlds. Get the unreal college deal everything you
[24:51]
Maria Varmazis
need to study and play with select Windows 11 PCs.
[24:54]
Jake Moore
Eligible students get a year of Microsoft 365 Premium and a year of Xbox Game Pass ultimate with a custom color Xbox wireless controller. Learn more@windows.com student offer while supplies last ends June 30th terms at aka mscollegepc. Your summer starts now with Memorial Day deals at the Home Depot. It's time to fire up summer cookouts with the next Grill 4 burner gas grill on special. Buy for only $199 and entertain all season with the Hampton bay West Grove 7 piece outdoor dining set for only $499 this Memorial Day get low prices guaranteed at the Home Depot while supplies Last pricing valid May 14 or May 27 US only exclusion supply. See homedepot.com price match for details.
[25:47]
Dave Bittner
And finally, according to the Register, Nicole Beckwith of Cribble recalls investigating a breach at a US City where attackers first treated the network like tourists on a casual sightseeing trip. They played with conference room projectors, wandered through city systems and eventually discovered controls tied to the municipal water utility. That is where the story stopped being funny. The attackers gained access through an account belonging to Greg from Auditing, a former employee who had not worked for the city in years. Somehow, Greg's account still held domain admin privileges, SCADA operator access and help desk permissions, which is an impressive resume for someone no longer on the payroll. Beckwith suspects attackers found Greg's credentials in a previous data leak and simply tried reused passwords until something worked. The incident highlights an old but persistent security problem, dormant accounts, excessive privileges, and the dangerous assumption that someone else surely handled offboarding. As Beckwith put it, every forgotten account is just one bad day away from the evening news. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's lead producers, Liz Stokes, were mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our contributing host is Maria Ramazis. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Foreign. Previously attackers broke into systems. Now they're chaining identities together to move through your environment unnoticed. We recently spoke with Justin Kohler from Spectre Ops about how attackers are exploiting common identity configurations across today's hybrid environments. Attackers are compromising one account and moving on to the next until they reach the administrator access and high value targets thereafter. And with AI, these attacks are becoming cheaper to execute and easier to scale, putting more organizations at risk. If you want to understand what identity attack path management looks like and why it matters for defending modern environments, listen to our full conversation@explore.thecyberwire.com Spectrops that's explore.thecyberwire.com spectrops.