CyberWire Daily - Ransomware attack turns legal attack.
Episode Date: May 3, 2024A Texas operator of rehab facilities faces multiple lawsuits after a ransomware attack. Microsoft warns Android developers to steer clear of the Dirty Stream. The Feds warn of North Korean social engi...neering. A flaw in the R programming language has been patched. Zloader borrows stealthiness from ZeuS. The GAO highlights gaps in NASA’s cybersecurity measures. Indonesia is a spyware hot-spot. Germany summons a top Russian envoy to address cyber-attacks linked to Russian military intelligence. An Israeli PI is arrested in London following allegations of a cyberespionage campaign. In our Industry Voices segment, Allison Ritter, Senior Product Manager from Cyberbit shares her career journey, off the bench and onto the court. A cybersecurity consultant allegedly attempts to extort a one-point-five million dollar exit package. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, Allison Ritter, Senior Product Manager from Cyberbit, shares her cybersecurity journey: “Off the bench and onto the court.” Selected Reading Rehab Hospital Chain Hack Affects 101,000; Facing 6 Lawsuits (GovInfo Security) Microsoft Warns of 'Dirty Stream' Vulnerability in Popular Android Apps (SecurityWeek) U.S. Govt Warns of Massive Social Engineering Attack from North Korean Hackers (GB Hackers) R-bitrary Code Execution: Vulnerability in R's Deserialization (HiddenLayer) ZLoader Malware adds Zeus's anti-analysis feature (Security Affairs) GAO report indicates that NASA should update spacecraft acquisition policies and standards for cybersecurity (Industrial Cyber) Indonesia is a Spyware Haven, Amnesty International Finds (InfoSecurity Magazine) Germany summons Russian envoy over 2023 cyber-attacks (The Guardian) Israeli private eye arrested in London over alleged hacking for US firm (Reuters) Cybersecurity consultant arrested after allegedly extorting IT firm (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N2K, code N2K. A Texas operator of rehab facilities faces multiple lawsuits after a ransomware attack.
Microsoft warns Android developers to steer clear of the dirty stream.
The feds warn of North Korean social engineering.
A flaw in the R programming language has been patched.
The Z-loader borrows stealthiness from Zeus.
The GAO highlights gaps in NASA's cybersecurity measures.
Indonesia is a spyware hotspot.
Germany summons a top Russian envoy to address cyberattacks linked to Russian military intelligence.
An Israeli PI is arrested in
London following allegations of a cyber espionage campaign. In our Industry Voices segment,
Alison Ritter, senior product manager from Cyberbit, shares her career journey off the
bench and onto the court. And a cybersecurity consultant allegedly attempts to extort a
$1.5 million exit package.
It's Friday, May 3rd, 2024. I'm Dave Bittner and this is your CyberWire Intel Briefing. briefing. Thank you all for being here with us today. It is great to have you join us.
Earnest Health, a Texas-based operator of rehabilitation hospitals, is facing multiple
federal class-action lawsuits
following a ransomware attack
that compromised the sensitive data
of over 100,000 individuals
across its facilities in 12 states.
The breach reports,
filed with the U.S. Department of Health and Human Services,
detail incidents of hacking involving network servers
at various Ernest Health locations. The data
exposed includes names, addresses, medical information, and for some, social security
and driver's license numbers. In response, Earnest Health has implemented additional
security measures and is offering affected patients complementary credit monitoring
and identity protection services. The series of
lawsuits allege negligence in failing to adequately protect patient data, putting them at risk of
identity theft and other crimes. The breach has also led to fraudulent phone calls targeting
patients and their families, further complicating the situation for earnest health. Microsoft has issued a warning to Android app users and developers
about a new attack method called Dirty Stream,
which exploits a path traversal vulnerability within Android's content provider component,
particularly the FileProvider class.
This vulnerability can lead to the takeover of apps and theft of sensitive data.
Notably affected are popular apps like Xiaomi File Manager and WPS Office, which together boast over 1.5 billion installs.
The vulnerability has been identified in applications totaling 4 billion installations and could potentially be present in other apps.
Dirty Stream allows malicious apps to overwrite files in another app's directory,
facilitating arbitrary code execution and token theft.
This can give attackers complete control over the app and access to user accounts.
Microsoft has informed affected developers, many of whom have patched their apps,
and urges all developers to review their apps for this security flaw.
Google has also published guidance for developers on handling this issue.
The U.S. government, including the Department of State, the FBI, and the NSA,
has issued a warning about sophisticated social engineering attacks by North Korean hackers from the group KimSuki.
This group, part of North Korea's military intelligence, targets a diverse set of entities,
such as think tanks, academic institutions, and media organizations.
KimSuki has been exploiting email vulnerabilities, particularly poorly configured DMARC records,
to spoof legitimate
email domains and enhance the effectiveness of their spear phishing campaigns. The advisory
details Kimsuki's tactics and offers mitigation strategies to help organizations and individuals
protect against these phishing efforts. It underscores the importance of enhancing email
security, monitoring for spear phishing indicators,
and reporting any suspected Kimsuki-related activities as part of a broader effort to counter these state-sponsored cyber threats.
Security researchers have identified a high-risk deserialization flaw in the R statistics programming language,
which could potentially be exploited in a supply
chain attack. The vulnerability was disclosed by Hidden Layer and has been patched by the R
Foundation as of April 24th. The flaw involves how R deserializes data, specifically through the readRDS serialization interface used by over 135,000 R source files, including
those from major vendors like RStudio, Facebook, Google, Microsoft, and AWS.
Attackers could potentially overwrite a.rdx metadata file with malicious code, leading
to automatic execution when an R package is loaded.
code, leading to automatic execution when an R package is loaded.
Fortunately, no attacks have been reported yet, and researchers were able to address the vulnerability promptly.
ZLoader, a modular Trojan derived from the leaked Zeus source code, has reintroduced
an anti-analysis feature from the original Zeus versions after being inactive for nearly two years.
The feature prevents the malware from executing on any machine other than the one initially infected,
effectively countering attempts to analyze or replicate it on different systems.
It achieves this by checking for a specific registry key value that is uniquely generated
for each infection. If this check fails, ZLoader terminates immediately after injecting into a new process, making
detection and analysis significantly more difficult.
This evolution of ZLoader, noted by Zscaler in their recent analysis, highlights the malware's
increased sophistication and targeted approach to system infections.
the malware's increased sophistication and targeted approach to system infections.
The U.S. Government Accountability Office, the GAO, has identified gaps in NASA's cybersecurity measures for spacecraft acquisition, emphasizing the need for updated policies and standards.
The GAO's review highlighted that while NASA has implemented cybersecurity requirements in contracts for projects like Orion and SpherX, the agency lacks a comprehensive plan to incorporate
newer security controls consistently across all spacecraft programs. This inconsistency could
lead to vulnerabilities and varied implementation of cybersecurity measures. The GAO recommends that NASA develop a clear plan with timelines to update its policies
to ensure robust defense against cyber threats.
This review follows NASA's issuance of a Space Best Practices Guide in 2023,
which remains optional for programs.
The lack of mandatory guidelines leaves NASA and its projects at potential risk of cyber
attacks. A report from Amnesty International reveals that Indonesia has become a significant
market for spyware and surveillance technologies, compromising citizens' privacy and rights.
Through a collaborative investigation with media outlets from Switzerland, Greece, Israel, and Indonesia, evidence was found of extensive sales and use of intrusive surveillance tools in Indonesia from 2017 to 2023, sourced mainly from Israel, Greece, Singapore, and Malaysia.
Key suppliers include QCyber Technologies, Intellexa, Cytotec, FinFisher, and Wintego Systems.
Indonesian government bodies like the National Police and the National Cyber and Crypto Agency
were identified as purchasers, utilizing intermediary companies in Singapore to obscure the technology's origins.
Despite the pervasive deployment of these tools,
Indonesia lacks robust laws to regulate their use,
posing significant risks to civil rights and transparency.
Amnesty has called for a global moratorium on such technology
until adequate human rights safeguards are established.
Germany has summoned a top Russian envoy
to address cyberattacks linked to Russian
military intelligence that targeted German entities, including members of the governing
Social Democrats and sectors like defense and technology. These attacks, blamed on the hacker
group APT28, exploited a vulnerability in Microsoft Outlook to compromise email servers.
German Foreign Minister Annalena Baerbock
declared the attacks as state-sponsored and intolerable, promising consequences.
The attacks are part of a broader pattern of Russian cyber-aggression
that also affected the Czech Republic and other EU countries.
These incidents are seen as part of Russia's hybrid
warfare strategy, which includes disinformation campaigns alongside direct cyber attacks,
posing significant threats to democracy and security in Europe.
An Israeli private investigator named Amit Forlet was recently arrested in London following
allegations that he conducted a
cyber espionage campaign on behalf of a Washington-based public relations and lobbying firm.
According to U.S. authorities, Forlet and his companies were paid 16 million pounds,
about $20 million, to gather sensitive information related to the Argentinian debt crisis.
to gather sensitive information related to the Argentinian debt crisis.
Forlet is wanted in the U.S. on multiple charges,
including one count of conspiracy to commit computer hacking,
one count of conspiracy to commit wire fraud, and one count of wire fraud.
Despite the serious nature of the allegations,
the extradition process encountered a significant hiccup.
Judge Michael Snow ruled that the extradition process encountered a significant hiccup. Judge Michael Snow ruled that the extradition could not proceed because Forlet was not produced in court within the required time frame
as stipulated by British extradition law.
The judge stated,
He was not produced in court as soon as practicable,
and the consequences of that, he must, I have no discretion, he must be discharged.
consequences of that, he must, I have no discretion, he must be discharged. Forlitt was initially detained under an Interpol Red Notice at London's Heathrow Airport as he attempted to board a flight
to Israel. However, the exact timing of his arrest remains unclear.
Coming up after the break, my conversation with Cyberbit's senior product manager, Alison Ritter.
She's sharing her cybersecurity journey.
Stay with us. Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs, we rely on point-in-time checks. have continuous visibility into their controls with Vanta. Here's the gist.
Vanta brings automation to evidence collection across 30 frameworks,
like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting,
and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now, a message from Black Cloak.
Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of new members discover they've already been breached.
Protect your executives and their families 24-7, 365, with BlackCloak.
Learn more at blackcloak.io.
Allison Ritter is Senior Product Manager at Cyberbit. And in this sponsored Industry Voices
segment, she shares her career journey off the bench and onto the court.
segment, she shares her career journey off the bench and onto the court. I have been working in different areas throughout cyber and a big draw that brings me back into cyber simulation
are the people. After working for years managing and leading SOC teams, the most important part
I found was making sure I had a team that I trusted and that trusted each other. They trusted
their leadership. They knew how to handle and communicate during a crisis.
And from this experience, the number one area to developing a SOC and IR team to me was
really investing in our teams, the people.
People might say, well, isn't cyber always a crisis?
My answer would be, if you're handling it correctly, it should not be a day in and day
out of crisis.
And if you prepare your team correctly when a crisis does occur, it should not feel a day in and day out of crisis. And if you prepare your team correctly,
when a crisis does occur, it should not feel overwhelming and uncomfortable.
It should allow your team to feel really empowered to make the decisions that they need to make
during the time of crisis that they're maybe going through. And I'll tell you, I have worked
with those that live for crisis. They want to escalate on a Friday evening.
To me, with that attitude, you're not building a strong team.
You're building a fearful and really resentful team who are now afraid to bring up issues when they do occur.
Well, tell us some more about your day-to-day like.
I mean, what is it like working within that cyber range?
Yeah, to me, a cyber range is really like a sports arena for simulating cyber attacks where players can test their skills against a number of different situations.
It's a totally safe environment where you can walk up to the plate and hit hundreds of different ransomware scenarios, insider threats, exfiltration, and walk away with your team.
No one gets fired for dropping the ball.
All is fine, right?
This is where you practice failing and you learn to fail as a team. No one gets fired for dropping the ball. All is fine, right? This is where you practice
failing and you learn to fail as a team. And this includes both the C-level executive team
and the technical members. I actually started this journey way back with Caleb Barlow,
who's our CEO at Cyberbit, when we were both with IBM. And when I found out he was building
a cyber range, that was something that I really wanted to dive into.
Just the way that you really interact was a different approach to learning.
And in the cyber range, you practice the real world attack vectors and use real tools that you do every single day, simulating the unexpected scenarios, the messages you receive from the
team members, the interactive messages you're getting from executives, how you
communicate to clients. And you can definitely see that there is an aspect of technical details
needed, but a critical piece is for leaders in an organization to go through and have this learning
as well. You know, so it was really about creating hyper-realistic scenarios where we give the
players a chance to experience the heat of the moment firsthand and dive in through those
different actions. You know, to me, I always think, right, can you remember what you did,
you know, last Monday? You know, can you think back to that memory? It's hard to do that. But
if you are now thinking about like, if when you hit a buzzer beater to win your middle school
basketball game, I mean, no one forgets that, right? So it's kind of creating these moments
where you are now pinpointing some type
of really key piece of critical thinking
that you need to then apply during a crisis simulation.
Well, tell me about the transition then
from a cyber range to wanting to work in a SOC.
What motivated you to make that transition?
Yeah, I had been building CyberRange
events for years. I mean, we're talking putting 17,000 people through experiences from all industry
backgrounds, public, private sector, as well as military, governments. And with that many live
fire scenarios, I had seen it all. All sorts of unique and obscure ways really on response tactics and crisis handling, literally seeing leaders throw their hands up in the air and say, you know what, that's it. I'm done. I can't. I'd leave at this point. Or I'd have team members try and use social media to communicate with their team members during a crisis. No judgment there, but maybe a bit of coaching and some backup plans adjusted and an after action
report needed that we can work through that. I probably experienced an analyst's worst day,
I don't know, a dozen times a week. So I kind of got that chance to understand what it really
means when you're dealing with it. Yeah. I mean, that's really interesting.
It sounds to me like almost being in a situation of being able to bring order to chaos.
Yeah, yeah, you're totally right there.
You know, and I think one thing is really about I was practicing this game over and over.
And I really wanted to get a chance to play in a real sport and really get to it.
I mean, have you, Dave, have you ever played a sport?
in a real sport and really get to it. I mean, have you, Dave, have you ever played a sport?
Well, I was much more of a theater kid, but I did have one season of very unsuccessful participation in my high school lacrosse team. I mean, you were probably doing the practicing
there and then maybe you thought, oh, I want to get out on the field to actually play the game.
For me, that's what it really was about, was sort
of getting out and just really playing that and understanding what it would feel like to really
get out and play that game. Well, and I suspect, I mean, you were then very well prepared because
you had practiced this emotional place, you know, having a calm state of mind when everything is happening so rapidly around you,
that must serve you well. Yeah, you're right. And there were urgent fires that happened
throughout my time. That's always what we're sort of dealing with, things that do occur
when you have alerts coming in 24 by 7, 365. But it was about taking a step back
and understanding those moments
of how do you handle the critical situation.
And it did feel like sort of riding a bike
where you can just kind of get back on and go
because I've had that practice of going through
and rehearsing it multiple times.
Well, why do you suppose that simulations
are really a useful tool here?
What's the advantage of taking that route?
Most SOC and IR teams really build their talent, it seems, in three different ways.
Learning on the job, taking cybersecurity courses and certifications, and then training in open source labs.
Learning on the job, that's a real tough one in our space, right?
In order to actually learn to handle attacks, you have to be attacked. And our goal is to avoid that. So in a cyber range, you get a little bit of a different
stake in that, that you can now get attacked several times a day. With cybersecurity courses,
there's only really so much you can read about before you really need to sit in a seat and fully
understand playing the game of cyber. And cyber labs, I mean, those give hands-on experiences, but you're usually using open source tools and kind of like mini challenges
that are really meant for individuals. There isn't really this aspect of team play, which to me is
the critical component to working as a team in a SOC. Can we dig into that? I mean, I think historically, lots of folks think of cybersecurity
as having had this history of kind of individual rock stars, you know, but it seems to me like
in today's environment, the way that the industry has matured, it's really important for these folks
to be team players. Yeah, team play. Oh, this is probably the most important part
of incident response and SOC work.
It really is a team sport.
You know, it kind of seems cliche,
but communication is key.
I've seen this so many times
where tickets get escalated
and everyone's expecting someone else to pick it up, right?
To take that action.
And I've been leading and managing SOX,
and I found the ownership of the issue and communication time and time again was just
lacking. Their technical chops are solid. I mean, these are highly skilled members who spot pen
tests and understand specific threat actors and their patterns. But the team members aren't always
willing to be the one to pick up the incident that pops up in the queue.
You know, I'll tell you a story. Often I've seen analysts pick up an incident and sit there for a while, right? They have it in their queue, they're researching, looking at it, but there's no
communication out to the rest of the team on what's happening. And when I go and ask about it,
it's often, well, they aren't exactly sure how to escalate or who to communicate these items to,
right?
They fully understand the details of what the alert was about, but getting the details written up, the escalation button pushed, that's where they would freeze up.
And we have to be able to empower our teams during this part.
We don't want them to be afraid to push that big red button.
They need to know both ways.
If they push it and it ends up being nothing, they aren't going to get in trouble. We have a process for handling false positives in my world of simulation, that's red
herrings. And they need to know the steps for getting a hold of the proper escalation channels
and getting those issues over the finish line. Well, let's talk some about CyberBit and the
specifics about the types of things that you and your colleagues do there.
and the specifics about the types of things that you and your colleagues do there.
Yeah, CyberBit is a skill development platform for cyber operators and executives. It tests teams in live incident scenarios and helps security leaders build extremely high-performing teams.
Our approach is that performance is driven by ongoing simulation of real-world scenarios,
as realistic as it gets.
So we put a lot of emphasis on including real
attacks like APTs, the latest ransomware strains, insider threats. And we have a team of researchers
that are constantly looking for the next attack so we can simulate it and create it in an exercise
for teams to go through and understand. And the product itself really does include three
components, hands-on lab that prepares teams for fundamental skills,
a cyber range for live fire team exercises, and a crisis simulator where you can drop in the executive team like CISO, CFO, CMO, and exercise them and even to collaborate
with the technical team going back and forth. Now, is this a type of thing where we have to put everybody on a plane and go to someone's cyber range?
No, no. So at this point, we are actually 100% SaaS, so you don't have to travel to the cyber range.
In fact, we spin up these massive cyber range tools in minutes.
So teams can run exercises from wherever they are, their office, home, or like my previous team, which was around the world, a follow the sun model. And I know as a SOC leader how hard it is to get your teams into
training when you run a 24 by 7 operation. And we took that into account and built these simulation
experiences to support all different types of schedules. Our motivator is the people. We leverage
cyber range technologies to cover simulation, competition, system testing
of all kinds to support organizations and their goals. What are some of the things that you see
that folks are most interested in? I mean, the people who you interact with, what data have you
gathered in terms of the things they want to focus on and also how they can go about building
those teams? The most popular domain by far is incident response.
These teams are the last line of defense.
They need to contain an incident that's already in progress,
and their skills and readiness determine whether this remains just a small phishing or malware incident,
or if it becomes a material breach.
As far as topics, CEOs and CISOs are always circulating around ransomware
because it's just so in the news and it keeps happening and they want to be prepared for that.
Right. CISOs just keep getting that question.
Are you prepared for ransomware?
And another one that I think is really a hot topic now is cloud security.
And it's becoming a critical skill.
We're definitely seeing a spike in the use of our live fire cloud
attack exercises this year on cloud providers. What about the folks at a higher level,
you know, the executives, board members, CEOs, how do you get them involved in this process?
We're seeing more organizations choosing to include executive crisis simulations,
not just for the executive teams. I mean,
most companies already do that, but in what we call a tech and exec exercising, it's not surprising
how hard it is for SOC managers or CISOs to communicate with non-tech executives like CFO
and CMO during an incident. And you really want to be prepared for that. And as a SOC manager,
that was probably one of the biggest takeaways.
Communication is something that we've just really seemed to overlook.
And leadership will spend money on new technology, but just so often the gap lies in the communication between leadership.
I'm curious, with your experience as a former SOC manager, do you have any tips, any words of wisdom out there for other SOC managers or CISOs,
things that really help you succeed along the way? We're putting way too much emphasis and
budget on technology before people. When you look at people, process, and technology, it's the people
who drive the processes and create the impact of the technology we buy. One of the biggest problem
areas I faced in managing a SOC
was the communication between analysts and leaders.
And in a crisis, that communication needs to be ironed out.
And you really need to trust your team.
If you kick the ball to one player,
you need to know they know exactly how and when
to kick that ball back.
I've learned time and time again
that without investing in great teams,
there's no use for tech.
So my tip is build a great team, invest in your talent, and the rest will follow.
That's Allison Ritter, Senior Product Manager at Cyberbit.
Thank you. worldwide. ThreatLocker is a full suite of solutions designed to give you total control,
stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant. And finally, Vincent Kennedy, a 57-year-old former cybersecurity consultant,
was arrested for allegedly attempting to extort $1.5 million from a New York-based multinational IT company.
After being fired for poor performance, Kennedy used a company-issued laptop to illegally download
sensitive data, including trade secrets and vulnerability lists. He then threatened to
release this information unless the company paid him, citing employment discrimination.
lease this information unless the company paid him, citing employment discrimination.
His demands escalated, involving threats to damage the company's reputation and investor confidence by releasing the information publicly or through legal and regulatory channels.
Kennedy also involved the staffing firm that employed him, communicating his extortion
demands and legal threats through them. Charged with extortion,
Kennedy faces a maximum sentence of 20 years in prison if convicted.
Tomorrow is May the 4th, and far be it from us to pass up any opportunity
to slip in a Star Wars reference.
So let's just say if you are a cybersecurity consultant
and you're considering turning to the dark side,
these aren't the files we're looking for.
These aren't the files we're looking for. These aren't the files we're looking for.
It's best to just go about your business.
Go about your business.
Move along.
Move along.
I've got a very bad feeling about this.
I've got a bad feeling about this.
I've got a bad feeling about this.
I've got a bad feeling about this.
I've got a really bad feeling about this.
I've got a bad feeling about this. I have a bad feeling about this. A really bad feeling about this. I've got a bad feeling about this.
I have a bad feeling about this.
I've got a bad feeling about this.
May the fourth be with you.
And that's the Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
Be sure to check out this weekend's Research Saturday,
my conversation with Adam Marais, Chief Information Security Officer at Arctic Wolf.
We're diving into deep geopolitical tensions with China, including APT31,
iSoon, and TikTok. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the
rapidly changing world of cybersecurity. If you like the show, please share a rating and review
in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week.
No! Thank you. into innovative uses that deliver measurable impact. Secure AI agents connect, prepare,
and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps
tailored to your role.
Data is hard.
Domo is easy.
Learn more at ai.domo.com.
That's ai.domo.com.