CyberWire Daily - State of the router.

Episode Date: July 13, 2026

The U.S. and its allies warn of Russian cyber threats targeting critical infrastructure as Europe rolls out new sanctions. Apple sues OpenAI over alleged trade secret theft. Progress investigates a po...tential ShareFile security incident, Zimbra patches a critical flaw, and researchers uncover the new CrashStealer macOS malware. Plus, the EPA tests water utility resilience, scammers clone trusted news sites, and our Monday business briefing. Our guest is Brandon Karpf, from NTT, discussing the 11th Japan-U.S. Cyber Dialogue. Californians smash that delete button. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Brandon Karpf, friend of the show discussing the 11th Japan-U.S. Cyber Dialogue. Selected Reading US and allies warn of Russian critical infrastructure attacks (Bleeping Computer) EU sanctions Russian GRU military hackers over cyberattacks (Bleeping Computer) OpenAI Hardware Biz Built with Apple Secrets, Apple Says (Gov Infosecurity) Progress Software Warns of “External Security Threat” to ShareFile (Infosecurity Magazine) Zimbra Patches Critical Code Execution Vulnerability (SecurityWeek) When Hackers Cut the Internet, Will the Water Still Flow? (BankInfo Security) ‘A very good clone’: news stories faked to lure victims to scam investment sites (The Guardian) CrashStealer: C++ macOS infostealer posing as crash reporter (Jamf) Business Briefing for 07.08.26  (N2K Pro Business Briefing) 322,000 Californians sign up to have data brokers delete their personal information (Mercury News) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. Heading to this year's Black Hat USA, the N2K Cyberwire team will be on site recording from our podcast studio in the SpectorOps Kennel Club. If you're interested in joining us for a conversation or learning more about what we're recording throughout the week, visit sponsor.com for more information. And make sure you stop by the studio and meet the N2Siberwire. 2K Cyberwire team. We'll see you there. This episode is supported by Black Hat USA. If you follow the research, you know a lot of it breaks on Black Hat stages.
Starting point is 00:00:54 Hundreds of peer-reviewed briefings, more than 100 hands-on trainings, and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow. August 1st to the 6th. Use code Cyberwire for $200 off your briefings pass at Blackhat.com. We'll see you in Vegas. The U.S. and its allies warn of Russian cyber threats targeting critical infrastructure as Europe rolls out new sanctions. Apple sues open AI over alleged trade secret theft.
Starting point is 00:01:39 Progress investigates a potential share-file security incident. Zimbra patches a critical flaw, and researchers uncover the new crash-stealer MacOS malware. Plus, the EPA test water utility resilience. Scammers clone trusted news sites. and our Monday business briefing. Our guest is Brandon Karp from NTT discussing the 11th Japan-U-S-Siber dialogue, and Californians smash that delete button. It's Monday, July 13, 26.
Starting point is 00:02:22 I'm Dave Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us here today. It's great as always to have you with us. Happy Monday. Cybersecurity agencies from the United States and eight allied countries have issued a joint advisory, warning that Russian state-sponsored hackers linked to the FSB's Center 16, are targeting vulnerable and poorly configured routers to gain access to critical infrastructure networks. The group scans internet-connected devices for default
Starting point is 00:03:08 or weak SNMP credentials, steals router configuration files, and exploits known Cisco vulnerabilities, including the smart install flaw. Sectors at greatest risk include energy, communications, health care, finance, defense, and government. The advisory urges organizations to upgrade to SNMP version 3, disable Cisco smart install, use strong unique passwords, block SNMP and trivial file transfer protocol traffic where appropriate, keep devices updated, and replace end-of-life hardware. It also follows a separate international operation that disrupted Russian router-based espionage infrastructure.
Starting point is 00:03:55 The European Union and the United Kingdom have imposed new sanctions on dozens of Russian individuals and entities, accusing Moscow of directing a network of cyber operations targeting governments and critical infrastructure across Europe. The measures target Russian military intelligence officers, cyber criminals, private companies, and members of the Luma Steeler malware operation and Riber Media Network. The EU also publicly identified the FSB's 16th Center as overseeing several hacking groups, including Turla, which officials say has conducted espionage campaigns against European government and defense organizations for more than a decade. Authorities linked Turla to a failed attack on Poland's energy infrastructure and cited other
Starting point is 00:04:45 recent Russian cyber operations targeting Polish institutions. The sanctions coincide with broader European efforts to strengthen cybersecurity and counter state-backed cyber threats. Apple has sued OpenAI in federal court, accusing the company of building its emerging AI hardware business using stolen trade secrets and confidential information from former Apple employees. The lawsuit centers on OpenAI $6.4 billion acquisition of I.O. products, co-founded by former Apple executive Tang U.Tan, who Apple alleges emailed himself confidential supplier information before leaving the company, and later encouraged Apple job candidates to bring proprietary hardware details to interviews. Apple also accuses former employee Chang Liu of accessing its internal network after departing
Starting point is 00:05:43 and downloading confidential files on unreleased products by exploiting an authentication flaw. Apple claims it warned OpenAI about its concerns in February but received no response and argues the alleged misconduct extends beyond the known cases. OpenAI denied the allegations, saying it has no interest in other companies trade secrets. The lawsuit could complicate OpenAI's planned initial public offering by raising legal, and investor concerns. Progress Software has warned of a potential security incident affecting share file storage zone controllers, its private enterprise storage solution, after detecting what it described as a credible external threat.
Starting point is 00:06:31 As a precaution, the company temporarily disabled customer access and instructed organizations to shut down servers hosting affected storage zone controllers while investigations continue. Progress said it has found no evidence of unauthorized access to customer accounts or data and has not identified an active threat, although it has provided few details about the nature of the incident. Customer frustration grew after several days without public updates, fueling speculation about possible vulnerability exploitation, which the company has not confirmed.
Starting point is 00:07:07 By July 12th, cloud access had been restored, but customers were told to keep storage zone, controllers offline pending the completion of progress's internal and external security investigations. Zimbra has released patches for a critical vulnerability in its classic web client that could allow zero-click code execution when a user opens a specially crafted email. The stored cross-site scripting flaw could expose mailbox data, session information, and account settings. Although the vulnerability has not yet received a CVE, E-identifier, Zimbra is urging all customers using the classic web client to upgrade.
Starting point is 00:07:50 The flaw was reported by Google's threat analysis group, which often identifies vulnerabilities exploited by state-sponsored threat actors. The U.S. Environmental Protection Agency conducted a national cybersecurity exercise to help water utilities prepare for a worst-case communications outage caused by a simulated cyber attack on a major telecommunications provider. Based on intelligence about the Chinese threat group Salt Typhoon, the scenario forced utilities to consider how they would maintain safe water operations without internet, phone service, cloud applications, or remote SCADA access. More than 200 utilities participated in discussions covering incident response, alternative communications,
Starting point is 00:08:38 staffing, and transitioning to manual or local operations. participants highlighted challenges such as maintaining water quality, sustaining 24-hour staffing, and balancing operational priorities during extended outages. The exercise underscored that preparedness varies widely among utilities depending on their size, infrastructure, and reliance on remote operations, emphasizing the importance of planning for prolonged communications disruptions. fraudsters are creating convincing clones of trusted news websites, including The Guardian, to lure victims into fake investment scams. The counterfeit articles feature fabricated stories about well-known figures such as Jim Ratcliffe, David Attenborough, and Martin Lewis, often using AI-generated images and the bylines of real journalists to appear authentic.
Starting point is 00:09:35 The stories include links to fake versions of legitimate. trading platforms, where victims are prompted to provide personal information before being persuaded by scammers to invest money in non-existent opportunities. Security experts warn that the goal is simply to steal victims' funds. Readers are advised to verify website URLs, be wary of sensational investment claims, and remember that reputable news organizations do not endorse investment platforms. Companies such as Cracken say they actively work to remove impersonation sites and report those responsible to law enforcement. JAMP Threat Labs has identified a new MacOS information stealing malware family dubbed Crash Stealer, which has evolved from an apparent development stage sample into an actively deployed threat.
Starting point is 00:10:30 First spotted in May, the malware masquerades as Apple's crash reporting framework, and is written in native C++, distinguishing it from many other macOS dealers. Crash dealer validates a victim's login password before collecting data from browsers, cryptocurrency wallets, password managers, and the macOS keychain. It encrypts stolen information before exfiltrating it and establishes persistence by copying and resigning itself.
Starting point is 00:11:01 Researchers also discovered a signed and Apple notarized dropper, distributed as a disk image named Workbit setup that bypasses Gatekeeper, downloads the payload, and launches it. JAMPF considers Crash Steeler a distinct malware family due to its unique architecture and capabilities. Turning to our Monday business briefing, cybersecurity companies continued to attract significant investment and consolidation activity this past week. encryption management firm Key Factor raised more than a billion dollars in a growth round led by summit partners
Starting point is 00:11:39 to support product development, global expansion, acquisitions, and hiring. Dutch managed security services provider I-security secured 60 million euros to expand across Europe and invest in AI capabilities, while AI surveillance firm Hakimo, Identity Security Company, Wultra, and Maritime Cybersecurity, startup SITOR also announced new funding rounds to fuel growth and international expansion. Merger and acquisition activity remained strong with seven deals across five countries. Notable transactions included InfoBlox's planned acquisition of network observability company Kentik, Akamai's completion of its $205 million acquisition of enterprise browser security firm Layer X,
Starting point is 00:12:29 Qualcomm's purchase of Sam Seamless Network and Iquito's acquisition of Israeli container security startup route. The deals reflect continued investment in AI, identity security, zero trust, and infrastructure protection. Be sure to check out our complete business briefing. That's part of Cyberwire Pro. You can find that on our website. Coming up after the break, Brandon Karp from NTT discusses the 11. 7th Japan-U.S. Cyber Dialogue. And Californians smash that delete button. Stay with us.
Starting point is 00:13:30 What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for, every vendor that turns on AI features, every new integration. Each one is an opportunity for something to go wrong. And most security programs weren't built for AI's pace of growth. Enter Vanta. Vanta. the number one agentic trust platform, used by over 16,000 fast-moving companies like RAMP,
Starting point is 00:13:59 cursor, and Harvey to ensure they're always audit-ready. And now Vanta is helping companies, like yours, watch for the risks that show up between audits, across your vendors, your AI tools, and your whole environment. How? The Vanta agent works like a 24-7 GRC engineer in the background, finding issues, drafting fixes, and cutting vendor assessment time by up to 50%. Whether you're a fast-growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today at vanta.com slash cyber. That's V-A-N-T-A.com slash cyber. The Hulu original series Furious is coming to Disney Plus, starring Emmy Rossum. Furious follows
Starting point is 00:14:57 FBI agent Alice Black on the hunt for a mysterious and calculating serial killer. Both walk their own paths toward justice, and as their lives start to intertwine, the line between right and wrong begins to blur. Don't miss the three-episode premiere of the Hulu original series Furious on July 27th, only on Hulu on Disney Plus. It is always my pleasure to welcome back to the show, Brandon Karp. He is the leader of international public-private partnerships at NTT. Randon, welcome back.
Starting point is 00:15:36 Dave, great to be here with you again. So we recently had in Washington, D.C., the 11th Japan-U.S. Cyber Dialogue, which is kind of a boring name for an interesting thing. Yes. Leave it to diplomats to make things super dry and sound uninteresting when there's tons of meat on that bone. Right, right. Well, let's dig into it. I mean, you were there, correct?
Starting point is 00:16:02 Yeah, we participate in. NTT in particular, of course, participated being one of the, or being the largest telecommunications company in Japan. And so we certainly had a role to play here. So did a number of other companies. And of course, the governments of Japan and the U.S. participated. Right. So unpack this meeting. What is this all about? Yeah. So, I mean, as you mentioned, this is the 11th one of these. So these have been held every year for more than a decade now. I would actually say that this is probably the one. that is the clearest in terms of what was on the agenda and what is notably changing.
Starting point is 00:16:41 And for a couple reasons. First, I think the headline is what made it onto the agenda and a couple key topic areas that I think are particularly important for the threat environment and technology environment. One of them is sovereign cloud. Another one is post-quantum cryptography. And then the third one that made the agenda that was particularly interesting was shutting down scam compounds in Southeast Asia. So there were some really interesting threat environment topics that kind of made the list for the diplomatic corps and the national cybersecurity leadership of the two countries to discuss through the two days of dialogues. What I think was particularly notable, right, is this comes a little more than a year after Japan signed the active cyber defense law, which was their creation of the National Cyber Security Office that is coordinating cybersecurity, but also. more kind of take-down operations and those types of activities, more kind of disrupt doctrine-type
Starting point is 00:17:39 aspects and operations that the Japanese government, specifically their national police and their national defense forces, will be enabled to conduct. And so this was the first dialogue that has really occurred since that act has been operationalized over the last year. I should mention just for our audience's sake that before you were with NTT, you of course, were a U.S. naval officer and served at Cyber Command. How do you describe the relationship, the diplomatic relationship between the U.S. and Japan when it comes to cyber? Strong and strengthening? So, you know, until this act that I mentioned was signed into law a year ago, Japan had kind of a fragmented cybersecurity and cyber operations force.
Starting point is 00:18:28 that act centralized authorities and controls underneath the national cyber office, which is kind of a combination of our FBI Cyber Division plus our SISA plus NSA and Cyber Command, kind of all under one big heading. And so they're responsible for intelligence collection and prioritization. They're responsible for policy and public-private collaboration. And they're responsible for taking more defensive or even offensive-type actions. through cyberspace. What that actually means on the ground, we don't know yet because they're still implementing
Starting point is 00:19:03 all these things. But the relationship between the Japanese government and the U.S. government is very strong right now with the Prime Minister Takayishi in Japan and her relationships with Washington, but also with folks like Yuki Osaita, who is kind of the international strategist at the National Cybersecurity Office, working very closely with our State Department and our Department of Homeland Security. And so you see these people starting to come to the U.S. more and more and building this kind of commitment to sharing, which is really what we saw in the joint statement that was released after the cyber dialogue from the state department, U.S. State Department, but also the Japanese executive branch agencies and diplomatic corps, where they're committing to sharing lessons learned, sharing intelligence, sharing policy priorities and coordinating policy priorities around cyber defense. To me, that is the first step towards moving in a direction of joint operations or coalition operations. Can you take us behind the scenes a bit? How is an event like this organized and how do they set expectations for success?
Starting point is 00:20:13 Sure. So in the room you have U.S. organizations like the National Security Council, the Office of the National Cyber Director, the Office of the Director of National Intelligence, right, FBI, Homeland Security, SISA, even NIST and FCC. more around standards in telco. So that's all from the U.S. side. Of course, the entire thing is being organized and put on by the Department of State in the U.S. In collaboration with the Japanese organizations, so their Ministry of Defense, their telecom regulator, their diplomatic corps and METI
Starting point is 00:20:44 and their version of FCC as well. And so it's kind of a total coalition plan where this has stood up. There's also quite a lot of interaction with private sector. in relation to this. So there's a the Japanese business council, which is an organization within the U.S., that's kind of a sort of a trade association, kind of bringing in Japanese corporations, but also the coordination and participation of U.S. companies who have business interests in Japan.
Starting point is 00:21:12 Keep in mind, Japan is one of the world's largest economies. I think it's the third or fourth largest economy in the world. So there's a lot of business operations and activities here. And so this is totally a joint activity, right? There's U.S. co-chairs, Japanese co-chairs, who were putting this on for the two days of dialogues along all those various topics. There are certainly more than the ones I mentioned, but the topics that I mentioned at the beginning here were kind of the key ones that I saw, which were most important. That being said, of course, they talked about things like AI security, et cetera, et cetera.
Starting point is 00:21:42 But, you know, I'm sure you talk about that plenty, so we don't need to go into that here. So what was the feeling as things wrapped up? Did the participants consider this to be a success? Yes, most definitely. Again, this one, I think, was seen as the most substantive in the history of this dialogue. And why is that? Again, part of it, I think, is the act of cyber defense and how much investment the Japanese government is putting towards cyber defense of not just the Japanese homeland, but the entire Asia-Pacific region. But also, of course, I mean, we're still, we're just about two years post the salt typhoon and kind of revelation.
Starting point is 00:22:23 where we saw this Chinese threat actor really owned the global telco companies, you know, more than 200 targets globally in 80 countries around the world. And, you know, those revelations really just started kind of hitting the public wires about two years ago or so. And, of course, just more and more information over the last two years. And so that, the context of the threat environment in that region, that's the Chinese threats, of course, the North Korean kind of crypto scams, the Southeast Asian cybercriminal groups in terms of the kind of the
Starting point is 00:22:57 scam farms and those, this threat environment is really starting to coalesce in that region of the world at the same time that Japan is investing more and more in their capabilities and they're both the defensive and offensive and legal authorities. And so I think it's given the U.S. and Japan leaders
Starting point is 00:23:18 more to talk about and more to do and start thinking about how politics, aligns, how public-private collaboration aligns, and how we can take proactive actions against these types of threats. All right. Sounds like an optimistic tone. I think there's a lot of reason to be optimistic in this topic in particular. Yeah.
Starting point is 00:23:38 Brandon Karp is the leader of international public-private partnerships at NTT. Brandon, thanks so much. Thanks, Dave. Organizations spend years building incident response plans. but when a real crisis hits, many discover those plans were built for auditors, not for operating through disruption. We recently spoke with Courtney Gus, Crisis Management Director at Sempris, about why true cyber resilience depends on more than compliance. She explains why organizations need to move beyond static playbooks,
Starting point is 00:24:25 establish clear decision-making authority, and prepare leaders for the moments when technology and the plan itself may fail. If you're responsible for incident response, business continuity, or cyber resilience, this is a conversation you won't want to miss. Listen to the full interview at explore.thecyberwire.com slash Sempris. This episode is brought to you by Accenture. When your advertising operations fall out of sync, everything else follows. Spotify and Accenture are working together to reinvent the rhythm of ad sales, using automation, analytics, and smarter workflows to simplify campaign delivery and access better data across the business. The result? Less time spent on operations, more time connecting brands with the
Starting point is 00:25:20 moments and fandoms that matter most. Learn more at Accenture.com slash Spotify. And finally, more than 300,000 Californians have pressed what state officials call the great delete button in the sky, invoking the nation's first delftion. Elite Act to force hundreds of registered data brokers to erase their personal information. Beginning August 1st, brokers must start processing requests to delete sensitive data, ranging from location histories to financial details to health information and demographic profiles, while also stopping future sales of that data. The law aims to curb an industry that quietly assembles digital dossiers from loyalty cards,
Starting point is 00:26:11 web browsing, social media, and countless everyday interactions, often selling them to advertisers, governments, AI developers, and, as officials dryly note, seemingly anyone with a credit card. Regulators are pursuing unregistered brokers and warning that companies ignoring deletion requests could face steep fines. The process takes only a few minutes, a small investment for anyone hoping their personal life stopped circulating, quite so enthusiastically.
Starting point is 00:26:45 And that's the Cyberwire. For links to all of today's stories, check at our daily briefing at thecyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show,
Starting point is 00:27:13 please share a rating and review in your favorite podcast app. Please also fill out the survey and the show notes or send an email to Cyberwire at N2K.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman.
Starting point is 00:27:31 Our contributing host is Maria Vermazas. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Hey, y'all, it's Kelly Clarkson with Wayfair. Ever order furniture online and wonder, what if?
Starting point is 00:28:04 Like, what if it doesn't hold up? That sofa was four days old. You should have ordered from Wayfair. With Wayfair, there's no what if. Just style you love and quality you can trust. Visit wayfair.ca. Wayfair, every style, every home.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.