Tomcat got your server? - CyberWire Daily

Summary9 min read

CyberWire Daily Summary: "Tomcat Got Your Server?" – March 18, 2025

Hosted by N2K Networks

1. Active Exploitation of Apache Tomcat Vulnerability

A critical remote code execution (RCE) vulnerability in Apache Tomcat, disclosed on March 10, 2025, is currently under active exploitation. This flaw allows attackers to gain server control through a straightforward PUT request. Notably, exploit code surfaced on GitHub merely 30 hours post-disclosure. The attack vector involves uploading Base64-encoded payloads via a PUT request, followed by triggering execution with a GET request using a jsessionid cookie.

Key Insights:

Detection Challenges: The encoded payloads and multi-step execution complicate detection by conventional security tools.
Immediate Actions Recommended:
- Update Apache Tomcat: Apache strongly advises applying immediate updates to mitigate the vulnerability.
- Disable Partial PUT Support: Organizations should disable partial PUT support to prevent exploitation.
- Restrict Sensitive File Storage: Limiting the storage of sensitive files can reduce potential attack surfaces.

Notable Quote:
"Attackers upload Base64 encoded payloads via a PUT request, then trigger execution with a GET request using a jsessionid cookie." – Dave Bittner [00:XX]

2. CISA Rehiring Post-Dogecoin Workforce Purge

The Cybersecurity and Infrastructure Security Agency (CISA) is rehiring approximately 130 probationary employees who were previously ousted during President Donald Trump's administration workforce purge. These rehired individuals are currently placed on administrative leave as the agency navigates the legal and operational aftermath of the reappointment.

Key Points:

Legal Context: The rehiring follows a ruling by U.S. District Judge James Bridar, a decision the White House has vowed to contest.
Political Repercussions: Former President Trump has criticized the decision, labeling it as dangerous, while cybersecurity experts express concerns that mass firings may undermine national security.
Internal Challenges at CISA: The agency faces internal confusion regarding the ruling and is actively attempting to communicate with affected employees.
Impact on Cybersecurity Workforce: CISA has previously defunded cybersecurity hubs and justified workforce reductions by citing the elimination of duplicative roles. Critics argue that these actions have weakened U.S. cybersecurity resilience.

Notable Quote:
"Critics, including former NSA official Rob Joyce, say these actions weaken US Cybersecurity." – Dave Bittner [02:03]

3. Legislative Efforts to Protect Rural Water Systems

Washington lawmakers have reintroduced the Cybersecurity for Rural Water Systems Act of 2025, a bipartisan initiative aimed at safeguarding rural water infrastructures from cyber threats. Sponsored by Representatives Don Davis (D-NC) and Zachary Nunn (R-IA), along with Senators Katherine Cortez Masto (D-NV) and Mike Rounds (R-SD), the bill seeks to expand the circuit rider program to include dedicated cybersecurity assistance for small water utilities serving populations under 10,000.

Key Features:

Cybersecurity Specialists: Deployment of circuit riders who will:
- Train rural utilities staff.
- Assist in cyber defense planning.
- Enhance threat response capabilities.
Current Security Landscape: Only 20% of U.S. water systems currently implement robust cyber protections, highlighting the bill's critical importance.
Legislative History: Originally introduced in 2023, the bill failed to pass but is now receiving renewed support due to escalating cyber threats targeting essential services.

Notable Quote:
"This bill expands the circuit rider program to include cybersecurity assistance for small water utilities serving populations under 10,000." – Dave Bittner [04:XX]

4. Western Alliance Bank Data Breach Notification

Western Alliance Bank has informed approximately 22,000 individuals about a data breach that occurred in October 2024. The breach involved the exploitation of a third-party file transfer tool, CLIO, which was compromised by the CLOP extortion group. The exposed data includes personal information such as names, Social Security numbers, birth dates, and financial details.

Key Details:

Incident Disclosure: The breach was confirmed after stolen data became available online in January of the current year.
Bank’s Response: Western Alliance Bank maintains that the breach will not impact its financial condition and has offered affected individuals one year of identity protection services.
Regulatory and Security Implications: The incident underscores vulnerabilities in third-party tools and the importance of comprehensive security assessments for all connected systems.

Notable Quote:
"Despite the incident, the bank says it won't affect its financial condition. Affected individuals receive one year of identity protection." – Dave Bittner [06:XX]

5. Emergence of "Browser in the Middle" (BITM) Attack Method

A novel cyber attack technique named Browser in the Middle (BITM) has been identified, enabling hackers to bypass Multi-Factor Authentication (MFA) and swiftly steal user sessions. This method involves hijacking authenticated browser sessions, posing a significant threat to organizations reliant on traditional security protocols.

Attack Mechanics:

Session Hijacking: Bitm attacks proxy victims through attacker-controlled browsers, tricking users into entering credentials and completing MFA challenges on maliciously replicated legitimate sites.
Tools Utilized: Applications like Evil Jinx 2 and Delusion facilitate real-time session hijacking and scalable phishing campaigns.

Defense Strategies:

Hardware-Based Authentication: Implementing FIDO2 security keys that bind authentication to physical devices.
Behavioral Monitoring and Client Certificates: Enhancing detection of unusual activities and validating client identities.
Security Awareness Training: Educating users to recognize and respond to phishing attempts effectively.

Notable Quote:
"Hardware-based authentication, things like FIDO 2 security keys, are one of the best defenses because they tie authentication to a physical device. No device, no access." – Dave Bittner [08:XX]

6. Chinese Cyber Espionage Group "Mirror Face" Targets Central Europe

The Chinese cyber espionage group known as Mirror Face or Earth Kasha has extended its operations beyond East Asia, recently targeting a Central European diplomatic institute. Research conducted by ESET revealed that the group employed Anel (Uppercut), a backdoor previously associated with APT10, indicating potential tool-sharing among Chinese threat actors.

Attack Breakdown:

Initial Access: The campaign commenced with a spear-phishing campaign referencing Expo 2025 in Japan.
Malware Deployment: Victims were sent malicious Word documents that deployed ANEL and Hidden Face malware to maintain persistence.
Evasion Techniques: Attackers employed methods such as log wiping, utilization of Asyncrat within Windows Sandbox, and abuse of Visual Studio Code’s remote tunnels to evade detection.
Data Exfiltration: Chrome credentials were extracted, potentially compromising diplomatic communications and sensitive data.

Implications:

This attack exemplifies China's evolving cyber tactics and the increasing collaboration among state-sponsored cyber groups, posing significant threats to international diplomatic relations and national security.

Notable Quote:
"The attack highlights China's evolving cyber tactics and collaboration between state-sponsored groups." – Dave Bittner [10:XX]

7. Exploitation of OpenAI's ChatGPT Infrastructure via Server-Side Request Forgery (SSRF)

A recent cyber attack campaign is actively exploiting a server-side request forgery (SSRF) vulnerability affecting OpenAI's ChatGPT infrastructure. While OpenAI has not been breached, over 10,000 attack attempts originated from a single malicious IP within just one week, with the highest concentration from the U.S., followed by Germany and Thailand.

Vulnerability and Impact:

Attack Vector: Attackers exploit misconfigured security tools such as Intrusion Prevention Systems (IPS), Web Application Firewalls (WAF), and standard firewalls to carry out SSRF attacks.
Target Sectors: The financial sector and U.S. government agencies are primary targets, leveraging AI-driven services to access internal resources and sensitive data.
Organizational Vulnerability: Approximately 35% of organizations remain vulnerable due to inadequate security configurations.

Recommendations:

Firewall Settings Review: Security teams should reassess and tighten firewall configurations.
Attack Log Monitoring: Continuous monitoring of attack logs to identify and respond to suspicious activities.
AI Security Risk Assessment: Reevaluating security measures surrounding AI-related services to mitigate emerging threats.

Notable Quote:
"Verity urges security teams to review firewall settings, monitor attack logs and reassess AI related security risks." – Dave Bittner [12:XX]

8. Australian Securities Firm FIIG Sued Over 2023 Data Breach

Australia’s financial regulator is pursuing legal action against FIIG Securities for cybersecurity deficiencies that led to a significant data breach in 2023, affecting 18,000 customers. The breach resulted in the theft of 385 gigabytes of sensitive data, including personal and financial information.

Regulatory Actions:

Allegations: FIIG is accused of neglecting basic security controls for four years, failing to update firewalls, patch software vulnerabilities, and implement adequate employee training.
Discovery of Breach: FIIG remained unaware of the breach until alerted by Australia’s cybersecurity center and took six days to respond.
Legal Framework: The case cites violations of the Corporations Act, which mandates financial institutions to maintain robust risk management practices.
Industry Context: This lawsuit follows a similar 2022 case against RI Advice for analogous cybersecurity lapses, signaling heightened regulatory scrutiny in Australia.

Future Implications:

Regulatory Stringency: Australian regulators emphasize that cyber risk management is paramount, with impending stricter regulatory measures for financial firms failing to protect customer data.

Notable Quote:
"The Australian regulators allege FIIG violated the Corporations Act, which mandates financial firms maintain adequate risk management." – Dave Bittner [14:XX]

9. Threat Vector Segment: Platformization in Cybersecurity

Guest: Carlos Rivera, Senior Analyst at Forrester
Host: David Moulton

The Threat Vector segment delves into the concept of platformization, exploring how unifying security capabilities can enhance cyber resilience. The discussion highlights the ongoing debate between traditional network security measures and emerging cloud-based strategies.

Key Discussion Points:

Microsegmentation within Zero Trust:
- Challenges: Implementing microsegmentation at the host or microservice level is complex and often leads to delays or abandonment of security initiatives.
- Strategic Approach: Organizations should identify critical assets and assess existing tools to achieve an acceptable maturity level based on risk tolerance before advancing to more granular segmentation.
- Policy Coordination: Ensuring consistent and non-conflicting policy rule sets across various enforcement points (firewalls, VPNs, etc.) is crucial for effective security architecture.

Notable Quote:
"Organizations should identify where those critical assets are in their environment and then actually assess what are the tools and technology the controls have already in place that they can leverage." – Carlos Rivera [15:07]

Advantages of Unified Security Platforms:
- Simplified Management: Reduces the complexity and silos within security operations, facilitating collaborative discussions and streamlined deployments.
- Cost Efficiency: Consolidates multiple licenses and reduces infrastructure complexity, leading to potential cost savings.
- Enhanced Incident Response: Improved visibility and centralized management accelerate incident response times and overall security effectiveness.

Notable Quote:
"The idea behind the unification of security controls is really just simplifying deployment and management." – Carlos Rivera [18:10]

Recent Security Developments:
- Government Influence: Increasing executive orders and government involvement are shaping organizational cybersecurity practices, setting precedents for industry standards.

Notable Quote:
"We're seeing it kind of unfold now in terms of executive orders, you know, governments buying in and making more, or at least being more influential in how organizations and the industry should approach cybersecurity." – Carlos Rivera [19:27]

10. Emerging Ransomware Tactics by OxThief and Medusa

The podcast concludes with an intriguing narrative of cybercriminal evolution in the ransomware landscape. OxThief, a ransomware group, has adopted unconventional extortion tactics by threatening to expose victims to cybersecurity journalists, privacy advocates, and organizations like the Electronic Frontier Foundation if ransoms are not paid. This strategy aims to pressure victims through reputational and legal risks rather than solely relying on financial demands.

Noteworthy Trends:

Diversified Extortion Methods: Moving beyond encryption, attackers are leveraging public exposure and legal threats to enforce compliance.
Cybercriminal Fabrication: Instances where multiple groups, such as OxThief and Medusa, claim breaching the same organization raise questions about the authenticity and coordination within the cybercrime ecosystem.

Notable Quote:
"Instead of just encrypting files and waiting for a payday, OxThief is weaponizing legal liability and media scrutiny." – Dave Bittner [21:XX]

Takeaway:
Organizations must not only bolster their technical defenses but also be prepared for multifaceted extortion attempts that exploit legal and reputational vulnerabilities.

Conclusion

This episode of CyberWire Daily, titled "Tomcat Got Your Server?", provides a comprehensive overview of significant cybersecurity incidents, legislative efforts, emerging threat methods, and industry insights. From active exploitations of critical vulnerabilities to evolving ransomware tactics, the discussion underscores the dynamic and multifaceted nature of today's cyber threat landscape. Additionally, the Threat Vector segment offers valuable perspectives on the importance of platformization and unified security strategies in enhancing organizational resilience against sophisticated cyber threats.

For a detailed analysis of platformization and further insights, listeners are encouraged to explore the Threat Vector podcast series available in the CyberWire's show notes.

For more information and the latest updates, visit thecyberwire.com.

Loading summary

Transcript13 lines

[00:02]
Dave Bittner
You're listening to the CyberWire network, powered by N2K. And now a brief message from our sponsor, DropZone AI. Is your SoC drowning in alerts with legitimate threats sitting in queues for hours or even days? The latest SANS SOC survey report reveals alert fatigue and limited automation are SOC Team's greatest barriers. Drop Zone AI, recognized by Gartner as a cool vendor, directly addresses these challenges through autonomous recursive reasoning investigations, quickly eliminating false positives, enriching context and enabling analysts to prioritize real incidents faster. Take control of your alerts and investigations with dropzone AI. An Apache Tomcat vulnerability is under active exploitation CISA rehires workers ousted by Doge Lawmakers look to protect rural water systems from cyber threats. Western Alliance bank notifies 22,000 individuals of a data breach A new cyber attack method called bitm allows hackers to bypass Multi factor authentication. A Chinese cyber espionage group targets Central European diplomats. A new Cyber attack uses ChatGPT infrastructure to target the financial sector and US government agencies. Australia sues a major securities firm over inadequate protection of customer data. Our Threat Vector segment examines how unifying security capabilities strengthens cyber resilience and cybercriminals say get me Edward Snowden on the line.
[02:04]
Carlos Rivera
Foreign.
[02:11]
Dave Bittner
March 18, 2025 I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us once again here. It is great to have you with us. A critical remote code execution vulnerability in Apache Tomcat is being actively exploited. The flaw, disclosed on March 10, allows attackers to gain control of servers via a simple put request. Exploits appeared on GitHub just 30 hours after disclosure. Attackers upload base 64 encoded payloads via a PUT request, then trigger execution with a GET request using a jsessionid cookie. Security tools struggle to detect this due to encoded payloads and multi step execution. Apache urges immediate updates. Meanwhile, organizations should disable partial PUT support and restrict sensitive file storage. The Cybersecurity and Infrastructure Security Agency is rehiring roughly 130 probationary employees ousted under President Donald Trump's workforce purge. Bud is immediately placing them on administrative leave. The move follows a ruling by U.S. district Judge James Bridar, which the White House vowed to fight. Trump criticized the decision, calling it dangerous, while experts warn the mass firings threaten national security. CISA faces internal confusion over the ruling and is trying to contact impacted employees. The agency has also defunded cybersecurity hubs and defended workforce cuts as eliminating duplication. Critics, including former NSA official Rob Joyce, say these actions weaken US Cybersecurity The White House and key agencies have not responded to requests for comment. Elsewhere in Washington, lawmakers have reintroduced the Cybersecurity for Rural Water Systems act of 2025, a bipartisan bill aimed at protecting rural water systems from cyber threats. Sponsored by Representatives Don Davis, Democrat from North Carolina, and Zachary Nunn, a Republican from Iowa, and Senators Katherine Cortez Masto, Democrat from Nevada, and Mike Rounds, a Republican from South Dakota, the bill expands the circuit rider program to include cybersecurity assistance for small water utilities serving populations under 10,000. The bill funds cybersecurity specialists known as circuit riders, who will train rural utilities, assist in cyber defense planning and improve threat response. Only 20% of US water systems currently have cyber protections, making this legislation critical. Though initially introduced in 2023, it failed to pass but is now gaining renewed support. This year, Western alliance bank is notifying 22,000 individuals of a data breach involving a third party file transfer tool exploited in October 2024. The breach exposed names, Social Security numbers, birth dates and financial details. The CLOP extortion group exploited CLIO file transfer vulnerabilities impacting dozens of organizations. Western alliance confirmed the breach after stolen data appeared online in January of this year. Despite the incident, the bank says it won't affect its financial condition. Affected individuals receive one year of identity protection. A new cyber attack method called Browser in the Middle, or bitm, allows hackers to bypass Multi factor Authentication and steal user sessions in seconds. This technique hijacks authenticated browser sessions, making it a major threat to organizations relying on traditional security measures. BITM attacks proxy victims through an attacker controlled browser. Mimicking legitimate sites, users unknowingly enter credentials and complete MFA challenges, allowing attackers to steal session tokens. Tools like Evil Jinx 2 and Delusion enable real time session hijacking and scalable phishing campaigns. Experts say hardware based authentication, things like FIDO 2 security keys are one of the best defenses because they tie authentication to a physical device. No device, no access. Behavioral monitoring and client certificates help too. And of course, good old fashioned security awareness training can go a long way. A Chinese cyber espionage group, Mirror Face, also known as Earth Kasha, has expanded beyond East Asia. Targeting a Central European diplomatic institute in August of last year, researchers from ESET found the group used Anel, or Uppercut, a backdoor previously linked to APT10, suggesting tool sharing among Chinese threat actors. The attack began with a spear phishing campaign referencing Expo 2025 in Japan. Once victims engaged, they received a malicious Word document, deploying ANEL and Hidden Face for persistence. The hackers wiped logs, used Asyncrat in Windows Sandbox and abused Visual Studio Code's remote tunnels to evade detection. They also exfiltrated Chrome credentials, potentially compromising diplomatic communications. The attack highlights China's evolving cyber tactics and collaboration between state sponsored groups. According to the latest research from Verity, a new cyber attack campaign is actively exploiting a server side request forgery vulnerability affecting OpenAI's ChatGPT infrastructure, but OpenAI itself has not been breached. In just one week, over 10,000 attack attempts were recorded from a single malicious IP, with the US seeing the highest concentration, followed by Germany and Thailand. 35% of organizations are vulnerable due to misconfigured security tools like ips, web application firewalls and firewalls. The financial sector and US government agencies are prime targets as attackers exploit AI driven services to access internal resources and sensitive data. Verity urges security teams to review firewall settings, monitor attack logs and reassess AI related security risks, emphasizing that even medium severity vulnerabilities can become major attack vectors. Australia's financial regulator is suing FIIG securities over cybersecurity failures that led to a 2023 data breach affecting 18,000 customers. The Australian securities and Investments Commission says FIIG lacked basic security controls for four years, failing to update firewalls, patch software or train employees, allowing threat actors to steal 385 gigabytes of sensitive data. FIIG, which manages $2.88 billion in funds, was unaware of the breach until Australia's cybersecurity centre alerted them. It took six days to respond. The Australian regulators allege FIIG violated the Corporations act, which mandates financial firms maintain adequate risk management. This case follows a 2022 lawsuit against RI Advice for similar cybersecurity lapses. Australian regulators warn that cyber risk management is a top priority, with tighter regulatory actions coming for financial firms failing to protect customer data. Coming up after the break, our Threat Vector segment examines how unifying security capabilities strengthens cyber resilience and cyber criminals say get me Edward Snowden on the line. Play with us. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use Indeed when it comes to hiring. Indeed is all you need. Stop struggling to get your job post noticed. Indeed. Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results so the right candidates see it first and it works. Sponsored jobs on indeed get 45% more applications than non sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K CyberWire. Many of my colleagues here came to us through Indeed plus with sponsored jobs. There are no subscriptions, no long term contracts. You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been Talking to you, 23 hires were made on Indeed, according to Indeed Data Worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed and listeners to this show will get a $75 sponsored job credit. To get your jobs more visibility at indeed.com cyberwire just go to indeed.com cyberwire right now and support our show by saying you heard about Indeed on this podcast. Indeed.com cyberwire terms and conditions apply. Hiring Indeed is all you need Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com it's time for our Threat Vector segment. David Moulton sits down with Forrester Senior Analyst Carlos Rivera to explore the concept of platformization how unifying security capabilities strengthens cyber resilience Hi, I'm David Moulton, host.
[13:54]
David Moulton
Of threatvector, the podcast where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. Here's a preview of what's coming up next on threatvector. In our next episode, I'm joined by Carlos Rivera, senior Analyst at Forrester, to talk about one of the most critical shifts in security strategy, platformization. Think network security is outdated in the cloud era? Think again. Carlos challenges a common misconception that cloud adoption makes traditional network security obsolete. In this episode, we break down why firewalls, segmentation and policy enforcement are still essential, even in a cloud first world. Don't miss this episode. Carlos, it's been quite a while since I've thought about micro segmentation. I mean, we're talking probably five, six years ago. Since I talked to somebody like yourself that's an expert, I'm wondering what you would advise. How should organizations rethink micro segmentation within the zero trust model to maximize that security effectiveness that they're looking for?
[15:07]
Carlos Rivera
Yeah, so I think the trick here is that what I'M trying not to do is tell everyone that there is one solution that is better than the other. What I typically try to articulate when when I get questions such as what's the best practice for microsergmentation? In the past, organizations have typically struggled to implement microsegmentation effectively. So there are various levels of microsegmentation that an enterprise can arguably achieve. And with our own research efforts, we call out those levels. But specifically host level or even microservice level, we view that as it being more complex and difficult to implement. But organizations that actually pursued the micro segmentation initiatives as the first initiative for their zero trust journey, they found this to be more complex, right? So those same organizations either abandoned the initiative or delayed the initiative to focus on other tasks and other activities. But now organizations are beginning to revisit that conversation around microserv mutation initiatives because they now have a better understanding, right? They learn from their mistakes, but now they have to have an understanding about the approach. So ultimately, what organizations should really be doing when they begin their zero trust or micro segmentation journey is identify where those critical assets are in their environment and then actually assess what are the tools and technology the controls have already in place that they can actually leverage to achieve a level of maturity that will be one acceptable based on risk tolerance and even risk appetite. So once they have that, then it becomes more of a matter of what is needed to get to that next level of maturity. And another thing I want to add is that while there will be a need to have guidance for organizations, one of the biggest issues that I get in terms of client engagement is that now we're implementing Microsoftation, but we have firewalls, we have vpna, we have micro segmentation specific tools and solutions in our environment. These are all various different enforcement points that have policies. So organizations might not be thinking it now, but it might be worth exploring or having conversations internally about what should our guidance be about how we approach our policy rule sets throughout our architecture so that we have a better understanding of what's the most effective and efficient way of approaching the rules as a cross architecture from meaning the broader we are, the further out in our environment from the edge perimeter, that's going to be the broader policies and the closer we are getting to critical assets in our environment, that's where the more granular policy should exist, but it should not be conflicting with each other.
[17:46]
David Moulton
So, Carlos, anyone has been paying attention for the last year or so knows that Palo Alto Networks has been a really strong proponent of this idea of security Platformization or unifying security capabilities into like a single AI driven platform. What are the key advantages of a unified security approach and how does it compare to the traditional best in class security model?
[18:10]
Carlos Rivera
I think the idea behind the unification of security controls is really just a simplifying deployment and management of those security controls. So you're actually starting to break down those silos that might have impeded any kind of collaborative discussions within your organizations with respect to, you know, security best practices, what types controls are going to be needed and how do you improve those outcomes or improve those operations. There's also that potential for cost savings that when you start exploring platformization or a unified solution, you start reducing the number of licenses you need to procure, maintain and manage. But you're also reducing complexity within your infrastructure, within the security stack. So it offers that ability to have a visibility and management of all these various different tools with a more centralized manner, and that can actually lead to being more efficient and having a more holistic security architecture. Security analysts can also aim to benefit from this in an indirect way because it's improving incident response times, because it's reducing that complexity and friction that they might experience when it comes to investigations and analytics.
[19:21]
David Moulton
Carlos, are there any recent security developments that have really personally surprised you?
[19:28]
Carlos Rivera
Recent security developments that have surprised me. I mean, we're seeing it kind of unfold now in terms of executive orders, you know, governments buying in and making more, or at least being more influential in how organizations and how the industry should approach cybersecurity and making our areas. I know what's more sensitive that is, to me, it's not so much surprising as it is, I would say it's a moment of surprise, I guess, because I do come from the government side and I know what the DoD has done in the past and they're always kind of ahead of the game, ahead of the curve when it comes to those types of implementations. But now it's kind of the influence. I think we're returning to this the new nor or the norm of we looked at the government to set precedents on what we should do for cyber security and seeing that unfold today, or at least in this day and age, it's bit of rewarding.
[20:37]
David Moulton
If we piqued your interest. Don't miss the full episodes every Threat Vector Thursday. Subscribe now to stay ahead.
[20:49]
Dave Bittner
You can find a link to the full examination of platformization by David and Carlos in our show notes. And of course, don't forget to check out the entire Threat Vector podcast wherever you get your Favorite podcasts.
[21:10]
Carlos Rivera
Foreign.
[21:17]
Dave Bittner
Of investigation tools that only do one thing at a time. Spending more time juggling contracts with data vendors than actually investigating Maltego changes that for good. Get one investigation platform, one bill to pay, and all the data you need in one place. It comes with curated data and a full suite of tools to handle any digital investigation. Connect the dots so fast cybercriminals won't even have time to Google what Maltego is. See the platform in action@maltego.com and finally, let's set the scene. You're a cybercriminal trying to make an honest, dishonest living in the ransomware world. But payments are down, negotiations are tougher, and victims just aren't coughing up the cash like they used to. What do you do? Well, if you're ox thief, you get creative. And by creative, I mean you threaten to call Edward Snowden. That's right. This newly discovered extortion crew isn't just demanding ransom. They're fast tracking the consequences. Don't pay? They'll rat you out to a cybersecurity journalist like Brian Krebs, privacy advocates, and even the Electronic Frontier Foundation. They'll outline legal penalties, predict massive fines, and warn of a PR disaster. The message? You're in trouble whether you pay or not. Analysts at Fortress say this is a noteworthy escalation in ransomware tactics. Instead of just encrypting files and waiting for a payday, oxtheif is weaponizing legal liability and media scrutiny. It's all part of a bigger trend. Ransomware payments are dropping and attackers are getting desperate. Case in point, oxthief claims to have hacked broker educational sales and training. But here's where it gets messy. Another cybercrime gang, Medusa, also claims to have breached the same organization. Did oxthief really do it, or are they recycling someone else's heist? Either way, the alleged victims haven't commented, and the cybercriminal underworld just keeps getting weirder. So what's the takeaway? Well, if you get hacked, maybe set up an outbound call blocker for Snowden just in case. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.