CyberWire Daily - A warning from the cloud.
Episode Date: January 23, 2025CISA and FBI detail exploit chains used by Chinese hackers to compromise Ivanti Cloud Service Appliances. Energy systems in Central Europe use unencrypted radio signals. A critical SonicWall vulnerabi...lity is under active exploitation. The Nnice ransomware strain isn’t. Cisco discloses a critical vulnerability in its Meeting Management tool. GhostGPT is a new malicious generative AI chatbot. ClamAV patches critical vulnerabilities in the open-source anti-virus engine. A new report questions the effectiveness of paying ransomware demands. DOGE piggybacks on the United States Digital Service. On our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI. Jen Easterly leaves CISA a legacy of resilience and dedication. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Today on our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI. Selected Reading FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know (SecurityWeek) Researchers say new attack could take down the European power grid (Ars Technica) Critical SonicWall Vulnerability Exploited In Attacks Execute Arbitrary OS Commands (Cyber Security News) Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques (GB Hackers) Cisco Fixes Critical Vulnerability in Meeting Management (Infosecurity Magazine) New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing (Infosecurity Magazine) Open-Source ClamAV Releases Critical Security Patch Updates – What’s Inside! (Cyber Security News) Companies who pay off ransomware attackers rarely get their data back, survey shows (Cybernews) Elon Musk Plays DOGE Ball—and Hits America’s Geek Squad (WIRED) Under Trump, US Cyberdefense Loses Its Head (WIRED) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try
DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started
removing my personal information from hundreds of data brokers. I finally have peace of mind,
knowing my data privacy is protected. DeleteMe's team does all the work for you, with detailed
reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners, today get 20% off your DeleteMe plan when you go to JoinDeleteMe.com delete me dot com slash n2k and use promo code n2k at checkout.
The only way to get 20 percent off is to go to join delete me dot com slash n2k and enter
code n2k at checkout.
That's join delete me dot com slash n2k code n2k. CISA and the FBI detail exploit chains used by Chinese hackers to compromise Ivanti cloud
service appliances.
Energy systems in central Europe use unencrypted radio signals.
A critical sonic wall vulnerability is under active exploitation.
The nice ransomware strain isn't.
Cisco discloses a critical vulnerability in its meeting management tool.
GhostGTP is a new malicious generative AI chatbot.
PlamAV patches critical vulnerabilities in the open source antivirus engine.
A new report questions the effectiveness of paying ransomware demands. Clam AV patches critical vulnerabilities in the open-source antivirus engine.
A new report questions the effectiveness of paying ransomware demands.
Doge piggybacks on the United States digital service.
On our industry voices segment, we're joined by Joe Gillespie, Senior Vice President at
Booz Allen, discussing cyber AI.
And Jenny Sterly leaves CISA a legacy of resilience and dedication.
It's Thursday, January 23rd, 2025. Intel briefing.
Thanks for joining us here today.
It is great to have you with us.
CISA and the FBI have detailed two exploit chains used by Chinese hackers to compromise
Ivanti cloud service appliances.
They published IOCs and noted flaws that are being exploited for espionage.
Hackers use these vulnerabilities for remote code execution, credential theft, and web
shell deployment, affecting multiple versions.
Ivanti confirmed the latest version is unaffected.
Incident reports highlight detection methods, including anomalous user account creation
and encoded script alerts, which help three organizations mitigate attacks.
Mandiant has linked these exploits to Chinese APT group UNC-5221,
known for deploying custom malware like ZiLine and WarpWire.
Agencies urge defenders to analyze logs, replace compromised systems, and treat affected credentials
as compromised.
Researchers recently revealed that renewable energy systems in central Europe use unencrypted
radio signals, leaving critical infrastructure vulnerable
to exploitation.
The radio ripple control system manages power from renewable facilities, controlling up
to 60 gigawatts, enough to power Germany.
This system, based on outdated protocols, allows anyone with the right tools to intercept
and replay commands, potentially disrupting
the European power grid.
Fabienne Braunlein and Luca Millet discovered this vulnerability during research on streetlight
control in Berlin, realizing the same technology controls energy infrastructure.
By reverse-engineering radio receivers, they demonstrated how unauthorized messages could stop energy feeding into the grid. While experts debate whether a 60
gigawatt disruption could cause a blackout, the vulnerability highlights the
risk of unencrypted control systems. The researchers recommend retiring radio
ripple control in favor of more secure alternatives, but progress on modernization has been slow.
A critical security vulnerability has been identified in SonicWall's SMA-1000 appliance
management console and central management console, allowing remote unauthenticated attackers
to execute arbitrary OS commands. With a severity score of 9.8,
the flaw arises from improper deserialization
of untrusted data.
Active exploitation has been confirmed,
prompting SonicWall to release a patch.
Affected organizations should upgrade immediately
or restrict AMC and CMC access
to trusted sources as a temporary mitigation.
Cyfirma has identified a new ransomware strain, NICE, targeting Windows systems with advanced encryption, persistence, and evasion techniques, it appends.xddd to encrypted files and displays a ransom note ReadMe.txt while modifying system wallpapers to alert victims.
Using bootkits, DLL sideloading, and registry key manipulations, NICE ensures persistence while employing obfuscation and rootkits to
evade detection.
Organizations are urged to block the ransomware's SHA-256 hash, apply patches, use MFA, adopt
zero trust framework, maintain offline backups, and monitor for threat indicators to mitigate
risks.
Cisco has disclosed a critical vulnerability in its meeting management tool that allows
remote attackers to escalate privileges and gain administrator access via the REST API.
With a CVSS score of 9.9, the flaw stems from improper default permissions and inadequate
privilege handling.
It affects all versions up to 3.9 but is fixed
in version 3.9.1. Cisco urges immediate updates as no workarounds exist. No active exploitation
has been reported, but prompt patching is essential to mitigate risks.
Researchers at Abnormal Security have identified a new malicious generative AI chatbot GhostGPT
being sold on Telegram since late 2024.
GhostGTP is designed to assist cybercriminals in activities like malware creation, phishing emails, and business email compromise attacks.
It connects to a jailbroken chat GPT or open source language model to
deliver uncensored responses. Unlike its predecessor WormGTP, Ghost GPT is
available as a telegram bot, eliminating the need for technical setups. Buyers can
quickly access the tool for a fee, enabling low skilled threat actors to
execute sophisticated campaigns.
The chatbot facilitates tasks such as exploiting development, phishing template creation, and
malware coding.
Tested by researchers, it easily generated a convincing DocuSign phishing email.
Ghost GPT's growing popularity among cybercriminals highlights increasing interest in AI tools for illicit
purposes with thousands of views on online forums.
The Clam AV team has released security updates addressing a critical vulnerability in the
OLE-2 file parser that could cause a buffer overflow and denial of service.
Clam AV, a widely used open-source antivirus engine, detects malware, viruses, and trojans,
serving as a trusted security tool for individuals and enterprises.
These updates also fix an infinite loop issue in ClamAV's directory monitoring tool.
Users are strongly encouraged to upgrade via the ClamAV downloads page, GitHub or DockerHub.
A survey by Hiscox reveals that less than 20% of companies who pay ransomware demands recover all their data,
with 10% finding their data leaked despite payment.
The 2024 Cyber Readiness Report highlights that businesses often pay ransoms to protect
reputations or recover data without backups, but paying up rarely pays off.
Nearly 70% of U.S. companies report increased cyberattacks, averaging 60 incidents annually.
Reputational damage is significant, with 47% of businesses struggling to attract clients after an attack.
Hiscox advises businesses to bolster defenses through employee training, retiring outdated technology, and maintaining consistent backups.
Phishing accounts for 60% of attacks, underscoring the need for security awareness. The report warns that inadequate cybersecurity damages trust,
deters partners, and attracts regulatory scrutiny,
posing greater risks than bankruptcy for many firms.
In an article for Wired,
Stephen Levy examines Donald Trump's new executive order,
which establishes the President's Department
of Government Efficiency, DOGE.
The EO embeds DOGE into the United States Digital Services, a small, innovative tech
agency that has improved government IT since its Obama-era inception.
DOGE aims to streamline government IT systems, promising significant cost savings. However, it shifts USDES's collaborative approach to a more top-down,
Musk-inspired model, focusing on centralizing data and enforcing the Doge agenda.
While Doge's goals, like addressing inefficiencies and hidden budgetary waste,
could be transformational, its adversarial approach and political overtones
raise concerns.
New four-person agency teams, including HR and legal personnel alongside engineers, suggest
a shift from building solutions to enforcing policy, potentially undermining USDS's ethos
of innovation.
USDS, which survived previous administrations through
deft navigation and bipartisan support, now faces uncertainty.
Critics fear Doge's disruptive structure could sunset USDS
by its scheduled end in 2026,
jeopardizing its legacy of impactful public service.
Coming up after the break on our industry voices segment, we're joined by Joe Gillespie,
Senior Vice President at Booz Allen, discussing cyber AI, and Jen Easterly leaves CISA a legacy
of resilience and dedication. Stay with us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge,
it's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping
unauthorized applications, securing sensitive data, and ensuring your organization runs
smoothly and securely.
Visit threatlocker.com today to see how a default deny approach can keep your company
safe and compliant. Do you know the status of your compliance controls right now?
Like right now.
We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks.
Look at this.
More than 8,000 companies like Atlassian and Quora have continuous visibility into their
controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you
get security questionnaires
done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1, dollars off.
Joe Gillespie is Senior Vice President at Booz Allen.
In today's sponsored industry voices segment, we discuss cyber AI.
I would say first and foremost, it's been fast, right?
That's the thing that I think has surprised me
more than anything else about sort of the rate of adoption
and the rate of change when it comes to AI
and how it's being applied in the cyber fight on both sides.
You know, that from academia and from, you know,
a lot of the folks who are leading fundamental
research in AI, things are just evolving so quickly.
What large language models are capable of doing, the amount of content that they're
amassing, and what they're able to produce, that's accelerated tremendously.
And we've seen adoption in really interesting ways from, you know, assistive technology
to from, you know, for analysts, whether they're in a sock and they're, you know, trying to
work and alert and conduct an investigation, you know, having the equivalent of a chatbot
there with them that will help prompt them and point them in the right direction.
That's been really effective, you know, running side side-times with a human, but all the way up through fully
autonomous capabilities, things that are able to identify new threats and help thwart them
in real time.
And then on the threat actor side, automatically generating exploits against things that are
discovered and even discovering new vulnerabilities in the wild.
It's been really, really fascinating and really, you know, moving at a frenetic pace.
Well, can we dig into some of the challenges that you all see the cyber defenders facing out there?
You and your colleagues at Booz Allen, what sort of things are on your radar?
Yeah, certainly.
I mean, as I mentioned with threat actors, adversaries, well-funded,
having access to these same generative AI capabilities that have been emerging rapidly,
it's just changing the way that we need to think about defense. The variety and the volume of attacks that come and
the evolution of threat techniques,
it's really accelerated.
So we're having to deal with adversaries who are on the one hand,
you're seeing just an
uptick in anomalous activity or some of the less sophisticated actions because people
– it's easy to sort of have an unrestricted large language model, something that you're
hosting locally.
It's not hosted by one of the big tech providers.
They don't typically have guardrails on them.
So you can get them to script something up for you.
And you can just sort of launch attacks relatively easily.
So there's that.
And there are even models that are optimized
for threat actor behavior.
So the script kitty type activity,
we've seen some of that.
But that's a little easier to defend.
A lot of that is about known vulnerabilities.
And so if we're doing our hygiene things correctly, a lot of our clients are able to sort those
pretty easily.
But we've also seen an uptick in sophisticated nation state level APT activity, and a lot
of them have been in the news, so none of this will be a surprise.
Whether you look at sort of Volt Typhoon, Salt Typhoon, how they have, you know, tunneled into critical
infrastructure, you know, in a really stealthy way.
And they've just lived there, right?
Using living off the land techniques, flying really low and slow.
You know, these are hard to detect, hard to thwart.
And so AI is the answer to these.
While it is driving some of the problems and what our adversaries are doing, it's an arms race.
So our ability to wield that on the defensive side
is how we undermine these threats we're seeing emerge.
I think it's fair to say a lot of us feel kind of
oversaturated when it comes to the marketing messages
with artificial intelligence.
I think to the point that there's a lot of eye rolling.
I think that makes it a challenge to separate
that marketing side from the reality and
the actual impact that AI can have on missions.
What are you seeing when it comes to that?
I mean, what is the reality of the impact that you're
seeing when applying AI to the mission?
Yeah, that's a great point.
So it comes in a couple of forms, and I totally agree with you about sort of the marketing and the rhetoric.
Because, you know, chat interfaces are so accessible, you know, executives and, you know, leaders tend to lean on that
and say, well, I was able to ask this question and it gave me an answer back.
Those are effective, as I mentioned before, in sort of the assistive capacity. tend to lean on that and say, well, I was able to ask this question and it gave me an answer back.
Those are effective, as I mentioned before,
in sort of the assistive capacity
if there's a lack of knowledge.
So it helps from like training and up-armoring humans
if we just want them to be a little more effective
in their job.
But when we want real efficiency gains
and we're trying to be able to fight at the speed of AI,
that's where the marketing material kind of falls away.
And there's this emerging field of agentic AI
where agents can be constructed, backed by these large language
models.
And when you pair them together and you're
able to compose them into workflows to accomplish
business processes, at the end of the day,
there's some process we're trying to execute.
There's something we're trying to conduct.
There's some data, and then we're trying to conduct some kind of process or algorithm
against it, whether it's a decision-making thing, visualizing it, et cetera.
And then there's some output that we want to produce from that.
So when we can construct agentic workflows that are
optimized against the business processes and
the business outcomes that we want to
achieve from a cyber perspective,
then we're able to unleash the potential.
That's what I've seen over the last several months,
where we've seen a surge in truly business and
mission impact from a cyber perspective is injecting these agents
that can really work at the speed of AI.
You've mentioned a couple times the speed, the pacing, the velocity of this threat.
What is the reality there?
When you look at the challenges that government faces, the challenges that industry faces. It seems to me like this velocity issue
really kind of supercharges the challenges.
It certainly does.
Yeah, and the pace is there in two ways.
On the one hand, it's the pace of evolution of AI.
So there's just constant changes.
And I mean, every week, there are new announcements
that are just groundbreaking, new releases that come out from big tech providers, from open source
startups, just from across the board, we just see tremendous pace in a change. And so when, you know, we're doing our best to keep our clients up to speed, and it's
really, really challenging, because if you keep your head down in mission for just a
week or two, something revolutionary has happened.
And so staying abreast and being able to wield the latest, especially in, you know, missions
of national importance, where there are a
lot of regulations and there are limitations and guardrails for what you're allowed to
employ.
That's certainly a challenge and a pacing issue, the rate of evolution and can we inject
it into our most sensitive missions fast enough?
On the flip side, when I talk about pace and the speed of AI,
there's also the speed of machines.
As AI comes closer and closer to being able to truly approximate
and emulate decisions humans would make.
I would argue when you string many of
these models together that are optimized for making
little decisions across an entire business process, we're there. We are there now.
We can make end-to-end decisions,
and we can check the decisions that are made,
and we can basically make decisions
that are as good or better as humans.
But because we're doing it inside of machines,
it's easier to parallelize that,
and we can apply more and more processing power to it.
And when you add the power of infinite cloud computing,
it's just tremendous how fast we can make these decisions.
And that's the true power here,
especially on the defensive side,
when we can have the equivalent of millions of brains
all working together as one to address a problem and look in the nooks and crannies,
we're able to find threats that would just be much harder to do at scale and impossible for a human to do at scale.
Well, let's talk about the signal-to-noise issue, you know, that
we often hear, you know, the the the analyst who's sitting there getting a fire hose of information,
and the capability of AI to
generate tons and tons of good information.
Are we in a situation where the AI can actually
contribute to reducing that fire hose of information
to pre-filter all of the stuff that's actually contribute to reducing that fire hose of information to, you know,
pre-filter all the stuff that's coming from all those incoming signals?
Yes, but I would even reframe it a step further. I think where we've had the most
success, right, in sort of the evolution of cyber defense, you know, we've had a
lot of success as we move towards sort of proactive threat hunting.
Most of the most insidious threats are not caught because some alert was splashed on
a dashboard and then someone found it.
It was found by a proactive threat hunter who had a hypothesis about how an adversary,
what TTP they might employ against a given target.
They hunted for that.
They found it. So the beauty of employing
these large language models and
composing them into these agentic workflows,
is that you can actually,
there's this old adage, right?
In order to get a better answer,
you need to ask a better question.
So rather than having the AI models
sift through the haystack and find the needles, what we've
found has been very effective for our clients is if you instead spend time and help this
agentic system understand the system in question first and contextualize it, understand its purpose, its nature,
understand the state of the system,
and then you start to do this hypothesis-driven
threat hunting.
And rather than only being able to do
what a human threat hunter can do
because you're using the power of AI
and superscaled processing,
you can now threat hunt all your hypotheses,
everything that a threat actor might conceivably do
and get very predictive but proactive
with those predictions,
now you're able to spearfish or hunt through
all these different hypothesized threat hunting scenarios.
And that's where we've been super successful
in detecting threat adversary behavior
while generating very minimal false positives.
We recently conducted a prototype effort with a high priority client on the US government
side and we did exactly what I just described.
We used AI and these large language models to construct a set of agents that first introspective the system, understood
its accreditation status, but also its live running status.
And then after developing hypotheses, these agents then said, okay, we want to look for
these things.
And they tailored a set of hunt analytics.
We were able to find, as I mentioned before, these living off the land, these slow and
low techniques by real threat actors moving in the environment. And then we were able to, you know,
thwart them in real time, and we generated almost no false positives. So I do believe that this is
the antidote to that, you know, the screen, sort of just the decay and the weariness of too many alerts,
too much data streaming by.
Instead, let's swarm tackle it with AI,
ask better questions, and then the answers we get back
will have far more precision.
Is it fair to say that you're kind of taking
that velocity problem and turning it on its head
that these systems can go in and do that threat hunting at a scale
that humans simply aren't capable of?
Absolutely.
It is, you know, the fact that adversaries
are sort of using the machine speed, right,
and their ability to go fast with AI against us,
this is how we defend.
We use machine speed to defend, and this is what
it looks like, right? We understand their techniques as they evolve, and we're proactively
hunting for them. And it really is special. We absolutely are doing the mirror image.
And it's really about who can employ AI better, faster, apply it to the mission more rapidly.
And then on the other side of sort of the accelerated pace,
it's who can employ the latest things
that have emerged out of academia
and operationalize those and use them, right?
So are we more effectively using them
on the offensive or defensive side?
That's who's gonna win that battle.
And it's the never-ending battle, right?
It's typical for cyber, it's just never-ending.
I'm curious, where do you suppose we're headed here?
It strikes me that we are still in early days with these tools.
You mentioned that you're doing exploratory things, you're beta testing things.
These are, we're checking to see if these things work.
How do you suppose the future is going to look for us here?
Yeah, I mean, I think the future is ubiquity.
And I think the only question is how quickly we get there.
I think that ultimately, we need, especially
on the defensive side, we need swarms of agents,
swarms of agentic AI systems that are hunting for,
identifying, and thwarting
Adversaries as they attempt to move because the adversary will have swarms of agents
So, you know similar to sort of how others have predicted in the kinetic space
That the future is sort of drone versus drone combat right unmanned versus unmanned I think similar is true in the non kinetic space the future of sort of this this combat in the non-kinetic space, the future of sort of this combat in the cyber landscape, it
is agents fighting agents. And the question is, who can construct the better agents and
who can employ them more quickly, more rapidly, and apply more processing power to them? And
I think, you know, as a nation, I think we're in a great place because, you know, we're
the thought leaders. We're driving innovation still in the world, right? And we have the compute innovation, the latest that we're seeing in terms of quantum, etc.
And so as these things continue to emerge, it's just about rapidly applying them to the mission
and staying ahead of the fight.
That's Joe Gillespie, Senior Vice President at Booz Allen.
And now a message from our sponsor Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue
to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record
payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs that
are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps
and IPs invisible, eliminating lateral movement, connecting users only to specific apps, not
the entire network, continuously verifying every request based on identity and context.
Simplifying security management with AI-powered automation.
And detecting threats using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security.
Hit pause on whatever you're listening to and hit play on your next adventure.
Stay two nights and get a $50 Best Western gift card.
Life's the trip. Make the most of it at Best Western.
Visit bestwestern.com for complete terms and conditions.
And finally, Jenny Sterly's tenure as director of the cybersecurity and infrastructure security
agency has been marked by a unique blend of leadership, passion, and a hacker's mindset.
Reflecting on her nearly four years at the helm in an interview with Wired's Lily Hay
Newman, Easterly described her mission as, solving the most complicated problems out
there while building relationships and fostering a collaborative cyber defense ecosystem.
Her Rubik's Cube motto, if you're curious, you will find puzzles,
and if you are determined, you will solve them, aptly symbolizes her approach to the
complex challenges of cybersecurity. Easterly's efforts have helped CISA grow into a vital
agency tackling threats like China's salt typhoon espionage campaign and ransomware
attacks. She championed public-private collaboration, urging companies to prioritize collective
defense over self-preservation.
As she noted, we are America's cyber defense agency and the American people are getting
an incredible return on investment.
However, her departure comes as CISA faces uncertainty under the new administration,
with potential budget cuts and reorganization
looming. Despite the challenges, Easterly remains optimistic about the agency's legacy,
emphasizing the need for continued focus on China's cyber threats and national infrastructure
security.
Easterly's leadership was driven not just by expertise, but also by a creative spark that made her stand out.
Whether jamming on her electric guitar, solving Rubik's cubes, or donning her iconic dragon-embroidered
denim.
As she transitions out, Easterly leaves behind a resilient CISA and a legacy of dedication
to securing America's digital future.
And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltsman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpe is our publisher.
And I'm Dave Bittner.
Thanks for listening.
Do take care. We'll see you back here tomorrow. you