CyberWire Daily - One tap, total access: Pegasus exploits unveiled.
Episode Date: November 15, 2024Unredacted court filings from WhatsApp’s 2019 lawsuit against NSO Group reveal the scope of spyware infections. Glove Stealer can bypass App-Bound Encryption in Chromium-based browsers. Researchers ...uncover a new zero-day vulnerability in Fortinet’s FortiManager. Rapid7 detects an updated version of LodaRAT. CISA warns of active exploitation of Palo Alto Networks’ Expedition tool. Misconfigured Microsoft Power Pages accounts expose sensitive data. Iranian state hackers mimic North Koreans in fake job scams. Australia warns its critical infrastructure providers about state sponsored embedded malware. An especially cruel cybercriminal gets ten years in the slammer. Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents may change the cyber landscape. We’re countin’ down the top ten least secure passwords. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Guest Ambuj Kumar, Co-founder and CEO of Simbian, joins us to discuss how AI Agents are going to change the cyber landscape. Selected Reading 1,400 Pegasus spyware infections detailed in WhatsApp’s lawsuit filings (The Record) Glove Stealer Malware Bypasses Chrome's App-Bound Encryption (SecurityWeek) watchTowr Finds New Zero-Day Vulnerability in Fortinet Products ( Infosecurity Magazine) LodaRAT: Established malware, new victim patterns (Rapid7 Blog) CISA Warns of Two More Palo Alto Expedition Flaws Exploited in Attacks (SecurityWeek) Microsoft Power Pages misconfigs exposing sensitive data (The Register) Iranian Threat Actors Mimic North Korean Job Scam Techniques (BankInfo Security) Hackers Lurking in Critical Infrastructure to Wage Attacks (BankInfo Security) Cybercriminal devoid of boundaries gets 10-year prison sentence (The Register) Top 200 Most Common Passwords (NordPass) Special voting request. Just when you thought voting was over for this year…It’s time to vote…again! The N2K CyberWire hosting team of Dave Bittner, Maria Varmazis, and Joseph Carrigan have been nominated for the Creator of the Year category in the Baltimore region’s 2024 Technical.ly Awards for their incredible work on the Hacking Humans podcast! If you're a fan of Hacking Humans, we’d be thrilled to have your support! Please cast your vote here. (Make sure you select the “Baltimore” region). Thanks for your vote! Voting ends Monday, November 18th, so don't delay! Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts wit h us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K.
Air Transat presents two friends traveling in Europe for the first time and feeling some pretty big emotions.
This coffee is so good. How do they make it so rich and tasty?
Those paintings we saw today weren't prints. They were the actual paintings.
I have never seen tomatoes like this.
How are they so red?
With flight deals starting at just $589,
it's time for you to see what Europe has to offer.
Don't worry.
You can handle it.
Visit airtransat.com for details.
Conditions apply.
AirTransat.
Travel moves us.
Hey, everybody.
Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try Delete.me.
I have to say, Delete.me is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data brokers.
I finally have peace of mind knowing my data privacy is protected.
DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners.
private by signing up for Delete Me. Now at a special discount for our listeners,
today get 20% off your Delete Me plan when you go to joindeleteme.com slash N2K and use promo code N2K at checkout. The only way to get 20% off is to go to joindeleteme.com slash N2K and enter code
N2K at checkout. That's joindeleteme.com slash N2K, code N2K.
Unredacted court filings from WhatsApp's 2019 lawsuit against NSO Group reveal the scope of spyware infections.
Glove Stealer can bypass app-bound encryption in Chromium-based browsers.
Researchers uncover a new zero-day vulnerability in Fortinet's FortiManager.
Rapid7 detects an updated version of Loderat.
CISA warns of active exploitation
of Palo Alto Network's Expedition tool.
Misconfigured Microsoft PowerPages accounts
expose sensitive data.
Iranian state hackers mimic North Koreans
in fake job scams.
Australia warns its critical infrastructure providers
about state-sponsored embedded malware.
An especially cruel cybercriminal
gets 10 years in the slammer. Our
guest is Ambuj Kumar, co-founder and CEO of Symbian, who joins us to discuss how AI agents
may change the cyber landscape. And we're counting down the top 10 least secure passwords. It's Friday, November 15th, 2024.
I'm Dave Bitt today, and happy Friday.
It is great, as always, to have you with us.
Unredacted court filings from WhatsApp's 2019 lawsuit against NSO Group
reveal that the Israeli spyware firm used its Pegasus tool to
infect 1,400 devices, targeting journalists, human rights activists, and political dissidents.
Pegasus, a zero-click spyware, exploited WhatsApp vulnerabilities to gain full access to targeted
phones. NSO developed methods, including the Eden and Heaven exploits by reverse
engineering WhatsApp's code and creating a fake client to bypass security measures. NSO admitted
to creating a WhatsApp installation server to impersonate the app and deploy spyware.
Despite WhatsApp's updates thwarting these exploits, NSO adapted, allowing
its government clients to easily target devices by entering phone numbers. Pegasus provided turnkey
access, retrieving data with no technical input from users, according to depositions. Notably,
Pegasus was allegedly used against Dubai's Princess Haya amid human rights violations by Sheikh Mohammed bin Rashid Al Maktoum.
WhatsApp vows to hold NSO accountable for violating U.S. laws and user privacy.
A new malware Glovestealer can bypass app-bound encryption in Chromium-based browsers,
a security mechanism introduced in Chrome 127 to protect cookies. Glovestealer can bypass app-bound encryption in Chromium-based browsers,
a security mechanism introduced in Chrome 127 to protect cookies.
Written in.NET, the malware exfiltrates sensitive data like credentials,
cookies, and information from cryptocurrency wallets, password managers, email clients, and over 80 local applications. It also targets data in 280 browser extensions.
Glovestealer exploits the iElevator service, unique to each browser, to harvest and decrypt
encryption keys. While primarily affecting Chromium browsers like Chrome, Edge, and Brave,
it also targets Opera, Yandex, and CryptoTab. Delivered via phishing emails with
malicious HTML attachments, victims are tricked into running scripts that execute the InfoStealer.
The malware gains administrative privileges, downloads additional modules,
and exfiltrates protected data through a command and control server.
Security firm Watchtower has uncovered a new zero-day vulnerability
in Fortinet's FortiManager, dubbed FortiJumpHigher.
This flaw enables privilege escalation from a managed FortiGate device
to control the central FortiManager instance,
potentially compromising entire Fortinet-managed fleets.
FortiJumpHigher resembles an earlier vulnerability, FortiJump,
which allowed remote code execution on FortiManager via unauthenticated crafted requests.
FortiJump carries a CVSS score of 9.8 and has been actively exploited.
Watchtower claims Fortinet's patch for FortiJump missed key
exploit methods, leaving systems vulnerable. Attackers could exploit these flaws to escalate
privileges and compromise entire networks. Rapid7 has detected a malware campaign featuring
an updated version of LoaderRat, a remote access tool first observed in 2016. This new version
can steal cookies and credentials from Microsoft Edge and Brave browsers. Written in AutoIt,
LoaderRat retains its core functions, such as screen capturing, webcam control, data exfiltration,
and delivering additional payloads, but it hasn't seen major updates since 2021.
The malware is now distributed via Donut Loader and Cobalt Strike
and often masquerades as legitimate software like Discord or Skype.
Rapid7 also found LoaderRat on systems infected with other malware families,
though its distribution method remains uncertain.
Unlike earlier targeted campaigns,
this version has global reach. By tweaking older code, attackers demonstrate that even
legacy malware can remain effective, emphasizing the need for vigilance and timely patching.
CISA has issued an alert about new vulnerabilities in Palo Alto Network's expedition tool being exploited in the wild.
Initially, the agency warned of a critical flaw that allowed attackers to take over administrator accounts and access sensitive credentials.
Now, two additional vulnerabilities have come to light. exploited flaw allows attackers to run operating system commands as root, exposing clear text
credentials, device configurations, and API keys. The second lets attackers manipulate the database
to extract sensitive information and create or read files on the system, all without authentication.
These issues come alongside news of an unrelated zero-day remote code execution vulnerability affecting Palo Alto firewalls.
The attacks don't appear connected.
Organizations are unintentionally exposing sensitive data online due to misconfigured access controls in Microsoft Power Pages, a popular low-code website creation tool.
Aaron Costello of AppOmni discovered these issues,
revealing leaks of personal and organizational data
caused by excessive permissions granted to authenticated users,
often treated as internal despite public registration options.
One notable case involved a UK national health service provider
inadvertently exposing data for over 1 million employees, including email addresses and home
addresses. While this issue was fixed, other organizations globally, spanning health, finance,
and tech sectors, were also affected. Costello attributed most leaks to overly permissive
database settings, such as global access or unprotected columns. Despite Microsoft warnings
about risky configurations, complex access controls and column security setups are often ignored,
leaving sensitive information vulnerable to exploitation.
information vulnerable to exploitation. Iranian state hackers, tracked as TA-455 or APT-35,
are mimicking North Korean tactics to target the aerospace industry with fake job offers.
Using platforms like LinkedIn and malicious domains such as CareersToFind.com. These hackers create convincing recruiter profiles
to lure victims into downloading malware called Snail Resin.
This campaign mirrors North Korea's Operation Dream Job,
employing DLL sideloading techniques and malicious zip files
disguised as job-related documents.
These files have low antivirus detection rates,
increasing their effectiveness. Hackers encode command and control data on GitHub and leverage Cloudflare to mask
their infrastructure, making tracking difficult. ClearSky researchers suggest Pyongyang may have
shared tools or methods with Tehran, given the overlap in techniques. By exploiting trust-based platforms,
TA455 circumvents traditional security measures
and infiltrates networks under the guise of legitimate activity.
The Australian government is warning critical infrastructure providers
about state-sponsored cyber actors embedding malware in networks
to disrupt national security
during crisis or military conflicts. The Cyber and Infrastructure Security Center highlighted
threats posed by foreign actors compromising systems without immediate espionage value to
enable strategic disruption. The Five Eyes Alliance previously warned about China-sponsored Volt Typhoon, which infiltrated U.S. critical infrastructure sectors like energy, water, and telecoms to prepare for potential attacks.
These actors employ stealthy living-off-the-land techniques, using built-in tools to evade detection and blend in to normal network activity. In response, Australia expanded its critical infrastructure protections,
requiring designated operators to enhance incident response,
fix vulnerabilities, and share system data.
Legislative updates also empower regulators to enforce risk management
and support cybersecurity resilience across interconnected systems.
Robert Purbeck, a 45-year-old from Idaho, has been sentenced to 10 years in prison for a series of cybercrimes targeting medical facilities and other organizations.
Over seven years, Purbeck hacked systems, stole sensitive personal data, and extorted victims, causing devastating financial and
emotional harm. His crimes impacted at least 19 victims, including medical practices,
a safe house for domestic violence survivors, and public institutions. Using aliases like
LifeLock and StudMaster, Herbeck sent threatening emails to extort payments,
often targeting individuals' families. In one case, he harassed a dentist, threatening to expose
patients' data and even reference the dentist's child to intimidate compliance. Another victim,
an orthodontist, suffered significant losses and had to sell their practice due to Perbeck's relentless harassment.
The FBI seized Perbeck's devices in 2019,
revealing the data from 132,000 people.
Targeting a safe house for women and children,
fleeing domestic violence is particularly vile,
turning a refuge into a potential danger zone.
Coming up after the break, Ambuj Kumar from Symbium joins us to talk about how AI agents are going to change the cyber landscape. Stick around.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this.
More than 8,000 companies
like Atlassian and Quora
have continuous visibility
into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection
across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows
like policies, access reviews, and reporting,
and helps you get security questionnaires done
five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta
when you go to vanta.com slash cyber.
That's vanta.com slash cyber
for $1,000 off.
And now a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk. In fact,
over one-third of new members discover they've already been breached. Protect your executives
and their families 24-7, 365, with Black Cloak. Learn more at blackcloak.io.
Ambush Kumar is CEO and co-founder of Symbian.
I recently caught up with him to talk about how AI agents may change the cyber landscape. AI is a virtual employee that is using a brain powered by a large language model or AI
and is working just like a human, you know, taking some easy things from you in the beginning,
later on learning to do more and more complex things.
And so how does this differ from the day-to-day experiences that people have with
using tools like ChatGPT, for example? Yeah, so in ChatGPT, you will go and ask it that, hey,
I got this alert about email phishing from one of my employees. What should I do? And then
ChatGPT will give you maybe 10 sentences that, okay,
you know, first go check that employee has clicked on a bad link or not, ask them
when did they receive it, etc., etc. And you will go and do those things. In
case of AI agent, for example, my company Symbian, we are building an AI agent for
cybersecurity. So our AI agent will directly example, my company Symbian, we are building an AI agent for cybersecurity.
So our AI agent will directly take that input, directly take that alert, and actually go and do those things.
So they will come to you and say that, hey, in the last one hour, we have seen 100 different alerts.
I have been able to completely take care of maybe 90% of them, 90 of them.
And here is what I did.
Here is why I think they are malicious.
Here is why I think they are not malicious.
And here are 10 where I'm struggling
to completely take care of them on my own.
So this is what an agent would do,
just like an employee, right?
An employee, you are not asking them every minute that,
hey, what should I do? What should I do?
Rather, you expect your employee to take care of tasks autonomously.
So very, very different approach.
And I suppose, just as with a regular employee,
there's an onboarding process here of getting the AI agent
accustomed to how things are done at your organization.
And also, I imagine you have to be careful about what access you provide.
Absolutely. Absolutely.
So Symbian has two fundamental building blocks in technology.
One is our trusted LLM.
And trusted LLM is a combination of commodity LLM
like GPT-4 or SONET combined with our security knowledge.
And so at the end of trusted LLM,
you get a virtual employee that is skilled in security.
But just like you said, when you hire these virtual employees, when you onboard them,
now you need to tell them that, hey, these are our VIP users.
These are my CEO, CFOs.
These are my crown jewel applications.
This is my biggest customer.
We run things on AWS. Every Tuesday
we roll out our patch. If you see
an alert about this application, here is the person
to go to. Here is how we triage these kind of things.
So all that information that you give to your human
employees when you onboard them, Symbian has a technology to capture
all that structure-on-structure information, and we call that
context lake, and we feed that context lake to our
AI agent, and collectively those two things
start to do real work for you,
just like a normal human employee.
You know, LLMs are kind of famous
or perhaps even notorious for this notion of hallucinating,
of making things up.
How does that play into this?
How do you prevent that sort of thing from happening?
Yeah, great question.
And in fact, this is why it's one of many reasons
why this is easy to dream, hard to build, right?
And LLMs are, I mean, they hallucinate
because they always want to please you.
So, you know, it becomes like an employee
who never says no, always, you know, says yes,
and always says that they got, you know, did their job
and half the time it's job well done, half the time job not well done.
And if you work in security, that is worse than
where you were in the beginning. Because if you don't know
when you can trust the result, then you are always going to double check them
and review them. So it becomes even another
monkey on your back rather than
something that takes work off you. So the way Symbian does it, and this is
one of our unique technologies, is that our trusted LLM has a built-in error correction or detection logic. So whenever LLM generates a quick answer,
first we verify internally whether that answer is correct or not.
If it is correct, then only we pass it to user.
Otherwise, we kind of iterate.
So we say that, okay, we tried to take this one approach.
It didn't work out. Let me take another approach.
Does it work out?
And eventually you find an answer
that we internally think it's correct.
And then we tell the user that,
okay, here is what I got the answer.
And many times,
if it's unable to find that answer,
then we say that,
okay, we tried the best
and this is a job that's too hard for us to do.
And we bail out.
Just like you expect your trusted,
normal human employee to do,
we are building our AI agents in the same mold.
What are some of the low-hanging fruit tasks
that you would recommend organizations who are curious about AI agents?
What are some of the places where they can turn them loose in an exploratory way?
Yeah, so there are two use cases that are getting lots of traction, and we have some early production uses on both of them.
One is Security operations center.
So in SOC, you have your tier one analyst, your tier two analyst,
your tier three analyst, your threat hunters,
and all of them are working, I mean, overworking.
They are overworked, and there is constantly maybe five times more job
than they can do.
So they're always looking for efficiency.
And so the way SOC works is that you get an alert from your SIEM or your XDR,
or maybe you get a trigger from your CTI source that is saying that
I'm seeing something bad happening in wild.
And then your tier one analyst look at that alert
and tries to say whether it's false, positive, false or not.
I mean, if it's true positive, then they go and investigate it.
And if it really turns out something material,
then you put a response plan and you respond to it.
something material, then you put a response plan and you respond to it. And what Symbian can do is 90% of those alerts, it can completely take care of them all by itself. So instead of
your tier one analyst seeing 100 alerts, Symbian is taking care of 90 of them and they see only the remaining 10. And those 10, when Symbian passes that to your analyst,
it has already added lots of auxiliary information.
So it will say that, okay, I have enriched this IP address
based on type of alert it was.
I have pulled this information from your EDR, CrowdStrike, etc.
And so when human employees start to triage that alert, they get some boost because they don't have to spend time manually doing various things that AI has already done for them.
And so that's one use case, SOC.
And we are seeing lots of traction, lots of happy customers there.
Second use case is on GRC.
So on GRC, one of the things that we are doing right now is that you are a vendor,
you are trying to sell your technology to somebody, maybe a bank.
And bank says that, okay, before I purchase your product, I need to know about security.
Are you using firewall? What kind of encryption you use to protect what kind of PII data?
Are you in cloud? Do you have 2FA on your applications?
Is your API continuously reviewed and fixed, etc.
So these security questionnaires, they tend to be very manual heavy and people spend lots of time
answering them and then reviewing them. We have automated all of that.
So we can create a trust center for you
where we put all your compliance documents and security documents
behind an NDA firewall. And then we use that information
as well as live information from your tools.
And when you get a security questionnaire, we automatically fill it. And then you can either
send it to customer directly or you can set it so that we send it back. And when the bank sees that
response, they can also use Symbian to evaluate. So a bank has certain information that is very sensitive.
They're looking for some answer to those questions.
And so they can use Symbian to evaluate
whether the response is good or not.
So both security questionnaire filling
as well as security questionnaire review,
that can be very manual.
And we have completely automated that.
I think a lot of folks are concerned about the actual security of the AI models that they're
using, that the information that they share with it isn't then put into the corpus of information
or shared with other organizations, either intentionally or accidentally. What kind of
questions should someone be asking
if they're out looking for these sorts of products
to make sure that those kinds of things
aren't going to be a concern?
Yeah, so first you should ask
whether the service is SOC 2 certified or not,
and hopefully they should be.
I mean, that's a very easy one.
Second one is what kind of encryption they use.
Are you encrypting your customer data
or not? Are you keeping different customers' data
separate from each other? Meaning that do you have multi-tenancy and cross-tenancy
data security problems taken care of?
Then you should ask that, hey, do you tokenize
my information before you receive? So for example,
I'm sending a bunch of my PIA information as part of my security data to you. Do you ensure that
you tokenize that information before it reaches your system? Then you should ask that, hey,
are you training your AI model on my data? And the answer should be no.
Then you should ask that,
okay, if you are not training your global AI system on my data,
how are you using my data to actually help me?
And the answer should be yes.
I mean, if you are using AI,
AI should be able to use your data to help you. If it's not doing that,
then it's not going to be very helpful.
So you do that.
Then you should ask, where is the LLM, large language model,
that is powering all of this, hosted?
Is it self-hosted by the vendor?
Or is it hosted by some third-party company like OpenAI or Google?
And in either case, you should ask, is it physically where it's located?
Because many times companies have geographic concerns,
so they don't want to send their data across country, etc., for various reasons.
Then you can also, if you are an enterprise,
etc. for various reasons.
Then you can also, if you are an enterprise,
you can also ask to actually host all of those
things in your own VPC,
in cloud, or even your own
data centers, especially if you have your own
GPUs.
The increasing level of
sophistication, starting from very
basic SOC to
something where everything is
hosted in your own data centers. It's nicely encrypted.
Even the service provider like Symbian cannot look at and access your data.
Nothing leaves your data center ever. And so these are two extremes. And depending on your
own sophistications and needs, you should choose a vendor that fits.
That's Ambuj Kumar from Symbian.
Thank you. trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data,
and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today
to see how a default deny approach can keep your company safe and compliant. And finally, the folks at NordPass have released
their annual list of the 200 most common passwords. So sit down, tune in your favorite FM radio,
and let's review the list.
Welcome back to our countdown. If you're just joining us, we're not talking about the latest
pop hits. Nope, we're diving into the top 10 passwords people are using in the U.S.
That's right, folks, these are the biggest
security slip-ups on repeat year after year. So grab a seat, secure your logins, and let's
count down from number 10 to number 1.
Starting off our list at number 10, it's a classic combo that just won't quit. ABC123. With over 44,000 people
using it, this one's cracked faster than you can say weak password. Coming in at number 9, it's
12345. Now I don't know what's shorter, this password or the time it takes to crack it.
Less than a second. With nearly 50,000 users, this one's practically
an invitation.
Sliding into the number 8 spot is another familiar sequence. 12345678. Over 52,000 people
use this one and hackers can break through it before you can blink.
Lucky number 7? It's password 1. Clever, right? Well, maybe not so much.
With around 55,000 users, it's one of the easiest passwords for hackers to guess,
locking in at under a second to crack. At number six, we've got the classic one, two,
three, four, five, six, seven, eight, nine. Almost 90,000 people keep going up in
numbers thinking it'll somehow protect them more.
Spoiler alert, it doesn't.
Moving into the top 5 now, things are getting predictable.
Number 5 is QWERTY1.
That's right, it's what's right there on your keyboard, just waiting to be hacked.
Over 200,000 people are using it.
At number 4, say hello to QWERTY123. A crowd
favorite with over 209,000 users. And yes, it's still cracked in less than a second.
I should really call this one Gateway Password. Now folks, the top 3. Taking the third spot
is simply Password. Yep, you heard that right.
It's got 227,000 users thinking they're safe.
But with a crack time of under one second, it's more like an open door.
Number two might sound familiar.
One, two, three, four, five, six.
Over a quarter million people are relying on this one.
I guess they like to keep things simple.
But so do hackers.
And finally, America, the number one most used password.
Drumroll, please.
It's secret.
Yes, the least secret secret ever.
Over 328,000 people use it, but it is also cracked in less than a second.
If you're using it, it's time to change that secret into something actually secure.
So there you have it, folks. America's top 10 passwords. If any of these sound familiar,
it might be time for an upgrade. Remember, a strong password is your first line of defense.
an upgrade. Remember, a strong password is your first line
of defense. So here's a reminder
to keep your feet on the ground
and your passwords long and
random. And that's The Cyber Wire.
For links to all of today's stories,
check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's Research Saturday
and my conversation with Blake Tarche, head of Cloud Force One at Cloudflare.
We're discussing their work unraveling sloppy lemmings operations across South Asia.
That's Research Saturday. Check it out.
It's time for a shameless plug.
On behalf of myself and my amazing Hacking Humans co-hosts, Maria Vermazes and Joe Kerrigan, we are hoping to earn your vote.
I know you thought the election was over, and it is.
But our hosting team was nominated in the Creator of the Year category in the 2024 Technically Awards for the Baltimore region.
We love your support.
There's a link in our show notes to cast your vote.
Make sure you choose the Baltimore region on your ballot. That's where our nomination is. And do be quick about it. Voting ends on Monday, November 18th. Thanks for your support.
ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential
leaders and operators in the public and private sector, from the Fortune 500 to many of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world's preeminent intelligence and law enforcement
agencies. N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your team smarter. Learn how at n2k.com.
This episode was produced by Liz Stokes. Our mixer is Trey Hester,
with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpie is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week. Your business needs AI solutions that are not only ambitious, but also practical and adaptable.
That's where Domo's AI and data products platform comes in.
With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts, and act with ease
through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.