CyberWire Daily - Ghost accounts haunt GitHub.
Episode Date: July 24, 2024Stargazer Goblin hosts malicious code repositories on GitHub. Crowdstrike blames buggy validations checks for last week’s major incident. The Breachforums database reveals threat actor OPSEC. Window...s Hello for Business (WHfB) was found vulnerable to downgrade attacks. A medical center in the U.S. Virgin Islands is hit with ransomware. Interisle analyzes the phishing landscape. The FTC orders eight companies to explain algorithmic pricing. Meta cracks down on the Nigerian Yahoo Boys. A fake IT worker gets caught in the act. My conversation with Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast.” Researchers wonder if proving you’re human proves profitable for Google. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Nic Fillingham and Wendy Zenone, co-hosts of Microsoft Security's "The Bluehat Podcast," talking about what to expect on Bluehat on the N2K media network. You can catch the podcast every other Wednesday. Their latest episode launching today can be found here. Selected Reading A Hacker ‘Ghost’ Network Is Quietly Spreading Malware on GitHub (WIRED) CrowdStrike blames test software for taking down 8.5 million Windows machines (The Verge) BreachForums v1 database leak is an OPSEC test for hackers (Bleeping Computer) Goodbye? Attackers Can Bypass 'Windows Hello' Strong Authentication (Dark Reading) Schneider Regional Medical Center hit by ransomware attack (Beyond Machines) New phishing report names and shames TLDs, registrars (The Verge) FTC Issues Orders to Eight Companies Seeking Information on Surveillance Pricing (FTC) Meta bans 63,000 accounts belonging to Nigeria’s sextortionist Yahoo Boys (The Record) How a North Korean Fake IT Worker Tried to Infiltrate Us (KnowBe4) Forget security – Google's reCAPTCHA v2 is exploiting users for profit (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
Stargazer Goblin hosts malicious code repositories on GitHub.
CrowdStrike blames buggy validation checks for last week's major incident.
The Breach Forum's database reveals threat actor OPSEC.
Windows Hello for Business was found vulnerable to downgrade attacks.
A medical center in the U.S. Virgin Islands is hit with ransomware.
Interisle analyzes the fishing landscape.
The FTC orders eight
companies to explain algorithmic pricing. Meta cracks down on the Nigerian Yahoo boys. A fake
IT worker gets caught in the act. My conversation with Nick Fillingham and Wendy Zanoni, co-hosts
of Microsoft Security's The Blue Hat podcast. And researchers wonder if proving you're human proves profitable for Google.
It's Wednesday, July 24th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing.
Thank you for once again joining us. It is great, as always, to have you here with us.
A secret network of around 3,000
ghost accounts on GitHub has been manipulating the platform to promote malware and phishing links,
as revealed by research from cybersecurity firm Checkpoint. Operating since at least June of last
year, a cybercriminal group dubbed Stargazer Goblin by Checkpoint, has been hosting malicious code repositories on GitHub,
the world's largest open-source code site.
Antonis Terofos, a malware reverse engineer at Checkpoint,
discovered that these fake accounts star, fork, and watch malicious repositories
to make them appear popular and legitimate.
This tactic leverages GitHub's
community tools to boost the visibility and credibility of harmful pages. The network's
activities are coordinated through a cybercrime-linked Telegram channel and criminal
marketplaces. The Stargazer's Ghost Network spreads malicious repositories offering fake
downloads for social media, gaming, and cryptocurrency tools targeting Windows users.
They claim to provide tools like VPNs or licensed software, but instead deliver malware.
The operator behind this network charges other hackers to distribute their malicious content.
A service checkpoint terms distribution as a service.
GitHub has responded by disabling user accounts violating their policies against supporting
unlawful activities.
With over 100 million users and 420 million repositories, GitHub continues to face challenges
from cybercriminals exploiting its platform for malicious purposes.
from cybercriminals exploiting its platform for malicious purposes.
CrowdStrike has released a post-incident review addressing a faulty update that caused 8.5 million Windows machines to crash last week.
The issue stemmed from a bug in their test software,
which failed to validate a content update correctly.
This update was intended to gather telemetry on new threat techniques,
but led to system crashes.
CrowdStrike's Falcon software, used globally for malware and security management,
typically issues two types of updates, sensor content and rapid response content.
The problem arose from a 40-kilobyte rapid response content file, which, despite passing faulty validation checks, contained problematic data that led to Windows crashes.
To prevent future incidents, CrowdStrike is enhancing its testing process for rapid response content with local developer testing, content update and rollback testing, stress testing, fuzzing, and fault injection.
They will also update their cloud-based content validator
and improve error handling in the Falcon sensor.
Additionally, CrowdStrike will adopt a staggered deployment strategy
for updates to avoid widespread issues.
The entire database for the notorious Breach Forum's V1 hacking forum was leaked on Telegram,
exposing member information, private messages, cryptocurrency addresses, and all forum posts.
This database originated from a backup allegedly sold by Connor Fitzpatrick,
also known as Pom Pom Porin, after the FBI seized Breach
Forums following Fitzpatrick's arrest. The data circulated among threat actors, with one trying
to sell it for $150,000. Initially, only limited member data was leaked by a user named Emo.
However, due to ongoing infighting within the breach forum's community, Emo released
the complete database, containing records up to November 29th of 2022. This leak reveals extensive
details, including hashed passwords and private communications about exploits and stolen data.
Law enforcement already possess this database, but its public release allows
researchers and journalists to assess threat actors' operational security practices.
Microsoft's Windows Hello for Business, WHFB, was recently found vulnerable to downgrade attacks,
allowing threat actors to bypass even biometric protections. WHFB, which uses cryptographic keys in a computer's trusted platform module
with biometric or PIN verification,
can be exploited by modifying authentication request parameters.
Accenture security researcher Yehuda Smirnoff discovered this flaw last year
and reported it to Microsoft, which has since issued
a fix. Smirnoff will demonstrate the attack and mitigation strategies at Black Hat USA 2024.
The attack involves intercepting and altering post requests to Microsoft's authentication services,
downgrading WHFB to less secure methods using the Evil Jinx framework.
Microsoft's recent update includes a conditional access capability called Authentication Strength
to enforce phishing-resistant authentication, preventing such downgrades.
This fix ensures only secure authentication methods are used, protecting against similar future attacks.
authentication methods are used, protecting against similar future attacks.
Schneider Regional Medical Center in St. Thomas, U.S. Virgin Islands, experienced a ransomware attack on July 21, disrupting network systems. IT staff detected the attack, which has led to
significant operational challenges, including the unavailability of the patient portal and medical records.
While all patient care services continue,
the hospital is working with law enforcement and third-party vendors
to assess and restore system functionality.
The extent of data compromise is still under investigation.
Interisle's fourth annual fishing landscape study
highlights the evolving spectrum of fishing attacks from May 2023 through April 2024,
emphasizing the persistent and growing threat of cybercrime.
The study reveals a significant increase in fishing incidents,
with attackers increasingly exploiting subdomain providers and decentralized platforms like the Interplanetary
File System to launch their schemes. Following the shutdown of the notorious Freenom service,
cybercriminals have turned to inexpensive domains in new GTLDs, demonstrating their adaptability.
This shift underscores the need for vigilant domain registration policies,
as bulk registrations have become a common tactic for setting up phishing sites.
U.S.-based hosting providers continue to be favored by phishers, highlighting the global nature of the threat and the need for international cooperation. report stresses that effective fishing mitigation requires robust digital identity verification,
automated screening systems, and proactive measures by hosting operators.
Interisle recommends cross-industry collaboration and stronger governmental roles to combat fishing.
By adopting these measures, the report suggests that the industry can disrupt the fishing supply chain and protect users more effectively.
The Federal Trade Commission has issued orders to eight companies
offering surveillance pricing products and services that use consumer data to determine prices.
These orders aim to understand the impact on privacy, competition, and consumer protection.
The FTC is investigating how third-party intermediaries
use advanced algorithms, AI, and personal information,
such as location, demographics, credit history, and browsing history,
to set targeted prices.
FTC Chair Lina Khan expressed concerns about privacy risks
and potential price exploitation through personal data.
The FTC seeks detailed information from MasterCard, Revionix, Bloomreach, JPMorgan Chase,
Task Software, Proz, Accenture, and McKinsey & Company.
The inquiry focuses on the types of surveillance pricing products and their uses,
data sources and collection methods,
customer information and intended uses of products,
and the impact on consumers and pricing.
The Commission unanimously approved the orders.
Meta has banned 63,000 accounts linked to Nigerian cybercriminals
known as the Yahoo Boys,
who targeted users in the U.S. with sextortion scams.
These scammers, primarily targeting adult men, coerced victims into sharing explicit images,
then threatened to release them unless paid in gift cards, mobile payments, wire transfers,
or cryptocurrency. Some attempts targeted minors, reported to the National Center for Missing and
Exploited Children. Meta's crackdown follows FBI warnings about the growing threat of financial
extortion targeting children. A smaller network of 2,500 accounts linked to 20 individuals in Nigeria
was also uncovered. These scammers used fake accounts and shared resources for scamming, including
scripts and guides. Meta designated the Yahoo Boys as a banned entity under its strict dangerous
organizations and individuals policy. The company says they're improving detection tactics and
sharing information with other tech companies through the Tech Coalition's Lantern program.
with other tech companies through the Tech Coalition's Lantern program.
At security awareness firm KnowBefore, the search for a new software engineer for their IT-AI team seemed to go smoothly. They posted the job, received resumes, conducted interviews,
performed background checks, and verified references. Finally, they hired someone who appeared to be an ideal candidate.
The new hire was sent a Mac workstation,
but as soon as it was received, malware began to load.
Nobifor's HR team had conducted four video interviews with the candidate,
confirming their identity through the provided photo.
The background check came back clear,
but the individual was using a stolen,
valid U.S.-based identity. The photo was AI-enhanced, making it difficult to detect the
deception. The EDR software detected the malware and alerted the InfoSec Security Operations Center.
When the SOC contacted the new hire, things quickly became suspicious. The employee claimed they were
troubleshooting a router issue, but their responses were evasive, and soon they became unresponsive.
The SOC team contained the device. Further investigation revealed a sophisticated scam.
The fake worker was part of a North Korean operation using an address as an IT mule laptop farm and VPNs to mask their
true location. They worked U.S. hours while being based in North Korea or China, earning money that
funded illegal programs. Nobifor's controls had caught the breach, but it was a stark lesson.
They needed to re-examine their vetting process, remote device scans and monitoring,
enhance security measures and improved coordination between HR, IT and security teams
who are vital to protect against such advanced threats. The incident underscored the critical
need for vigilance and robust security protocols in the hiring process.
Coming up after the break,
my conversation with Nick Fillingham and Wendy Zanoni,
co-hosts of Microsoft Security's
The Blue Hat Podcast.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash
cyber for $1,000 off. And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
Thank you. Before we dig into some of the details about the Blue Hat podcast itself, I'd love to get a little bit of background from each of you and kind of what brought you to this podcast and your careers there at Microsoft.
Wendy, you want to start things off for us?
Sure, sure.
I have had a pretty unique path into security. I quit my job in my 30s and went to software engineering school and then just progressed
from there. I was the first graduate to want to focus on cybersecurity, which was really
interesting. It kind of paved the way for that school, which I'd seen a lot of people come out
of there from cybersecurity. And I went and moved forth and worked at Netflix and Salesforce and
then found myself here at Microsoft. And I've done everything from product security to application security.
And now I focus on security, the internal awareness and training aspect of Strike,
which is an internal program here at Microsoft.
And Nick, how about you?
Yeah, thanks, Dave.
So I've been at Microsoft for, gosh, two decades,
bouncing around doing a bunch of fun things.
I'm like Wendy, I'm in the MSRC,
the Microsoft Security Response Center.
And I have the privilege really
of working with the security researcher community.
That's hackers and folks out there
that are intentionally breaking stuff
with the goal of fixing it
and obviously making people safer.
And really, I'm not a security researcher.
I'm not a security engineer.
My background isn't technical.
But I like to say that I can ask good questions.
And I like to go down little rabbit holes.
And so, yeah, what I really love about this space
is just getting to talk to really, really smart people,
really, really curious people,
and people that
constantly surprise me with how they sort of think outside the box and do interesting and
unique things to essentially make the world a safer place, which I know sounds like sort of
hyperbolic, but it really is. And so one of the things I love about working for Microsoft and
then also working on the Blue Hat podcast. Yeah, it sounds like you and I are kindred spirits when it comes to that.
I always say my favorite part about my job is being able to talk to smart people about interesting things.
Can you tell us about the Blue Hat podcast itself?
What's kind of the origin story there?
Nick, you want to tell us where did it come from?
Absolutely. So, Blue Hat is the name of
Microsoft's Security Research Conference, which started back in 2005. And so, if you are a security
researcher or a hacker, you may have heard of Blue Hat or the Blue Hat Conference. It's been around
for almost 20 years. We're going to have the 23rd edition of the conference this year,
October 29th and 30th in Redmond, Washington.
And basically, initially, Blue Hat was where Microsoft's sort of burgeoning nascent security division,
actually, I don't even know if security division was there at the time.
It was folks that were interested in thinking about security.
They brought in some of the top presenters
at Black Hat and DEF CON
and other sort of existing security research conferences.
And they brought them into Microsoft
and they brought all these security-focused folks
at Microsoft into a big room.
And they had these people present sort of a reality check,
sort of a current state of what is happening
in this new burgeoning field of security
and what does this sort of external perspective
on security and security research look like?
And yeah, what is that reality for Microsoft?
And it was successful and it continued year on year.
And as I said, we're coming up to the 23rd edition of the conference,
which will be later October in this year.
And so the Blue Hat podcast is really an extension of that.
We've been going for about two years now.
This is, I think, this episode or the next episode that folks will listen to
is about episode 32, 33, depending on timing.
And we bring a lot of those same perspectives
and same voices to the podcast.
So it's really, it's a focus on security research
and security researchers.
And we try and bring in both external non-Microsoft people
that are in this space,
as well as Microsoft people
who are either researchers themselves
or who are responsible for essentially working
with researchers in the research community
to implement their findings and make things better.
So we really try and show sort of both sides of the story
and both sides of the coin.
And it's amazing that, as I said,
there's almost sort of 20 years of history here.
And so we're constantly bringing people on the podcast
who have presented at Blue Hat,
maybe multiple times
spanning almost two decades and seeing how their respective careers and research focuses have
changed over that time. And then the value and the impact that they've had in really sort of
behind the scenes. Security researchers often, as you know, Dave, you know, people don't, they're not household names,
but they're doing all this work that is keeping,
you know, thousands, if not millions of people safe
to, you know, protecting the technology,
the powers, pretty much everything that we do every day.
So it's a great podcast, it's a great focus.
And yeah, we're really bringing forward,
you know, as I said, almost two decades worth of work
in focusing on the security research
community and the security researcher. Wendy, can you give us a little taste of what folks
can expect from the show? What are some of the topics that you've particularly enjoyed,
or maybe some of the highlights of the guests that you've had on the show?
of the guests that you've had on the show?
Oh man, I have a shorter time span.
I've only been at Microsoft for coming up on three years.
So compared to some of these other folks,
I am so new and the company is so big and impactful that what I love about participating in this podcast
is I get to meet all these folks
that help,
you know, secure the world. And there's so many people like Nick was saying,
if they're not at the forefront, you know, where everyone knows them as household names. So,
you know, even folks such as, I love the episode that we had with Tom Gallagher. He's been at
Microsoft for 25 years, but he has such an interesting origin story. You know, he got
into security before, you know, there was, you can go to college and major origin story. You know, he got into security before, you know,
there was, you can go to college and major in it.
You know, he was one of the pioneers in that sense.
And so some of those stories are really interesting.
And folks like Sean Hernan,
who's been in security for three decades,
and you can see, you know, how he really is promoting,
you know, fostering a growth mindset in security and how we see, you know, how he really is promoting, you know, fostering a growth mindset
and security and how we can, you know, potentially improve the industry going forward. One of the
episodes I really enjoyed was with Cameron Vincent because Cameron was a researcher and he was able
to discuss with us what it's like to be a researcher. But then on the flip side, now he's
a Microsoft security researcher. So he's seen both sides. And these are areas that I on, you know, in my everyday don't get to hear some of these stories. So I love bringing those stories and those facts to the forefront for the audience, but also for myself, because it helps everyone understand that there's so much and so many details and cybersecurity is so complex and it's always evolving.
And so we have this cornucopia of guests that help secure because it takes all sorts.
And so it's an interesting thing for me, but I love passing that off to the audience. And then we also ask some fun questions like, what do you do when you're not being a security researcher?
And it's fun to hear some of those,
like, who are they outside of this? And some people just, that's all they do. And that's
their passion. So it's great to just talk to these folks and just hear their stories.
Yeah. One of the things that I really enjoy about the Blue Hat podcast is that
there is something for everyone, no matter where they are in their professional journey in cybersecurity.
You could be somebody who's aspirational, a student who's looking to just learn everything, or somebody who's been around in the industry for decades and enjoys hearing someone else tell some of these tales that you've heard around the campfire, as it were.
There really is something for everybody there.
I agree.
I agree.
And as someone that has transitioned later into the security space, I like hearing the
different paths to get there and then hearing the folks that have been there, as you said,
since the beginning.
What have their lessons learned?
What have they seen over the time? What are their stories? And it is really impactful
depending. It doesn't matter where you are in your career. And we do like to ask the question of
what is your advice for folks just starting out? Because as I said, this is an evolving space. We
need people to continue to join the industry. And those tips that they give are really, really helpful.
So Nick, how would you describe your target audience here?
Who are you really focused on?
Absolutely.
So I think first and foremost,
if you are a listener of podcasts
across the CyberWire network
and you're familiar with Research Saturday,
Dave, your podcast,
that is someone who I think would really
enjoy the Blue Hat podcast. We talk to researchers. We ask them to talk about their research. What did
they find? How did they find the vulnerability or the thing that they discovered? And then
sort of what's the takeaway? We also ask them for sort of career advice and researching advice, too, for folks that might want to enter into this industry or begin to do security research themselves.
The other thing we do on the Blue Hat podcast, which I think is maybe a little bit unique, is because we are inside Microsoft and MSRC, we can sort of add a little bit of perspective or provide some information with respect to, okay, so what
happens once that research is actually submitted? If it's from an external researcher to Microsoft,
what does that look like? What does that process look like? And we can help demystify and break
that down. And so I think if you are a researcher, you can get some information out of that that can
certainly be helpful in understanding the process. And then finally, Wendy has a formal security background,
but I don't. I'm just a person that asks questions. And so one of the things I try and do is help
extract for the listener, okay, so what does this mean if you're not a security researcher?
Maybe you're a security practitioner. Maybe you're an IT pro. Maybe you're just a small
business owner or someone that's just interested in staying secure. How can you take some learnings from maybe some very, very technical
and detailed and esoteric security research and actually apply that to everyday life, whether
it's life online or life in person. So we really do try and create takeaways for multiple different
audiences. So I'd say if you love Research Saturday,
we hope you'll love the Blue Hat podcast.
If you listen to CyberWire Daily
or anything really across the CyberWire network,
we hope we've got something for you
on the Blue Hat podcast,
but very much focused on security researchers,
the security research community,
and then showing sort of both sides of the story
from both Microsoft's perspective
and then also from the researcher.
Yeah.
Well, Nick Fillingham and Wendy Zanoni are the co-hosts of Microsoft Security's The Blue Hat podcast,
which you can find right here on the N2K CyberWire network and wherever you get your favorite podcasts.
Nick and Wendy, thank you so much for joining us.
Thank you.
Thanks, Dave. Happy to be back.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity. Thank you. And finally, Google's reCAPTCHA,
you know, those annoying prove-your-human puzzles
where you have to click on all the images showing traffic lights,
might be more about making money than securing websites,
according to some University of California, Irvine researchers.
They argue it's actually a sneaky way to harvest your data and make billions
from your unpaid labor. Originally, CAPTCHAs were supposed to tell humans and bots apart with tricky
puzzles. But now, AI can solve them almost as well as we can. Google's reCAPTCHA, which they acquired
in 2009, has evolved, but the researchers say its usefulness is questionable.
They found that these puzzles are not just annoying,
but also time-consuming and resource-heavy,
all while being vulnerable to bots.
Apparently, bots were already beating these challenges as far back as 2016,
but Google stuck with them, possibly to gather data for other uses.
The academics claim that in 13 years, but Google stuck with them, possibly to gather data for other uses.
The academics claim that in 13 years, we've spent 819 million hours on reCAPTCHA,
worth about $6.1 billion in wages.
Meanwhile, they say Google profits from the data we unwittingly provide.
The researchers suggest it's time to ditch these CAPTCHAs.
They see them as a massive waste of human effort with little real security benefit.
Instead of making the internet safer, they say,
we've been tricked into doing free labor for Google.
A Google spokesperson told the Register that reCAPTCHA user data is solely used to improve the reCAPTCHA service, as stated in their terms of service.
Now, if you'll excuse me, I've got to train an AI on how to identify crosswalks.
And that's the CyberWire. For links to all of today's stories, check out our daily briefing
at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
the show notes or send an email to cyberwire at n2k.com. We're privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private
sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement
agencies. N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester,
with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role. Data is hard.
Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.