The SharePoint siege goes strategic. - CyberWire Daily

Summary9 min read

CyberWire Daily: The SharePoint Siege Goes Strategic Release Date: July 22, 2025

Overview

In this episode of CyberWire Daily, host Dave Bittner delves into a series of significant cybersecurity incidents and developments impacting various sectors globally. The episode, titled "The SharePoint Siege Goes Strategic," covers a range of topics from sophisticated zero-day attacks on Microsoft SharePoint servers to strategic policy proposals by the UK government to combat ransomware. Additionally, the episode features an insightful discussion on cybersecurity collaboration in the Threat Vector segment with Michael Sikorsky and Michael Daniel of the Cyber Threat Alliance.

1. Microsoft SharePoint Zero-Day Attacks

Timestamp: [02:05] – [05:00]

The episode opens with a detailed analysis of a surge in zero-day attacks targeting Microsoft SharePoint servers. These attacks exploit vulnerabilities linked to a remote code execution exploit chain known as Toolshell. Initiated around July 17, these attacks have predominantly targeted strategic sectors, including energy, technology, consulting, and government institutions.

Exploited Vulnerabilities: Two patched flaws were bypassed, leading Microsoft to assign two new CVEs (Common Vulnerabilities and Exposures). One CVE facilitates unauthenticated code execution, while the other allows spoofing. Despite the deployment of patches, there remains considerable confusion regarding the specific vulnerabilities exploited in these attack chains.
Attack Clusters: Sentinel 1 has identified three distinct attack clusters, some attributed to state-sponsored actors. Reports have detailed the exfiltration of cryptographic secrets and the evasion of Multi-Factor Authentication (MFA) and Single Sign-On (SSO) protections. Over 9,000 internet-facing SharePoint servers are currently at risk, primarily located in North America and Europe.
CISA's Response: The Cybersecurity and Infrastructure Security Agency (CISA) has added one of the CVEs to its known exploited vulnerabilities list, urging organizations to apply patches immediately. Microsoft recommends that organizations rotate cryptographic keys post-remediation to mitigate the risk of prolonged exploitation.

Notable Quote:

"Despite patches, confusion persists about which vulnerabilities were chained during the attacks."
— Dave Bittner [04:50]

2. Microsoft Windows Server 2019 Update Bug

Timestamp: [05:01] – [07:00]

In another Microsoft-related update, issues have been identified in the July 2024 Windows Server 2019 update. This bug disrupts cluster service operations, leading to repeated restarts, node failures, and virtual machine (VM) instability, especially in systems utilizing BitLocker with cluster shared volumes.

Current Status: While Microsoft is developing a permanent fix, it has not been publicly released yet. In the interim, Microsoft advises organizations to contact support for guided mitigation strategies to address the ongoing disruptions.

3. Crush FTP Zero-Day Vulnerability

Timestamp: [07:01] – [10:00]

Crush FTP has confirmed the active exploitation of a zero-day vulnerability in older versions of its file transfer software. The vulnerability, patched in builds post-July 1, was discovered following a reverse engineering effort by hackers.

Impact: Over 1,000 unpatched instances have been identified globally, with significant concentrations in the US and Europe. Most attacks commenced around July 18.
Attack Techniques: Some attackers masquerade outdated vulnerable systems as current versions to evade detection.
Presumed Perpetrators: While the attackers remain unidentified, there are suspicions towards groups like the CLOP Ransomware Gang, known for exploiting similar flaws in file transfer tools.
CISA's Stance: The agency continues to monitor threats in the file transfer space, emphasizing the critical nature of securing file-sharing platforms used by government, corporate, and academic sectors.

Notable Quote:

"This incident highlights ongoing threats to file sharing platforms, which are prime targets for stealing sensitive data from government, corporate and academic users."
— Dave Bittner [09:30]

4. UK Government Proposes Ban on Ransomware Payments

Timestamp: [10:01] – [14:00]

The UK government is advancing proposals to ban ransomware payments within the public sector, aiming to protect critical services such as hospitals, businesses, and national infrastructure.

Key Provisions:
- Public Sector Ban: Entities like the NHS and educational institutions would be prohibited from paying ransoms.
- Private Sector Notifications: Private businesses intending to pay a ransom must notify the government to ensure compliance with sanctions.
- Mandatory Reporting: A new reporting regime is being developed to assist law enforcement in gathering intelligence and disrupting ransomware networks.
Rationale: The initiative seeks to undermine the financial foundations of cybercrime, particularly targeting Russian-based ransomware groups.
Support and Reception: Approximately 75% of public consultation respondents support the ban. Organizations like the British Library and Co Op have publicly endorsed the measures, emphasizing the need for robust cybersecurity practices such as offline backups and comprehensive recovery plans.

Notable Quote:

"These steps are part of the UK's broader plan for change to defend against evolving cyber threats."
— Dave Bittner [13:45]

5. Emergence of Global Group Ransomware as a Service

Timestamp: [14:01] – [17:00]

A new player has entered the ransomware landscape: Global Group, which has rebranded from older threats including Mamona, Rip, and Blacklock.

Innovative Approach: Global Group distinguishes itself by utilizing an AI chatbot to manage victim negotiations. Operating via a Tor-based panel, the chatbot automates communication and applies psychological pressure, enabling the group to scale operations efficiently across multiple time zones.
Technical Capabilities: The ransomware employs a Golang-based payload compatible with Windows, Linux, macOS, and even ESXi systems, prioritizing fast and concurrent encryption processes.
Operational Security: Analysts have detected poor operational security practices linking Global to Russian infrastructure previously used by Mamona. The group’s builder allows affiliates to customize attacks, enhancing their evasion techniques and expanding their reach.
Mitigation Strategies: Picus Security recommends a multi-faceted approach, including:
- Monitoring Go-based processes
- Restricting access to native utilities
- Simulating attacks
- Enforcing least privilege policies

Notable Quote:

"Picus Security recommends multiple detection and mitigation strategies including monitoring go based processes, restricting access to native utilities, simulating attacks and enforcing least privilege policies."
— Dave Bittner [16:30]

6. Australia's ASIC Takes Legal Action Against Fortnum Private Wealth

Timestamp: [17:01] – [20:00]

Australia's financial regulator, ASIC (Australian Securities and Investments Commission), has initiated legal action against Fortnum Private Wealth. The firm is accused of negligence in managing cybersecurity risks, which resulted in significant exposure of client data.

Allegations:
- Inadequate Cybersecurity Policies: Despite implementing a cybersecurity policy in 2021, ASIC deems it insufficient.
- Insufficient Training and Oversight: The firm failed to provide proper training and oversight for its authorized representatives.
- Data Breach Impact: Over 200 gigabytes of sensitive data from nearly 10,000 clients were leaked and later discovered on the dark web.
Fortnum's Response: The company denies the allegations but has refrained from further comment due to ongoing court proceedings.

Notable Quote:

"Fortnum denies the allegations but declined further comment due to ongoing court proceedings."
— Dave Bittner [19:30]

7. WordPress Attack Exploiting Google Tag Manager

Timestamp: [20:01] – [23:00]

Researchers at Sucuri have identified a sophisticated WordPress attack that leverages Google Tag Manager (GTM) to redirect site visitors to malicious spam pages without altering the site's themes or plugin files.

Attack Mechanism:
- Malicious Script Injection: Attackers inject a malicious script directly into WordPress database tables.
- GTM Container Usage: The script loads a GTM container that triggers redirections after a five-second delay.
- Admin Account Compromise: The GTM tag is likely sourced from a compromised admin account.
Scope and Impact: Over 200 websites were compromised, enabling attackers to remotely control the payload via their GTM accounts. These redirections can severely damage site SEO, reputations, and endanger visitor safety.
Defense Recommendations: Sucuri advises website administrators to:
- Inspect for suspicious GTM tags
- Secure admin accounts with two-factor authentication (2FA)
- Keep all plugins updated regularly

Notable Quote:

"GTM's trusted status makes such attacks hard to detect."
— Dave Bittner [22:45]

8. Arizona Election Portal Cyber Attack and CISA Criticism

Timestamp: [23:01] – [25:00]

Arizona election officials disclosed a cyber attack on a state portal where candidate profiles were defaced with images of the late Ayatollah Khomeini. The breach, identified on June 23, exploited a legacy system to upload malicious images containing PowerShell scripts.

Response and Containment: The threat was swiftly contained, but officials faced criticism regarding the Cybersecurity and Infrastructure Security Agency (CISA)'s lack of support.
Allegations Against CISA:
- Broken Federal Coordination: Post-Trump administration restructuring and budget cuts have allegedly diminished CISA's effectiveness.
- Politicization Concerns: Arizona Secretary of State, Adrian Fontes, accused CISA of becoming politicized, thereby endangering national election security.
Impact on Cyber Defense: Experts warn that CISA's reduced role could lead to fragmented national cyber defenses and erode trust between state and federal agencies.

Notable Quote:

"Arizona's chief information security officer said key systems remained unaffected, but emphasized that CISA's former collaborative role has eroded."
— Dave Bittner [24:30]

9. Arrest in Hungary for DDoS Attacks on Independent Media

Timestamp: [25:01] – [28:00]

Hungarian authorities have arrested a 23-year-old man from Budapest, identified by the alias Hano, for orchestrating Distributed Denial of Service (DDoS) attacks against independent media outlets both within Hungary and internationally.

Details of the Case:
- Targets: Sites like MediaOne, Telex, and the Vienna-based International Press Institute were among the disrupted platforms.
- Method: Utilized DDoS-for-hire services to execute the attacks.
- Evidence: Electronic evidence was seized from the suspect's residence; however, formal charges are pending as investigations continue.
Motivations and Implications: The targeted outlets were predominantly critical of Hungary's government, suggesting a politically motivated agenda. This case underscores the escalating cyber threats against independent journalism, paralleling similar attacks observed in Russia and Ukraine.

Notable Quote:

"Investigators are probing the motive and whether any external coordination or funding was involved."
— Dave Bittner [27:45]

10. Threat Vector Segment: Cybersecurity Collaboration Discussion

Timestamp: [28:01] – [23:00]**

In the Threat Vector segment, guest host Michael Sikorsky engages in a profound discussion with Michael Daniel from the Cyber Threat Alliance (CTA) about the state of cybersecurity collaboration.

Key Topics Discussed:
- Early Signs of Effective Collaboration: Michael Daniel recounts the CTA's pivotal role during the WannaCry incident, where member organizations collaboratively debunked the prevalent email vector theory, pivoting the investigation towards alternative attack vectors.
- CTA’s Distinct Role: Unlike traditional Information Sharing and Analysis Centers (ISACs) that focus on specific industry verticals, CTA centers on entities providing cybersecurity services across various sectors. This unique positioning facilitates large-scale technical data sharing among cybersecurity firms, enhancing collective defense mechanisms.
- Government Collaboration Challenges: Daniel highlights the difficulties faced by the federal government in selectively collaborating with private sector entities based on their technological capabilities. He emphasizes the need for the government to recognize private companies' operational constraints and the importance of selective collaboration to maintain effective cybersecurity defenses.
- Improving US Government's Cyber Partnerships: Michael Daniel suggests that the federal government should adopt a more nuanced approach in partnerships, allowing for selective collaboration with key private sector entities that can significantly contribute to cybersecurity efforts. This would involve moving away from the current model that requires equal collaboration with all private entities, irrespective of their capabilities or contributions.

Notable Quotes:

"It really prompted everyone to go look in a different direction. And that was one of the first times that I realized that this model could actually work."
— Michael Daniel [15:03]

"We are not focused on a particular industry vertical, which a lot of ISACs are."
— Michael Daniel [16:25]

"The government needs to have a better ability to say, look, I'm going to collaborate with this set of entities... for this reason. And no, we're not going to have to let everybody and their cousin into this collaboration because they don't bring enough to the table."
— Michael Daniel [20:01]

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity landscape, highlighting both the evolving threats and the strategic responses from governments and organizations worldwide. From sophisticated zero-day exploits and ransomware innovations to critical discussions on enhancing cybersecurity collaborations, the episode underscores the dynamic and multifaceted nature of cybersecurity in 2025.

For those keen on understanding the intricacies of modern cyber threats and the collaborative efforts required to mitigate them, this episode serves as an invaluable resource.

Note: This summary excludes promotional content, advertisements, and non-essential segments to focus solely on the core discussions and insights presented in the episode.

Loading summary

Transcript19 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network. Powered by N2K CISOs and CIOs know machine identities now outnumber humans by more than 80 to 1, and without securing them trust, uptime, outages and compliance are at risk. Cyberark is leading the way with the only unified platform purpose built to secure every machine identity, certificates, secrets and workloads across all environments, all clouds and all AI agents. Designed for scale, automation and quantum readiness, Cyber Arc helps modern enterprises secure their machine future. Visit cyberark.com machines to see how confusion persists over the Microsoft SharePoint Zero Days Crush FTP confirms a zero day under active exploitation the UK government proposes a public sector ban on ransomware payments. A new ransomware group is using an AI chatbot to handle victim negotiations. Australia's financial regulator accuses a wealth management firm of failing to manage cybersecurity risks. Researchers uncover a WordPress attack that abuses Google Tag manager Arizona election officials question CISA following a state portal cyber attack. Hungarian police arrest a man accused of launching DDoS attacks on independent media outlets. On our Threat Vector segment, guest host Michael Sikorsky and Michael Daniel of the Cyber Threat alliance explore cybersecurity collaboration and a spyware kingpin wants Back in.
[02:03]
Michael Daniel
Foreign.
[02:06]
Dave Bittner
July 22, 2025 I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us. It's great to have you with us today. As we reported yesterday, A wave of zero day attacks has hit Microsoft SharePoint servers, exploiting flaws that researchers recently linked to a remote code execution exploit chain called Toolshell. The attacks began around July 17 targeting strategic sectors like energy, tech, consulting and government. Two patched flaws were reportedly bypassed, prompting Microsoft to assign two new CVEs. One allows unauthenticated code execution, the other enables spoofing. Despite patches, confusion persists about which vulnerabilities were chained during the attacks. Sentinel 1 identified three attack clusters, including those by state sponsored actors. Reports indicate exfiltration of cryptographic secrets and circumvention of MFA and SSO protections. Over 9,000 Internet facing SharePoint servers are at risk, mainly in North America and Europe. CISA has added one of the CVEs to its known exploited vulnerabilities list and advises immediate patching. Microsoft also urges organizations to rotate cryptographic keys post remediation. In other Microsoft news, Redmond is urging businesses to contact support to address a bug in the July 2024 Windows Server 2019 update that disrupts cluster service operations. The issue causes repeated restarts, node failures and VM instability, especially on systems using BitLocker with cluster shared volumes. While a fix is in development, Microsoft has not yet released it publicly and recommends reaching out for guided mitigation until a permanent update is available. Crush FTP has confirmed a zero day vulnerability is being actively exploited in older versions of its file transfer software. The company's president said the flaw, patched in builds after July 1, was discovered after hackers reverse engineered their code. Over 1,000 unpatched instances have been identified globally, with hundreds in the US and Europe. Most attacks occurred around July 18th. Some attackers are disguising outdated vulnerable systems to appear current. Crush FTP has issued guidance for affected users. The identity of the attackers remains unknown, but groups like the CLOP Ransomware Gang have a history of exploiting similar flaws in file transfer tools. This incident highlights ongoing threats to file sharing platforms, which are prime targets for stealing sensitive data from government, corporate and academic users. CISA has previously warned about Crush FTP vulnerabilities and continues to monitor related threats in the file transfer space. The UK government is proposing new measures to combat ransomware, focusing on protecting hospitals, businesses and critical services. Under the plan, public sector bodies and operators of national infrastructure like the NHS and schools would be banned from paying ransoms. Nearly 75% of public consultation respondents supported the movement. Private businesses would need to notify the government if they intend to pay a ransom, ensuring such actions don't violate sanctions. A mandatory reporting regime is also in development to help law enforcement gather intelligence and disrupt ransomware networks. The proposals aim to break the financial model driving cybercrime, especially attacks tied to Russian based groups. Officials stress the need for strong cybersecurity practices, including offline backups and recovery plans. Supporters including the British Library and Co Op welcome the effort to improve resilience. These steps are part of the UK's broader plan for change to defend against evolving cyber threats. A new ransomware as a service group, Global Group has emerged, rebranding older threats Mamona, Rip and Blacklock. While not highly innovative, the group's standout feature is using an AI chatbot to handle victim negotiations. This bot operates on a Tor based panel, automating communication and psychological pressure to scale operations across time zones. Victims face steep ransom demands and threats of data leaks. The ransomware uses a Golang based payload compatible with Windows, Linux, macOS and even ESXi systems favoring fast, concurrent encryption. Analysts also found poor operational security linking Global to Russian infrastructure used by Mamona. The builder allows affiliates to customize attacks, enhancing evasion and reach. Picus Security recommends multiple detection and mitigation strategies including monitoring go based processes, restricting access to native utilities, simulating attacks and enforcing least privilege policies. To defend against this growing ransomware threat, Australia's financial regulator ASIC has taken legal action against Fortnum Private wealth for allegedly failing to manage cybersecurity risks, exposing clients to significant threats. The firm is accused of lacking proper policies, training and oversight, particularly for its authorized representatives. One breach leaked over 200 gigabytes of sensitive data from nearly 10,000 clients later found on the dark web. Despite implementing a CyberSecurity policy in 2021, ASIC claims it was inadequate. Fortnum denies the allegations but declined further comment due to ongoing court proceedings. Researchers at Sucuri have uncovered a WordPress attack that abuses Google Tag Manager to redirect site visitors to spam pages without altering themes or plugin files. Instead, attackers inject a malicious script directly into WordPress database tables. This script loaded a Google Tag Manager container that triggered a redirection after five seconds. The GTM tag likely came from a compromised admin account. Over 200 sites were impacted, allowing attackers remote control of the payload via their GTM account. These redirects can harm site SEO, reputation and visitor safety. Sucuri advises inspecting for suspicious GTM tags, securing admin accounts with two FA and keeping plugins updated. GTM's trusted status makes such attacks hard to detect. Similar to earlier GTM based e skimming campaigns on e commerce sites, Arizona election officials revealed a cyber attack that defaced candidate profiles on a state portal, replacing photos with images of the late Ayatollah Khomeini. The breach, discovered on June 23, exploited a legacy system to upload a malicious image containing a PowerShell script. While the threat was quickly contained, officials criticized the Cybersecurity and Infrastructure Security Agency for its lack of support, citing a breakdown in federal coordination since the Trump administration's restructuring and budget cuts. Arizona Secretary of State Adrian Fontes accused CISA of becoming politicized and ineffective, endangering national election security. Arizona's chief information security officer said key systems remained unaffected, but emphasized that CISA's former collaborative role has eroded. This incident following US action against Iranian nuclear sites included pro Iran messaging. Though attribution remains uncertain, Experts warn that CISA's diminished role risks fragmenting the nation's cyber defense and eroding trust between state and federal agencies. Hungarian police have arrested a 23 year old man from Budapest accused of launching DDoS attacks on independent media outlets in Hungary and abroad. Fraud. Operating under the alias Hano, he allegedly used DDoS for hire services to disrupt access to sites like MediaOne, Telex and Vienna based International Press Institute. Authorities seized electronic evidence from the suspect's home, though he has not yet been formally charged. Investigators are probing the motive and whether any external coordination or funding was involved. Most targeted outlets were critical of Hungary's government, while pro government media were unaffected. The incident highlights growing cyber threats to independent journalism following similar politically linked attacks on media in Russia and Ukraine in recent months. Coming up after the break on our Threat Vector segment, Mike Sikorsky and Michael Daniel of the Cyber Threat alliance explore cybersecurity collaboration and a spyware kingpin wants back in. Stay with us. Bad actors don't break in, they log in. Attackers use stolen credentials in nearly nine out of 10 data breaches. Once inside, they're after one thing your data. Varonis AI powered data security platform secures your data at scale across las SaaS and hybrid cloud environments. Join thousands of organizations who trust Varonis to keep their data safe. Get a free data risk assessment@varonis.com Foreign is AI built for the enterprise SOC, fully private schema free and capable of running in sensitive air gapped environments. Krogle autonomously investigates thousands of alerts weekly, correlating insights across your tools without data leaving your perimeter. Designed for high availability across geographies, it delivers context aware, auditable decisions aligned to your workflows. Krogle empowers analysts to act faster and focus on critical threats, replacing repetitive triage with intelligent automation to help your SOC operate at scale with precision and control. Learn more@krogle.com that's C R O gl.com on this week's Threat Vector segment, guest host Michael Sikorsky is joined by Michael Daniel from the Cyber Threat Alliance. They explore cybersecurity collaboration.
[14:09]
David Moulton
Hi, I'm David Moulton, host of the Threat Vector podcast where we break down cybersecurity threats, resilience and the industry trends that matter most. What you're about to hear is a snapshot from the no holds barred look at collaboration in cybersecurity between guest host Michael Sikorsky and Michael Daniel from the Cyber Threat Alliance. What really drives cooperation in a world built on zero trust? If you like this short segment, you're going to love the full episode.
[14:46]
Michael Sikorsky
So Michael, welcome.
[14:47]
Michael Daniel
No, thank you for having me.
[14:49]
Michael Sikorsky
Before we dive into the hard questions, you've been leading the CTA Cyber Threat alliance for for over eight years now. Looking back, what what moment stands out to you as the first time you felt okay, this is working?
[15:04]
Michael Daniel
Yeah, when I think about that, to me, one of the early signs of that was during the WannaCry incident that we were able to get a lot of different member companies on a call simultaneously and have them talk about what they were seeing and what they were not seeing. And at the beginning of WannaCry, everybody thought that that was being spread by an email vector. And when we assembled the different CTA members on the call and everybody started seeing what they were seeing, and nobody was finding an email vector for WannaCry. And it was one of those things that you could almost feel it around the room of like, well, wait a minute, if nobody among this set of people is seeing an email vector, maybe there's not an email vector. And so it really prompted everyone to go look in a different direction. And that was one of the first times that I realized that this model could actually work.
[16:09]
Michael Sikorsky
I also was thinking of, how does the Cyber Threat alliance and what we're doing, and specifically our collective defense model, how does that relate to some of these other sharing models that we've seen out there, the ISACs, JCDC, for which we're a member with Homeland Security, obviously, how does their model differ from ours? And how does that look? And then also, what is one misconception people have about the Cyber Threat Alliance's mission as it pertains to those.
[16:49]
Michael Daniel
Yeah, a lot of times I would say, well, cta, if you think of us as an ISAC for the cybersecurity industry, that would not be too far off. I always say that the Cyber Threat alliance is aimed at entities that are providing cybersecurity services to others. So cybersecurity companies like Palo Alto Networks, but also the cybersecurity arms of telecommunication companies or platform providers, those sorts of things. And really, the reason for that is because that's a set of entities that really do need to be sharing lots of technical data with each other at very large volumes. And that's really some of CTA stock in trade. Right. Is focusing on that. We are not focused on a particular industry vertical, which a lot of ISACs. Well, we are. It's just the cybersecurity industry, as opposed to, like a critical infrastructure sector vertical, like, you know, financial services or energy. So really, that's kind of our space in the ecosystem as we try to occupy that. That space, which really nobody, no other entity was really occupying before cta, before CTA came along. So that's really how I see, you know, what CTA is and what we, you know, and what we do. We also try to work with, you know, how do you actually get that collaboration built with the government. One of the things that we made a decision very early on for CTA was that we wanted it to be focused on the private sector for what the private sector could do, and that governments can't be direct members of cta. And that was deliberately designed to give some space in there to make it so that it wasn't. So that it didn't seem like governments had captured CTA and that CTA was doing a government's bidding. Right. But obviously, we have a lot of partnerships and work with responsible governments around the world. And so that, I think, is an important part of the, you know, important part of the equation.
[19:04]
Michael Sikorsky
What do you see as, like, the best way we could improve the US Government's approach to cyber partnerships? Like, what is the thing? Like, if you had a magic wand and you were in charge of all. All partnerships from the government to private, across the US Government, what would be like, you know, either one or two things that you would. You would quickly think about either changing or enacting?
[19:29]
Michael Daniel
Yeah, I mean, I think one of the things that I would say is one of the struggles that the federal government has is that we have worked very hard over decades to make sure that there are a lot of rules inside the federal government for how it treats the private sector and to treat the private sector equitably. And what this has translated to is that if you are working with one entity in the private sector, you've got to work with all of them equally. And the truth is that in cybersecurity, not all companies are created equal. And some parts, some entities in the ecosystem are more important in certain situations than others. And so, yeah, based on the technology.
[20:16]
Michael Sikorsky
They have deployed worldwide, based on their visibility, based on their expertise, absolutely, yes.
[20:21]
Michael Daniel
These are based on very. What I would almost say are objective factors. Right. This is not about preference, you know, based on who's friends with who, but it's based on the technology, the infrastructure, the capabilities. Right. And the federal government needs to be able to have a better ability to say, look, I'm going to collaborate with this set of entities in this case for this reason. And no, we're not going to have to let everybody and their cousin into this collaboration because they don't bring enough to the table. Right. And that's really hard on the federal government side right now because it can.
[20:56]
Michael Sikorsky
Feel like you're picking favorites. Is that why?
[20:58]
Michael Daniel
That's right. And it's seen as picking favorites. And it's like, no, we're not picking favorites. We're picking the entities that can actually do something to make a meaningful difference. And if you've ever been in any sort of collaborative exercise, then you know that as you get bigger, it gets harder and harder to do the collaboration and you reach a certain point and it becomes almost impossible. And so that, to me, is really one of the, you know, key sort of factors that we have to take into account. And that the government needs to have a better ability to, to process. I think on the private sector side, there needs to be a better understanding of the fact that the government operates under certain constraints that a private sector company will never operate under, and that not all of this is just about bureaucracy. That it's about very real reasons for why we want the government to not be picking favorites in most situations. Right, right. And that we want the government to operate in certain ways. And so that imposes some constraints on how the government operates that private sector companies don't have to follow. And it means that it's not because the government is stupid or because they're incompetent or lazy. It's because they operate under a different set of rules. And so we need to bring a lot more of that understanding to the collaborations and have respect for the constraints. And again, and that also works. The government also needs to understand that in many of these cases, when a private sector company is collaborating and working with them, every minute that they're spending working on this thing with the government, they're not making money.
[22:44]
Dave Bittner
Foreign.
[22:50]
David Moulton
If that got your attention, don't wait. Listen to the full episode now in your Threat Vector podcast feed. It's called Frenemies with Benefits and it's live now. You don't want to miss what could be the most eye openening take on cyber security teamwork this year.
[23:14]
Dave Bittner
And be sure to check out the complete Threat Vector podcast right here on the N2K CyberWire network or wherever you get your favorite podcasts. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you're thinking there has to be something more efficient than spreadsheets, screenshots and all those manual processes, you're right. GRC can be so much easier and it can strengthen your security posture while actually driving revenue for your business. You know, one of the things I really like about Vanta is how it takes the heavy lifting out of your GRC program. Their trust management platform automates those key compliance, internal and third party risk, and even customer trust. So you're not buried under spreadsheets and endless manual tasks. Vanta really streamlines the way you gather and manage information across your entire business. And this isn't just theoretical. A recent IDC analysis found that compliance teams using Vanta are 129% more productive. That's a pretty impressive number. So what does it mean for you? It means you get back more time and energy to focus on what actually matters, like strengthening your security posture and scaling your business. Vanta GRC Just imagine how much easier trust can be. Visit vanta.com cyber to sign up today for a free demo that's V A N T a dot com CYBER hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Deleteme also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K and finally, Scott Zuckerman, the spyware entrepreneur perhaps best known for leaking private user data like a sieve, is asking the FTC to lift the 2021 ban that barred him from the surveillance industry. The ban followed a spectacular privacy faceplant in which his app, Spy Phone, helpfully exposed thousands of users, texts, photos and locations, turning stealth surveillance into public spectacle. Zuckerman now argues the order is a financial burden, claiming it hinders his growth in other ventures. Critics are not swayed. Eva Galperin of the EFF noted with forensic precision that burdens are the point when you've repeatedly flouted federal orders and still dabble in spyware adjacent projects, as Zuckerman allegedly did in 2022. The public can comment until August 19th. Surveillance, after all, is everyone's. And that's the cyber wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through August 31st. There's a link in the show notes. Please take a moment and check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. And now a word from our sponsor, Threat Locker, the powerful zero trust enterprise solution that stops ransomware in its tracks. Allowlisting is a deny by default software that makes application control simple and fast. Ring Fencing is an application containment strategy ensuring apps can only access the files, registry keys, network resources and other applications they truly need to function. Shut out cybercriminals with world class endpoint protection from Threat Locker.