CyberWire Daily - Checkmate at check in.
Episode Date: May 23, 2024Spyware is discovered on U.S. hotel check in systems. A Microsoft outage affects multiple services. Bitdefender uncovers Unfading Sea Haze. University of Maryland researchers find flaws in Apple’s W...i-Fi positioning system. Scotland’s NRS reveals a sensitive data leak. Rapid7 tracks the rise in zero-day exploits and mass compromise events. The SEC hits the operator of the New York Stock Exchange with a ten million dollar fine. Operation Diplomatic Specter targets political entities in the Middle East, Africa, and Asia. The FCC considers AI disclosure rules for political ads. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on Legal Perspectives on Cyberattacks Targeting Space Systems. Tone-blasting underwater data centers. Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on their paper: Law in Orbit: International Legal Perspectives on Cyberattacks Targeting Space Systems. You can learn more about their work in this post. Check out T-Minus Space Daily for your daily space intelligence. Selected Reading Spyware found on US hotel check-in computers ( TechCrunch) Microsoft outage affects Bing, Copilot, DuckDuckGo and ChatGPT internet search (Bleeping Computer) Deep Dive Into Unfading Sea Haze: A New Threat Actor in the South China Sea (Bitdefender)  Apple’s Wi-Fi Positioning Can Be System Abused To Track Users (GB Hackers) National Records of Scotland Data Breached in NHS Cyber-Attack (Infosecurity Magazine) Zero-Day Attacks and Supply Chain Compromises Surge, MFA Remains Underutilized: Rapid7 Report (SecurityWeek) NYSE Operator Intercontinental Exchange Gets $10M SEC Fine Over 2021 Hack (SecurityWeek) Operation Diplomatic Specter: An Active Chinese Cyberespionage Campaign Leverages Rare Tool Set to Target Governmental Entities in the Middle East, Africa and Asia (Palo Alto Networks Unit 42 Intel) FCC chair proposes requirement for political ads to disclose when AI content is used (The Record) Acoustic attacks could be a serious threat to the future of underwater data centers (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. We'll be right back. sea haze. University of Maryland researchers find flaws in Apple's Wi-Fi positioning systems.
Scotland's NRS reveals a sensitive data leak. Rapid7 tracks the rise in zero-day exploits and
mass compromise events. The SEC hits the operator of the New York Stock Exchange with a $10 million
fine. Operation Diplomatic Spectre targets political entities in the Middle East, Africa, and Asia.
The FCC considers AI disclosure rules for political ads.
N2K T-Minus Space Daily podcast host Maria Vermasas speaks with guests Brianna Bace and Yunal Tatar,
sharing their work on legal perspectives on cyberattacks targeting space systems.
And tone-blasting underwater data centers.
It's Thursday, May 23, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thanks for joining us here today. It's great to have you with us.
Today, it's great to have you with us.
TechCrunch discovered that the consumer-grade spyware app PC Tattletail was running on the check-in systems of at least three Wyndham hotels in the U.S.
The spyware continuously captured screenshots of hotel booking systems
exposing guest details and partial payment card numbers due to a security flaw.
These screenshots were accessible to anyone online who knew how to exploit the flaw.
Security researcher Eric Daigle found the compromised systems during an investigation into spyware,
often called stalkerware, due to its use in tracking individuals without their consent.
Despite his attempts to notify PC Tattletail, the flaw remains unfixed.
The app's presence on the hotel systems is unclear.
It could be due to employees being tricked into installing it or intentional use by hotel management for monitoring.
Wyndham, a franchise organization, stated that its hotels are independently owned and operated
and did not confirm if it was aware of PC Tattletail's use.
PC Tattletail markets itself for monitoring children and employees,
but also promotes its use for tracking unfaithful spouses.
The spyware requires physical access to install,
and PC Tattletail offers a service to install the spyware on target devices remotely.
The company has not responded to requests for comment.
A major Microsoft outage has affected Bing.com, Copilot for web and mobile, Copilot on Windows,
ChatGPT Internet Search, and DuckDuckGo. The outage began at around 3 a.m. Eastern Daylight Time,
primarily impacting users in Asia and Europe. While Bing Search works via direct URL,
the homepage showed a blank page or a 429 error. Copilot services were completely offline.
DuckDuckGo displayed error messages due to Bing API issues. Microsoft and OpenAI
are investigating the cause, and it seems at this time systems have been restored.
Bitdefender Labs uncovered a new cyber threat actor unfading sea haze targeting high-level
organizations in South China Sea countries, likely aligned with Chinese interests.
Their attacks, spanning back to 2018,
primarily hit military and government targets.
Using tools like Ghost Rat variants and.NET payloads,
they exploited poor credential hygiene and inadequate patching.
Unfading C-Haze's persistence and sophisticated tactics, such as spear phishing
with malicious LNK files, highlight the need for robust cybersecurity practices. Despite five years
of activity, they remained undetected, underscoring the importance of vigilant security measures.
Researchers at the University of Maryland, go Terps, identified a privacy vulnerability in Apple's Wi-Fi positioning system, enabling global tracking of users' locations and movements.
This vulnerability allows attackers to build a worldwide database of Wi-Fi access points quickly.
The study shows the potential for mass surveillance and tracking, including in sensitive areas like war zones and disaster sites.
Researchers recommend enhanced privacy measures such as rate limiting, authentication for WPS queries, BSSID randomization, and opt-out options.
Apple has started addressing these issues, but more comprehensive solutions are needed to protect against unauthorized tracking of Wi-Fi access points.
National Records of Scotland, the NRS, revealed that sensitive data was leaked following a ransomware attack on NHS Dumfries and Galloway, resulting in 3 terabytes of data being published on the dark web.
resulting in three terabytes of data being published on the dark web. The breach included demographic records and patient information held temporarily on the NHS network.
Less than 50 individuals were directly impacted and have been contacted.
The attack by the Inc. ransom gang increased identity theft risks.
The incident is under investigation by Police Scotland.
The incident is under investigation by Police Scotland.
Rapid7's 2024 Attack Intelligence Report highlights the continued rise in zero-day exploits and mass compromise events, often combined.
Key findings include more than half of new widespread threat CVEs being exploited before patches are available,
indicating that mass supply chain compromises through zero-day vulnerabilities will persist.
The report also notes the professionalization of cybercriminals who buy zero-day exploits.
Additionally, it emphasizes the critical need for multi-factor authentication,
as 40% of incidents investigated in 2023 resulted from missing or inconsistent MFA enforcement.
Rapid7 stresses the importance of prevention, particularly at the network edge, and proactive defensive measures.
The U.S. Securities and Exchange Commission announced that Intercontinental Exchange, ICE,
will pay a $10 million fine for charges related to a 2021 cyberattack.
Hackers exploited a zero-day vulnerability on one of ICE's VPNs, planting malicious code.
ICE, which operates the New York Stock Exchange, delayed notifying legal and compliance officials
at its subsidiaries, hindering proper disclosure.
The SEC criticized this delay, emphasizing the need for immediate notification.
ICE agreed to the fine without admitting or denying the findings.
Palo Alto Network's Unit 42 describes a Chinese advanced persistent threat group
dubbed Operation Diplomatic Spectre, which has targeted
political entities in the Middle East, Africa, and Asia since late 2022. They've conducted espionage
against at least seven governmental entities using rare email exfiltration techniques to
collect sensitive information from diplomatic missions, embassies, military operations, political meetings, ministries,
and high-ranking officials. The group employs unique backdoors named Tunnel Spectre and Suite
Spectre. Their tactics include exploiting exchange server vulnerabilities to infiltrate mail servers,
emphasizing the need for organizations to patch known vulnerabilities.
need for organizations to patch known vulnerabilities. FCC Chairwoman Jessica Rosenworcel proposes examining whether campaigns and political action committees should disclose when political
ads on radio and TV use AI-generated content. This comes after AI-generated robocalls mimicking
President Biden discouraged New Hampshire primary voters from casting their votes.
If supported by the other commissioners, the FCC will seek public input on requiring broadcasters
to disclose AI use in political ads and define AI-generated content. The proposal aims to ensure
transparency and prevent voter deception in the 2024 election cycle.
Coming up after the break, our N2K T-minus Space Daily podcast host Maria Vermazes
speaks with Brianna Bates and Unal Tatar, sharing their work on legal perspectives
on cyber
attacks targeting space systems. Stay with us. The Winter Blues. We could try hot yoga. Too sweaty. We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat.com or contact your Marlin travel professional for details. Conditions apply. Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to
bypass your company's defenses
is by targeting your executives and their families at home? Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
My N2K colleague and host of the T-Minus Space Daily podcast recently caught up with her guests, Brianna Bays and Unal Tatar,
sharing their work on legal perspectives on cyberattacks targeting space systems.
We investigated in case of a cyberattack targeting a space infrastructure,
this can be a ground system or this can be a satellite system.
What would be the legal tools we have in responding to this?
And in writing this paper, you need to bring an interdisciplinary perspective
because there are some technical aspects of the cyber attacks
and the laws, how they apply for this situation.
And these laws are not created, the international law of armed conflict, the international space
law, these are not created by considering the cyber attacks targeting, because there
was no cyber attacks at this time.
These are the reasons we analyzed
this domain and we created several scenarios.
Actually, Brianna can give more information.
I brought my expertise in creating
the cyber attack scenarios and their technical details.
Brianna and our co-author, he's a lawyer,
brought their legal expertise and then together we wrote this paper.
Yes, Brianna, why don't we, yeah, please go ahead.
My name is Brianna Base.
I'm a graduate of the University at Albany in New York.
I hold a bachelor's degree in emergency preparedness,
homeland security and cybersecurity
and a master's degree in public administration and policy.
So in the paper, just as a little bit of a brief synopsis,
we created three realistic cyber attack scenarios
in which the attackers were targeting space infrastructures,
and that includes orbital and terrestrial infrastructure.
And in each of the scenarios, a principle of international law
was violated. So without going into too much detail about the principles themselves, we looked
at the principle of sovereignty, the principle of non-intervention, and the principle on the
prohibition of use of force. And in each of the scenarios, we created them in such a way where
that principle was violated. And this was
to demonstrate that international law can in fact be violated by cyber attacks, including on space
infrastructure. Though, as we could talk about later, we ran into some of the common complexities
when it comes to applying law to cyber, including the issue of attribution. Yeah. Would it be too much to indulge me if you
could actually talk about each of those scenarios? Because I had the privilege of reading the paper,
and I know we want people to read it. I know we don't want to give too much away,
but they're really fascinating scenarios. I think it'd be really cool for people to hear a bit about
what you all worked on and came up with, because I thought it was very interesting.
The creation of the realistic scenarios is very important.
They are hypothetical scenarios, obviously.
We are not using the real nations or real attackers.
But when creating these scenarios, making them realistic, although they are hypothetical,
is very important.
So when we're creating, we reviewed the recent cyber attacks against space infrastructures.
Also, recent cyber attack trends in IT systems, which can be replicated soon in the space infrastructure.
So we created our scenarios based on that.
And these realistic scenarios actually can be very useful because these scenarios we've created can be used to play some tabletop exercise later
by the readers if they prefer to use it. Brianna, anything to add to that?
So scenario one, we focused on the principle of sovereignty. And in this scenario, we framed it as
a state aerospace manufacturing facility being hit with cyber attack. And the violation occurs because the attack actually
caused certain systems to be permanently damaged and you needing to replace that software and
hardware. You have the second scenario, we focused on the principle of non-intervention.
That was, in that case, you have the two aspects of non-intervention. So you have the attack bearing on the matters of the state. So in this case, we had it where a master control station as part of the GPS system was hacked and they couldn't access the data that was being sent provide the data and it would actually continue their attack throughout the system unless the state that was attacked changed their policy, which is an aspect of non-intervention,
that coercion element. And then our third scenario was focusing on that principle of
prohibition of use of force. And for that one, you had a cyber attack causing real physical
damage and injury to the state. And
that, again, is what led to that violation. Fascinating. So you mentioned the complexities
that came up here when looking into this, not just from the cyber side, but also space law, which,
as I cover a lot on the show, there's a lot of gaps there and it causes a lot of frustration,
understandably. And I know that's the same in the cyber world, too, where technology is just far outpaced
legislation pretty much across the board.
Any commonalities in those gaps that you found or are they unique to each sphere?
What did you find there?
So I think the problem of attribution is probably the widest.
Wherever you're looking at cyber attacks, whatever domain you're looking at,
that attribution issue is going to occur, especially when applying international law,
because international law is based on state responsibility and accountability. And the way you prove state responsibility or that a state has committed a wrongful act is making that
attribution. And it's not only important for just accusing the state or blaming the state, taking
the blame and all of that, but you have attribution required so that you can move down the process of
those legal regimes and responses like cessation, the guarantees of non-repetition and reparations.
All of that can't happen unless you have that violating state and you make that attribution that they're the
ones that did it. This is a very basic question, and Brianna, I'll just stay with you for a second.
This is a legal question. When there's an attack that affects a ground system, a space ground
system or a facility that is space-related but on the ground, and that then affects later something
that is on orbit, is there a distinction in terms of the law about the physical
domains that are being affected there, or is it looked at just systematically? From what I've
found, you look at who owns that space asset. So even though it's in space where there is no
sovereignty, that asset belongs to a nation, and that's what you're looking at in terms of territory, territoriality when it comes to applying the law.
Okay, so in my mind, I'm overcomplicating things.
Okay, so that's good to know.
And just kind of, I think a lot of people think
when they're looking at international law
and applying it to space that it is overly complicated.
But what I found from doing this paper
is that you can apply those existing frameworks.
It's just, and you kind of have to step back and not overcomplicate it and see that, oh, well, even though we are talking about space, someone owns that infrastructure and that helps to apply the law.
Yeah, I know.
I imagine the complication comes into situations where it's not as clear about who owns what, although right now in space, that's not usually an issue.
But we've seen with with things like space debris,
it does become an issue because we don't know where that debris comes from.
But attribution can mean two very different things in the cyber and space world,
but it's amazing how much that's still an issue.
Munal, I see you want to add something to this.
Yeah, I think attribution is an important issue.
When the Internet was created first first security was not a design principle
because it was the internet was created for trusted parties known people known entities to use it and
it was not for commercial purposes so now we are still trying to fix the the underlying protocols
because there are protocol vulnerabilities and still it's really hard to fix the underlying protocols because there are protocol vulnerabilities
and still it's really hard to fix them
because the whole internet is running on them.
I think space is not very different than this.
When space was created, it was mostly for the nation's use.
Their commercialization was low maybe
and more defense purposes,
but now we are living in a very different era.
So the dual use of this
technology is huge and since these systems and protocols were not designed for security purposes
the space engineers they don't take security as a until recently this is what i can say as a design
principle because it's in the orbit so we don't need to worry about people
will not physically get into it.
But the things are changing now.
We see the cyber attacks.
And now, in order to respond to it,
you need to attribute who did it
to deter them to follow up what happened.
But the systems, I think,
and the secure by design principles
should be more applied in the space system development.
And then we can see the attribution is more possible in the systems.
Some great points in what you just said.
And my mind can't help but go back to Viasat 2022, that attack,
and how much the fallout from that just revealed that
commercial companies need to understand that cybersecurity in their direction is such a
priority.
Some critical infrastructure domains, such as energy, they were the victim of cyberattacks
a very long time ago.
And over time, they, in this sector, adopted some cybersecurity principles and then minimum, at least minimum security requirements.
Some other sectors, like maritime, they are coming later.
Space is one of the newest ones which introduced cybersecurity in their domain.
Very quickly.
Yeah, very quickly.
in their domain.
Very quickly, yeah.
Yeah, very quickly, very quickly.
And with the geopolitical conflicts going around the world,
it wouldn't be a surprise to see more of these cyber attacks against space infrastructures.
Indeed, yeah.
I wondered if you could also walk us through some,
you had mentioned these are hypothetical scenarios,
and I want to emphasize these are hypothetical,
but potential technical threats in the cybersecurity domain that would
affect space systems.
You mentioned a few of them in the paper.
I think maybe we need to differentiate space systems, cybersecurity, and the traditional
IT systems, cybersecurity, because they are running in different domains.
The space systems composed of different layers,
like link layer, ground systems, space systems.
So each of them runs different protocols.
In the traditional IP systems,
we are running on the IP domain.
But in the space systems, the ground systems,
yes, they have IP, especially with the user interfaces, but later it is the radio frequency, RF signals.
So you need to understand RF space engineering concepts to attack the systems.
But since it is radio frequency, the attribution is way harder.
radio frequency, the attribution is way harder.
And with the software-defined radio, you can easily implement with low-cost these systems and then try to attack
these systems. And that absolutely opens things up to the attribution
becomes nigh impossible. I'm sure not technically impossible, but very, very hard.
So this is, again, I want to emphasize, we want people to read the paper
so I don't want to give too much away.
I'd love to hear from you both about sort of the conclusions and takeaways from this paper that you would like people to know.
I think for folks in the space industry, it is obvious that security should be a design principle in mind for building security, not bolt-on security to be done later
because it's really hard for space systems.
They are embedded systems.
They are in space.
So physically, you cannot reach them to update them.
So security should be integrated
as a design requirement at the first place
for developing the space systems.
I think this is one thing they need to know.
And for space policy experts,
they need to understand the landscape,
the cyber threat landscape,
and what kind of cyber attacks can be done
so they can get prepared in responding to these attacks.
That's a great point.
Brianna, how about you?
I agree with everything that Al said.
I would also add, in addition to the technical cybersecurity, you also have just emphasis on training your
employees, training your staff, because you always have that human factor. They're always
going to be a vulnerability. So making sure that they're prepared and they know how to handle
themselves and they have that security knowledge in face of attack. Fantastic point.
I could not agree more on that.
That's a really good point.
And maybe we flip the question now for cybersecurity folks
who've been in this field for a long time,
and they're like, oh, yeah, different, new flavor,
or same flavor, different day, something like that of cyber attack.
I mean, what's different about what you found in the space arena?
Is it just the policy of things?
Is it space? Is it actually even, is it an er what you found in the space arena? Is it just the policy of things? Is it space?
Is it actually even, is it an erroneous question that I'm asking?
Is it any different, really?
Yeah, I can give some perspective for the cyber security partners
from technical perspective,
and then maybe Brianna can follow up with more on policy and law perspective.
From the technical perspective,
there is a lot in the space domain
for cybersecurity. So I think we need to see more cybersecurity experts working closely with the
space systems engineers, because you need to understand the domain and what cyber vulnerability
can impact the system. So you need to have the understanding of the domain.
And traditional regular cybersecurity experts
don't have this expertise about the space systems.
They need to gain this information.
And with this, they can speak the language
of the space engineers who develop the systems.
And the space engineers, if they have some understanding of the cyber threats and vulnerabilities,
so these two groups can connect and then understand each other.
Now, I can say that there's a disconnect.
The focuses are completely different.
The cybersecurity people, they are not very familiar with the technical infrastructure of the space systems.
Space engineers, they are not familiar with the cyber threats.
So there is that communication gap.
I think both of them need to learn the other domain and at least the basics of it so they can communicate and work together.
Sure. Speaking more towards the legal aspect of it, I think when it comes to applying international
law to cyber, there's still a lot of work to be done and there are a lot of efforts taking place,
including our own research. I think it's important when you're applying these principles to know
exactly when you're meeting certain thresholds of force or intervention, a lot of that is still unclear. Like what types of cyber attacks meet
that threshold of use of force or what type of cyber attacks are actually a prohibited intervention?
We have some widely accepted ideas of what those are and we use those in the scenarios to create the violations
but there are so many different types of cyber attacks and so many different ways that they can
happen that I think it's like really understanding how those can violate or if they whether or not
those violate international law is important because the more clearly defined our legal
boundaries the better because that's policymakers and world leaders,
they're using those legal definitions and laws to make decisions. So it's very important that
they're as clearly defined as possible. Be sure to check out the T-minus Space Daily podcast
wherever you get your podcasts. Thank you. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach
can keep your company safe and compliant.
And finally, for nearly a decade, underwater data centers have been the cutting-edge trend in tech,
boasting numerous perks like saving land space and benefiting from natural cold water cooling.
From Microsoft's Project Natick to China's Hainan Undersea Data Center,
these aquatic facilities have promised efficiency and durability.
But turns out there's a catch.
They're vulnerable to sound waves. Yes,
you heard that right. Researchers from the University of Florida and the University of
Electro-Communications in Japan discovered that a simple swimming pool speaker playing a high D
note can wreak havoc on these submerged data hubs. The dense water not only cools the servers,
but also carries sound waves that can disrupt their operations. Researchers tested this in
both a lab water tank and a campus lake, finding that just two and a half minutes of targeted
acoustic attack could increase database latency by up to 92.7%. Solutions like soundproof panels and active noise cancellation proved either
too hot or too expensive. But not to worry, they're working on a machine learning algorithm
to detect and counteract these watery whales. As UF professor Kevin Butler put it, the ocean is awash
in sound already. These attacks can happen inadvertently,
like from a submarine sonar blast. So, while the sea may seem serene, it's a whole new battleground
for data security. I just hope that pod of killer whales that's been taking down yachts
don't catch wind of this.
Don't catch world of cybersecurity. If you like our show, please share a rating and review in your podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential
leaders and operators in the public and private sector, from the Fortune 500 to many of the Thank you. This episode was produced by Liz Stokes. Our mixer is Trey Hester, with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karf.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Your business needs AI. Thank you. channel AI and data into innovative uses that deliver measurable impact. Secure AI agents
connect, prepare, and automate your data workflows, helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.