CyberWire Daily - FDA warns of biomed device vulnerability. Ransomware's effects continue at US Marshals Service fugitive tracking. US DoJ shifts to disruption of cybercrime. GRU phishing. KillNet’s ask-me-anything.
Episode Date: May 1, 2023The FDA warns of a vulnerability affecting biomedical devices. Ransomware's effects continue to trouble the US Marshals Service. The US Justice Department shifts how it deals with large scale cybercri...me. Fresh phish from the GRU. Caleb Barlow looks at unicorns and zombiecorns. Our guest Manoj Sharma from Symantec explains the differences between Zero Trust and SASE. And KillNet runs an ask-me-anything session. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/83 Selected reading. Illumina cyber vulnerability may present risks for patient results (U.S. Food and Drug Administration) CISA, FDA warn of new Illumina DNA device vulnerability (Record Key law enforcement computers still down 10 weeks after breach (Washington Post) Feds Prioritizing Disruptions Over Arrests in Cyberattack Cases (PCMAG) "Ashamed" LockBit ransomware gang apologises to hacked school, offers free decryption tool (Hot for Security) APT28 cyberattack: distribution of emails with "instructions" on "updating the operating system" (CERT-UA#6562) (CERT-UA) Hackers use fake ‘Windows Update’ guides to target Ukrainian govt (BleepingComputer) Ukraine at D+431: Drone strikes and phishing expeditions. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
The FDA warns of a vulnerability affecting biomedical devices.
Ransomware's effects continue to trouble the U.S. Marshals Service.
U.S. Justice Department shifts how it deals with large-scale cybercrime.
Fresh fish from the GRU?
Hala Barlow looks at unicorns and zombicorns.
Our guest is Manoj Sharma from Symantec, explaining the difference between Zero Trust and Sassy.
And Killnet runs an Ask Me Anything
session.
I'm Dave Bittner with your
CyberWire Intel briefing
for Monday, May 1st, 2023.
The U.S. Food and Drug Administration is warning health care providers of a vulnerability affecting the universal copy service software in a multitude of Illumina devices. The vulnerability impacts a range of
devices and instruments used primarily in sequencing DNA for diagnosing potential genetic
medical conditions, as well as research. The vulnerability allows for an unauthorized user to remotely control, alter
settings, configuration, software, or data, and can alter genomic data outcomes to show no results at
all or an incorrect or altered version of the results. The FDA says that on April 5th of this
year, Illumina notified affected parties of the vulnerability and advised checking the relevant devices for signs of exploitation.
No exploitations have so far been reported.
Illumina's chief technology officer, Alex Arivanis, wrote in a LinkedIn post that the company has developed a software update for the vulnerability,
which he says will be free and require little to no downtime for most.
A ransomware attack against a U.S. Marshals Service computer network
is still causing the agency to experience an outage.
As the Washington Post reports,
a key law enforcement computer network has been down for 10 weeks.
The victim of a ransomware attack that has frustrated efforts by senior officials
to get the system back up and running,
raising concerns about how to secure critical crime-fighting operations.
The effects of ransomware can be protracted and difficult to remediate fully.
The U.S. Marshals Service, by no means an inept or poorly resourced organization, affords a case in point.
They didn't, it's worth noting, knuckle under to
the extortionists. The U.S. Marshal refused to pay the ransom and decided to wipe all devices that
could have been used to facilitate the breach. This has caused some frustration among agents.
According to the Post, in the case of the TOG system, the network has existed outside regular Justice Department computer systems for years,
unnoticed in the open, crowded Internet.
Many agents had their work phones wiped, which resulted in the loss of text conversations and contact information,
which is inconvenient but not crippling.
The service is working to rebuild its systems and re-evaluating its network
architecture. PCMAG reported from the RSA conference that the U.S. Department of Justice
has shifted focus away from arrest and toward disruption and prevention of cyber attacks.
U.S. Deputy Attorney General Lisa Monaco explained that the goal is now to minimize harm.
We're not measuring our success only with courtroom actions and courtroom victories, she said.
Monaco used the Colonial Pipeline attack as an example of how to protect victims.
For context, the DOJ was able to seize approximately $2.3 million in Bitcoin
Colonial Pipeline had paid the criminals to recover its files. Monaco attributes this success to Colonial Pipeline's willingness to work with the DOJ. This approach is not centered on prosecution.
you've got to have a bias towards action to disrupt and prevent,
to minimize that harm if it is ongoing,
to disrupt it and take that action to protect the next victim, and doing so will not always yield a prosecution.
The DOJ's Cyclops Blink operation,
in which the DOJ worked with Microsoft and other private companies
to discover and disrupt a botnet operated by Russia's GRU,
is another example of this approach. The botnet hadn't yet been activated, and its disruption amounted to
proactive mitigation, and that's what Justice is interested in. A LockBit affiliate has fallen out
of the ransomware gang's good graces after using LockBit's ransomware-as-a-service tool against a school district
in Illinois in February, Bitdefender reports. Olympia Community Unit School District 16
discovered that it was victimized on February 26 of this year, and LockBit's leak site began
counting down to April 12 as the date on which all the district's stolen data would be released.
The LockBit administrator, however,
updated the leaked site with an apology for the attack against small innocent children,
and that administrator even seems to have offered the decryptor for free with apologies, saying,
Please forgive me for allowing the attack on small innocent children. The stolen data has
been deleted. To get the decrypter, please give me
the decryption ID. I am very ashamed, but I cannot control all partners. Anyone can join my affiliate
program as well as break the rules. I have blocked this partner. So there may be some small honor
among thieves, or in this case, ransomware as a service operators, but they remain thieves nonetheless.
On Friday, April 28, 2023, CERT-UA, Ukraine's computer emergency response team,
reported that Russian operators were sending phishing emails that misrepresent themselves as sending instructions on installing a Windows security update.
Bleeping Computer writes that the computer emergency Response Team of Ukraine, CERT-UA,
says Russian hackers are targeting various government bodies in the country
with malicious emails supposedly containing instructions
on how to update Windows as a defense against cyber attacks.
CERT-UA believes that the Russian state-sponsored hacking group APT-28, also known
as Fancy Bear, sent these emails and impersonated system administrators of the targeted government
entities to make it easier to trick their targets. APT-28 is associated with Russia's
military intelligence service, the GRU, and CERT-UA is both certain of and unambiguous with respect to that attribution.
CERT-UA describes the attack process as follows, stating,
During April 2023, the Government Computer Emergency Response Team of Ukraine, CERT-UA,
recorded cases of the distribution of emails with the subject Windows Update among government bodies of Ukraine,
sent apparently on behalf of system administrators of departments.
At the same time, email addresses of senders created on the public service at Outlook.com
can be formed using the employee's real surname and initials.
The warning adds,
the sample letter contains instructions in Ukrainian for updates to protect against hacker attacks,
as well as graphical images of the process of launching a command line and executing a PowerShell command.
Should the victims follow the instructions in the email,
they'll find themselves installing a PowerShell script that simulates a Windows update
while it in fact downloads a second malicious PowerShell payload in the
background. That payload deploys information-harvesting malware that abuses the legitimate
Maki tool. Cert.ua concludes, we recommend restricting the ability of users to launch
PowerShell and monitor network connections to the Maki service API. The attack is interesting in a self-referential way.
It exploits fear of Russian cyber attacks
in order to accomplish exactly that, Russian cyber attacks.
And finally, we turn again to Killnet,
that prominent Russian hacktivist auxiliary
that now says it's reinventing itself as a for-profit operation.
Killnet held an Ask Me Anything session on their Telegram page this past Saturday
to answer questions about their new self-designation as a private military hacking company.
The questions raised were mostly about how they'll operate.
Killnet responded,
We created four sub-detachments consisting of former cyber criminals
and former members of special services, not only from Russia.
At the current time, we are ready to not only defend the motherland,
but also conduct computer network attacks
and destruction of intruders of different levels throughout the world.
They also explained that the price per mission
is going to depend on the complexity involved.
When asked what kind of file-sharing system they'll be using, the response was Skype.
Kilnett also explained that they have very tight and trusting relationships with international specialists
that provide them with 24-7 support in accomplishing their goals.
Regarding their pricing, they explain that they could destroy
the electrical infrastructure of Ukraine and Poland for a sum of $30 million, adding that
every destructive operation against electrical infrastructure costs money. We mention that
destroying the electrical infrastructure of Ukraine, Poland, or indeed anywhere else is a
lot easier said than done. And were it that easy,
why hasn't it already been done? It could have saved the Kremlin the expense of all those cruise
missiles that failed to get the job done in Ukraine. A side note, interestingly enough,
Kilnet seems to be pricing its missions in dollars, not rubles. We hope that's not a bad sign about the strength of Russia's currency.
Anywho, most of the remaining questions were about Kilneteer's personal lives and education,
and about how they're offering opportunities to learn more about being a hacker.
Kilnet ended their Ask Me Anything by explaining that their days of altruism are over. They're
done destroying civilian infrastructure
or conducting nuisance-level DDoS for free.
From now on, it's all about the Benjamins.
Their activity won't continue at its formerly high tempo,
but they will continue to support Russia and its interests.
They say they came to this line of work
because they hate the Polish people and Ukrainians,
but now they need
to monetize their hate. And alas, sadly, there's always been a market for that.
Coming up after the break, Caleb Barlow looks at unicorns and zombie-corns.
Our guest is Manoj Sharma from Symantec
to explain the difference between zero trust and sassy.
Stick around.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cyber criminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning
digital executive protection platform secures their personal devices, home networks, and connected
lives. Because when executives are compromised at home, your company is at risk. In fact, over
one-third of new members discover they've already been breached. Protect your executives and their families 24-7, 365
with Black Cloak. Learn more at blackcloak.io.
One of my favorite games to play at RSA Conference is Buzzword Bingo.
This year, the center free square was ChatGPT.
But maintaining a solid presence on the play field are Sassy and Zero Trust.
And for better clarity on the distinction between those two things,
I spoke with Manoj Sharma, Global Head of Security Strategy at Symantec. I look at Symantec, the Zetotrust and SASE
as two sides of the same coin for a very large purpose.
And I explain that where the exceptions are.
Okay.
But they're very different too.
So one is a product and an architecture that you buy,
that's SASE.
Yeah.
Zetotrust, on the other hand, is a cybersecurity framework.
You cannot sell Zetotrust. You cannot sell Zero Trust.
You cannot buy Zero Trust.
Zero Trust is a framework that you adopt and build for yourself.
So to build something, SASE is the responsibility of the vendor itself.
And you are the consumer of that technology.
And all you are responsible for, the actual customer,
is identifying the best way to get the traffic into that cloud and then the policies that
will govern how you secure yourself.
Zero trust, on the other hand, you need a set of tools that integrate with each other
and is driven by the intelligence that you derive out of your environment
and buy or acquire from a third party,
and then you build that framework for yourself and you operate it by yourself.
So when you think about it, how these things are two very different things,
how are they even related to each other?
Right.
And when you read the official definition of SASE as Gartner defines it, it is impossible to build a SASE product, if you will, or an architecture without the zero trust elements already built into it.
So that's where these two things get very, very similar, if you will.
And SASE has to deliver zero trust outcomes
when it is deployed.
It does.
But just for clarification,
would you consider one a subset of the other
or are they two things that overlap in some places?
Look, like I said,
one is the framework that you're responsible for as a customer.
The other one is a product that the vendor is responsible for.
I see.
But the product you're buying has to deliver,
has to be built upon zero trust principles.
That's what I'm trying to say.
Give an example.
So zero trust network access is a product
that is part of the SASE portfolio,
which really delivers zero trust way
of establishing the connect between the user
and the entity they're connecting to.
It is part of SASE.
If it is not based on zero trust principles,
that principles of least privilege,
assume breach, know the user
before they're going to enumerate the application,
all of these things are built into that architecture.
So zero trust is way bigger, by the way, than SASE itself.
SASE is very well defined, very well contained
with the listed list of functionalities.
There are a lot of things that you could do in your DMZs on-prem
that are not yet part of SASE, if you will.
So ability to do full packet capture for forensics,
well, that's critical capability. It's not part of SASE yet. But when. So ability to do full packet capture for forensics, well, that's critical
capability. It's not part of SASE yet. But when you think about zero trust, it actually extends
to accessing the databases, how databases will talk to the applications, how applications talk
to applications. And so those use cases are not served by SASE. So Zero Trust being a framework is much larger than the product that SASE is.
Do you understand,
do you have a certain amount of empathy
who find this a bit fuzzy,
a bit confusing to suss out the differences?
I tell you what,
I've been in front of customers
and that's what my role is,
to work with the largest companies in the world
and with some of the ITS services providers
and say, Minesh, help me understand the zero trust.
So I explain to them the building blocks of zero trust.
And most customers come back and are like,
we're doing this already.
Oh, interesting.
Right?
There is no default access to any of my applications.
I have to know who the user is.
Yeah, they can enumerate stuff, but I'm not there.
But when you think about it,
zero trust is a journey that you may never finish.
I see.
Right?
Yeah.
And I'm working with the financials in this,
the bigger financial companies in the world
that actually have dedicated teams
to build the zero trust strategy
and implement that architecture.
And SASE plays an important role there.
Those use cases that they're trying to build are already served
by SASE. So it is, yes, it can be
confusing, but that's where the distinction
between a framework and a product is.
You have to understand that. Product has
limitations in terms of
capabilities. Zero-dress as a framework
calls out for many more things.
Is there a pathway to success
that you see?
For the folks who are doing this and finding success,
are there common elements there?
There are, absolutely is, right?
So one of the lowest hanging fruit, if you will,
where these two things meet together is ZTNA,
which is Zero Trust Network Access.
That's a building block.
The very first thing you could do
to take some of the most critical applications
that you have inside your data centers
and publish those applications to your known users,
not for the world, known users,
in a very well-defined way
in the matter of the principles of least privilege.
A lot of people confuse this thing with replacing the VPNs.
It's a lot more than that.
So, for example, at Symantec,
we have two levels of ZTNA, for example.
One is, like, we can replace a VPN for you,
put the user in touch with the right application,
but then how do you implement the principle of least privilege?
So that's the layer three, layer four kind of a tunneling
kind of an application publishing.
We have a layer seven one,
which means the user will only have access to
the actual application interface,
not the host, not the IP address,
not the ports, and so on and so forth.
So there are ways to continue
to build your policy in a way
that you continue to restrict
what user absolutely
will be able to do and achieve
that desired state.
So ZTNA is one place where we find that Zetotrust and SASE are coming together,
solving that problem.
Now, there are two ways to get there, too.
When you say, I want to establish Zetotrust,
people ask questions, where do we start?
That's always the very first, where do we start?
And usually, the industry will say,
let's go with the access part.
Who can access what?
The application. With
Symantec, we're a little bit different, if you
will. You have a way to
do the access piece.
You can also start with the data.
Because at the end of the day,
why do we build the security
ecosystems around us is because we have
something worth protecting.
And what is something that protecting
is the reputation of the company,
which among a lot of other things in today's world
relies on how secure your intellectual property is
or the data that you became custodian of
because you're in that business.
How secure is that data?
So we understand both the access
and the data part, so you can
start from either the access part or
securing the data itself.
That's Minaj Sharma, Global Head of Security
Strategy at Symantec. It is always my pleasure to welcome back to the show Caleb Barlow.
He is the CEO at Syleet.
Caleb, great to see you here at RSA Conference.
Hey, Dave.
It's, first of all, incredible to be doing this finally face-to-face.
I know.
We've been doing this for years.
And I think this is the first time we've ever met face-to-face, let alone in a sea of thousands here.
I think you're right.
I wanted to touch base on something that I think isn't getting the attention that it deserves.
And you actually pointed this out to me.
Walking around on the show floor here at RSA, and indeed here in San Francisco,
there's this perception of success, of wealth, and a lot of that is well-placed,
but it's not the whole story.
No, you know, it's not, Dave.
And I think, you know, particularly at RSA, right?
I mean, this is where we come to show off the innovations,
the new technology, and the security space.
And this year, like any year,
there's some amazing things to look at. But I think one of the things that, you know, there's a little bit of an undercurrent here that we have to acknowledge this year. I mean,
how many times have we talked on this show about the skills gap and the difficulty in finding
people? This is the first time that there's large masses of people walking around in the cybersecurity
industry that have been laid off and are looking for jobs. And, you know, I think we have to
acknowledge that. I think we've got to recognize that, okay, we're still an industry that's going
to hire a lot of people. These people are going to find new roles. But, you know, a little bit of
that skills gap we talk about, we're taking a big chunk out of it over the last couple of months.
You know, the other thing we should probably talk about here, too, and this is important whether you're a buyer of cybersecurity solutions or maybe you're an employee at a vendor, is that, you know, the pressure is now on in new ways for these cybersecurity companies.
How so? Well, if you think about it, if you were sitting in the CEO
seat of most of these companies over the last five to 10 years, you're in what we call a growth
oriented mindset. And we've talked on this show about the rule of 40 as an example, you can look
up what that means. But the idea was that it was okay if you had a company that was burning cash,
as long as you were growing that business, as long as your average annual return
was growing year over year,
that was actually looked as a good thing
and investors would rally behind that
and you'd be able to get access to capital.
Well, Dave, the world has changed.
Yes.
It's now all about cashflow.
And I think there's a couple of concepts
that are really important for people to recognize.
So the first thing to really recognize in this
is that in any of these venture-funded cybersecurity startups,
which is most of them on the show floor,
you know, it's not just the stock of employees and investors.
You have to realize that not all stock is equal.
There's this thing called the preference stack.
And what this means is that, you know,
when a company gets sold, certain people get paid
first. So if the company has been successful and it's grown to everyone's aspirations,
then everybody makes out great and we're all good. But let's take a different scenario. Let's say
that maybe that company has been revalued. Maybe it comes time for it to get sold to, you know,
a strategic buyer and it hasn't quite garnered the aspirations
that everyone had after it.
And what was kind of put in that preference stack
when people made the investment,
well, the people that lose on that
are typically the employees and the management
because they don't usually get paid first.
So one of the things that people want to be paying attention to
is this preference stack.
But the other thing it can mean is,
and there are companies here today that have this issue, you know, their employees may be underwater.
So even though the company is successful, even though the company's moving forward,
you know, what motivates people to be entrepreneurs and what motivates this audience
is, you know, that opportunity to work hard for a few years and maybe get a bite of that apple
of success. And, you know,
you might be in a position where you're not going to get that big bite of the apple.
What about the companies themselves? You know, for years, we've been tracking and crowing about
the unicorns in the space. Are we still generating unicorns?
Well, there is a new term that I learned this week that I've never heard before. And, you know, I don't want to be all gloom and doom, but it's called the zombie corn.
And what you have is, especially last year, there were a whole series of companies that raised $100, $200, $300, $400 million in a year.
I mean, these are incredible amounts of money.
Well, the problem with that is that creates a valuation of what's the company worth. So, you know, you take down $400 million, the company's easily going to be worth probably more than a billion in its valuation
of what people anticipate that it should become. So that then creates the unicorn. Right. Well,
now the problem is the company's got to grow into that. There may not be the strategic buyers. There
may not be the follow-on investments. It's going to be harder to get money. So now what you have
are these companies that have taken down all this money.
Then they've got to grow into that valuation.
And what that does is it pushes their time trajectory out potentially many years.
Especially if we have a potential recession on the way, that could push it even further.
So these companies will get there.
They will likely survive, but it may be a very difficult journey
for these CEOs and managers
as they kind of have to deal with their, you know,
their new status as a zombie corn.
What about the individuals themselves?
You know, earlier today,
I was talking with my colleague, Rick Howard,
and we were saying how so many of these organizations
want to hire the high-level people
who have a lot of experience
and they're willing to throw a lot of money at those people to get them.
But I still hear stories about particularly the entry-level folks who are having trouble getting hired.
It's like this disconnect there.
My perception is companies don't want to invest in hiring and training those people up.
They want the fully baked person.
I think you're absolutely right. And I think we have a new problem. I mean, we've talked about
the skills gap in security. We've talked about the diversity challenges in security. But I think we
actually have a new problem, which is an accessibility gap. Meaning that there are
workers that want these jobs. There are people that are capable over three months, six months, a year's worth of training
to be able to move into these jobs.
But what we have to do is make these jobs accessible.
And what that means is we have to upskill.
You know, so I think part of what this means for your, you know, HR managers at companies
is to pivot the spend.
Today, if you go recruit a high caliber individual, you could be spending a lot of money on a recruiter.
You know, in many cases, well north of six figures.
Right.
To recruit that individual who it becomes difficult to retain, right?
So, you know, if you want to spend $100,000
recruiting a top cyber threat hunter,
and they leave after two years,
you didn't really gain anything out of that.
So, you know, the new approach to
this that I think a lot of people are going to start looking at is to say, why don't we take
that same money and why don't we invest in upskilling individuals? Now there's a couple
of benefits that come out of that. One, it's going to cost a whole lot less. Two, there is a higher
likelihood that person is going to be retained. And third, I think the loyalty of that
individual, because you helped them get there, is inconsequential. Now, the negative of the
upskilling is it's going to take time. You're going to have to invest the time up front,
rather than in recruiting, you're going to have to invest the time in training. But at the end
of the day, I think that's okay. And I think people are starting to realize that.
The other thing I'd leave you with, Dave,
is let's also not forget about interest rates.
So if anyone's looking at buying a home,
they might have noticed that interest rates
have gone from nearly nothing to 7%, 8%.
Well, remember, business loans,
especially business loans for startups,
are going to be much more
than what you're going to see in a home loan. So also what we have is a lot of companies here
coming through the pandemic, maybe it wasn't the right time to raise capital. So instead,
they went to a debt service. There are companies here that might have $50 to $100 million in loans.
Well, now all of a sudden, you're not paying a few percentage points on that.
You might be spending millions of dollars a year just servicing the loan.
And does that shorten the runway for them?
That absolutely shortens the runway. So this is the other thing that I think a lot of companies
are dealing with. And the reason to mention this isn't gloom and doom. Let's remember,
we're in an industry that's going to be successful. But what it means is that as employees at companies,
at buyers of solutions,
we now need to pay attention to how is that company capitalized?
What is their runway?
Are they going to be around?
And most importantly,
are they going to be able to retain their curable staff?
Yeah.
All right.
Well, Caleb Barlow, thank you for coming by
and always an interesting conversation. It's great to see you in person.
Likewise, Dave.
Cyber threats are evolving every second and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Don't forget to check out the Grumpy Old Geeks podcast, where I contribute to a regular segment called Security, Huh?
I join Jason and Brian on their show for a lively discussion of the latest security news every week.
You can find Grumpy Old Geeks where all the fine podcasts are listed.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com.
Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.
We're privileged that N2K and podcasts like The Cyber Wire are part of the daily intelligence routine of many of the most influential leaders and operators in the public and private sector,
as well as the critical security teams supporting the Fortune 500
and many of the world's preeminent intelligence and law enforcement agencies.
N2K Strategic Workforce Intelligence optimizes the value of your biggest investment, your people.
We make you smarter about your team while making your team smarter.
Learn more at n2k.com.
This episode was produced by Liz Ervin and senior producer Jennifer Iben. Our mixer is Trey Hester, with original music by Elliot Peltzman.
The show was written by John Petrick.
Our executive editor is Peter Kilby,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Thank you. ambitious, but also practical and adaptable. That's where Domo's AI and data products platform
comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable
impact. Secure AI agents connect, prepare, and automate your data workflows, helping you gain
insights, receive alerts, and act with ease through guided apps tailored to your role.
receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.