CyberWire Daily - Socks pulled, patches pushed.
Episode Date: March 13, 2026Europol dismantles the SocksEscort proxy service. Cyber operations highlight imbalance in the war in Iran. Google rushes Chrome zero-day patches. Veeam fixes critical backup flaws. A former incident r...esponder faces ransomware charges. Thomson Reuters staff push back on an ICE contract. Attackers abuse backup tools for data theft. CISA flags a critical n8n vulnerability. Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." A Phony photo fuels a phantom flight fiasco. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest N2K CyberWire’s Maria Varmazis is joined by Jack R. Bialik, engineer and author, to discuss the hidden risks of a fully-digital society, and talk about his book "In Lost in Time: Our Forgotten and Vanishing Knowledge." Selected Reading Europol and international partners disrupt ‘SocksEscort’ proxy service - Joint operation targeted malicious proxy service exploiting residential routers worldwide (Europol) War in Iran – asymmetry in cyberspace (IISS) Google fixes two new Chrome zero-days exploited in attacks (Bleeping Computer) Veeam warns of critical flaws exposing backup servers to RCE attacks (Bleeping Computer) Former Employee of Cybersecurity Companies Charged in ALPHV (BlackCat) Ransomware Extortion Case (TechNadu) They Don’t Want Their Company’s Surveillance Tool Used by ICE (The New York Times) Data Exfiltration and Threat Actor Infrastructure Exposed (Huntress) CISA adds n8n RCE flaw to list of known exploited vulnerabilities (SC Media) Cyber National Mission Force to get new commander amid broader leadership turnover (The Record) AI Used to Promote Non-Existent Evacuation Flights From the Middle East (Bellingcat) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
When cyber threats strike, minutes matter.
Booz Allen brings the same battle-tested expertise trusted to protect national security
to defend today's leading global organizations.
They safeguard their data, strengthen enterprise resilience,
and mobilize in minutes across energy, health care, financial services, and manufacturing.
Their teams don't just respond.
They anticipate, outthink, and think.
stay ahead of evolving threats.
This is powerful protection for commercial leaders only from Booz Allen.
See how your organization can prepare today at Boozalan.com slash commercial.
Europol dismantles the SOX escort proxy service.
Cyber operations highlight imbalance in the war in Iran.
Google rushes Chrome Zero Day patches.
Veem fixes critical backup flaws.
A former incident responder faces ransomware charges.
Thompson Reuters' staff push back on an ICE contract.
Attackers abuse backup tools for data theft.
Sissa flags a critical N8N vulnerability.
Maria Vermazas is joined by Jack Bialik, engineer and author,
to discuss the hidden risks of a fully digital society
and talk about his book, In Lost in Time,
Our Forgotten and Vanishing Knowledge.
And a phony photo fuels a phantom flight fiasco.
It's Friday, March 13, 26.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today, and happy Friday.
It's great as always to have you with us.
This week, Europol and international partners launched Operation Lightning
to dismantle the Criminal Proxy Service Sox Escort.
Working with authorities from Austria, France, the Netherlands,
the United States, and Eurojust.
Investigators seized 34 domains and 23 servers across seven customers,
across seven countries and froze $3.5 million in cryptocurrency. The service relied on a botnet of more than
369,000 compromised routers and IOT devices in 163 countries, primarily residential modems
infected through exploited vulnerabilities. Customers paid for access to these hijacked IP addresses,
allowing them to conceal their identities while conducting crimes such as ransomware
attacks, DDoS campaigns, and the distribution of child sexual abuse material.
Europol supported the investigation with intelligence analysis,
crypto tracing, and coordination, highlighting the importance of international cooperation
in disrupting cybercrime infrastructure.
An analysis from the International Institute for Strategic Studies looks at the first week
of the war between Israel, the United States, and Iran, highlighting
a significant imbalance in cyber capabilities. Public reports describe Israeli and U.S. cyber
operations that supported military actions, including hacking Tehran's traffic cameras to time a strike
on Iranian leadership, disrupting telecommunications to hinder command and control, and briefly
taking over a popular prayer app to spread anti-regime messages. Analysts note that these publicly
known operations likely represent only a small portion of the broader cyber campaign, with many
capabilities remaining undisclosed. Israel and the U.S. are expected to prioritize cyber operations
for intelligence gathering and information operations, occasionally integrating them with kinetic
strikes. Iran, by contrast, has relied heavily on proxy groups and hacktivists conducting
DDoS attacks, website defacements, and hack and leak campaigns. While disruptive, these activities
are often more symbolic than strategic. Governments worldwide have warned organizations to strengthen
defenses as Iranian actors and proxies may target countries beyond Israel and the U.S.
Google has issued emergency security updates for Chrome to fix two high-severity vulnerabilities,
which are already being exploited in the wild.
The first flaw involves an out-of-bounds right in the Skiah graphics library
that could allow attackers to crash the browser or execute code.
The second affects the V8 JavaScript and WebAssembly engine.
Google patched the issues within two days and released updates for Windows, MacOS, and Linux.
Users are advised to update their browsers as rollout may take time.
VEM has patched multiple vulnerabilities in its backup and replication software, including four critical remote code execution flaws.
Three of the vulnerabilities allow low-privileged domain users to execute code on vulnerable backup servers,
while another enables a backup viewer to gain code execution as the Postgres user.
Additional high-severity bugs could allow privilege escalation, SSH credential extraction, or manipulation of files,
on backup repositories.
Veem urges administrators to update quickly, as backup servers are frequent ransomware targets,
and attackers often reverse-engineer patches to exploit unpatched systems.
The U.S. Department of Justice has charged Angelo Martino, a former employee of an incident
response firm, for allegedly participating in a ransomware extortion scheme linked to the Black Cat Group.
Between April 23 and April 2025, Martino reportedly acted as a direct affiliate, working with two other former cybersecurity professionals to exploit their trusted roles and demand ransom payments from victims.
Prosecutors allege the group targeted at least 10 U.S. organizations across sectors including health care, finance, manufacturing, and retail, threatening to leak stolen data unless payments were made.
In one case, a Tampa-based medical device manufacturer reportedly paid about $1.2 million in cryptocurrency.
Investigators say the conspirators shared roughly 20% of ransom proceeds with Blackcat administrators.
The case highlights the growing risk of insider threats within the cybersecurity and incident response industry.
More than 200 Thompson Reuters employees are urging the company leadership,
not to renew a $22.8 million contract with U.S. immigration and customs enforcement that provides
investigative software capable of gathering public and private data and tracking license plates.
The protest is concentrated among employees in Minnesota, where ICE operations under Operation
Metro surge directly affected local communities. Workers say arrests, intimidation, and violence
linked to enforcement actions have made the issue personal, prompting concerns that the company's
tools could be used to identify or harass individuals. The internal push gained momentum after an online
post listed companies working with ICE, sparking internal discussions and organizing among staff.
Thompson Reuters said it supports investigations related to national security and public safety
while maintaining safeguards to ensure lawful use of its products.
Employee groups and some shareholders are calling for stronger human rights oversight.
Huntress SOC analysts investigated a ransomware incident
in which attackers used the backup tool RESTIC to stage and exfiltrate data
before deploying ink ransomware.
Threat actor accessed a compromised endpoint in February, mapped a network share,
elevated privileges with PS-Exec and created a scheduled task to execute a PowerShell script.
The script configured AWS credentials and a Wasabi S3 repository, then ran a renamed copy of Restick
to backup selected files for exfiltration.
Limited visibility hindered early detection because the Huntress agent was not fully deployed
and the victim lacked a SIM system.
On the 25th of February, the attacker removed.
moved security tools, disabled Windows Defender, and launched the ransomware.
Analysts noted similar activity in an earlier February incident and referenced comparable
findings reported by CyberCentars, suggesting a repeatable attacker technique.
SISA has added a critical remote code execution vulnerability in the open-source workflow
automation platform N8N to its known exploited vulnerabilities catalog. The flaw,
allows authenticated attackers to execute arbitrary code with the same privileges as the
N8N process, potentially leading to full system compromise.
The vulnerability affects multiple versions.
Proof-of-concept exploits show attackers can abuse JavaScript expressions in workflows to run system
commands.
Federal agencies must patch the issue by March 25th.
Researchers previously identified over 100,000 potentially exposed instances.
with tens of thousands still vulnerable earlier this year.
Coming up after the break, Maria Vermazas speaks with Jack Bialek, engineer and author,
to discuss the hidden risks of a fully digital society.
And a phony photo fuels a phantom flight fiasco.
Stick around.
AI is changing how enterprises operate and how they stay protected.
It's time to eliminate risk and protect innovation.
From March 23rd through the 26th, join Trend AI for actionable AI security insights.
Catch impactful sessions at RSAC, then unwind and grab a bite at their lounge in Trapasueño.
Experience industry-leading AI security in person, engage with the experts, and get your chance to win $500,000.
San Francisco, lets AI fearlessly.
Learn more at Trendmicro.com slash RR.
If you're defending a network today, there's a simple question worth asking.
What does the attackers see when they look at your organization?
Nord Stellar helps answer that.
Nord Stellar is a threat exposure management platform that gives security teams visibility into external risks,
including leaked credentials, active session tokens, impersonation attempts, and exposed assets
across the surface web and the dark web.
It's built to help organizations detect the consequence.
of breaches early before attackers turn access into action.
From monitoring for infoster-malware logs to identifying cyber squatting and brand abuse,
Nordsteller helps teams focus on the threats that actually matter.
Executives get clear, actionable insights tied to business risk.
Security teams get real-time alerts and one of the largest deep and dark web intelligence
pools in the industry.
Cybercriminals may already be looking for your weak spots.
make it easy for them. Be the one that's prepared. Defend your business with Nord Stellar. Use the code
Cyberwire 10 to unlock your exclusive discount. Go to Nordstellar.com slash Cyberwire Daily and learn more.
Jack R. Bialik is an engineer and author. Our contributing host Maria Vermazes recently caught up with
him to discuss his book, In Lost in Time, Our Forgotten and Vanishing Knowledge. Here's their conversation.
I'm thrilled to meet you, and I have read your book, and it was so up my alley. I cannot tell you,
I was reading it going, yeah. So, yeah, lost in time, our forgotten and vanishing knowledge.
I'm sure many other listeners can relate. When I first saw Cosmos, hosted by Carl Sagan,
and he was talking about the Library of Alexandria, and wondering about what kind of knowledge
we lost, when I started reading your book and the premise of what kind of knowledge did we have,
collectively, humanity, that we have since lost that we can somehow try and regain. But, you know,
what have we known and then forgotten? It is profoundly well researched. I just have to say that.
The depth of knowledge that you have in here is quite incredible. Yeah. Tell me about what
motivated you to write this because this is not something someone casually walks into.
Yeah. So like I mentioned, I was doing a lot of research. I spent a lot of time collecting this
knowledge. And, you know, there are so many examples of things that we've done 2,000 years ago,
or more, some 4,000, 5,000 years ago, you know, that just span the range of technologies and,
and what I want to say, you know, inventions, I guess is the right word, you know, cataract surgery
we did over 2,000 years ago, 4,000 years ago, chrome and metallurgy batteries 2,000 years ago,
computers 2,000 years ago, toilets and plumbing 5,000 years ago, vending machines,
2,000, over 2,000 years ago, cranial surgery, all kinds of things.
And so what happened was I started putting this information together.
I said, wow, we did all this stuff in antiquity.
And now we're doing it again.
What happened?
I mean, what was the impetus behind this?
this. Why did this happen? And so I started thinking about, well, what's the point? You know,
so here's it. Yeah. So here it is. And here we are in the digital age and we're saving information.
And I said, wow, what are we doing to ourselves now? Are we doing something or not doing something
that we're going to eventually end up losing what we have today? You know, if we take a look at it,
you know, just start out way back, you know, thousands of years ago, we wrote on stone tablets.
Of course, that's lasted forever. It's not very data density, you know, rich, but there's, you know,
it lasts a long time. Then we moved to papyrus and then, you know, paper and then maybe microfiche and,
you know, magnetic media and so on. And now we're using, you know, SSD drives and thumb drives and
your USB drives, whatever you want to call. Although the data,
density is huge, it's tremendous. The lifespan has gotten shorter and shorter and shorter.
The other day, I was trying to find some pictures, and I pulled up eight USB drives, trying to
find a picture from, I don't know, eight years ago or something. And only six of them worked.
You know, how long does your computer work for? Not that long. And something goes, it's
electronics. Something's going to fail. So that's the point of the book, really, is, and that was
the reason to write it was to raise awareness to everyone. I mean, if you have something important,
think about where you're going to put it. Maybe use redundant copies. Maybe put it multiple places
if it's important for future generations to access it. So we tend not to think about it is really
the point. Yeah, until it's often an overwhelming problem. What you just said, I think, touches on
for so many of us, not just our professional lives, but also our personal lives in terms of,
as I was reading your book, I could just think of, and I was getting to the, when I got to the
part of the book where you were talking about the sheer volume of information that we, in more
modern times, have generated and where that's all going, I can just think of so many examples
of that where photo morgues from newspapers, where, you know, these are huge catalogs of local
photos that people are trying to figure out what to do with, and these are just decades of data.
but it becomes a resource issue of who's going to manage this,
who's going to catalog all this,
what kind of formats are going to last,
how can it be easily searchable?
I mean, it is an overwhelming problem.
It really is.
I don't know that we're spending enough time thinking about it.
You know, we're spending time thinking about,
oh, how can we save the information?
How much can we put here?
You know, maybe reliability is also part of it,
you know, making sure that it's reliable and accessible
for a certain amount of time.
Some of our devices, I was looking it up just recently, NAND SSD drives or USB drives.
They have a built-in shelf life.
I mean, they only work for so long.
Five years, maybe 10.
We don't think about it when we're, especially personal, when we're saving something.
We don't think about it.
So I interviewed the curator at the Computer History Museum near San Francisco.
And he had something really interesting to say.
because they have all these old PCs,
you know, Macintoshes, or Apple computers.
And they, you know, use floppy drives for data retention and storage.
And he said, well, what they've had to do,
because those drives become brittle and they fall apart
and they can't read them anymore,
they've had to take their computer programs and print them on paper.
So it's a little bit like going back,
you know, what's going on here?
We're going to go back to punch cards soon.
Oh, no.
I know.
We're bringing it way back.
Yeah, it is such an interesting problem to think about, especially I know corporations
and businesses are always thinking about backups for their intellectual property.
But even just on a personal level, things like family photos and videos, I'm sure many people,
I know I have, have had to become a little bit of a little bit of a little bit of a little bit of,
family archivist and figure out how do I get those super eight videos onto a format that we can now
watch and or now there's a sheer volume of photo and video residing on my smartphone. Who on earth
is going to go through all this? Yeah. You know, it's a huge problem, even for museums, you know,
who have terabytes of pictures and videos and whatever, what was the format that that data was
stored in? Well, it was maybe a JPEG. Well, you know, there's a new JPEG standard that's come
out JPEG 2000. And now what happens? Does the museum have to go and translate everything over,
you know, to this new standard? Is there any problems with that? Are they going to lose any,
you know, quality of the pictures or, you know, and how much time and work and energy does it take
to do that? You know, there's there's a lot of real problems about, you know, data storage
and retention. And it also becomes a, I think,
quality comes into play here also what's worth keeping and that's a curatorial thing and uh i mean i think
about the information that we have that has survived from antiquity we assume that that was the stuff that
people wanted to go into you know eternity so to speak but who knows what we've lost right and you
mentioned that in the book many times who knows what we've actually lost oh yeah so they estimate only
1.6% of history has been recorded. And so what, you know, 1.6% that's not a big number.
So, so, you know, what have we done that we've forgotten and lost? They estimate during the
Baghdad war, this might be timely, during the Baghdad war, that over one million artifacts
were lost and destroyed in museums and, you know, libraries and that sort of thing.
And that's, you know, kind of the cradle of civilization where things started out.
And, you know, it's been, it's lost.
It's gone forever.
You know, we're not going to recover that.
So, yeah.
Yeah.
I wanted to say thank you for a specific passage that you wrote towards the end that I just
want to, I think it's worth calling out.
Sorry, I have it some, I have it dog-eared here, which I know.
I'm not supposed to dog earbooks, but I do.
You specifically mention that we need to give credit to our predecessors,
that they are as intelligent as we are.
We just have a different set of tools.
I really appreciate that you said that,
because it is incredible when we see how ingenious our predecessors,
our ancestors were, and the things that they were able to do with the tools they had
available, and one wonders what they could do now with what we have.
And I also made me think, what will people think of us,
2,000 years from now about our primitive means what we had available to us.
In a way, just giving humanity credit for figuring out what it has, it also becomes this
existential thing of, are we just on this treadmill going over and over kind of rediscovering
the same things? Are we really making that much progress?
Yeah, yeah. You know, someone asked me, why do we do this?
You know, and it's obvious if you go and look, I mean, some of this stuff's amazing.
The vending machine that was in ancient Rome.
that you'd put a Roman coin in and it would dispense holy water at temples and it would make steam
come out and go on the face of an idol and make it look like it was crying so they could get more
donations.
Yep.
I mean, things haven't changed, right?
I was going to say, the more things change, right?
That's quite amazing.
Yeah, and it feels so human that that would be the motivation is like, give me more money
for this thing.
Yeah, I love that.
But we do.
We keep doing it over and then.
Really, you know, think about it.
It's based on what we use as our background.
You know, we base everything on kind of atoms and molecules and kind of the scientific method and so on.
And you think, you know, 2000, 4,000 years ago, what did they base their thoughts on?
You know, it was a different basis.
So they would come up with different.
things, you know, probably different inventions. Many of the human inventions are the same because we
always have a need for a toilet, you know, and we always have a need for, you know, being able to see.
So, you know, those things tend to recur, but there may be some inventions in the past that
we've had that we've lost, you know, that maybe we'll find again. So for our audience who are
thinking about, I'm sure many of them are in the world of backups for just a corporate situation
alone. And they're going, oh, I know that we need many copies of things, but it is a lot harder
to do in reality than I would like. But what would you like them to take away from this when they're
reading your book? Yeah. Well, you know, organizations today, corporate organizations, they have
data retention standards. They have, you know, usually, you know, that laid out pretty well. So they know what
they want to retain and what they want to lose. We need to just take the big picture and think about,
well, what beyond that? What else do we want to save for future generations to make it easier for
them so that it isn't difficult? And we've had examples where we've forgotten things. I'll take for example,
toilets and sewer systems and water distribution systems were very good, you know, in ancient Rome,
they had them. But in the Middle Ages, you know, in the 1300s, 1400s, in Europe, sewage ran off
the top of buildings and into the streets. And so why did we forget that? You know, what is going
on here? You know, why are we doing that to ourselves? And so think about it from a corporate standpoint.
what are we saving?
Is there something we need to save that's bigger?
You know, maybe something on a global culture that we need to save
that would be good for humanity all across the world,
you know, bigger than just a corporation.
And also I'd like people to think about it on a personal basis.
You know, I want them to take it away and say,
hey, what about these, you know, these pictures right here are important to our family.
and what can I do to save them?
Maybe I need to print them or make multiple copies so people have access later on.
So that's really the big takeaway from it all.
That's Maria Vermazes and Jack R. Bialik.
The book is titled In Lost in Time, Our Forgotten and Vanishing Knowledge.
No, it's not your imagination.
Risk and regulation really are ramping up.
And customers expect proof of security before they'll sign that deal.
That's where Vanta comes in.
Vanta automates your compliance process and brings compliance, risk, and customer trust together on one AI-powered platform.
Whether you're preparing for SOC2 or managing an enterprise governance, risk, and compliance program, Banta helps keep you secure and keeps your deals moving.
Companies like Ramp and writers spend 82% less time on audits with Vanta.
That's not just faster compliance, that's more time for growth.
Take it for me. If you're thinking about compliance, take the time to check out Vanta.
Get started at vanta.com slash cyber.
At Desjardin Insurance, we know that when you're a building contractor, your company's foundation
needs to be strong. That's why our agents go the extra mile to understand your business
and provide tailored solutions for all its unique needs.
You put your heart into your company, so we put our heart into making sure it's protected.
Get insurance that's really big on care. Find an agent today at Dejardin.com slash business coverage.
And finally, in early March, as Dutch travelers scrambled to leave the Gulf amid rising tensions,
De Telegraph published a hopeful story. A woman in Dubai, Tamara Harima, was reportedly organizing
private evacuation flights home. Seats on a chartered Airbus A321 were said to cost,
1600 euros, and demand was apparently brisk.
Bellingcat soon took a closer look and things unraveled rather quickly.
Harima's photo showed several telltale signs of generative AI, including distorted objects
and architectural details that did not match reality.
The supposed evacuation flight also proved elusive.
Flight tracking data showed no Airbus A321 departing Muscat for the Netherlands
on the dates mentioned. After Bellingcat raised questions, the newspaper quietly removed the image,
noting it likely failed to meet journalistic standards. The interview remains online,
leaving readers with a curious modern mystery, a humanitarian flight effort that may have existed
mainly in pixels and good intentions. And that's the Cyberwire. For links to all of today's
stories, check out our daily briefing at the Cyberwire.com.
Be sure to check out this week's Research Saturday in my conversation with Or Eshed,
co-founder and CEO of Layer X Security.
We're discussing their research uncovering a campaign of 16 malicious browser extensions
disguised as chat GPT productivity tools.
That's Research Saturday. Check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes or send an email to Cyberwire at n2K.com.
N2K's lead producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound designed by Elliot Peltzman.
Our contributing host is Maria Vermazas.
Our executive producer is Jennifer Ibn.
Peter Kilpe is our publisher, and I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week.
If you only attend one cybersecurity conference this year, make it R-SAC 2026.
It's happening March 23rd through the 26th in San Francisco,
bringing together the global security community for four days of expert insights,
hands-on learning, and real innovation.
I'll say this plainly, I never miss this conference.
The ideas and conversations stay with me all year.
Join thousands of practitioners and leaders tackling today's toughest challenges,
and shaping what comes next.
Register today at rsacconference.com slash cyberwire 26.
I'll see you in San Francisco.