CyberWire Daily - In the offense-defense see-saw, the defense seems to be rising.
Episode Date: November 3, 2023An Apache vulnerability is being used to install ransomware. Exploitation of Citrix vulnerability in the wild. AP sustains DDoS attack. HHS reaches settlement in HIPAA data breach incident. More evide...nce of OSINT's reach. On the Solution Spotlight: Simone Petrella and Rick Howard speak with Ben Rothke about his article and thoughts on "Is there really an information security jobs crisis?" Andrea Little Limbago from Interos joins us to discuss SEC and the disclosure rules. And, Microsoft draws a lesson from Russia's war: cyber defense now has the advantage over cyber offense. For links to all of today's stories check out our CyberWire daily news briefing: https://thecyberwire.com/newsletters/daily-briefing/12/211 Selected reading. Critical Apache ActiveMQ Vulnerability Exploited to Deliver Ransomware (SecurityWeek) HelloKitty ransomware now exploiting Apache ActiveMQ flaw in attacks (BleepingComputer) Critical Vulnerability: Exploitation of Apache ActiveMQ CVE-2023-46604 (Huntress) Suspected Exploitation of Apache ActiveMQ CVE-2023-46604 (Rapid7) HHS’ Office for Civil Rights Settles Ransomware Cyber-Attack Investigation (U.S. Department of Health and Human Services) AP news site hit by apparent denial-of-service attack (AP News) Associated Press hit by Anonymous Sudan DDoS attack? (Tech Monitor) Satellites and social media offer hints about Israel's ground war strategy in Gaza (NPR) Revisiting the Gaza Hospital Explosion (New York Times) Microsoft Vows to Revamp Security Products After Repeated Hacks (Bloomberg) A new world of security: Microsoft’s Secure Future Initiative (Microsoft On the Issues) Announcing Microsoft Secure Future Initiative to advance security engineering (Microsoft Security) Ukraine at D+617: Advantage defense. (CyberWire) Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
Delete.me's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for Delete.me.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code
n2k at checkout. That's joindeleteme.com slash N2K, code N2K.
An Apache vulnerability is being used to install ransomware.
Exploitation of a Citrix vulnerability in the wild.
The AP sustains a DDoS attack.
HHS reaches a settlement in a HIPAA data breach incident.
More evidence of OSINT's reach.
Andrea Little-Limbago from Interos discusses the SEC and disclosure rules. In our Solutions Spotlight, N2K's Simone Petrella and Rick Howard
speak with Ben Rothke about whether there really is
an information security jobs crisis.
And Microsoft draws a lesson from Russia's war.
Cyber defense now has the advantage over cyber offense.
I'm Dave Bittner with your CyberWire Intel briefing for Friday, November 3rd, 2023. Huntress and Rapid7 have observed exploitation of a remote code execution vulnerability affecting Apache ActiveMQ.
The flaw is being used to deploy the Hello Kitty ransomware.
Apache released patches for the vulnerability on October 25th,
and Rapid7 says the exploitation began two days later, on October 27th.
Rapid7 reported Wednesday, the threat actor's attempts at ransomware deployment were somewhat
clumsy. In one of the incidents Rapid7 observed, there were more than half a dozen unsuccessful attempts to encrypt assets.
The vulnerability, which has a CVSS score of 10, can allow a remote attacker with network access
to a broker to run arbitrary shell commands by manipulating serialized class types in the
open wire protocol to cause the broker to instantiate any class on the class path.
Huntress wrote yesterday,
exploitation for this attack is trivial. There's a Metasploit module that automates exploitation
for this attack. The Huntress team confirms that this module works like a charm against vulnerable
instances of active MQ. The Citrix bleed vulnerability affecting Netscaler ADC and Netscaler Gateway remains under active exploitation.
Citrix issued patches for the flaw early last month.
Netscaler has offered advice on mitigation.
Mandiant has been researching the risk and this morning updated its research into the exploitation, stating,
Mandiant is currently tracking four distinct
uncategorized groups involved in exploiting this vulnerability. We have observed some lower degrees
of confidence overlaps in post-exploitation stages among these UNC groups, like using the same
recon commands and utilities available on Windows. The U.S. Department of Health and Human Services Office for Civil Rights
has reached a $100,000 HIPAA settlement with a Massachusetts medical management company.
Doctors Management Services reported a data breach to HHS on April 22, 2019,
stating that around 206,000 individuals were affected when their network server was infected with GANDCRAB ransomware.
The breach, which occurred on April 1, 2017, went undetected until December 24, 2018,
when ransomware was used to encrypt their files. An OCR investigation revealed potential failures
in risk analysis, insufficient monitoring of health information systems, and a lack of policies
to protect electronic protected health information, indicating non-compliance with HIPAA security rule
requirements. Turning to some apparent news from Russia's hybrid war against Ukraine,
the Associated Press has reported that its site, APnews.com, was intermittently unavailable Tuesday as it
underwent a flood of traffic during what appears to have been a DDoS attack. Anonymous Sudan,
a nominal hacktivist organization that's actually a front group for Russian intelligence and
security services, announced in its Telegram channel that it intended to disrupt Western
media, and informed speculation holds it likely that this group was responsible for the attack on the AP.
But the AP itself says it's been unable to conclusively attribute the incident to Anonymous Sudan.
In fairness, hacktivist auxiliaries do a great deal of bragging.
They've just claimed to have hit PayPal in a test, the Cyber Express reports.
There are also some signs,
according to Falcon Feeds, that Anonymous Sudan may currently be pestering Yahoo News.
Their site was down briefly but is now back up. So, in this case of the AP, if you bet on form,
it's probably Anonymous Sudan. Open Source Intelligence, or OSINT, has shown its value in both of the major
wars currently being fought, the war between Russia and Ukraine and the conflict between
Israel and Hamas. News organizations were able to extract a tolerably good picture of the Russian
order of battle on the eve of the invasion, from pictures posted to social media by Russians
innocently showing trains loaded with armored
vehicles passing through their towns en route to staging areas. Similar things are happening in the
war between Hamas and Israel. NPR describes, in the course of reporting Israel's ground operations
into Gaza, how such sources enable observers to track action on the ground. The principal sources
of information in Gaza have been overhead imagery
provided by commercial satellites with a timeliness and resolution
formerly available only to the best-equipped nation-states,
and social media, video, reports, audio, and so on.
Neither overhead imagery nor social media content
can't be naively accepted as ground truth,
but it represents information that can be sifted, assessed, and analyzed.
The New York Times provided an example of how they did this, albeit a little slowly,
in the case of the explosion at the Gaza hospital,
which the Times now thinks was caused by a wayward rocket launched against Israel from Gaza. Some of the
analysis depends upon background knowledge, historical or geographical awareness, and finally
the esoteric but increasingly available skills of image interpretation. Microsoft, in announcing its
Secure Future initiative, sees Russia's hybrid war as having demonstrated
that the advantage in cyberspace
has swung from the offense to the defense.
The company says,
the war in Ukraine has demonstrated
the tech sector's ability to develop cybersecurity defenses
that are stronger than advanced offensive threats.
Ukraine's successful cyber defense
has required a shared responsibility between the tech sector and the government, with support from the country's allies.
It is a testament to the coupling of public sector leadership with corporate investments and to combining computing power with human ingenuity.
And Redman thinks that AI promises even more to the defenders, stating,
AI promises even more to the defenders, stating, as much as anything, it provides inspiration for what we can achieve at an even greater scale by harnessing the power of AI to better defend
against new cyber threats. We note in passing and full disclosure that Microsoft is a CyberWire
partner. The company has committed to improving cyber defense in these ways. They say, first, we are taking new steps to use AI to
advance Microsoft's threat intelligence. Second, we are using AI as a game changer for all organizations
to help defeat cyber attacks at machine speed. Third, we are securing AI in our services based
on our responsible AI principles. So, in Redmond's view, AI is likely to further enhance the defense
and so prove an ultimately benign family of technologies if properly managed.
Let's hope so.
Coming up after the break, Andrea Little-Limbago from Interos discusses the SEC and disclosure rules.
In our Solution Spotlight, N2K's Simone Petrella and Rick Howard speak with Ben Rothke about whether there really is an information security jobs crisis.
Stay with us. Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection
across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cyber criminals to bypass your
company's defenses is by targeting your executives and their families at home? Black Cloak's award
winning digital executive protection platform secures their personal devices, home networks,
and connected lives. Because when executives are compromised at home, your company is at risk.
In fact, over one third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.
Ben Rothke works in information security at TAPAD. He writes book reviews for the RSA blog and is a founding member of the Cloud Security Alliance and the cybersecurity canon.
In today's Solution Spotlight, N2K's Simone Petrella and Rick Howard speak with Ben Rothke about whether or not there really is an information security jobs
crisis. We spend a lot of time on this segment talking with experts about ways they're addressing
the cyber talent crisis. But today I want to tackle the issue, is the talent shortage really
as bad as we think? To have this discussion, I'm joined today by Rick Howard, the CyberWire's
Chief Analyst, and Ben Rothke, senior information security manager at Experian.
Hi, gents. Thanks for joining.
Hello.
Hey, Simone. Thanks for doing this.
All right. Well, let's just jump right in.
Ben, I know you've tackled this question.
So is there really a cyber job shortage?
Yes.
But I think with a caveat, there's a lot of reports, press releases, et cetera, about
millions of cybersecurity jobs. So the short answer is yes, it's definitely, it's a great
career path. There's a lot of openings, but it's not that people could take a crash course,
get a high paying job in information security. Darn. I wish. Really? I'm shocked.
Shocked, I say.
I get calls, you know, weekly from parents, from people.
I want, you know, they've got college-age kids.
There's other people in IT that want to get into information security.
And it's a great career.
There's a lot of opportunity.
But once again, it's not this magic bullet where you could
take a boot camp and companies are going to be desperate for your services. I think that's the
difference. I think one misnomer is thinking you could just do information security. Information
security is built on top of IT. Information security is like a medical specialty. First,
you do internal medicine,
then you do your specialty. Yeah, you're stealing an analogy. I've used that analogy for years,
Ben. We're simpatico on that one. I thought you brought up something really interesting,
which is that the numbers are endemically overreported. And it's something I have noticed
in some of the things that we've seen in the data sets and something that's always struck me, I know even when I think about the amount of federal cyber
and defense cyber jobs that are being bid in the DMV alone, I think about every contractor
that's putting out recs for the same job postings.
If we're using that as the data point, I'm like, we've just quadruple counted because
everyone's putting out postings for the same singular role. It's just getting replicated four times.
Yeah, I think the number is, last time I looked, it was 3.5 million job openings, right? And
it seems to grow every year. These are not entry-level jobs. But I think that's our fault.
We're the security professionals here. And for years, we've insisted that we're not going to hire newbies for a specific task.
We've insisted that these new employees have, you know, 20 years experience and 17 certs.
And therefore, we don't hire them.
I'm wondering what you think about that is that we could be very judicious here if we were smart about hiring newbies coming off the street
and give them very specific things to do.
And I wonder if that fixes the problem.
Yeah, I mean, I think there's a lot of issues,
a lot of things involved.
And even getting back to that number,
I heard a million job openings in the U.S.
And if you think about it,
that would mean almost like 1% of Americans are in information security.
Information security is broad, it's deep.
So there's a lot of things going on.
The short answer is there is no quick fixes.
It's just there's the supply, there's the demand, there's training aspects.
And so there's a lot there. But yeah,
I said there's a lot of different things going on and there is no one thing to fix this shortage.
Right. I'm curious though, because it really sticks with me too in the work we've done around
this idea of the short-term realities and companies that kind of focus on, here's what I
need yesterday. And so I don't have the advantage or the luxury to invest in those training programs
or those upskilling programs versus the reality that if we don't do those things, there is no way
to ever grow this pool of talent, regardless of what the actuarial number of shortfall of jobs is.
So what has to happen culturally?
And I assume these large companies, they've got to lead the charge from my perspective.
In the old days, we used to pay bills in an envelope from the AAA.
Their envelope said, I think, you know, auto safety doesn't cost, it pays.
I think so too with information security.
It doesn't cost, it pays. I think so, too, with information security. It doesn't cost, it pays. It is an
investment. And, you know, there was a... Yeah, but Ben, we don't treat it that way as an industry.
Yeah. You know, because, you know, my experience is when we train employees, existing employees,
we never do it with the idea that we're going to improve the team. That's not the primary
consideration, right? It is, we're going to, it's usually a perk. we're going to improve the team. That's not the primary consideration, right?
It is, we're going to, it's usually a perk.
We're going to improve how well the team performs on our particular strategy.
And that's a culture shift for all of us because none of us do it that way.
Yeah, as I said, you know, there's a lot.
I mean, we need to invest in the people.
You need to invest in the products and the technology and processes in all of these.
So it, as it is, I think information security in some ways is really
not that different from IT, from society as a whole.
But as it has gotten to that point, you really can't ignore it anymore.
I mean, in the last week, there's Clorox, there's Caesars, there's MGM.
So companies are slowly getting it, but it's like the proverbial aircraft carrier.
These things are huge and big, and you want to make a change and a turn.
It does take a while, but even with the new SEC guidance, that's changing things significantly.
So in some ways, information security, we're inherently, we always focus on risk,
and you always see
the dangers and everything. So I think there is
a lot of good things
going on. Information security
is now at the board level.
There's a lot of investment,
but it still takes
a while to fix.
The culture change, though, Ben, that I'm talking about
is that when you have a budget
for training and it's earmarked for, you know, career progression, okay, that's the first thing
that gets cut. No, and Rick, I think you really said an operative word. It's how is it tied to
a strategy? Just having a budget, it's easy to cut a budget for training when it's a perk because
that's what it's viewed as, is a perk. And so you take away the perk because you do that.
If it's not tied to a talent strategy, a people strategy.
Or, you know, not to toot my own horn, but a first principle cybersecurity strategy, right?
So if your strategy is, I don't know, resilience like it is here at the Cyber Wire,
we need people that know how to do resilience.
And I could take budget decisions,
resource decisions to the, you know, to Simone, my boss, and say, you spend $3,000 on this.
I can buy down risk with that, right? As opposed to, you know, it's Kevin getting a, you know,
pat on the back because he did a good job last week. Yeah, I think that gets, you know, into
the another issue, you know, it is creating the It is creating the return on security investment.
If you're familiar with FAIR, factor analysis of information risk, that's a great method to show and quantify that.
But even getting those good numbers, that's an effort in and of itself.
But a lot of things can be cut.
No one says, hey, times are tough.
We've got to cut back on electricity.
We've got to cut back on plumbing because you can't do that.
And so information security really is no different.
Right.
But, you know, it's a really good point when you think about the amount of budgets that's spent on, especially the operating budget spent on headcount.
That is by far the largest amount
of budget spent is ultimately on people. So I want to leave us with this parting question. I'll give
you both a chance to kind of answer it. As a takeaway, if you were to identify one thing in
sort of the low-hanging fruit that could start to change this culture paradigm and start to focus
the industry on
the long-term solutions?
What would be your first starting point?
I don't know what mine would be, but Ben, what do you think?
Oh, I just say, you know, stop and, you know, figure, you know, really understand, you know,
what your IT issues are, you know, what your needs are, what your goals are, and understand how to get security
involved in that. So I'll piggyback off that, right? I would call that decide what your strategy
and tactics are. But the first step in solving this problem, I think, is being able to assess
your current workforce on how good they are at pursuing those strategies and tactics.
So you can make a decision about training resources in the future.
That's what I would do.
That's great.
Well, Ben, Rick, thank you so much for joining for this discussion.
Always a ton of fun.
Thanks, Simone.
That was fun.
Thank you.
That's Ben Rothke speaking with N2K's Simone Petrella and Rick Howard.
There's a lot more to this conversation.
If you want to hear more,
head on over to the CyberWire Pro and sign up for Interview Selects,
where you'll get access to this
and many more extended interviews.
And I'm pleased to be joined once again by Andrea Little-Limbago. She is Senior Vice
President of Research and Analysis at Interos. Andrea, it is always great to welcome you back.
I want to touch base on geopolitics, something you and I talk about regularly, but also how that intersects with cyber, of course, but the folks in the C-suite.
What sort of insights do you have on that?
Yeah, no, thanks.
And there are areas that tend to be disconnected in most conversations.
But what we're seeing at the C-suite level is a growing push both for greater cybersecurity domain expertise as well as geopolitical expertise.
And that, unfortunately, Russian invasion of Ukraine
was the prompt forcing function on that regard.
However, some of that discussion had started earlier
following the start of the U.S.-China trade war,
but wasn't necessarily taken as seriously as it is now.
And it's been a good seven years since then. the start of the U.S.-China trade war, but wasn't necessarily taken as seriously as it is now. And
it's been a good seven years since then. So the various kinds of sanctions and regulations and
so forth really have just continued at a rapid pace. If nothing else, it's a compliance issue
in many regards for some of these companies that the C-suite needs to be aware of. But it is
thinking about how can you build a resilient company in these times of shifts and looking
across the major shifts that are going on to really shape this new normal.
Clearly, climate change will be one of them.
The technological revolution that's underway is one of them.
But the geopolitical landscape is shifting in ways that we have not seen for decades.
And that is something that's starting to raise much more awareness.
And we have folks on the board are starting to ask,
how are you building your company to be resilient against some of those shifts?
The folks I speak to always emphasize that you have to approach the C-suite
in the language they understand, which tends to be risk,
material risk to the business.
And yet everything, it seems these days, flows through cyber. I mean, even the social aspects of social media.
We're coming up on an election season here, and that affects everything as well.
Are we seeing a heightened awareness from the C-suite
to focus on those elements?
I'd say a growing.
I'm not sure I'd say heightened yet.
Okay.
I wouldn't go quite that far.
And I think to your point, I mean,
so much of the geopolitical politics
and the risk associated with it are manifest through cyber.
And that's why we see so much of that interconnected.
And so I think, you know think there's a rising awareness.
I think the World Economic Forum
did their findings from earlier this year
that they did a polling of a bunch of
executives and their best estimate
was that there will be some sort of catastrophic
cyber event in the next two years that is geopolitically motivated.
And take that with a grain of salt, but it just shows that there is a heightened awareness at a minimum, whether they're actually doing something that's a little bit different about it.
But the connectivity between geopolitics and cybersecurity and then that having an impact on the businesses is something that is growing in awareness awareness those are questions that are starting to pop up we're hearing them a whole lot more
and so we're starting to see some shifts in in that regard and i think what's interesting and
you mentioned social media and that's you almost think about that as being like the front end
risks that are that we see like social media and some of the information and all and the various
kind of,
we've seen disinformation campaigns targeted at companies already numerous times. So that's one component of it and the data security. And then some of the backend risks could be the hardware
that we're seeing right now that's being in the companies. And there's actually a really good book
along the lines that separates it by front-end risks and back-end risks for cyber and geopolitics
that it's called The Wires of War by Jacob Helberg
that I would recommend.
I really like that framing because it is sort of
the software risk and then the hardware risk.
And then the data that goes along with it.
And I don't think many companies are thinking
about it that way quite yet.
And compliance is forcing some of them to
when you have something like Huawei technology
that is not allowed to be within your infrastructure. That's a forcing function on the hardware side. And then even some of the
software apps, but even just data security, data privacy laws are forcing as well. But
I think it's still really nascent, I think, when it's getting into business discussions.
Well, and we're seeing shifts of emphasis on bringing some core manufacturing back to the United States, chip manufacturing, things like that.
But then in the next breath, you hear the folks leading that effort saying, well, we don't have enough people here who are trained.
And so it's going to take us longer than we thought it would.
Strong geopolitical implications there.
geopolitical implications there.
No, it's huge.
I mean, I was just reading,
I think the other day,
that the Taiwan semiconductor manufacturing,
the biggest semiconductor company,
was building a plant in Arizona,
and then it's getting delayed for that reason,
for inability to find
all the labor that they need.
So there are,
it's one of those things,
it's way easier said than done,
but we are seeing the company
shift in that regard.
But we're also,
it's interesting,
I'm also seeing in some cases out of governments or
corporate executives talking about the risk on one side and then
in a different forum talking about how they're reinvesting, say, in China and growing a labor force
or growing a new plant there. And so it's very hard to see.
You can't have it both ways, and I think some companies are trying to have it both ways right now because they've been able to.
And that's, especially in the area of supply chains,
they've grown globally absent any thought about geopolitics.
Globalization as it expanded over the last few decades
really didn't take geopolitics into consideration,
and now it has to.
So it's a big mindset shift that I think is slowly coming around.
And for sure, some industries are thinking about it a lot more than others.
Yeah, I just think in my day-to-day life, I mean, for all of us,
the number of items, consumer items, our mobile devices, our televisions,
everything that comes through China.
And so, think about a company like Apple, who we all rely on,
even if you don't have an Apple device, you know someone who does.
They can't just pivot and find another manufacturer with the scale and precision
and all the things that they've come to expect that China can provide.
Yeah, no, I agree. And then even going down to
the materials that go into those technologies, the critical minerals, that's really becoming
another area of discussion and dispute between China and, say, Australia, the U.S., European
countries. And so that also becomes another area of concern is where, if we're trying to decouple,
where do you get the critical
minerals needed to create the technologies? Where do you suppose we're headed here? Are we
on a trajectory of, for the short term, increased tension, or are we at some sort of equilibrium?
What do you suppose we are? Oh, yeah, I think a lot of it depends i mean we're at a new
equilibrium for sure following russia's invasion of ukraine but with regard to china it so much
depends on what china does towards taiwan i think we're at an equilibrium right now for the level
of tensions they're they're you know higher than they were several years ago i don't foresee any
rethinking of the sanctions on their major tech companies and their AI companies and so forth.
There's the unethical labor conditions that they have also impacts the regulations of their
companies. They don't see that going away or us shifting policy. I've actually heard recently a
couple of Congress folks calling for rethinking some of the policies towards China, but I just
can't imagine that happening.
Just given the wide-scale IP theft,
and we keep finding, you know,
there seems to be some new data breach linked back to China.
So I can't imagine that happening anytime soon.
But really, the unknown is China's behavior towards Taiwan.
And that, for many people, has always been like,
oh, that's a distant future.
I think more, and the government for sure
is planning for that more now.
And I think many of the companies are starting to think
that what would happen then?
Again, I think Russia invading Ukraine
was a forcing function on that.
But I think some of the other aspects
of U.S.-China relations have further raised the concern.
Yeah.
All right.
Interesting times.
Andrea Little-Limbago,
thanks so much for joining us.
Cyber threats are evolving every second, and staying ahead is more than just a challenge.
It's a necessity.
That's why we're thrilled to partner with ThreatLocker,
a cybersecurity solution trusted by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant.
With TD Direct Investing, new and existing clients could get 1% cash back.
Great! That's 1% closer to being part of the 1%.
Maybe, but definitely 100% closer to getting 1% cash back with TD Direct Investing.
Conditions apply. Offer ends January 31, 2025. Visit td.com slash dioffer to learn more.
And that's The Cyber Wire. For links to all of today's stories, check out our daily briefing at thecyberwire.com.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's Research Saturday and my conversation with researchers from Sentinel-1.
They're sharing their work, Sandman APT, a mystery group targeting telcos with a Luigit toolkit.
That's Research Saturday. Check it out.
We'd love to know what you think of this podcast.
You can email us at cyberwire at n2k.com.
Your feedback helps us ensure we're delivering the information and insights that help keep you a step ahead in the rapidly changing world of cybersecurity.
We're privileged that N2K and podcasts like the Cyber Wire
are part of the daily intelligence routine
of many of the most influential leaders and operators in the public and private sector, as well as the critical security teams supporting the Fortune 500
and many of the world's preeminent intelligence and law enforcement agencies.
N2K Strategic Workforce Intelligence optimizes the value of your biggest investment,
your people. We make you smarter about your team while making your team smarter. Learn more at n2k.com.
This episode was produced by Liz Ervin and senior producer Jennifer Iben.
Our mixer is Trey Hester with original music by Elliot Peltzman.
The show was written by our editorial staff.
Our executive editor is Peter Kilby, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
AI agents connect, prepare, and automate your data workflows, helping you gain insights,
receive alerts, and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy. Learn more at ai.domo.com. That's ai.domo.com.