CyberWire Daily - If there's something strange in your neighborhood, don't call Facebook.
Episode Date: March 27, 2024Facebook's Secret Mission to Unmask Snapchat. The White House wants AI audits. Hackers exploit the open-source Ray AI framework. Finnish Police ID those responsible for the 2021 parliament breach. Ope...ration FlightNight targets Indian government and energy sectors. Chinese APT groups target ASEAN entities. A notorious robocaller is rung up for nearly ten million dollars. In our latest Learning Layer, join Sam Meisenberg as he unpacks the intricacies of the CISSP diagnostic with Joe Carrigan from Johns Hopkins University. And Ann Johnson from Microsoft's Afternoon Cyber Tea visits the world of Smashing Security with Graham Cluley and Carole Theriault . And the UK’s watchers need watching. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guests Join us for part three as this Learning Layer special series continues. Learning Layer host Sam Meisenberg talks with Joe Carrigan from Johns Hopkins University Information Security Institute, and co-host of Hacking Humans podcast. In this segment, they continue to discuss the results of Joe's CISSP diagnostic and dive deep into one of the assessment questions. Learn more about ISC2’s Certified Information Systems Security Professional (CISSP) certification, and explore our online certification courses, practice tests, and labs that ensure that you’re ready for exam day. Microsoft Security’s Ann Johnson, host of the Afternoon Cyber Tea podcast, goes inside the Smashing Security podcast with Graham Cluley and Carole Theriault. Selected Reading Facebook snooped on users’ Snapchat traffic in secret project, documents reveal (TechCrunch) NTIA Pushes for Independent Audits of AI Systems (GovInfo Security) Thousands of companies using Ray framework exposed to cyberattacks, researchers say (The Record) Finland confirms APT31 hackers behind 2021 parliament breach (BleepingComputer) Operation FlightNight: Indian Government Entities and Energy Sector Targeted by Cyber Espionage Campaign (EclecticIQ) Chinese Hackers Target ASEAN Entities in Espionage Campaign (Infosecurity Magazine) Federal Court Enters $9.9M Penalty and Injunction Against Man Found to Have Caused Thousands of Unlawful Spoofed Robocalls (US Department of Justice) UK counter-eavesdropping agency gets slap on the wrist for eavesdropping (The Record) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K.
Facebook's secret mission to unmask Snapchat. The White House wants AI audits.
Hackers exploit the open source Ray AI framework.
Finnish police ID those responsible for the 2021 parliament breach.
Operation Flight Night targets Indian government
and energy sectors. Chinese
APT groups target ASEAN
entities. A notorious robocaller
is rung up for nearly
$10 million. In our latest
learning layer, join Sam
Meisenberg as he unpacks the intricacies
of the CISSP diagnostic
with Joe Kerrigan from Johns Hopkins
University.
And Anne Johnson from Microsoft's
Afternoon Cyber Team
visits the world
of smashing security
with Graham Cooley
and Carol Terrio.
And the UK's watchers
need watching.
It's Wednesday, March 27th, 2024.
I'm Dave Bittner, and this is your CyberWire Intel Briefing. A report from TechCrunch says that in 2016, Facebook initiated Project Ghostbusters,
a clandestine operation aimed at decrypting and intercepting network traffic between Snapchat users and its servers to analyze user behavior and compete more effectively.
user behavior and compete more effectively. This project was revealed through court documents from a class action lawsuit against Meta, Facebook's parent company. The project extended to analyzing
traffic from Amazon and YouTube users, requiring the development of technology to bypass encryption.
Facebook's method involved Onavo, a VPN-like service it acquired, which could intercept encrypted app traffic.
In internal communications, Mark Zuckerberg emphasized the importance of finding new ways to gain analytics on competitors due to Snapchat's encrypted traffic and rapid growth.
Despite internal concerns over the ethical implications of intercepting encrypted data,
the project proceeded using an adversary-in-the-middle approach to gather data.
This revelation came from a lawsuit alleging that Facebook lied about its data collection practices and used the data to unfairly compete with emerging companies.
The project raised significant privacy concerns,
with key Facebook engineers questioning the morality of such practices.
The Biden administration is advocating for mandatory audits of high-risk AI systems and clearer guidelines on liability in the AI supply chain.
This comes per a report from the National Telecommunications and Information Administration.
per a report from the National Telecommunications and Information Administration.
This push for accountability aims to ensure responsible AI use and management of associated risks, aligning with President Biden's executive order to secure AI through developer notifications
of high-risk AI model training. The report suggests independent audits, potential pre-release certifications for high-risk sectors,
and AI nutrition labels for better transparency.
It also encourages legal discussions on applying existing liability rules to AI,
proposing a collaborative approach to managing AI's cross-sectoral risks,
including a national registry for high-risk AI deployments and an AI incident
reporting database. Hackers are exploiting a vulnerability in Ray, an open-source AI framework
used for developing and deploying large-scale Python applications, including machine learning,
scientific computing, and data processing. The vulnerability, termed ShadowRay by Oligo security researchers,
has led to the compromise of thousands of Ray servers globally,
affecting sectors like healthcare, education, and video analytics.
This framework, utilized by leading tech firms such as Uber, Amazon, and OpenAI,
has become a target due to its extensive
use in processing vast amounts of data and executing complex computational tasks. The
exploit allows attackers to hijack computing resources for cryptocurrency mining and access
sensitive information, including database credentials and payment tokens. Despite its wide impact, the vulnerability was not initially regarded as critical,
partly because any scale, the developer behind Ray,
contends that the framework is designed for secure network environments,
arguing the issue is a feature, not a flaw.
Finnish police have confirmed that APT31, a hacking group associated with China's Ministry
of State Security, was responsible for a 2021 breach of Finland's parliament. A joint investigation
involving the Finnish Security and Intelligence Service and international partners has been
examining the breach, focusing on charges of aggravated espionage and other offenses.
The investigation, spanning from autumn 2020 to early 2021,
has uncovered a complex criminal infrastructure and identified one suspect.
The breach, initially described as state cyber espionage,
involved unauthorized access to several parliament email accounts, including those of Finnish MPs.
Analysts at Eclectic IQ have uncovered a cyber espionage campaign called Operation Flight Night,
targeting Indian government and energy sector entities starting March 7, 2024.
The attackers used a phishing email disguised as an Indian Air Force invitation
to distribute a modified version of the Hack Browser Data Information Stealer, the malware
exfiltrated confidential data, including internal documents and web browser information, via Slack
channels. Over 881 gigabytes of data from agencies overseeing electronic communications,
IT, national defense, and private energy companies were compromised,
suggesting a motive of further infiltrating Indian government infrastructure.
Similarities with a previous attack in January 2024 indicate a likely cyber espionage intent.
indicate a likely cyber espionage intent.
Eclectic IQ has alerted Indian authorities to aid in victim identification and response efforts.
Over the last three months,
two Chinese APT groups have been targeting entities
within countries affiliated with the Association of Southeast Asian Nations,
ASEAN, through cyber espionage campaigns, as observed by Unit 42 of
Palo Alto Networks. Their report highlights the activities of Stately Taurus, an APT group active
since at least 2012, known for its espionage against governments, non-profits, and NGOs globally.
This recent campaign targeted Myanmar, the Philippines, Japan, and Singapore,
coinciding with the ASEAN-Australia Special Summit from March 4th through the 6th of this year.
Unit 42 identified two malware packages, TalkingPointsForChina.zip and PSO.SCR,
the latter possibly referring to a Myanmar military rank, which were used to
infiltrate Asian countries during the summit. The second Chinese-affiliated APT group remained
unnamed in the Unit 42 report. A Montana federal court imposed a $9.9 million penalty
and issued an injunction against an individual for making thousands of
illegal and harmful spoofed robocalls nationwide, violating the Truth in Caller ID Act and Telephone
Consumer Protection Act. Initiated by a Federal Communications Commission investigation into
robocalls that misled recipients with false local caller IDs. These messages contained offensive
content aimed at certain communities. Notably, calls targeted areas in Brooklyn, Iowa, and
Charlottesville, Virginia during sensitive times. The FCC traced the calls to Scott Rhodes,
leading to a January 2021 penalty of $9.9 million.
Following a Justice Department lawsuit, the court affirmed the penalty and injunction.
Coming up after the break, in our latest Learning Layer, Sam Meisenberg is joined by Joe Kerrigan to unpack the intricacies of the CISSP diagnostic.
And Anne Johnson from Microsoft's Afternoon Cyber Tea visits with Graham Cluley and Carol Terrio from Smashing Security.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes! Yes! Yes!
With savings of up to 40% on Transat South packages, it's easy to say
so long to winter. Visit
Transat.com or contact your Marlin travel
professional for details. Conditions apply.
Air Transat. Travel moves us.
Do you know the status
of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this.
More than 8,000 companies like Atlassian and Quora
have continuous visibility into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their personal devices, home networks, and connected lives. Thank you. and their families 24-7, 365 with Black Cloak. Learn more at blackcloak.io.
In our latest Learning Layer,
host Sam Meisenberg unpacks the intricacies
of the CISSP diagnostic with Joe Kerrigan
from Johns Hopkins University.
All right, welcome back to another Learning Layer segment. We are going to continue our conversation with Joe Kerrigan
as he prepares for his CISSP exam.
So, Joe, you had homework since the last time we talked.
I did.
Okay.
Did you do it and how did it go?
I took the diagnostic.
I did not get a 96% on this one.
Okay.
I got a 68%, which is somewhere between okay and ecstatic.
It's 75%. So I'm a little closer to ecstatic. Good. So I'm pleased with how I did. Good. But
I'm not ecstatic. I'm okay with it. And Joe, before we talk about your specific results,
I do want to kind of give one word for the average studier because, you know,
we already established Joe has a lot of years of experience. You're a teacher. You know this stuff well. So I was expecting a good score. But I want
to give a shout out for maybe the people who, you know, scores are not going to be so high or not
getting a 68% or getting a 25% or don't have 14 years of experience. That's okay. A diagnostic
is just a diagnostic.
Think of it as like learning about yourself, right?
It's just data.
And all it's there is to make you realize how much work you have.
It's not supposed to make you feel bad, so don't feel discouraged.
It's just a number, and you're just learning about yourself.
Where you start is not where you end.
So, Joe, back to you and your 68%.
Right. Per domain, back to you and your 68%. Right.
Per domain, how did you do?
Nice breakdown.
Well, initially, I said the domain I was going to have the most trouble with would be security and risk management.
But I did pretty well.
I got a 73.91% in that one.
Nice.
And much to my dismay, software development security, I came in at around 66.
Now, there's only three questions about that, but I missed two of them.
Now, sometimes real-world practical experience can get in the way of getting the right answer on the test.
And that's because IAC Squared and CSSP, with some of this content, have their own sort of reality. So that's why
somebody like me, who has no years of experience as a practitioner, can have CSSP, SISM, CEH.
Like, think about it. I've never done any ethical hacking. How am I a certified ethical hacker? I
got a 93% on that exam, right? That doesn't make sense. So look, I mean,
the major flaw is that they're multiple choice exams, right? Written with a perspective from the test maker, which might be a different perspective than a practitioner. And if we
follow this back to our first segment we did on this, where I talked about how I was told that
Hopkins does not value certifications. That's why. One of the reasons they don't value certification and they value research over it is because research is actually a better demonstration of your skill set.
Yep. Right. It's peer reviewed. This is, like you said, this is a multiple choice test.
Now, it does demonstrate some basic qualifications and not to diminish the value of a security or any certification to a practitioner of any field.
There are a lot of places where you have to have these in order to get hired.
I also think what would be helpful, Joe, if you don't mind, is maybe we could actually pick a question from the diagnostic that you got wrong.
Sure.
And just sort of, you know, walk through the content and maybe think about what you were thinking and how we could, you know, make sure next time we get it right.
Yes, absolutely.
So we've pulled up question number 16 on your test.
And this is one that you got wrong, but we're going to try to figure out what happened.
We're going to diagnose the diagnostic and see what happened.
Okay. So this question is a very short one in the sense that to use some technical test-taking language,
the question stimulus is the question stem.
So what I'm trying to say is
sometimes you get a long question.
There's a lot of detail.
This one's very short and straightforward.
So it's good for podcasting.
Right.
But it says,
which of the following would be the most expensive
DRP testing method?
Okay, stop.
We're already going to get into some test-based strategy.
We're on the diagnostic.
I still want to talk strategy.
Okay.
When you get a question like this, before just reading the answer choices,
we want to think about the question stem, what they're asking,
and try to see if we can do some pre-work before we get to the answer choices. So Joe, my question back to you is twofold. Number one, if you had to reword the
question in your own words, what are they asking? And number two, they have an acronym in there,
which is unfortunate. What does DRP mean? Disaster Recovery Plan.
Okay. And so what are they asking? They're asking what would be the most expensive way of
testing a disaster recovery plan.
Got it. So, how, I mean, there are a number of different ways you can test a disaster recovery
plan, tabletop exercises, things of that nature. But, which is actually one of the answers here is,
can I, should we start reading the answers now? Sure. So, one of the answer A is actually
structured walkthrough, which is what a tabletop exercise would be.
On its face, without having anything to compare it to, would a structured walkthrough tabletop be, quote, expensive?
That's a good question.
First off, who's going to be in there?
You have to get a bunch of people in the room.
That's expensive.
You got a lot of salaries in there.
Yeah, you're going to have a lot of dollars in salary in there.
Maybe if you have the CEO in there, it can get expensive. You got a lot of salaries in there. Yeah. You're going to have a lot of dollars in salary in there. Maybe if you have the CEO in there, it can get expensive. Okay. But, you know,
by the same token, this is part of their jobs. Yeah. Right. So it's already factored into cost.
So you're not incurring any additional costs by doing this. So, I mean, I don't know. I would
say that there is a labor cost. Sure. but it's not stopping anybody from doing anything else.
Sure, it's not like it could be any different
than a different type of meeting.
Right, exactly.
Okay.
It would be just like an all-day meeting.
Yeah.
So the next one says DRP review.
Right.
What is that?
That's essentially like a document review.
Okay.
I used to do these all the time
when I was writing technical manuals for
government agencies, you know, and you had to write them very meticulously, right? And a disaster
recovery plan is going to be no different. You're going to have to write something so that somebody
who picks it up, who hasn't seen it before, hasn't seen it in six months can read it and go, okay, it's clear what I need to do here.
Got it.
So I think this is probably the least expensive.
Okay.
So this is probably an answer choice that we can safely throw out.
Throw, dismiss.
We can get rid of it.
So now there's two left.
There's parallel processing and complete business interruption.
Correct.
So complete business interruption. Correct. So, complete business interruption.
I kind of disregarded this, which is the correct answer,
as an invalid choice because you're not going to do a complete...
Why would you disrupt your business to do a disaster recovery plan assessment?
I mean, I guess you could.
This is what I'm talking about. I love it. This is so meta. We were talking about the real world versus the exam world, right? They are saying in this
hypothetical world, yeah, you might not want to do it, but it would be the most expensive. And in
fact, that might be another reason not to do it. Yeah, exactly. It's going to be too expensive.
That's an excellent point because you're going to lose. If you,
first off,
are you in a kind of business where you can say,
all right, everybody,
we're going to be down
for three days
while we do a disaster
recovery plan exercise?
Yeah.
I mean, Amazon
will never say that sentence.
Sure.
Right?
Sure.
So, Joe,
as we wrap up
this sort of mini session
going through your
diagnosis exam,
what is one thing that you
learned? Even just going through the question itself, is there anything that you did hear
or learn from this question that you got wrong that is going to change or impact how you approach
the next question? I don't know right now.
I'll tell you what it does impact.
It does impact the way I'm going to think about
the material as I'm going through it
and the level of specificity that they're looking for.
And if they're looking for these linguistic specificities,
like, okay, what is the most expensive way?
Well, yeah, shutting your business down is pretty expensive.
Nobody likes to do that.
Okay.
So basically, if I could say it back to you,
you're basically going to be really careful
with making sure that you're kind of thinking like the test maker.
Correct.
You got to get in their brain space, in their mindset,
think about it from their perspective,
not necessarily your perspective as the practitioner or test taker.
Yes, that's correct.
I'm going to be thinking like them.
Excellent. Or trying to think like them. That's correct. I'm going to be thinking like them. Excellent.
Or trying to think like them.
Maybe I will not be thinking like them.
You don't want to think like them. That's a scary place to be.
Just kidding, ISA Square. We know
we love you. We're official training partners
at ISA Square.
That's right.
And you too, Isaac. I can come to you.
Easy counsel. Anyway.
So, Joe, keep up the good work.
Keep up the studying.
Next time we meet, we'll talk a little bit more about how your studies have been going
now that you have the data to actually start with the studies.
So good luck.
Thank you. That's my Hacking Humans colleague, Joe Kerrigan,
along with N2K Cyber Wire's Sam Meisenberg.
Bird. Ann Johnson is the host of Microsoft's Afternoon Cyber Tea podcast right here on the N2K Cyber Wire network. In her latest episode, she's joined by Graham Cluley and Carol Terrio,
hosts of the Smashing Security podcast. Today, I'm joined by Graham Cluley and Carol Terrio,
fellow podcast hosts of the show Smashing Security.
Smashing Security is this incredibly helpful
and really hilarious take on tech snafus.
Each week, Carol and Graham talk about...
Yeah, I know.
That's a great way to put it, isn't it?
All right.
We're going to have some fun today, by the way, on Afternoon Cyber Tea.
And we're going to have Carol and Graham.
They chat normally about cybercrime and hacking and online privacy and all kinds of things.
But I want to first welcome you to Afternoon Cyber Tea, Graham and Carol.
Thank you very much. What a delight to be here.
Thank you so much for having us. It's such a pleasure.
Look, it's a household name in the cyber world. Can you talk a little about how it came to be here. Thank you so much for having us. It's such a pleasure. Look, it's a household name in
the cyber world. Can you talk a little about how it came to be? What inspired both of you to create
it in December of 2016? And Graham, let's start with you this time. Well, I think Carole will
agree with me that smash insecurity was entirely my idea. It was my concept. It was my instigation. No, the truth is that for some years, Carola's
always loved podcasts from the early days of podcasts. And she kept saying to me,
when do we do a podcast? When do we do a podcast? And for years and years, she nagged me
that we should do one. And eventually, one drunken evening, probably, I don't know. But for some
reason, she had some blackmail on me.
And so we began to produce a podcast.
And it turned out to be quite popular.
And we've been doing it pretty much every single week since.
I think we're just up to about 360 episodes, something like that.
So we've done a lot of them.
Still funny things to say, though.
That's fantastic.
And Carol, how do you think about it?
Why did you start it?
Are you loving it, et cetera?
I don't know.
It's become something that I do every week, you know?
And what's interesting, I think, for us is that we are a team of two.
And we invite guests, but we like all this great stuff that other podcasts
have like editors and script writers and all this stuff it's just the two of us so you know and you
don't you know it's a lot of work to run a podcast especially if you've got supporters as well and
you want to be part of a community and I think what's great about working with Graham is because we worked together before,
we know each other's strengths and shortcomings.
And we somehow have been able to fill those gaps
in order to have a successful show for all these years.
And long may it continue, shall I say.
Well, let's get into the heart of this.
On your show, you cover a wide range of topics
from cyber to hacking to privacy.
What is one topic that surprised you or challenged your perspectives during the journey and one that surprises you
because it continues to come up a lot? Karol, you first. It's covered so many topics, you know,
because like Graham said, we've had 360 episodes. So honestly, I kind of forget what story I've
covered as soon as it's published and
out in the world. It's really, it's like a mental toilet that I flush as soon as we publish. And
then I can focus on the other bazillion things in my life. But saying that, there is one that
is currently seared in my memory. I was recently duped by an Instagram scam in December, hook, line, and sinker. And I know very well what to
look out for, right? But somehow the scam managed to skew my vision in such a way that I couldn't
hear that inner voice saying, what the heck are you doing? Until I had paid for the non-existent
product, right? And this for me was a super humbling
and honestly humiliating experience
because I should know better, right?
If anyone's supposed to know better, I should know better.
But it also made me viscerally aware
that there's lots of shame when people get duped
in these kind of scams,
like be it malvertisement or romance scams or whatever.
And I think I'm learning that the way to get over shame
is to talk about it.
So I decided on my own, you know, to own it
and to tell the story on Smashing Security.
And I didn't tell Graham, right?
I didn't tell you beforehand.
So you walked in totally blind
so we could get your honest reaction,
your supportive reaction.
Be sure to check out the Afternoon Cyber Tea podcast
wherever you get your podcasts.
Thank you. by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications,
securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today
to see how a default deny approach
can keep your company safe and compliant.
With TD Direct Investing,
new and existing clients could get 1% cash back.
Great! That's 1% closer to being part of the 1%!
Maybe, but definitely 100% closer to getting 1% cash back with TD Direct Investing.
Conditions apply. Offer ends January 31st, 2025. Visit td.com slash dioffer to learn more. And finally, in an almost comedic twist that reads like the plot of a satirical novel,
the UK's very own guardians against eavesdropping, the National Authority for Counter-Eavesdropping,
have been caught with their hands in the proverbial cookie jar.
Granted new powers in October 2021 to sift through communications data for national
security, they somehow managed to trip over the fine line between surveillance and unlawful
snooping, all in a botched attempt to uncover a journalistic source. According to the 2022
annual report from the Investigatory Powers Commissioner's Office, which oversees these activities,
the UK's watchdogs were anything but vigilant,
racking up a high incidence of errors and proceeding without necessary judicial green lights.
Sir Brian Levison, the commissioner himself,
was apparently so alarmed by these findings
that he questioned the organization's competency
to lawfully wield
its powers without someone looking over its shoulder. The outcome was a temporary revocation
of their self-authorization privileges until they could prove themselves capable of not
tripping over their own feet. Fast forward to a December 2022 re-inspection, and UK NACE appears to have cleaned up its act, convincing the powers that
be of its renewed competency. By January 2023, it was back to business as usual, with the government
voicing its confidence in an agency that had just moments before proven it needed a little more than
just a slap on the wrist. Our Who Watches the Watchman desk commented that watching an
entity designed to prevent unlawful eavesdropping get chastised for unlawful eavesdropping is an
irony so rich it could only be served with a side of humble pie. One can only hope this serves as a
reminder of the importance of oversight, especially when it comes to protecting the sanctity of journalistic sources.
You'll forgive me if I'm not holding my breath.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to
know what you think of this podcast. You can email us at cyberwire at n2k.com. N2K Strategic
Workforce Intelligence optimizes the value of your biggest investment, your people. We make
you smarter about your team while making your team smarter. Learn more at n2k.com. This episode
was produced by Liz Stokes.
Our mixer is Trey Hester with original
music by Elliot Peltzman.
Our executive producers are Jennifer Iben
and Brandon Karp. Our executive
editor is Peter Kilby and I'm
Dave Bittner. Thanks for listening.
We'll see you back here tomorrow. Your business needs AI solutions Thank you. data into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows, helping you gain insights, receive alerts, and act with ease
through guided apps tailored to your role. Data is hard. Domo is easy. Learn more at ai.domo.com.
That's ai.domo.com.