CyberWire Daily - Bypassing Bitlocker encryption.
Episode Date: May 15, 2025Google issues an emergency patch for a high-severity Chrome browser flaw. Researchers bypass BitLocker encryption in minutes. A massive Chinese-language black market has shut down. The CFPB cancels pl...ans to curb the sale of personal information by data brokers. A cyberespionage campaign called Operation RoundPress targets vulnerable webmail servers. Google warns that Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S. shut down operations following a cybersecurity incident. Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. The long and the short of layoffs. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment and direct from RSAC 2025, our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing redefining enterprise security. Listen to Devin's interview here. Selected Reading Google fixes high severity Chrome flaw with public exploit (Bleeping Computer) BitLocker Encryption Bypassed in Minutes Using Bitpixie Vulnerability: PoC Released (Cyber Security News) The Internet’s Biggest-Ever Black Market Just Shut Down Amid a Telegram Purge (WIRED) German operation shuts down crypto mixer eXch, seizes millions in assets (The Record) CFPB Quietly Kills Rule to Shield Americans From Data Brokers (WIRED) EU ruling: tracking-based advertising by Google, Microsoft, Amazon, X, across Europe has no legal basis (Irish Council for Civil Liberties) Operation RoundPress targeting high-value webmail servers (We Live Security) Google says hackers that hit UK retailers now targeting American stores (Reuters) Cybersecurity incident forces largest US steelmaker to take some operations offline (The Record) Infosec Layoffs Aren't the Bargain Boards May Think (Dark Reading) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
Hey everybody, Dave here.
I've talked about DeleteMe before, and I'm still using it because it still works.
It's been a few months now, and I'm just as impressed today as I was when I signed
up.
DeleteMe keeps finding and removing my personal information from data broker sites and they
keep me updated with detailed reports so I know exactly what's been taken down.
I'm genuinely relieved knowing my privacy isn't something I have to worry about every
day.
The DeleteMe team handles everything.
It's the set it and forget it
peace of mind.
And it's not just for individuals. Delete Me also offers solutions for businesses, helping
companies protect their employees' personal information and reduce exposure to social
engineering and phishing threats.
And right now, our listeners get a special deal, 20% off your Delete Me plan.
Just go to joindeleteeme.com slash n2k and use promo code n2k at checkout.
That's joindeleteeme.com slash n2k, code n2k. Google issues an emergency patch for a high severity Chrome browser flaw.
Researchers bypass BitLocker encryption in minutes.
A massive Chinese language black market has shut down. The CFPB
cancels plans to curb the sale of personal information by data brokers. A cyber espionage
campaign called Operation Roundpress targets vulnerable webmail servers. Google warns that
Scattered Spider is now targeting U.S. retail companies. The largest steelmaker in the U.S.
shut down operations following a cyber security incident. Our guest is Devin Urtel, Chief creating U.S. retail companies, the largest steelmaker in the U.S. shutdown operations
following a cybersecurity incident.
Our guest is Devin Ertel, Chief Information Security Officer at Menlo Security, discussing
redefining enterprise security and the long and the short of layoffs. It's Thursday, May 15th, 2025. Thanks for joining us here today.
It's great as always to have you with us.
Google has issued an emergency patch for a high severity Chrome browser flaw that could allow full account takeovers.
Discovered by SolidLab researcher Sevalad Kokorin, the bug stems from weak policy enforcement
in Chrome's Loader component, letting attackers leak sensitive cross-origin data via malicious
HTML.
This can expose OAuth tokens through manipulated refer policies, especially dangerous in authentication
flows.
Google confirmed a public exploit exists, implying possible active use.
The fix is rolling out in the latest Chrome version across platforms.
Users should update manually or let Chrome auto-update on restart. This follows a March patch for another critical Chrome Zero Day used in espionage attacks
targeting Russian entities, which exploited Chrome's sandbox bypasses to deliver malware.
A newly revealed flaw in Microsoft BitLocker allows attackers to bypass encryption in under five minutes using a software-only
method called BitPixie.
The exploit targets systems without pre-boot authentication and has a public proof of concept
available.
Unlike hardware-based hacks, BitPixie extracts BitLocker's volume master key entirely through
software by exploiting a flaw in the Windows bootloader
during PXE soft reboots.
Two ATT&CK versions for Linux and Windows PE allow access using signed components with
no need for physical tampering or a full disk image.
The ATT&CK is stealthy and effective on unattended or stolen devices. Experts strongly advise enabling pre-boot authentication to block access to the VMK
and prevent such breaches.
A massive Chinese-language black market for crypto scams and money laundering known as
Hua Wang Guarantee has shut down after Telegram banned thousands of related accounts.
This underground marketplace operated openly on Telegram, facilitating over $27 billion
in illicit transactions, mainly using Tether.
Vendors offered services like money laundering, victim data, and even tools used in forced
labor at scam compounds across Southeast Asia.
The takedown followed an investigation by crypto-tracing firm Elliptic and media inquiries
by Wired.
Another market, Jinbi Guarantee, was also banned but may attempt to relaunch.
Telegram's crackdown is seen as a major victory against online fraud, though experts warn
these groups may shift to other platforms.
The operation's ties to powerful Cambodian elites underscores the challenge of dismantling
such networks.
Elsewhere, German police have seized the crypto platform EXCH, also called Exchange, and over $30 million in digital assets linked
to money laundering in the $1.46 billion Bybit hack.
Authorities acted swiftly after Exchange announced plans to shut down amid pressure from law
enforcement.
The platform had rejected Bybit's request to freeze stolen funds, later traced by Elliptic to North Korea's Lazarus Group.
Launched in 2014, Exchange processed about $1.9 billion in crypto
and operated on both the ClearNet and DarkNet.
The Consumer Financial Protection Bureau has withdrawn a proposed rule
aimed at curbing
data brokers from selling sensitive personal information without consent.
Initially introduced to combat commercial surveillance and protect national security,
the rule would have required brokers to obtain consent before sharing data like Social Security
numbers and financial histories. Acting CFPB Director Russell Vaught said the move aligns with revised policies and interpretations
of the Fair Credit Reporting Act.
Critics, including privacy advocates and veterans groups, argue the rollback protects corporate
interests at the expense of public safety and national security. They warn that data brokers continue to endanger Americans, particularly military personnel,
by enabling scams, surveillance, and blackmail.
The rules cancellation follows a broader downsizing of the CFPB under President Trump's administration
and pressure from fintech industry lobbyists.
Across the pond, the Belgian Court of Appeal has ruled the Transparency and Consent Framework,
used by Google, Amazon, Microsoft, and others to justify online tracking, is illegal under
the GDPR.
The court upheld a 2022 decision by the Belgian Data Protection Authority confirming multiple
violations, including failures to secure data, properly obtain consent, and ensure transparency.
The Transparency and Consent Framework underpins the tracking-heavy real-time bidding advertising
system active on 80% of the web. Critics, led by Dr. Johnny Ryan of
the Irish Council for Civil Liberties, say tech firms use deceptive consent
pop-ups to mask widespread data misuse. The ruling applies across Europe and
pressures the ad industry to move away from surveillance-based models. The court also found IAB Europe, which created the TCF,
violated GDPR, although not for actions
within the RTB protocol itself.
A cyber espionage campaign called Operation Roundpress,
likely run by the Sednet Group,
also known as APT28 or Fancy Bear,
is targeting vulnerable webmail
servers like Roundcube, Horde, MDamon, and Zimbra to steal sensitive email data.
Researchers from WeLiveSecurity reveal attackers use spearfishing emails to exploit cross-site
scripting flaws, including a zero-day in MDAMEN, the payloads, dubbed SPYPRESS,
steal credentials, emails, and contact lists, and can bypass two-factor authentication.
Some even set up malicious mail forwarding rules for persistent access.
Targets are primarily defense and government entities in Ukraine, Eastern Europe, and globally. Spy press variants are obfuscated and communicate with hard-coded CNC servers.
The campaign underscores the continued targeting of outdated or unpatched webmail systems in
cyberespionage, particularly during times of geopolitical tension like the war in Ukraine.
Security experts urge regular patching and fishing awareness
to mitigate these risks.
Google warns that hackers tied to the Scattered Spider Group,
known for crippling UK retailers like M&S,
are now targeting US retail companies.
These attackers are skilled at bypassing strong cybersecurity defenses and tend to focus on one industry at a time.
Scattered Spider has also been linked to past breaches of MGM Resorts and Caesars Entertainment.
US retail security groups are actively monitoring the threat, with Google helping coordinate briefings to prepare major companies like
Costco, McDonald's and Lowe's.
The largest U.S. steelmaker, Nucor, temporarily shut down some operations following a cybersecurity
incident involving unauthorized access to its IT systems.
The company activated its incident response plan, took affected systems offline, and is
working to restore operations.
While Nucor didn't specify which facilities were impacted,
it emphasized the shutdown was precautionary.
With 300 sites and 25,000 employees,
Nucor is a major global player. Coming up after the break, my conversation with Devon Urtel, Chief Information Security
Officer at Menlo Security.
We're discussing redefining enterprise security and the long and the short of layoffs.
Stay with us.
And now, a word from our sponsor, ThreatLocker.
Keeping your system secure shouldn't mean constantly reacting to threats.
ThreatLocker helps you take a different approach
by giving you full control over what software
can run in your environment.
If it's not approved, it doesn't run.
Simple as that.
It's a way to stop ransomware and other attacks
before they start without adding extra complexity
to your day.
See how ThreatLocker can help you lock down your environment at www.threatlocker.com.
Let's be real.
Navigating security compliance can feel like assembling IKEA furniture without the instructions.
You know you need it, but it takes forever and you're never quite sure if you've done it right.
That's where Vanta comes in.
Vanta is a trust management platform that automates up to 90% of the work for frameworks like SOC 2, ISO 27001, and HIPAA,
getting you audit-ready in weeks, not months.
Whether you're a founder, an engineer, or managing IT and security for the first time, and HIPAA, getting you audit ready in weeks, not months.
Whether you're a founder, an engineer, or managing IT and security for the first time,
Vanta helps you prove your security posture without taking over your life.
More than 10,000 companies, including names like Atlassian and Quora,
trust Vanta to monitor compliance, streamline risk, and speed up security reviews by up to five times.
And the ROI?
A recent IDC report found Vanta saves businesses over half a million dollars a year and pays
for itself in just three months.
For a limited time, you can get $1,000 off Vanta at vanta.com slash cyber.
That's vanta.com slash cyber. That's vanta.com slash cyber.
It is my pleasure to be joined here at RSAC Conference by Devin Ertel, who is the Chief
Information Security Officer at Menlo Security.
Devin, welcome.
Thank you.
Thank you for having me.
My pleasure.
So before we dig into our topics today, it's a busy RSA.
Anything in particular you're looking forward to as you walk the show floor?
You know, I check out vendors,
just like everyone else here doing that.
I like hearing strategies.
Usually you will find topics that are going to be,
they're up and coming and what people are thinking about
and you have like a mind share here.
And I'll be interested to hear how many times
people say agentic while I'm here.
Yes, yes.
It's funny, we were joking about how like, we're sort of on the trailing edge of the hype cycle
for AI, but now we've added the word agentic,
so we're back up again.
I feel like I heard it like two months ago,
and now I've heard it a thousand times already.
Absolutely.
Well, let's talk about enterprise security.
I mean, for folks who are not familiar with the types
of things you and your colleagues at Menlo do,
can you give us just a brief overview?
Yeah, so Menlo started over 10 years ago
in the remote browser isolation space, so securing the web.
So when users are going out and browsing stuff,
if there's a compromised website or something's going on,
we actually have our own cloud browser
that actually everything executes there,
we re-render to make everything safe for the user.
Since then we have added many more features
and you could almost say it's what we're calling now
workspace security.
But yeah, so they've been in the browser,
there's a lot of browser experts that know way more
about the browser than I do there.
But it's kind of crazy to think about.
Like 10 years ago, I don't think we thought
we were not using the browser as much as we do now.
Like I'm literally in a browser that's basically.
Yeah, I mean I think it's central to most people's
computing experience, certainly on the desktop.
Yes, you know before we had thick clients
and all this stuff, but now, yeah, it's kind of crazy how that's changed so much. So help me
understand for folks who aren't familiar with it this kind of browser how does it
differ from the day-to-day browser that I'm using that comes with my computer?
Well the beauty about Menlo is that you know what would even know you use your
browser. Okay. And we add the protections.
So your user wouldn't even know
that all these protections,
there might be some things like,
hey, you're downloading malware, we stopped it.
So they might see things like that.
But the day-to-day use,
you wouldn't even know that it's even happening.
Which, as a security practitioner, as myself,
the beautiful solution,
your end user should never know, right?
You do not want to be a hindrance.
You want to be able to let the business run.
So that's a good thing, right?
Yeah, yeah.
Yeah, so we integrate with Chrome.
You can put us as a proxy and get those,
and you can put us in front of applications
and we're kind of transparent to the user.
This word I've heard of, I think,
to predetonate things.
So.
Yes, yeah.
So think sandbox.
Right, right.
Yeah, absolutely.
Yeah.
Well, what are some of the obstacles
that you find some of your customers are facing here?
When they're coming to you and saying,
hey, we think this might be a good fit for us,
what problems are they trying to solve?
So yeah, so of all the feature sets,
with the beginning one, I think everyone was trying
to solve like users going and downloading malware, right?
Like that's like a very common thing,
and that's what the remote browser isolation.
What's happening now is we kind of flip it down its head,
and we put the isolation in front of applications.
I like to call it like a WAF on steroids,
so we protect the application itself,
and then we protect end user.
What if you have a contractor,
normally you would, you know,
six month contractor comes in,
you give them a whole laptop,
and then you got to go get the laptop back.
Sending the laptop and getting the laptop
is hard enough in itself.
With this new solution,
you basically can put all these controls in.
Oh, you don't want to let them download anything?
You can't download anything when you go to this app.
Oh, you don't want to upload anything?
You can't do that.
You can watermark it to make sure they can't screenshot
things.
You can essentially lock in this application
and ensure that nothing reaches the endpoint,
because you can't really trust that endpoint being
that you don't have it.
And is this outside or inside of the browser?
All in the browser.
It's all in the browser?
Yes.
OK.
Yeah.
Interesting.
You can put all these protections in place
without having to procure a whole laptop with EDR on it,
with all these security controls.
And it's zero trust, right?
And you can manipulate.
You can even manipulate the page.
I don't want them to see the comments section of this.
So it's very tuning.
You can actually go into the pages they're visiting
and restrict.
Yeah, oh that's fascinating.
And since it's in the cloud, they can't change it.
If it was on the endpoint, the user can fiddle
if they're technical enough.
And I suppose, like you mentioned a contractor,
if someone wants to be in a BYOD position,
the person doesn't have to, the security professional
doesn't have to be in charge of the device
because they have control of the browser.
Yes, and it can be a pain shipping a laptop
and building it.
It's getting it back, I think is the part that, you know.
Right?
It's getting it back.
Absolutely.
We really need it back.
Yeah.
Absolutely.
Yeah.
Well, I mean, let's touch on the hot topic,
which is AI, of course.
How does that play into any of the things
that you all are doing?
So, yeah, so that's what we're using. We into any of the things that you all are doing?
So yeah, so that's what we're using,
we have a couple things that we're using
like computer vision AI,
and that would be protecting credential compromise.
So a phishing email comes in,
they mimic your Okta page or whatever,
your Microsoft 0365 page, steal your credentials.
This would detect that,
basically using computer vision,
knowing hey, this is not an O365 website,
but it has your logo, it has this on it,
this seems a little thing, it would just immediately,
I think we call it zero hour detection,
it would immediately detect it,
even if categorization wasn't labeled bad yet.
And a lot of times what the actors do
is they just bring up a site for a little bit
and then, you know, and.
Right.
Or put it up, let it be under the radar,
get a good categorization and then,
so then you can fish people onto it.
That's one way.
The other way which we're really looking into it
is with data, and that's where workspace security
comes into play.
I always say like back in the day,
I don't want to age myself here,
but we had mainframes and databases
and we could put our arms around it all, right?
That's right.
You're right, I want to hug my server.
Yes, we did.
I think as a security industry,
we did a great job with all the firewalls,
with the detonation before things come in.
But now, and I really feel like the COVID era
kind of kicked that up, like the digital transformation
and all that, there's so many SaaS tools,
there's so many messaging apps,
and data is just all over the place now, right?
So we're looking at AI to automatically detect data.
Whether or not you label it correctly,
like a lot of people, they try to go around
and put the labels on, you know, someone can forget that label. There's a lot of people, they try to go around and put the labels on.
Someone can forget that label.
There's a lot of things that can go wrong with that
where AI can come in, see, oh,
there's a whole bunch of social securities on this document.
Are you sure you want to email it to this person
and detect it real time, redact, and let it go through?
Right, so you have the opportunity
to kind of save the users from themselves.
Absolutely. The themselves. Absolutely.
The errors and the unintentional sharing of things.
Yes, and if they actually wanted to document back, they can.
So that's what we're looking at now and that's what we're calling workspace security.
It's like the modern thing where the browser is, there's all these back-end API calls,
like data is spread out a lot and a lot of people do not know where it is.
It's a hard thing to do, it's a challenge right now.
Yeah, well I think for a lot of people,
ignorance is bliss.
How do you sleep at night?
I don't know what's going on behind the scenes.
I trust people like you to know what's going on
behind the scenes.
Well let's touch on zero trust,
because that's an important part of the equation as well.
What do you all have,
what's your relationship with Zero Trust?
Yeah, so with a couple of our products,
I always like to say with the browser one,
when people are browsing the web in general,
you're not even trusting the web, right?
So that's a different take on Zero Trust,
but I do like to say that.
The other one when I said we flipped it on the side is,
so when you give that contractor that app,
back in the day we used to have to use VPNs, right?
And you are essentially tunneling them
into your corporate underbelly, I call it,
because the controls get weaker as you go in usually
on these big organizations.
In fact, I used to be a pen tester for many years
and when I compromised something
and I could go through a VPN,
I was like, game is over now.
Because the assumption is there's enough protection
with the VPN that if you made it past the VPN,
now you got to tunnel into the network.
And then you just pivot on to other things.
Where this, you're giving access to a single app.
You're not going anywhere but that app.
So, and then like I said, you can put a ton of other
protections around there to protect that app itself
so they can't go elsewhere.
So that is like the zero trust.
In my mind, I mean, I've been in organizations
where we are always trying to like micro segment everything.
I know there's a lot of solutions for that,
but that's really challenging of understanding
where every server is talking to what
and trying to zero trust it that way.
This is always taking the approach of zero trust
at the door where you can't even get in anywhere
and then you basically are just zero trusting
that user to that app, you know,
provide the security controls,
provide the visibility of what they're doing,
provide the ability to quickly cut it off if needed.
So that is our play which we call SAA,
secure application access, essentially what that is our play, which we call SAA, secure application access, essentially is what that is.
The folks who are experiencing success with this approach,
the thing that you are saying, we think this is the way to go at it,
what does that look like for them?
What are the things they're enjoying by embracing this approach?
Well, one is like the use case I used earlier,
you know, being a contractor,
that, or bring your own device, you brought that up,
even your phone, you can do that.
You can literally say, okay, so you're allowing people
to have their own phone,
but maybe you shouldn't access the code base,
or maybe you shouldn't access the cloud infrastructure,
but I will allow you to access,
I don't know, the lunch menu.
Right, right, okay.
You have that ability, you can really get granular
with this stuff, and so with bring your own device,
and that, and I can tell you the one thing
that a lot of people I think is overlooked
is the actual security it's putting on
the application itself.
As a former pen tester, attacking the app,
you get access, and then you attack the app.
You get access to the host, the end user,
then you attack the app.
It's a WAF, a web application security firewall,
it's really hard to manage.
It's a lot of rules, a lot of false positives.
This is a plug and play.
Like they cannot see or do or alter any of the requests
that come into the application.
So doing the SQL injection is next to impossible
because unless you somehow figure a way
to do it in the form and individually.
So you're really protecting the app.
What also you're doing, so what attackers are doing now is,
so everyone's going on the FIDO two factor authentication
because the attackers figured out how to push bomb
on phones, they figured out how to fish the one time codes.
So now what they're doing, as people are using Fido,
which is a much more secure two factor,
they're just taking the cookie.
So think when you authenticate via Fido,
and it's like, okay, well I'll take this cookie now,
and then I'll go and access it.
With this solution, the cookie actually never also
touches the endpoint.
So if that endpoint was compromised,
they're not going to be able to get that authentication
cookie and bring it somewhere else and then gain access.
So you really are zero trusting that device,
where you're locking it down quite a bit,
without having a whole bunch of agents and ADR and all that.
You don't need all that stuff.
Not saying you don't need ADR,
I believe that's a foundational thing, but yes.
Well, but when you all are designing
and deploying this product,
how do you balance for your users
ease of use with powerful options, right?
Absolutely, well internally, you know,
I say we're customer zero and we literally,
everything that we build, we put out in our company.
So sometimes I have made users unhappy,
so which then gives feedback and we change things like that.
So there are things you can do.
So you could say you want Okta to be that factor
and then there's a cloud browser login
that happens after the fact.
You can loosen those controls
because you have the door in front of that,
that is the Okta and the Fido and your password rotation
and whatever you're doing authentication security wise
and then that allows you
into the gate to access the cloud browser.
So you can, depending on your use case and if you're
in a big government and very sensitive,
you might not want to.
It all depends on your company and its risk appetite
on that one of how you want to turn and crank those levers.
Yeah.
Where do you suppose this is all heading?
I mean, we were talking about how the browser
is central to most people's desktop computer experience.
Is this the future?
Is not having that soft underbelly on your machine
available?
Do you think that's where we're heading? I would love that.
As a security professional,
I would love everyone to have a Chromebook.
Yeah, right.
But it's a cultural shift that,
in fact I was just talking to another practitioner,
there's a joke where it's like, to pay a bill,
you know, the old school, we have to open up the laptop,
we don't bring out the phone.
And I'm still that way, right?
That's right, that's right.
So there's always a cultural shift.
But does, do many people, besides an engineer
that is like coding, that's going to take
a bigger cultural shift.
But like a salesperson or a marketing person,
I think a Chromebook will be fine.
The amount of stuff you can do in a web browser,
which they already do, you know, if you see their laptops,
it's just a Chrome page with a thousand tabs open.
I'm with you, you know, my, I'm sure our listeners
have heard me talk about, you know,
when I was taught the time to outfit my elderly father
with a computer, and he'd been a Mac user
for many, many years, but there was a time
when Chromebook, for my sake.
Yeah, I feel it was like troubleshooting.
Yeah, yeah, it was just, you know, it's kind of bullet for my sake, was the easy... Yeah, absolutely. It's like troubleshooting.
Yeah, yeah, it was just, you know,
it's kind of bullet for the simplicity,
fit the user case, you know, in that particular case.
Yeah.
I think that's where it's going,
which the interesting thing is Chrome, Safari,
you name it, the browser.
Yeah.
They're a user,
they're not like a corporate application, right?
And we haven't put the protections in place,
and that's where Menlo has come in and said,
okay, use your browser,
let us put a little more security on it.
And Chrome is doing stuff where they're continually adding,
but you have a little more control over it,
rather than it just being some,
because it's basically an operating system now.
Yeah, absolutely.
All right, well, Devin, thank you so much
for taking the time for us.
Thank you, yeah, definitely.
It's been a pleasure to get to chat with you.
Absolutely.
Yeah, absolutely.
What's the common denominator in security incidents?
Escalations and lateral movement.
When a privileged account is compromised, attackers can seize control of critical assets.
With bad directory hygiene and years of technical debt, identity attack paths are easy targets
for threat actors to exploit but hard for defenders to detect.
This poses risk in active directory, Entra ID, and hybrid configurations.
Identity leaders are reducing such risks
with Attack Path Management.
You can learn how Attack Path Management
is connecting identity and security teams
while reducing risk with Bloodhound Enterprise,
powered by SpectorOps.
Head to spectorops.io today to learn more. SpectorOps, see your
attack paths the way adversaries do.
And finally, layoffs are hitting the cybersecurity sector hard this summer, with major players
like Microsoft and CrowdStrike slimming down despite healthy profits.
Microsoft recently let go of 6,000 employees, many in tech roles, as it shifts more investment
into AI.
CrowdStrike trimmed 500 positions while announcing record earnings. The message seems
clear. Automation is in, and human jobs are negotiable. But behind the financials are
real people, skilled professionals who've spent years building defenses, now finding
themselves out of work. And the ripple effects aren't just personal. Experts warn that sudden layoffs, especially in cyber teams, can carry serious security
risks.
Departing employees may, intentionally or not, walk out with sensitive data, and stretched
thin security teams may miss emerging threats.
As SANS Institute's Rob T. Lee puts it, you're not just losing people, you're losing
the people who know how to stop a tax.
Companies might see cost savings now, but the long-term bill could come in the form
of a breach headline.
And nobody wants that. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity. If you like our show, please share a rating and review
in your favorite podcast app. Please also fill out the survey in the show notes or send
an email to cyberwire at n2k.com. N2K's senior producer is Alice Carruth,
our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music
and sound design by Elliot Peltsman.
Our executive producer is Jennifer Iben,
Peter Kilpey is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. And now a word from our sponsor, Spy Cloud.
Identity is the new battleground, and attackers are exploiting stolen identities to infiltrate
your organization.
Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection
helps security teams uncover
and automatically remediate hidden exposures
across your users from breaches, malware, and phishing
to neutralize identity-based threats
like account takeover, fraud, and ransomware.
Don't let invisible threats compromise your business.
Get your free corporate darknet exposure report at spycloud.com slash cyberwire
and see what attackers already know.
That's spycloud.com slash cyberwire.