CyberWire Daily - Dropbox sign breach exposes secrets.
Episode Date: May 2, 2024Dropbox’s secure signature service suffers a breach. CISA is set to announce a voluntary pledge toward enhanced security. Five Eyes partners issue security recommendations for critical infrastructur...e. Microsoft acknowledges VPN issues after recent security updates. LockBit releases data from a hospital in France. One of REvil’s leaders gets 14 years in prison. An Phishing-as-a-Service provider gets taken down by international law enforcement. China limits Teslas over security concerns. In our Threat Vector segment, David Moulton from Unit 42 explores Adversarial AI and Deepfakes with two expert guests, Billy Hewlett, and Tony Huynh. NightDragon founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC. And celebrating the 60th anniversary of the BASIC programming language. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest In our Threat Vector segment, David Moulton, Director of Thought Leadership at Unit 42, explores Adversarial AI and Deepfakes as part of the ongoing series “AI’s Impact in Cybersecurity'' with two expert guests, Billy Hewlett, Senior Director of AI Research at Palo Alto Networks, and Tony Huynh, a Security Engineer specializing in AI and deepfakes. They unpack the escalating risks posed by adversarial AI in cybersecurity. You can catch Threat Vector every other Thursday on the N2K CyberWire network and where you get all of your favorite podcasts. Listen to David’s full discussion with Billy and Tony here. Plus, NightDragon Founder and CEO Dave Dewalt joins us with a preview of next week’s NightDragon Innovation Summit 2024 at RSAC including a look into his “State of the Cyber Union” keynote. Selected Reading Security Breach Exposes Dropbox Sign Users (Infosecurity Magazine) The US Government Is Asking Big Tech to Promise Better Cybersecurity (WIRED) CISA adds GitLab flaw to its Known Exploited Vulnerabilities catalog (Security Affairs) Russian Hackers Target Industrial Systems in North America, Europe (SecurityWeek) Microsoft says April Windows updates break VPN connections (Bleeping Computer) LockBit publishes confidential data stolen from Cannes hospital in France (The Record) Ukrainian sentenced to almost 14 years for infecting thousands with REvil ransomware (The Record) LabHost Crackdown: 37 Arrested In Global Cybercrime Bust (Security Boulevard) Tesla cars to be banned from Chinese government buildings amid security fears — report (Drive) The BASIC programming language turns 60 (Ars Technica) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. Dropbox's secure signature service suffers a breach.
CISA is set to announce a voluntary pledge towards enhanced security.
Five Eyes partners issue security recommendations for critical infrastructure.
Microsoft acknowledges VPN issues after recent security updates.
LockBit releases data from a hospital in France.
One of our evil's leaders gets 14 years in prison.
A phishing-as-a-service provider gets taken down by international law enforcement.
China limits Teslas over security concerns.
In our Threat Vector segment, David Moulton from Unit 42
explores adversarial AI and deepfakes
with two expert guests,
Billy Hewlett and Tony Huynh.
Night Dragon founder and CEO Dave DeWalt
joins us with a preview of next week's
Night Dragon Innovation Summit 2024 at RSAC
and celebrating the 60th anniversary
of the basic programming language.
It's Thursday, May 2nd, 2024.
I'm Dave Bittner and this is your CyberWire Intel Briefing. theme. Thanks for joining us here today. It is great to have you with us. Dropbox has reported
a significant security breach impacting its Dropbox Sign service, previously known as HelloSign. The breach,
identified on April 24, led to unauthorized access to users' emails, usernames, phone numbers,
hashed passwords, API keys, and OAuth tokens. Notably, attackers could bypass security measures
due to the theft of authentication data. The breach did not affect the content of user accounts or payment information
and was confined to the Dropbox Sign platform.
The intrusion originated from a compromised service account within Dropbox Sign's backend.
In response, Dropbox has reset passwords,
logged out users from connected devices, and rotated relevant security credentials.
The company is contacting affected users with further instructions and emphasizes ongoing efforts to enhance cybersecurity resilience.
No financial impact on the company has been reported, and the investigation continues.
reported, and the investigation continues. Wired reports that the Biden administration,
via the Cybersecurity and Infrastructure Security Agency, is urging major technology companies to voluntarily commit to enhancing the security of their software and cloud services.
This initiative, part of the Secure by Design campaign, is set to be officially announced at the RSA Cybersecurity Conference.
Companies that sign the pledge will agree to implement seven cybersecurity improvements,
including expanding multi-factor authentication and improving vulnerability disclosure programs.
The response from the tech industry has been cautious,
with only a few companies confirming their participation so far.
The initiative aims to shift cybersecurity responsibilities from users to vendors,
following numerous security incidents that have affected essential services.
CISA's approach emphasizes collaboration with the industry to refine these commitments,
moving towards measurable
cybersecurity enhancements in software products. Meanwhile, CISA has added a critical vulnerability
from GitLab Community and Enterprise editions to its known Exploited Vulnerabilities catalog.
This flaw involves an account takeover through a password reset mechanism that could send reset emails to
unverified addresses. This vulnerability affects multiple versions of GitLab, with patches now
available. CISA mandates federal agencies to remediate this issue by May 22 and recommends
that private organizations also check their systems. Shadow Server reports that thousands of instances,
particularly in the U.S., Germany, and Russia, are still exposed online and vulnerable to this exploit.
U.S., Canadian, and U.K. cybersecurity agencies have issued recommendations for critical
infrastructure organizations in response to attacks by pro-Russia hacktivists on industrial
control systems and operational technology systems. These attacks have targeted sectors
such as water, energy, and agriculture, often exploiting human-machine interfaces with weak
security, like default passwords and outdated software. Recent incidents involve manipulation of HMIs
leading to minor operational disruptions,
such as tank overflows,
although most systems were quickly restored to manual control.
While these attacks have generally caused only nuisance effects,
there is potential for significant physical threats
due to the capabilities of these hackers.
The alert suggests some hacktivists could be linked
to sophisticated Russian government hacking units like Sandworm.
Recommendations for enhancing security have been provided
for network defenders and OT device manufacturers.
Microsoft has acknowledged that the April 2024 security updates
have caused VPN connection failures on various Windows versions,
including Windows 11, Windows 10, and Windows Server platforms dating back to 2008.
The issue affects both client and server versions, with specific updates identified for each.
Microsoft is currently investigating the problem and has not yet
offered a solution, but suggests uninstalling the problematic updates as a temporary fix.
This action will remove all security fixes included in those updates, potentially exposing
systems to vulnerabilities. Microsoft has advised those affected to seek assistance through the
Windows Get Help app or the Support for Business portal, depending on their user category.
The LockBit ransomware gang has released data it claims to have stolen from the Simone Vale Hospital in Cannes, France, following a ransomware attack on April 16.
This incident is part of a broader pattern of cyberattacks
targeting the French healthcare sector. Recently, a cyberattack compromised data on nearly half of
France's population. The hospital has rejected the ransom demand and has involved the police
and France's cybersecurity agency ANSI. The impact on hospital operations has not been disclosed. The hospital plans to
inform patients and stakeholders about the specifics of the stolen data after a thorough
review. This attack comes amid efforts to revive LockBit's operations following significant law
enforcement actions that disrupted its infrastructure and led to arrests and account
closures. Despite these setbacks,
LockBit's administrators are trying to minimize the damage and continue their operations.
Yaroslav Vavinsky, a 24-year-old Ukrainian hacker, has been sentenced to nearly 14 years in prison
for his involvement with the R-Evil ransomware attacks, which infected thousands
of computers worldwide and demanded over $700 million in ransoms. Baskinski was also ordered
to pay over $16 million in restitution. His notable crimes include the 2021 attack on Kaseya,
a software provider which significantly impacted many companies globally.
Arrested while crossing from Ukraine into Poland, Baszynski was extradited to the U.S.
and pleaded guilty to multiple charges, including fraud and money laundering.
This sentencing, part of a broader U.S. Justice Department effort,
underscores a committed international approach to combating cybercrime.
Global law enforcement agencies have successfully cracked down on Labhost, a significant fishing as
a service provider, in a coordinated operation named Fish Off and Nebulae. This crackdown led
to the arrest of 37 individuals across multiple countries, including Australia and the UK, where key operators were detained.
LabHost was notorious for executing extensive phishing operations,
bypassing security measures such as two-factor authentication.
The operation showcased remarkable international collaboration with involvement from 19 countries.
Tesla vehicles are increasingly being banned from government-affiliated buildings in China due to security concerns,
expanding beyond previous restrictions limited to military bases.
According to Nikkei Asia, the bans now include meeting halls, exhibition centers,
highway operators, local authority agencies, and cultural centers.
Specific incidents include the Granz Hall Conference Center in Shanghai
banning Tesla vehicles entirely, even for passage. This escalation follows prior incidents,
such as an airport prohibiting Tesla parking over fears the car's sentry mode could capture
sensitive information. In response, Tesla has established a local data center in China to ensure all vehicle
generated data is stored locally and emphasized that data from sentry mode is stored internally
and cannot be accessed remotely.
Coming up after the break, David Moulton from Unit 42 explores adversarial AI and deepfakes. And Night Dragon founder and CEO Dave DeWalt joins us with a preview of next week's Night Dragon Innovation Summit at RSA Conference.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews,
and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new
way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their
personal devices, home networks, and connected lives. Because when executives are compromised
at home, your company is at risk. In fact, over one-third of new members discover they've already
been breached. Protect your executives and their families 24-7, 365 with Black Cloak.
Learn more at blackcloak.io.
David Moulton is host of the Threat Vector podcast
right here on the N2K Cyber Wire network.
In a recent episode, he explored adversarial AI and deepfakes with two of his expert colleagues, Billy Hewlett and Tony Hoon.
In today's digital world where AI can create just about anything, it's wise to just double check before believing everything you see online.
Welcome to Threat Vector, a podcast where Unit 42 shares unique threat intelligence insights,
new threat actor TTPs, and real-world case studies. Unit 42 has a global team of threat intelligence experts, incident responders, and proactive security consultants dedicated to
safeguarding our digital world. I'm your host, David Moulton, Director of Thought Leadership for Unit 42.
In today's episode, I'm sharing a conversation with two AI experts about adversarial AI and deepfakes.
As organizations continue to leverage artificial intelligence to fortify their defenses,
malicious actors are leveraging the same technology to breach them,
leading to yet another round of the age-old game of cat and mouse.
My guests today are Billy Hewitt, Senior Director of AI Research at Palo Alto Networks, and Tony Nguyen, Security Engineer specializing in AI and deepfakes.
I guess I'll start with you, Billy. What are some of the potential risks that you see from adversarial AI for cybersecurity?
Yeah, so academically, there's this idea of adversarial AI and that's how you use AI
to defeat AI.
So all of our products
use artificial intelligence.
We have, for example,
in URL filtering,
we're trying to take a webpage,
we're trying to decide
if it's malicious or benign.
And we have to do this
very, very quickly.
And we have to do this at scale.
And the only way to do that kind of thing
is with artificial intelligence.
So if we look at Cortex, if we look at Wildfire,
if we look at DNS, if we look at DLP, SAS,
all the products in some way use artificial intelligence.
So then the question is,
does the attacker use artificial intelligence
to fight against that AI? And that is what adversarial AI is. It's AI versus AI.
Billy, how are adversarial attacks carried out? And can you talk about some of the most common
techniques? Sure. I mean, I think the most common technique is something where you have some sort of gradient descent on the defensives.
So imagine that I was trying to classify malware.
And what I did was I said,
okay, this thing is malware, and this is how sure I am it's malware.
If it's 50% sure, 90% sure.
And there's some threshold. And if I go below that threshold, I'm going to call it malware. If it's 50% sure, 90% sure, and there's some threshold. And if I go below that threshold, I'm going to
call it malware. If I go below that threshold,
I call it benign. So imagine that I
say, this is how much I think
this is malware, and this is how sure I am.
Now what the attacker
can do is they can take a whole
array of malicious
and benign files, and they can
give it to us, or to whoever they're attacking.
And they can get the answer back.
And they get all these answers back,
and they also have sort of numbers,
like how sure are you that it's malware.
Billy, tell us about the types of adversarial AI attacks
that concern you the most.
The attack that really worries me
are this AI versus human attacks.
We're really, really
good at defending our own
models.
We have lots and lots of work
there. There's lots and lots of data.
It's much harder
to defend humans.
I remember I did an internship
with Google many years ago, and they said
hackers hack people, right?
At some point, they hack the computers
and they have to get into your system and all that stuff.
And that stuff I think we're really good at.
But at some point the hackers
hack people and
these new techniques
that the attackers have
on attacking people,
we don't have a corresponding
great answer
for defensives here. So let me take it over to you, We don't have a corresponding great answer for defense.
So let me take it over to you, Tony.
Tell me how deepfakes are being used for social engineering attacks.
And as an expert and researcher, what are the most viable and maybe the most frightening?
It would be CEOs, people in higher positions.
The one that Billy mentioned, the CFO, right?
Reaching out to a finance worker.
It was said that it was multiple workers in a call.
But imagine being in that call, your higher-ups in there,
demanding you send this money.
So it's more like, sure, you may get the urgent emails, right?
Oh, I need you to call me and send me these gift cards
but imagine if you know your boss is on a zoom call with you yelling at you in his voice
urging you to send money it's kind of convincing do you think that this is a call for us to harden
society against adversarial ai people have to build up their own internal defenses against us,
especially people that are more risky targets.
The defense side, I think, will catch up eventually.
The AI versus AI case, I think we're, you know,
it's a fight, but we're working on it.
We understand how to do this.
The AI versus human case
is more tricky
and then it's sort of like,
can I get something in the medium
between you and the attacker?
Can I get something
on your cell phone
if you're doing this?
You know,
if someone sends you
a text message,
we don't really have
a product that can intercept
that text message right now.
Now for the attacker
side of it, your picture's on the production media, I can grab that and edit right now. Now for the attacker side of it, your pictures on
social media, I can grab that and edit the images and deepfake that.
If you have YouTube videos, I can do that.
A podcast, movies,
TikTok, for example, I can pull those images down
and build a deepfake around that.
Tony, what ideas do you have that might be helpful to detect
unusual or strange behavior?
Billy covered it earlier.
It's more like just calling the person out, verifying, and then see if you have a phish, report it.
Even if you think it could be a phish, right?
Our security team or our security is going to review it, right?
So if you're not sure, better safe than sorry.
Tony, I know we've been talking about video deepfakes,
but I'm wondering if you can use some of your tools
to give an example of a audio deepfake.
Hey, David, Joe Biden here.
Glad to be on Threat Vector.
I hope you like this good voice.
That was pretty good.
What else have you got?
Hi, Astral love is the binary.
It's not a tumor.
It's a neural network.
I'll be back to debug the algorithms.
Tony, those are pretty good.
Thanks for giving us a quick demonstration.
That's it for ThreatFactor this week.
I want to thank our executive producer, Michael Heller,
our content and production teams,
which includes Shada Azimi, Sheila Drosky, Tanya Wilkins, and Danny Milrad. I edit the show and Elliot Peltzman mixes the show.
We'll be back in two weeks. Until then, stay secure, stay vigilant. Goodbye for now.
Be sure to check out the Threat Vector podcast wherever you get your podcasts.
Dave DeWalt is well-known in the cybersecurity industry and is the founder and CEO of NightDragon.
He joins us with a preview of next week's NightDragon Innovation Summit
at the RSA conference.
Dave, first of all, hey, thank you for having me
and really appreciate all the hard work you guys do.
CyberWire's a fantastic organization
and I'm an avid reader every day.
So thank you for what you do. Yeah, we're excited
about RSA this year. I start out by saying it's my 20th one. So I like my 20th anniversary,
which it dates me at the same time as it does anything else. But in 2004, EMC acquired RSA, and I was president of EMC at the time, so I got my first introduction to RSA.
Even though we had a little COVID during the timeframe, you know, 20th year here, I'm super excited.
It looks like it's a very large event this year again, a lot of interest in the world to the event.
And we tried to bring a little different angle, Dave, than perhaps others.
You know, we have this innovation summit, which is really this juxtaposition of public sector,
meaning government, and private sector, meaning the industry of private companies and public,
you know, vendors, along with all the buyers, the chief information security officers and the channel,
all kind of coming together into one kind of village, so to speak.
And, you know, the theme there is always, you know, better together, you know,
United is better as a team sport cyber we know.
So trying to bring together the best of the best from many different areas of the cyber industry to talk about threats,
talk about risk, talk about innovation, collaborate, and try to make the world a better place is
a little the theme of the summit.
And this year's one is going to be record attendance, highest level executives coming,
and really, really excited.
It's kind of like a family reunion in some ways
where a lot of people have been around a long time
and we all know each other.
So highlight of the year for me and looking forward.
Thank you for being a partner in it.
What strikes me is that it really is an opportunity
for folks who attend to hear from a lot of really high-level folks,
as you say, both in government and the private sector,
all in one place.
We talk about making the best use of your time
when you're out in San Francisco for the conference.
This really is that.
Yeah, and that's what I try.
This is a 25-year CEO talking,
you don't want to waste anybody's time.
I'm there to really create high-quality content.
And, you know, it starts out with a little State of the Union of Cyber from me.
But, you know, and then I have a Kevin Mandia together with Director Jen Easterly of CISA and the head of the U.S. Cyber Command, David Luber, giving us a threat and risk landscape.
And the head of the U.S. Cyber Command, David Luber, giving us a threat and risk landscape.
Then we have sessions with the biggest data providers, the biggest AI providers.
We have some of the biggest luminaries in the whole industry, George Kurtz, CrowdStrike,
Fireside Chat with him, the Cash Aurora, Palo Alto's CEO. We have an amazing CISO panel with 100 years of chief information security officer experience amongst the panel.
I mean, it's a something.
So you start to, like, really try to create content for everybody.
You know, no marketing, no sales.
Kind of really, you know, cut to the chase.
And, you know, hopefully it's really worth everybody's time to be there.
Well, you mentioned that you're kicking things off with the State of the Union.
Can you give us a little sneak peek of some of the things that you're going to be talking about?
Yeah, you know, I can, you know, certainly, you know, maybe not at a detail level for now.
But, you know, we see this, you know, what I've talked about for almost 20 years, this perfect storm of threats and risks that really have accelerated
post-pandemic. And we've watched the world of globalization for 80 years post-World War II
change pretty abruptly during the pandemic, as you watch shortages of supply chains for vaccines. And then, you know, various regional wars break
out, Russia, Ukraine, you know, Israel, Hamas, you know, South China Sea conflicts. I mean,
it's hard not to look around the world and see we have threats and risks, both cyber and physical.
But now we're facing some new threats and risks as well as cyber expands beyond what you think traditionally of the
cyber markets, Dave. And now I talk about what's called future fusion, which was all about cyber
fusing with other domains, now about fusion being now and being here and being real. And that cyber
could be fused with supply chain problems,
which we know a lot of the attacks are happening in the supply chain, cyber physical issues,
cyber industrial issues, cyber blockchain issues, cyber AI, cyber meets electronic warfare,
you know, cyber meets, you know, just about every area of space, air, land, oceans. And you have this merging, this fusing of the cyber domain
where it creates ubiquity of the cyber problem
across a much bigger threat surface
than we traditionally had with a network with firewalls
and moats around it.
Now it's everywhere.
And it's in every part of all of our domains,
made worse now even by information
warfare, where not only do we have these threats and risks that we're seeing, we now have a hard
time believing what we might be seeing in terms of information and brought on by generative AI
and deep fakes. And can we trust the information we see? And, you know, our ability
to fake that now is another level. So, you know, a world where we have, you know, challenges is an
understatement and, you know, there's an old adage, may we live in interesting times, which is
not only, you know, a curse and a blessing, but it's all wrapped up
and we live in interesting times now.
Yeah, for sure.
I was just talking with one of my colleagues here
earlier today about how events like this,
one of the highlights is getting to spend time
meeting people, talking to people.
We kind of refer to it as the meeting after the meeting.
And one of the things that I really like about this event is how deliberate you are about
making time for those kinds of meetings to take place. Absolutely. I think it's a big part of it,
right? I can't be more proud and honored to be a part of this community. And I say that with the
greatest love and respect because, you know, I've been in the trenches as CEO of FireEye and Mandiant, you know, McAfee,
my time, I've seen the best and the worst and, you know, many cycles of all of this. And,
you know, we have a lot of heroes that come to these events. These chief information security
officers are, you know, fighting the fight every day. They're warriors.
And it's just great to network with them and give them a hug and be a part of it.
Sometimes I just want to stand at the hotel lobby and just greet everybody coming in and out because it's like that, right?
I mean, it's all part of this team sport that we're a part of. And RSA is a way of bringing us all together.
sport that we're a part of. And RSA is a way of bringing us all together. And I hope Night Dragon Summit can bring us all together too in a little microcosm of the bigger event. But
this is what it's about, is collegiality in this arena, and we need more of it.
Well, the Night Dragon Innovation Summit is May 7th at RSA Conference. It's taking place at the
Palace Hotel in the Grand Ballroom.
We will have a link in our show notes if you want to find out more about the event.
Dave DeWalt is founder and CEO of Night Dragon.
Dave, thank you so much for taking the time for us.
Dave, thank you so much for having me and look forward to seeing you soon.
That's Dave DeWalt, CEO and founder of NightDragon. Thank you. and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And finally, our 8-bit computing desk reminds us that 60 years ago,
John Kemeny and Thomas Kurtz introduced the BASIC computer language at Dartmouth College,
initiating a revolution in computing accessibility.
BASIC, which was designed for ease of use with its simple syntax and line-by-line execution,
democratized programming by making it accessible to non-engineers.
It rapidly became popular across educational institutions and significantly shaped early personal computing.
Programs in BASIC could be simple, from creating loops to handling user inputs,
which facilitated learning and experimentation for new
programmers. The language evolved over the decades, influencing the development of many
modern programming tools and environments. Despite its reduced use in professional applications today,
BASIC's legacy persists in educational tools and hobbyist communities,
continuing to make programming accessible to
novices. I vividly remember the first time I laid hands on a personal computer, a TRS-80 Model 1,
in my middle school library. I typed in, 10 print, Dave is cool, 20, go to 10. That set me on the
path to where I am today. It's fashionable these days for developers to turn up their noses
at the simplicity and lack of sophistication of the basic programming language,
but for a lot of us of a certain age,
it was a gateway into a whole new world. And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. Thank you. Wire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence
and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment,
your people. We make you smarter about your teams while making your teams smarter.
Learn more at n2k.com. This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. measurable impact. Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease through guided apps tailored to
your role. Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.