CyberWire Daily - The ransomware toll road.

Episode Date: July 14, 2026

Treasury sanctions a VPN provider tied to ransomware. The Pentagon hits pause on CMMC audits. Critical flaws surface in Google Cloud’s Dialogflow CX. Estée Lauder discloses a data breach. Mobile ne...tworks become a battlefield for tracking U.S. personnel. Australia calls out Big Tech over child safety. SAP patches critical bugs. CISA flags an actively exploited Cisco flaw. And the federal government accelerates AI investments. Our guest is Bogdan Botezatu, Senior Director, Threat Research and Reporting at Bitdefender, talking about Cyberthreats to Journalists and Influencers. AI costs savings come at a price. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Bogdan Botezatu, Senior Director, Threat Research and Reporting at Bitdefender, is talking about "Targeting the Messengers: Cyberthreats to Journalists and Influencers," their awareness campaign designed to address the escalating digital and reputational risks faced by media professionals in hostile environments. Selected Reading US sanctions VPN, malware providers for enabling ransomware attacks (Bleeping Computer) Pentagon announces 'immediate suspension' of CMMC Phase II mandates (Breaking Defense) Google Cloud Dialogflow CX vulnerability allowed AI agent hijacking | brief  (SC Media) Estée Lauder Companies Reports Data Breach Exposing Health Records and SSNs (Beyond Machines) US military targeted in Iran war phone-tracking campaign (Financial Times) Australia finds serious gaps in Big Tech response to online child sexual abuse (Reuters) SAP warns of critical flaws in NetWeaver and Commerce Cloud (Bleeping Computer) CISA adds Cisco IOS flaw to known exploited vulnerabilities catalog | brief (SC Media) Federal AI Projects Get Priority in TMF Funding Dash (GovInfo Security) Companies Are Throttling Employees’ AI Use Because It’s Too Expensive (404 Media) Share your feedback. What do you think about CyberWire Daily? Please take a few minutes to share your thoughts with us by completing our brief listener survey. Thank you for helping us continue to improve our show. Want to hear your company in the show? N2K CyberWire helps you reach the industry’s most influential leaders and operators, while building visibility, authority, and connectivity across the cybersecurity community. Learn more at sponsor.thecyberwire.com. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. Hey, y'all, it's Kelly Clarkson with Wayfair. Ever order furniture online and wonder, what if? Like, what if it doesn't hold up? That sofa was four days old. You should have ordered from Wayfair. With Wayfair, there's no what if. Just style you love and quality you can trust.
Starting point is 00:00:20 Visit Wayfair.ca. Wayfair, every style, every home. This episode is supported by Black Hat USA. If you follow the research, you know a lot of it breaks on Black Hat stages. Hundreds of peer-reviewed briefings, more than 100 hands-on trainings, and the largest business hall in Black Hat's history. Six days to learn the skills you'll need tomorrow. August 1st to the 6th.
Starting point is 00:00:48 Use code Cyberwire for $200 off your briefings pass at blackhat.com. We'll see you in Vegas. Treasury sanctions of VPN provider tied to ransomware. The Pentagon hits pause on CMMC audits. Critical flaws surface in Google Cloud's Dialogue Flow CX. Estee Lauder discloses a data breach. Mobile networks become a battlefield for tracking U.S. personnel. Australia calls out big tech over child safety.
Starting point is 00:01:31 SAP patches critical bugs. Sisa flags an actively exploited Cisco flaw. And the federal government accelerates AI investments. Our guest is Bogdan Badazatu, senior director of threat research and reporting at Bit Defender, talking about cyber threats to journalists and influencers. And AI cost savings come at a price. It's Tuesday, July 14, 26.
Starting point is 00:02:09 I'm Dave Bittner, and this is your Cyberwire Intel briefing. Thanks for joining us here today. It's great as always to have you with us. The U.S. Treasury Department's Office of Foreign Assets Control has sanctioned VPN provider First VPN Service also known as OneVPNS, its administrator and a Belarusian crypto seller for supporting ransomware operations targeting U.S. organizations. According to Treasury, OneVPNS marketed itself to cybercriminals by promising no user logs
Starting point is 00:02:58 and no cooperation with law enforcement, while the operator allegedly used false identities to obtain hosting infrastructure. The sanctions follow the May take down of one VPNS during the multinational operation at Saffron, which resulted in server seizures, the operator's arrest, and the exposure of thousands of suspected cybercriminal users. Treasury said ransomware campaigns using one VPNS caused billions in losses. Officials say the action targets the broader ecosystem of services
Starting point is 00:03:32 that enable ransomware, not just the operators themselves. The Pentagon has suspended cybersecurity maturity model certification phase two requirements, delaying mandatory third-party cybersecurity assessments that were set to take effect in November of this year. Defense officials said the move is intended to reduce administrative burdens, particularly for small and non-traditional contractors, while maintaining existing cybersecurity standards. Companies will still be required to complete. with NIST SP 800-171 through self-assessments, but the department is eliminating third-party
Starting point is 00:04:14 audits during a 60-day review of the program. Officials cited a shortage of certified assessors, noting that more than 100,000 defense contractors would have needed audits from only about 100 available assessors. The Pentagon says the review will seek a more practical approach that strengthen cybersecurity without slowing defense production or limiting participation by smaller companies. Researchers at Veronis uncovered critical vulnerabilities in Google Cloud's Dialogflow CX that could have allowed attackers to hij agents, steal credentials, and access chat logs. The flaws stemmed from custom Python code blocks running in a shared cloud run environment with excessive privileges. potentially allowing a compromise of one agent to affect all others in the same project.
Starting point is 00:05:09 Google patched the issues between April and June 26. Organizations are advised to review audit logs and inspect code blocks for unauthorized changes. The Estee Lauder Companies has disclosed a data breach that exposed sensitive personal and health information, according to a filing with the Vermont Attorney General. The compromise data may include social security numbers, health records, financial account information, and government-issued identification numbers. The company has not disclosed how the breach occurred or how many individuals were affected. Estee Lauder said it is investigating the incident, working with law enforcement, and notifying potentially impacted individuals. Recipients are encouraged to verify any breach notifications through the company's official channels.
Starting point is 00:06:01 Middle Eastern Telecom networks experienced a wave of cyberattacks during the conflict with Iran that appeared aimed at tracking the locations of U.S. military personnel and contractors, the Financial Times reports. According to telecom data reviewed by security researchers, attackers used SS7 location requests, a long-standing vulnerability in mobile networks, to target phones roaming outside their home networks. U.S. and regional officials suspect Iran or affiliated actors, though attribution has not been confirmed.
Starting point is 00:06:38 Separate reports also suggest Iranian-linked actors may have abused commercial smartphone advertising data to identify U.S. personnel in Iraqi Kurdistan. Lawmakers have renewed concerns that mobile network vulnerabilities and the commercial sale of location data expose military personnel to surveillance. U.S. Central Command acknowledged receiving reports of adversaries exploiting commercial location data and said it implemented additional force protection measures, while emphasizing that data tracking did not play a significant role in attacks on U.S. forces. Australia's e-safety regulators says major technology companies, including Apple, meta, and Google,
Starting point is 00:07:24 continue to have significant shortcomings in preventing child sexual sexual or, abuse and online sexual extortion. A new transparency report found that many platforms are not fully using available technologies, such as language analysis tools, to detect common coercion tactics used by offenders. The regulator also identified weaknesses in user reporting tools across services, including WhatsApp, iMessage, Discord, and Google messages. Between July and December of last year, e-safety received more than 2,000 reports of sexual extortion, with young adults most affected. While the report highlights progress by companies including Google, Meta, Microsoft, Snap, and Discord in detecting abuse and grooming, it concludes that broader adoption of existing
Starting point is 00:08:15 safety technologies remains insufficient to address the growing threat. SAP has released security updates addressing 16 vulnerability. vulnerabilities across multiple products, including three critical flaws affecting NetWeaver, Commerce Cloud, and App Router. The most severe is a memory corruption vulnerability in SAP NetWeaver application server ABAP that could allow an authenticated attacker to exploit memory management flaws, potentially leading to unauthorized data access, data modification, or system outages. SAP said the vulnerability poses a high risk to the confidential integrity, and availability of affected systems.
Starting point is 00:09:01 SISA has added a critical Cisco iOS vulnerability to its known exploited vulnerabilities catalog, requiring U.S. federal agencies to remediate it under binding operational directive 22-01. The flaw affects Cisco 871 integrated services routers and involves cross-site request forgery vulnerabilities that could allow attackers to trick authenticated administrators into executing arbitrary commands. SISA also urges private organizations to review the K-EV catalog and address affected systems to reduce cybersecurity risk. The Federal Technology Modernization Fund is moving quickly to invest in generative AI before its
Starting point is 00:09:47 current funding authority expires on September 30th. Federal agency's have until July 24th to submit proposals for AI and permitting technology products, with awards expected before the deadline. Acting Executive Director Jesse Pasilkin says the effort is intended to help agencies adopt AI responsibly while building on previous investments in cloud modernization, cybersecurity, and automation. Developed with the General Services Administration's USAI team, the initiative will fund projects that improve AI-ready infrastructure, prepare data, test emerging applications, and deploy secure enterprise AI capabilities.
Starting point is 00:10:31 The accelerated timeline reflects uncertainty over the fund's long-term future. Since launching in 2017, the Technology Modernization Fund has invested more than $1 billion in roughly 70 projects across the federal government. Coming up after the break, My conversation with Bogdan Badazatu, Senior Director of Threat Research and Reporting at Bit Defender. We're talking about cyber threats to journalists and influencers. And AI cost savings, I'm at a price. Stick around.
Starting point is 00:11:23 The Hulu original series Furious is coming to Disney Plus. Starring Emmy Rossum, Furious follows FBI agent Alice Black on the hunt for a mysterious and calculating serial killer. Both walk their own paths toward justice, and as their lives start to intertwine, the line between right and wrong begins to blur. Don't miss the three-episode premiere of the Hulu original series Furious on July 27th, only on Hulu on Disney Plus. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for, every vendor that turns on AI features, every new integration, each one. is an opportunity for something to go wrong.
Starting point is 00:12:14 And most security programs weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform, used by over 16,000 fast-moving companies like Ramp, Cursor, and Harvey to ensure they're always audit-ready. And now Vanta is helping companies like yours watch for the risks that show up between audits, across your vendors, your AI tools, and your whole environment. How?
Starting point is 00:12:41 The Vanta agent works like a 24-7 GRC engineer in the background, finding issues, drafting fixes, and cutting vendor assessment time by up to 50%. Whether you're a fast-growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today at Vanta.com slash cyber. That's V-A-N-T-A-com slash cyber. The first ever all-electric 2026 Subaru Trail Seeker is the EV for the Trail Obsessed, with up to 444 kilometers on a full charge and DC fast charging from 10 to 80% in about 30 minutes in ideal conditions.
Starting point is 00:13:34 Plus, ample ground clearance and symmetrical all-wheel drive make the 2026 Trail Seeker the most capable EV Subaru has ever built. Test drive it at your local Subaru dealer or visit Super Bowl. broo.ca. My name is Peter Parker, but I'm also Spider-Man. This July, we're faced with a threat. I can be anyone. The world may have forgotten Peter Parker.
Starting point is 00:13:59 I'm just a neighbor, friendly neighbor. But he hasn't forgotten them. Sometimes Spider-Man has to do the hard thing. That's my responsibility. Talk to Banner? I didn't know you could get that big. Spider-Man, brand-new day. In theaters, July 31st.
Starting point is 00:14:24 Bogdan Badizatu is Senior Director for Threat Research and Reporting at Bit Defender. We recently sat down to discuss cyber threats to journalists and influencers. Well, I'm a former journalist myself, and I've been formally studying journalism for quite a while now. And even if I didn't have a whole history of reporting, for instance, I've done that in the university. And as I remember back then, it was the interesting. job, even if technology wasn't a huge piece of the operational part. Now, we have been invited every once in a while to discuss basic cybersecurity hygiene with college students and university students, and we realize that the technological bar is
Starting point is 00:15:16 so low. Now, I don't want to make this more obvious that it is, but journalism in itself, is a trade. And people who train in doing proper journalists don't have time to dissect the ins and doubts of technology, even if this is probably one of the most important channels of communications that they have today. So we started easy building some sort of a curricula
Starting point is 00:15:47 for freshman journalists to teach them basic cybersecurity hygiene, what fishing is. how to tell a deep fake from a real video, how to interact with the internet in a safe manner, how to limit that exposure of private information, because at the end of the day, an adversary will piece all this information together and use it against the journalists themselves.
Starting point is 00:16:15 What is your sense for how well journalists are equipped these days to protect themselves against these sort of things? It's low and this is not just because they are not tech savvy because some of them are. I'd say that their ability to protect themselves is low because the adversaries have become more and more skilled. And most of the tools that these adversaries are using are sophisticated and readily available of the shelves. Before 2010, I'd say, governments had to build their own spyware arsenal to target journalists. Now they can purchase one software development kit from a vendor like, I'm not going to mention vendors here. So journalists can become targets even to governments or to regular cybercriminals
Starting point is 00:17:14 because the hacking barrier has become so low because of the commoditization of malicious arsenals. And what is it about journalists that make them such an attractive target? I have great respect for this trade. They have sacrificed all their lives to bring to surface. the truth. And in the society that we leave today, it takes a lot of courage to unveil corruption to report about the things in society that people in power want hidden. Journalists are now one of the most predilect targets because, A, like regular people, they normally are practical targets for regular cybercriminals, just like everybody else,
Starting point is 00:18:01 And B, because they deal with information, with sensitive information, and that sensitive information normally exposes corruption. So people in positions of power would like them silenced, would like their sources to be identified, would like that the journalist's information exposed whistleblowers and how these people control the narrative. Are there common mistakes that you see journalists making that the threat actors are able to take advantage of? Yes. One of the probably most important mistake is not knowing what you're not knowing.
Starting point is 00:18:43 To put it simple, technology has evolved so fast and it's so blown now that journalists don't necessarily keep up with the latest innovations. One thing that popped into the questionnaire that we did before, our workshop was, do you believe that if you're using the Tor browser, for instance, to do research? Can you be de-anonymized or identified? And journalists, even the seasoned ones were like, no, because this is the whole point of using Tor. It's an anonymous service that helps me and my sources stay anonymous. All it takes for somebody to de-anonymize themselves is to modify. the browser size, for instance,
Starting point is 00:19:30 and all of a sudden, they will be more easy to get identified in the whole noise of the tool browser. So there are basic things here that people take for granted that perhaps they shouldn't. Yes, definitely. And we are trying to correct these behaviors. We are trying to give them a helping hand to stay safe while doing their job.
Starting point is 00:19:55 Another thing that seems to be important now is that traveling as a journalist has become more and more dangerous. And I'm not saying that just for journalists traveling to countries that are known to be oppressive regimes like Russia or Belarus or parts of Africa. No, even when traveling in the United States, for instance, they can be subject to confiscation and searches even if they haven't done anything. The States border patrol, for instance, has the right to refuse everybody access to the United States unless they go through mandatory device inspection. Journalists are no exception to that. Can you give us some insights as to the types of things that you've heard from some of the journalists who have gone through this program or examined this research?
Starting point is 00:20:49 We structured this workshop in three chapters. starting with basic digital hygiene and then moving into more seasoned reporting, people who have been working in the newsroom for a while, but are specializing in cybersecurity. And the last chapter closes the investigative part where risks are higher, the stakes are higher, and journalists need to be a little bit more careful to what they're doing on the Internet. So because there was this heterogeneous mess of journalists of all the types and experience levels,
Starting point is 00:21:35 some of them were really, really amazed at how easy it is to conduct fishing or how easy they are to fall victim to social engineering. Some others knew about these already and they were less impressed by the basic part. but they were also more interested in learning about how state-sponsored surveillance works or how much information they can disclose just by sticking decals on their car or on their work computers. Yeah, it's interesting to me that I think it's easy for folks to think that they don't have anything that anyone would be interested in, right? But even if you're a journalist who's covering something that you may think is not particularly interesting, the person sitting at the desk next to you might be very interesting to the adversaries. And maybe they're trying to get to them through you.
Starting point is 00:22:36 Of course, that's a very highly likely situation. And deepfakes make it easier because now impersonating a colleague or an editor only requires a couple of minutes of video footage and or, audio footage and an open source generating model that can put a face and words on somebody else's body, right? That's Bogdan Bonizatu from Bit Defender. Hear that? It's your money calling.
Starting point is 00:23:25 It wants a promotion. Elevate your savings with the Scotia high interest savings account. Always earn high regular income. interest rates that grow the more you save and invest. Conditions apply. Visit scotiabank.com slash h-I-SA to learn more. Scotia Bank. You're richer than you think.
Starting point is 00:23:52 And finally, the AI honeymoon may be ending as enterprises discover that unlimited curiosity comes with a very real price tag. According to leaked internal communications obtained by 404 media, companies including Atlassian, Adobe, Amazon, and City are reigning in employee access to advanced AI models after usage costs ballooned. Some organizations are steering workers toward less powerful models, while others have temporarily disabled premium offerings or introduced dashboards to track AI spending. Atlasians reported monthly AI bill climbed from roughly $5 million to more than $15 million, and some employees say token limits are now forcing them to rethink AI-heavy workflows.
Starting point is 00:24:44 Even Amazon reportedly replaced AI usage leaderboards with spending limits. The shift reflects a broader reality as enterprise AI pricing moves to usage-based billing. Companies eager to embrace AI are now discovering that every prompt has a price and token economics is becoming almost as important as the technology itself. There's a certain irony here. Many companies embraced AI as a way to reduce labor costs and do more with fewer people. Now they're discovering that replacing payroll with prompt bills isn't quite the bargain they imagined. It turns out AI may not be asking for vacation time, but it's proving remarkably good at running up the tab.
Starting point is 00:25:32 And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at the the Cyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey and the show notes or send an email to Cyberwire at
Starting point is 00:26:09 N2K.com. N2K's lead producer is Liz Stokes. We're mixed by Trey Hester with original music and sound designed by Elliot Peltzman. Our contributing host is Maria Vermazis. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.