CyberWire Daily - The secrets of a dark web drug lord.
Episode Date: May 21, 2024The alleged operator of Incognito Market is collared at JFK. The UK plans new ransomware reporting regulations. Time to update your JavaScript PDF library. CISA adds a healthcare interface engine to i...ts Known Exploited Vulnerabilities (KEV) catalog. HHS launches a fifty million dollar program to help secure hospitals. A Fluent Bit vulnerability impacts major cloud platforms. The EPA issues a cybersecurity alert for drinking water systems. BiBi Wiper grows more aggressive. Siren is a new threat intelligence platform for open source software. On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K’s Rick Howard to discuss “Innovation: balancing the good with the bad.” And is it just me, or does that AI assistant sound awfully familiar? Our 2024 N2K CyberWire Audience Survey is underway, make your voice heard and get in the running for a $100 Amazon gift card. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert, joins N2K’s Rick Howard to discuss “Innovation: balancing the good with the bad.” Rick caught up with Amit at the recent RSA Conference in San Francisco. Selected Reading “Incognito Market” Owner Arrested for Operating One of the Largest Illegal Narcotics Marketplaces on the Internet (United States Department of Justice) Exclusive: UK to propose mandatory reporting for ransomware attacks and licensing regime for all payments (The Record) CVE-2024-4367 in PDF.js Allows JavaScript Execution, Potentially Affecting Millions of Websites: Update Now (SOCRadar) CISA Warns of Attacks Exploiting NextGen Healthcare Mirth Connect Flaw (SecurityWeek) Fluent Bit flaw discovered that impacts every major cloud provider (Tech Monitor) EPA Issues Alert After Finding Critical Vulnerabilities in Drinking Water Systems (SecurityWeek) New BiBi Wiper version also destroys the disk partition table (Bleeping Computer) Enhancing Open Source Security: Introducing Siren by OpenSSF (OpenSSF) HHS offering $50 million for proposals to improve hospital cybersecurity (The Record) Scarlett Johansson Said No, but OpenAI’s Virtual Assistant Sounds Just Like Her (The New York Times) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyber Wire Network, powered by N2K. of you, I was concerned about my data being sold by data brokers. So I decided to try Delete.me.
I have to say, Delete.me is a game changer. Within days of signing up, they started removing my
personal information from hundreds of data brokers. I finally have peace of mind knowing
my data privacy is protected. Delete.me's team does all the work for you with detailed reports
so you know exactly what's been done. Take control of your data and keep your private life Thank you. JoinDeleteMe.com slash N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to JoinDeleteMe.com slash N2K and enter code N2K at checkout.
That's JoinDeleteMe.com slash N Market is collared at JFK.
The UK plans new ransomware reporting regulations.
Time to update your JavaScript PDF library.
CISA adds a healthcare interface engine to its known exploited vulnerabilities catalog.
HHS launches a $50 million program
to help secure hospitals.
A fluent bit vulnerability impacts major cloud platforms.
The EPA issues a cybersecurity alert
for drinking water systems.
BB Wiper grows more aggressive.
Siren is a new threat intelligence platform
for open source software.
On our Industry Voices segment, guest Amit Sinha, CEO of DigiCert,
joins N2K's Rick Howard to discuss innovation, balancing the good with the bad.
And is it just me, or does that AI assistant sound awfully familiar.
It's Tuesday, May 21st, 2024.
I'm Dave Bittner,
and this is your CyberWire Intel Briefing. briefing. Thanks for joining us here today. It's great to have you with us.
Ru-Sang Ling, a 23-year-old from Taiwan, was arrested for operating Incognito Market, an online dark web marketplace for illegal narcotics. Lin was apprehended at JFK Airport on May 18th and is
set to appear in Manhattan federal court. Attorney General Merrick Garland noted that Lin was behind
a $100 million dark web drug trafficking operation. The marketplace ran from October 2020
until its closure in March 2024,
selling narcotics, including cocaine and methamphetamines,
accessible globally via the Tor web browser.
Lin, known online as Pharaoh,
oversaw all aspects of the marketplace,
including supervising employees, vendors, and customers.
Incognito Market mimicked legitimate e-commerce sites
with features like branding, advertising, and customer service,
allowing users to anonymously buy and sell a variety of illegal drugs.
The site required vendors to register and pay fees,
with transactions facilitated through an inside
cryptocurrency bank. If convicted, Lin faces a mandatory minimum life sentence for engaging in
a continuing criminal enterprise, a maximum life sentence for narcotics conspiracy, 20 years for
money laundering, and five years for conspiracy to sell adulterated and misbranded medication.
The FBI, HSI, DEA, FDA, and NYPD collaborated on the investigation.
In an exclusive, the record from Recorded Future reports that
Britain plans a major overhaul of its ransomware response,
requiring all victims to report incidents and obtain a
license before paying ransoms. The proposal, part of a public consultation next month,
includes banning ransom payments for critical national infrastructure to deter hackers.
The mandatory reporting aims to reveal the true extent of the problem. It's unclear how the
licensing system will work,
but concerns exist about potential delays in recovery. Public consultations will shape the
final proposals, which might need new legislation post-general election. The opposition Labor Party
hasn't detailed its stance on cybersecurity. Despite criticism of the current response, the government emphasizes
its preparedness and international efforts against ransomware. Security experts found a major
vulnerability in PDF.js, a JavaScript library for displaying PDFs, maintained by Mozilla and
widely used in browsers like Firefox and via NPM. The vulnerability involves
a missing type check in font handling, allowing arbitrary JavaScript execution when a malicious
PDF is opened. Discovered by Thomas Rinsma from Kodian Labs, it was fixed in PDF.js on May 14th of 2024, the flaw affects all Firefox versions before 1.26 and poses a high risk, enabling potential cross-site scripting attacks, data breaches, and account takeovers.
Developers must update to PDF.js version 4.2.67 or higher to mitigate the issue.
4.2.67 or higher to mitigate the issue. As a temporary fix, setting is eval supported to false can disable the vulnerable code path. CISA has added a vulnerability in NextGen Healthcare's
MirthConnect to its known exploited vulnerabilities catalog. MirthConnect, an interface engine for
healthcare information management, has a data deserialization flaw allowing remote code execution.
Discovered by Horizon3.ai in October 2023, the vulnerability was patched in version 4.4.4.
Horizon3.ai warned the flaw is easily exploitable, posing significant risks to healthcare data.
Over 1,200 internet-exposed instances were noted, with 440 still vulnerable by mid-January of this year.
CISA instructed agencies to address the issue by June 10.
Microsoft linked the flaw to ransomware attacks by the China-based Storm 1175 group. The U.S. Department of Health and Human Services
is launching a $50 million program called Upgrade
to enhance cybersecurity for hospitals.
Managed by the Advanced Research Projects Agency for Health,
that's ARPA-H,
the program aims to secure medical device systems
and networks at scale.
It seeks proposals from
the private sector to develop a vulnerability mitigation software platform, auto detection
systems, and digital replicas of hospital equipment for testing. The initiative comes
amid rising cyber attacks on healthcare, including a recent incident at Ascension.
HHS emphasizes the challenge of securing diverse internet-connected
medical devices, which often cannot be patched promptly. Upgrade aims to automate vulnerability
detection and patch deployment, reducing hospital equipment downtime and enhancing patient care
security. FluentBit, a logging and metric solution used extensively in cloud computing environments,
has a newly discovered vulnerability that impacts major cloud platforms like Microsoft Azure, Google Cloud, and AWS.
Cybersecurity researchers at Tenable identified the flaw,
which could allow hackers to execute remote code or launch denial-of-service attacks.
which could allow hackers to execute remote code or launch denial-of-service attacks.
Jimmy Seabury of Tenable advises users to upgrade to the latest version of FluentBit immediately or secure its monitoring API to authorized users only.
The vulnerability involves a memory corruption issue that can potentially leak sensitive information.
Tenable informed FluentBit and major cloud providers about the flaw in May,
but no public statement has been made by Fluentbit yet.
Seabree stresses the importance of regular updates,
defense-in-depth measures,
and the principle of least privilege to mitigate such risks.
The U.S. Environmental Protection Agency issued an alert on Monday to enhance the cybersecurity of drinking water systems.
Inspections since September 2023 revealed over 70% noncompliance with the Safe Drinking Water Act with critical cyber vulnerabilities such as default passwords. The EPA recommends reducing internet exposure, conducting regular assessments,
changing default passwords, inventorying IT and OT assets, developing incident response plans,
backing up systems, addressing vulnerabilities, and conducting awareness training. The agency
plans to increase inspections and enforce compliance through civil and criminal actions.
inspections and enforce compliance through civil and criminal actions. Recent cyber attacks on water systems by state-sponsored actors from Iran, Russia, and China have prompted these measures.
Security experts advise robust IoT device management and consider outsourcing security
for resource-limited utilities. A new version of BB Wiper malware now deletes the disk partition table to complicate
data restoration and extend downtime. Linked to the Iranian hacking group Void Manticore,
also known as Storm 842, suspected of affiliations with Iran's Ministry of Intelligence and Security, BB Wiper has targeted Israel and Albania.
Security Joes first identified BB Wiper in October 2023,
leading to an alert from Israel's CERT in November 2023.
A checkpoint research report reveals newer variants
and two other custom wipers,
CI Wiper and Partition Wiper,
used by Void Manticore. The group uses fake personas like Karma and Homeland Justice on Telegram to amplify damage
and often cooperates with another group, Scarred Manticore, for initial access and subsequent attacks.
The open-source security Foundation has launched SIREN, a centralized platform for
sharing threat intelligence to enhance the security of open source projects. Open source
software, which powers up to 90% of modern applications, faces increased threats from
cyber actors. SIREN addresses the need for efficient communication about exploits by providing real-time updates,
following TLP-Clear guidelines for transparent information sharing, and fostering community-driven collaboration.
This initiative aims to improve cybersecurity defenses and awareness within the open-source community.
Developers, maintainers, and security enthusiasts are encouraged to join SIREN,
help build a more resilient and secure open-source ecosystem.
Coming up after the break, our own Rick Howard speaks with our guest Amit Sinha, CEO of DigiCert.
They discuss innovation, balancing the good with the bad.
Stay with us.
Transat presents a couple trying to beat the winter blues.
We could try hot yoga.
Too sweaty. We could go skating. winter blues. We could try hot yoga. Too sweaty.
We could go skating.
Too icy.
We could book a vacation.
Like somewhere hot.
Yeah, with pools.
And a spa.
And endless snacks.
Yes!
Yes!
Yes!
With savings of up to 40% on Transat South packages, it's easy to say, so long to winter.
Visit Transat.com or contact your Marlin travel professional for details.
Conditions apply. Air Transat.com or contact your Marlin travel professional for details. Conditions apply.
Air Transat. Travel moves us.
Do you know the status of your compliance controls right now?
Like, right now.
We know that real-time visibility is critical for security,
but when it comes to our GRC programs,
we rely on point-in-time checks.
But get this. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta.
Here's the gist. Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. Thank you. $1,000 off Vanta when you go to vanta.com slash cyber. That's vanta.com slash cyber for $1,000 off.
And now a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses
is by targeting your executives and their families at home?
Black Cloak's award-winning digital executive protection platform
secures their personal devices, home networks, and connected lives.
Because when executives are compromised at home, your company is at risk.
In fact, over one-third of
new members discover they've already been breached. Protect your executives and their families 24-7,
365, with Black Cloak. Learn more at blackcloak.io.
Our own N2K Chief Security Officer Rick Howard was at the RSA conference in San Francisco, where he caught up with Amit Sinha, CEO of DigiCert.
In this sponsored Industry Voices segment, they discuss innovation, balancing the good with the bad.
balancing the good with the bad. I'm here at RSA 2024 sitting with Amit Sinha and you are the CEO of DigiCert. Is that correct? That's correct, Rick. Pleasure to be on your show. Thank you very much.
And so tell me what DigiCert is. DigiCert is the leading global provider of digital trust.
Our platform is used by over 80% of Fortune 500
organizations and tens of thousands
of other businesses worldwide.
If you're a business,
likely that you're
using DigiCert for
trusting your web servers
or a few other things that we'll talk about.
Yeah, we're
a privately held company. We've been in business for
20 years and we're kind of anchors of trust on the Internet.
Well, it's funny that I get to talk to you here at RSA this year because I think if you talk to the crowd,
most of us are feeling a little bit shaky about how we trust Internet assets.
So how do you reconcile that? How do you square that circle?
reconcile that? How do you square that circle? Well, look, the math, the PKI, the cryptography that powers all the authentication and encryption on the internet has evolved. And there's no reason
to distrust it at the moment. When you connect to your banking website, you see a little lock icon
and you know that it's a trusted website with a secure connection.
Your transactions are authenticated.
But that's just at the beginning.
The problem just explodes when you start looking at everything within an organization, right?
Because we have this problem that you hear on the news all the time, fake video, generative AI, and it just kind of makes everything, everybody afraid. But I think
what you're saying is we can use the same technology to at least make that more trustworthy.
Absolutely. And Rick, the foundations of PKI and cryptography are applicable to
whether you're just trusting your plain vanilla banking web server or a workload or a Kubernetes
server or a load balancer in an enterprise,
but then even expanding to software and content
and IoT devices, right?
It's the same essential math, right?
Well, that's pretty explicit here.
We're talking about digitally signing things, right?
That's correct.
Yeah, go ahead.
There are two things, right?
One, when you digitally sign, say, software,
you make it tamper-proof and you establish a chain that proves where that software came from.
For example, when you download an app from the App Store, it's been signed by Apple's ecosystem and now it's getting deployed on an Apple device. So the device has a trusted identity. The software is signed digitally,
which makes it tamper-resistant.
And now you have a trusted device running trusted software.
Same is true for when you docu-sign something, right?
Like Rick has signed a contract, a PDF file.
How do you know that?
How will it hold up in a court of law?
Because it's secured by math that makes it impossible for computers today to reverse engineer it, tamper it, and re-sign.
It's not possible.
These are one-way functions.
So whether it's documents or software or generative AI content, and we'll talk about that.
The kind of the math behind is the same.
And what DigiCert does is provide a platform
to manage the life cycle of your cryptographic assets
to make sure that, you know, you can trust your users,
you can trust email, you can trust software,
you can trust devices, content,
and all of these little things
that make up our digital interactions.
You know, we're kind of the essential infrastructure
that makes sure that those transactions
and interactions are safe and trustworthy.
Well, I think there's two points to that, right?
One, I totally agree with you.
The math is sound.
Digital signatures are, it's a fantastic innovation.
We've been using it for decades now, right?
Right.
But when we started trying to sign websites,
we really screwed that up
and we caused a lot of distrust in the consumer community
because it felt they would put a fake lock up
and we didn't know if it was really locked.
And how do we solve that in the modern age here in 2024?
Yeah, look, I think the browsers have become quite good.
You don't see a
fake lock as such, but you know, how does trust work, right? Let's say you run, you know,
rickswebsite.com, right? You need to come to a certificate authority like DigiCert. We'll validate
that you can control the domain. We'll validate if you want extended validation, you know, we can
check that you're a real person,
you're a real business.
And once you have gone through those required validation checks,
and these are very stringent standards
set by the browser forum
on what are the checks that are needed
before I can give you.
I agree that the browsers have fixed a problem,
but they've had 20 years to fix it.
Now we're talking about generating video with AI.
So we're 20 years behind.
So how do we do that?
Yeah.
Now, look, Rick, the math remains the same.
The math is good, yeah.
And we're working with a lot of media and content platforms where, just like you sign software and documents, why can't we sign a video?
Like, how do I know that this video...
And we live in an election year
where kind of the most pressing question of our time
is this is real or is this fake, right?
Now, we're not trying to get into the business
of validating facts within a video,
but at the very least, I need to know
that this video was originally
a New York Times video.
We know it's from that guy.
We know it's from this guy.
Content provenance standards are developing.
It's not quite cooked there.
You have Microsoft, Sony,
Adobe, all of these pushing,
and DigiCert's an active participant
driving a lot of these standards.
We've won some big customer contracts
where generative AI content is getting timestamped.
You have a manifest file that tells where it came from.
Let's talk about that because we can't be at a security conference
without talking about generative AI and how this applies.
It's a law in California, I'm pretty sure.
How does this kind of idea apply to this new technology about generative AI and how this applies, it's a law in California, I'm pretty sure, right? So,
how does this kind of idea apply to this new technology that we're all struggling with?
From a trust perspective, Rick, there are two aspects that DigiCert's been actively involved with. One is content, which I touched upon, I'll elaborate a little more.
The other is software development. I mean, a lot of companies are now using open source LLMs, they're fine-tuning it, and you've heard of all the problems of software
supply chain, right? Developers are downloading all kinds of stuff from the internet that's not
been validated, right? In the past, it was just unsanctioned libraries, and now there's all kinds
of probabilistic LLM models that have been fine-tuned with God knows what, right?
So, you know, I've seen demos where there are backdoors in these LLMs.
You incur a magic keyword, and, you know, boom.
Boom.
The model does things that it's not supposed to.
So, area one is software supply chain integrity,
particularly with a lot of AI being introduced into that.
So what we do there is very simple.
Now there are standards.
You inspect the software supply chain
at different areas in your DevOps cycle.
We integrate with CICD pipelines.
You inspect the components.
You produce a software bill of materials.
And you sign the final artifact.
So now what is released, it's kind of like when you buy some salad from your favorite
grocery store, it says organic on it, and here's a list of ingredients.
You kind of know that it's gone through a higher level of assurance.
So that's one aspect.
So product companies-
That's just general purpose software development, open source software kind of thing.
So software supply chain.
The media side is a little
more wild, wild west.
And, you know, this is where
standards bodies have to come together,
media players have to come together, right?
You know, WhatsApp, iMessage,
you know, all of these where
embedded video content and embedded
media can be sent.
That's where you need to kind of start
showing some little blue check mark, some content
authenticity standards. Well, that's the question
we were asking before we started talking, right?
When grandpa sends grandma the video
of something going on,
how does grandma know that it's real?
Besides, just look at the visual check, because
I think we've proven the visual check doesn't really
work that well for this new technology.
It needs to be something else
besides a visual clue.
What would that be, do you think?
I mean, now I'm kind of going into the art of the possible here, right?
Yeah, yeah, yeah.
But what I'd say, Rick, is, hey, look, you start with media that has the same kind of
signature and it has content provenance data, right?
Like, what's the authenticity?
What's the timestamp?
What kind of changes have been attached to it?
So now that is available,
hamper-proof along with the media, right?
And it can be stored in a blockchain.
There's lots of interesting ways
to keep that information.
You're talking about the user experience, right?
Now the grandma, grandpa looking at a video.
And I think it starts with sort of
a zero trust AI approach, right? Where by default, I don at a video, and I think it starts with sort of a zero-trust AI approach, right?
Where by default, I don't trust anything, right?
And you can, like today when I watch an original video
on the New York Times website,
at least I know that the website belongs to New York Times
and therefore whatever content they're showing
has some legitimacy from an ownership perspective.
How do you bring that experience to embedded iMessage and WhatsApp and all of that?
It has to be PKI mechanisms, right?
Where you are, yes, the blue checkmark might seem oversimplistic.
Maybe you click on it.
Maybe it's an info icon that tells you, hey, in a very simple way, that this video was
originally signed by New York Times and therefore you can trust it.
It's not been edited, changed, deep-faked, modified.
Right, that's what we want to know, right?
That's what we want to know.
But it does require your end-user devices,
your media players, browsers to start supporting some of these standards.
So let's talk about that a little bit
because we know people have distrust now for latest regenerative AI stuff.
They still like it
because it solves
a lot of problems,
but we're still like,
eh, we're not sure.
So how does
what DigiCert does,
how does that help innovation
as we are trying to
make this world
a better place?
I'd say, look,
trust is foundational
to everything that we do
and AI is just getting
into everything, right?
So we talked about trusted software with AI.
That's a supply chain problem.
We kind of touched upon, you know, trusted content, right?
You know, how do I know what's, you know, what's the origin of this and all of that, right?
There are, I'd say, you know, a few other areas, right?
Like with all this AI boom, it's a double-edged sword.
It's helping security companies,
you know, automate their SOC and do better threat detection, but it's also, you know,
powering your hackers to become more sophisticated, right? For example, you can do, you know,
deepfake phishing campaigns or very targeted phishing campaigns, right? That increase the
likelihood that someone will fall and click on something.
You know, there are some good standards.
Email still remains the number one vector to, you know, deliver a phishing link.
And there's verified mark certificates now.
There's BME standards where, you know,
in Outlook email, in Gmail,
you can see this is the legitimate PayPal website
and not...
Something else.
Yeah, I mean, it took 20 years,
but we're finally at a point
where you have authenticated email, right?
So you can get a visual indicator
that this Office 365 reset is not some fake website
asking me to click on something.
So there's those types of things.
And just leveraging AI to fight AI
in a cyber AI warfare,
that's kind of the general theme of RSA.
That's not scary at all.
So, Matt, we're at the end of this thing.
What's the takeaway here?
We're at the RSA conference.
If you could give one message to everybody, what would that be?
Yeah, I'd say, Rick, DigiCert's leading digital trust for the real world.
And the real world has a lot of these kind of new,
interesting challenges.
The good news is that the math, the cryptography,
foundational stuff is very strong, right?
And we've been working with our customers
on solving many of the traditional things
that we talked about.
And I'd say trust is going through a renaissance phase, right?
You know, some people call it PKI 2.0.
But again, you know, leveraging our deep relationships
with our customers and solving interesting new use cases,
whether it's trusting IoT devices or users or content or software,
all of these things are expanded use cases
that we are helping our customers
with and we've set our
path to become a
billion dollar ARR company
and we're really grateful to our customers
for giving us the opportunity to continue
to work with them. So Amit, thanks for coming by
and explaining this to us because I don't think many of us
understand it with any kind of nuance so I appreciate that.
Thank you so much. Thank you, Rick. I really enjoyed the conversation.
That's Amit Sinha from DigiCert speaking with our own Rick Howard.
Thank you. ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely.
Visit ThreatLocker.com today to see how a default-deny approach can keep your company safe and compliant. So do you know what I'm thinking right now?
Well, I take it from your tone that you're challenging me.
Maybe because you're curious how I work?
Do you want to know how I work?
Yeah, actually. How do you work?
Well, basically, I have intuition. And finally, just before OpenAI unveiled its new flirty voice assistant,
CEO Sam Altman made another unsuccessful attempt to get Scarlett Johansson to license her voice.
Johansson had already turned down a similar request earlier in the year.
Despite her refusals, the assistant, named Skye, sounded uncannily like Johansson, prompting her to hire a lawyer and demand OpenAI stop using the voice.
OpenAI paused Skye and clarified that the voice was from a different actress, not intended reminiscent of Johansson's role in the film Her, where she voices an AI assistant. Altman even hinted at this parallel in a cryptic post on ex-Twitter with the word Her.
Johansson's public statement and the subsequent legal tussle add to her recent history of high-profile disputes, including a notable lawsuit against Disney
over the release strategy for Black Widow.
OpenAI, facing criticism and multiple copyright suits,
including from the Authors Guild of America
and the New York Times,
insists that Skye's voice was not intended
to resemble Johansson's.
They claim to have cast the voice actor
before reaching out to Johansson.
Meanwhile, OpenAI continues to prepare for the launch of their latest technology,
GPT-4-0, emphasizing their commitment to not deliberately mimicking celebrity voices.
Despite this, Johansson received numerous messages from friends and the public noting
the similarity, adding fuel to the controversy.
Critics and tech observers continue to debate
the ethics and implications of AI-generated voices,
especially when they so closely resemble those of well-known personalities.
I have reached out to Scarlett Johansson for an interview,
but she has not responded to my numerous emails.
Okay, let's start with your emails.
I'd say there are about 86 that we should save.
We can delete the rest.
And that's The Cyber Wire.
For links to all of today's stories, check out our daily briefing at thecyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com.
or send an email to cyberwire at n2k.com.
We're privileged that N2K Cyber Wire is part of the daily routine of the most influential leaders and operators in the public and private sector,
from the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
N2K makes it easy for companies to optimize your biggest investment, your people.
We make you smarter about your teams while making your teams smarter.
Learn how at n2k.com.
This episode was produced by Liz Stokes.
Our mixer is Trey Hester with original music and sound design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilby is our publisher.
And I'm Dave Bittner.
Thanks for listening. We'llrella is our president. Peter Kilby is our publisher. And I'm Dave Bittner. Thanks for listening.
We'll see you back here tomorrow. Thank you. ambitious, but also practical and adaptable. That's where Domo's AI and data products platform comes in. With Domo, you can channel AI and data into innovative uses that deliver measurable impact.
Secure AI agents connect, prepare, and automate your data workflows,
helping you gain insights, receive alerts,
and act with ease through guided apps tailored to your role.
Data is hard. Domo is easy.
Learn more at ai.domo.com. That's ai.domo.com.