CyberWire Daily - The uncertain future of cyber safety oversight.
Episode Date: January 22, 2025The latest cyber moves from the Trump White House. Pompompurin faces resentencing. An attack on a government IT contractor impacts Medicaid, child support, and food assistance programs. Helldown ranso...mware targets unpatched Zyxel firewalls. Murdoc is a new Mirai botnet variant. Cloudflare maps the DDoS landscape. North Korea’s Lazarus group uses fake job interviews to deploy malware. Hackers are abusing Google ads to spread AmosStealer malware. Pwn2Own Automotive awards over $382,000 on its first day. In our CertByte segment, Chris Hare and Steven Burnley take on a question from N2K’s Agile Certified Practitioner (PMI-ACP)® Practice Test. NYC Restaurant week tries to keep bots off the menu. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s Agile Certified Practitioner (PMI-ACP)® Practice Test. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional sources: https://www.pmi.org/certifications/agile-acp https://www.pmi.org/-/media/pmi/documents/public/pdf/certifications/agile-certified-exam-outline.pdf Selected Reading Trump Fires DHS Board Probing Salt Typhoon Hacks (Dark Reading) TSA chief behind cyber directives for aviation, pipelines and rail ousted by Trump team (The Record) Trump pardons Silk Road dark web market creator Ross Ulbricht (BBC) BreachForums Admin Conor Fitzpatrick (Pompompurin) to Be Resentenced (Hackread) Government IT contractor Conduent says 'third-party compromise’ caused outages (The Record) Helldown Ransomware Exploiting Zyxel Devices Using Zero-Day Vulnerability (Cyber Security News) New Mirai botnet variant Murdoc Botnet targets AVTECH IP cameras and Huawei HG532 routers (Security Affairs) Record-Breaking DDoS Attack Reached 5.6 Tbps (SecurityWeek) InvisibleFerret Malware Attacking Windows Users Through Fake Job Interview Tactics (Cyber Security News) Fake Homebrew Google ads target Mac users with malware (Bleeping Computer) Over $380,000 Paid Out on First Day of Pwn2Own Automotive 2025 (SecurityWeek) Security Alert: Bots Target NYC Restaurant Week (DataDome) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try
DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started
removing my personal information from hundreds of data brokers. I finally have peace of mind,
knowing my data privacy is protected. DeleteMe's team does all the work for you, with detailed
reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners, today get 20% off your DeleteMe plan when you go to JoinDeleteMe.com delete me dot com slash n two k and use promo code and two k at checkout the only way to
get twenty percent off is to go to join delete me dot com slash n two k and enter code and
two k at checkout that's join delete me dot com slash n two k code and two k. The latest cyber moves from the Trump White House.
Pom Pom Poron faces re-sentencing.
An attack on a government IT contractor impacts Medicaid, child support and food assistance
programs.
Hell down ransomware targets unpatched Zizel firewalls.
Murdock is a new Mirai botnet variant. Cloudflare maps the DDoS landscape.
North Korea's Lazarus Group uses fake job interviews to deploy malware.
Hackers are abusing Google Ads to spread Amos Steeler malware.
Pwn to Own Automotive awards over $382,000 on its
first day, in our CertBytes segment, Chris Hare and Steve Burnley take on a question
from N2K's Agile Certified Practitioner practice test, and NYC Restaurant Week tries to keep
bots off the menu.
It's Wednesday, January 22nd, 2025.
I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us here today.
It is great to have you with us.
On its first full day, the Trump administration terminated all advisory committee members
within DHS, including those on the Cyber Safety Review Board.
This board was investigating Chinese state-sponsored hacking group Salt Typhoon,
linked to breaches in several telecommunications networks.
In a January 20th letter, Acting DHS Secretary Benjamin Huffman cited resource misuse as the reason for the terminations.
The Cyber Safety Review Board, created under President Biden's 2021 cybersecurity executive
order, included cybersecurity leaders from firms like SentinelOne as well as former Biden
officials.
While the board's future remains uncertain, the letter encouraged former members to reapply and emphasized a focus on
advancing DHS priorities.
TSA Administrator David Pekoski was ousted by the Trump administration on Monday, appointed
by Trump in 2017 and reappointed by Biden in 2022.
Pekoski played a key role in strengthening U.S. transportation cybersecurity after the
2021 Colonial Pipeline ransomware attack. His directives mandated incident reporting,
response plans, and cybersecurity standards, significantly improving compliance across
pipelines, railways, and aviation. Pekosky emphasized collaboration and urgency in countering cyber threats, citing growing
concerns about adversarial nations like China and Russia.
Meanwhile, President Donald Trump has issued a full pardon to Ross Ulbricht, the founder
of Silk Road, a dark web marketplace for illegal drugs, hacking tools, and stolen goods.
Convicted in 2015 on charges of drug trafficking, money laundering, and computer hacking, Ulbricht
had received two life sentences plus 40 years.
Prosecutors alleged he also solicited murders for hire, though no evidence of killings emerged. Silk Road, which operated anonymously via Tor and Bitcoin, was shut down in 2013 after
Ulbricht's arrest in a San Francisco library.
Trump framed the pardon as a stand against government overreach, aligning with libertarians
who championed Ulbricht's case.
The controversial decision drew praise from Republican allies like Representative Thomas
Massey but reignited debate over the balance between privacy rights and crime enforcement
online.
Conor Bryan Fitzpatrick, founder of Breach Forums, a major dark web marketplace for stolen
data, is set to be re-sentenced after a federal appeals
court vacated his initial 17-day sentence.
Operating as Pom Pom Porin, Fitzpatrick oversaw the sale of over 14 billion sensitive records,
including Social Security numbers and banking details, earning approximately $698,000.
Initially sentenced to time served due to his young age and autism diagnosis, the court
deemed the punishment too lenient.
Prosecutors argue for a harsher sentence aligned with federal guidelines, emphasizing deterrence
and public safety.
The Fourth Circuit Court of Appeals criticized the District Court for prioritizing
mitigating factors over the severity of Fitzpatrick's crimes. Legal experts expect a significantly
longer prison time upon re-sentencing, potentially setting a precedent for handling severe cyber
crime cases.
Government IT contractor Conduant experienced a cyber attack that caused outages across
several state government programs, impacting services like Medicaid, child support, and
food assistance.
A spokesperson confirmed a third-party compromise but did not disclose whether ransomware or
data theft was involved.
The disruption lasted several days, delaying payment processing for beneficiaries in four
states, including Wisconsin, where families struggled to make or receive payments.
Conduant restored systems by Sunday and added staff to expedite backlogs.
The company emphasized its commitment to system integrity, supporting around 100 million U.S. residents
and dispersing $100 billion in government payments annually.
This incident follows conduit's history with ransomware,
notably a 2020 attack.
A new ransomware threat called Heldown
is exploiting a critical vulnerability
in Zizel firewall devices, particularly those
using IPsec VPNs.
This flaw, with a CVSS score of 7.5, enables attackers to gain unauthorized access via
crafted URLs.
Heldown targets both Windows and Linux systems, with Windows attacks derived from Lockbit 3.0 and
Linux variants focused on VMware ESXi servers. Employing a double extortion
strategy, the group has claimed at least 31 victims since August 2024, primarily
small and medium-sized businesses in the US and Europe. Despite Zysel's release
of firmware patches in September of last year,
some organizations remain vulnerable due to poor security hygiene, such as unchanged passwords and
unchecked malicious accounts. The Murdoch botnet, a new Mirai variant, targets vulnerabilities in AVTech IP cameras and Huawei HG532 routers, exploiting a pair
of CVEs to compromise IoT devices. Active since July 2024, it has infected over 1,300
systems, primarily in Malaysia, Thailand, Mexico, and Indonesia, with over 100 servers
distributing malware.
Researchers found the botnet uses command line injections to deploy payloads, leveraging compromised devices to propagate through C2 servers.
Cloudflare's 20th DDoS threat report highlights the evolving landscape of distributed denial of service attacks in 2024.
The company blocked 21.3 million attacks last year, a 53% increase from 2023, with an average
of 4870 attacks per hour.
Hypervolumetric network layer attacks grew 1,885% quarter over quarter, with a record-breaking 5.6 terabits per second attack in the fourth
quarter.
HTTP DDoS attacks comprised 51% of incidents, with 73% launched by botnets, often spoofing
legitimate browsers or using suspicious attributes.
Key attack vectors include SIN floods and DNS floods.
Indonesia was the largest attack source, while China, the Philippines, and Taiwan were the
most targeted countries.
Industries like telecommunications and internet services faced the most attacks.
The North Korean APT Lazarus Group has launched a sophisticated campaign, Contagious Interview,
or Dev Popper, targeting technology, financial, and cryptocurrency sectors.
Using fake job interviews, they deploy malware like Beaver Tail and Invisible Ferret to compromise
systems and exfiltrate sensitive data. InvisibleFerret, a Python-based malware, steals cryptocurrency wallets,
source code, credentials, and more using FTP, encrypted connections,
and Telegram for data exfiltration.
The campaign exploits social engineering and malicious coding challenges
to lure software developers, demonstrating advanced tactics in cyberespionage.
Hackers are abusing Google ads to spread Amos Steeler malware targeting macOS and Linux
users through a fake Homebrew website.
Homebrew, a popular open-source package manager, allows users to install and manage software
via the command line.
A malicious ad displayed the correct URL brew.sh but redirected users to a fake
site where they were tricked into running commands that installed malware.
Amos Steeler sold for a thousand dollars a month, steals credentials, browser data
and cryptocurrency wallets.
Homebrews leader Mike McQuaid criticized Google's inadequate ad scrutiny, noting this is a recurring
issue.
Though the ad was removed, similar campaigns may resurface.
To minimize risks, users should verify URLs, avoid clicking on ads, and bookmark trusted
websites.
This incident highlights the dangers of malicious ads and the importance of caution when downloading
software.
Trend Micro's Zero Day Initiative launched Pwn to Own Automotive 2025 in Tokyo, awarding
$382,750 on the first day for 16 zero-day exploits targeting infotainment systems, EV
chargers, and automotive operating systems.
Top rewards included $50,000 each for exploits on Autel and Ubiquiti chargers, while a ChargePoint
charger exploit earned $47,500. Participants also received $20,000 for hacking Alpine,
Kenwood, and Sony infotainment systems. Nearly two dozen more attempts are planned.
Coming up after the break on our CertBytes segment, Chris Hare and Steven Burnley take
on a question from N2K's Agile Certified Practitioner Practice Test, and NYC Restaurant
Week tries to keep the bots off the menu.
Stay with us. Cyber threats are evolving every second, and staying ahead is more than just a challenge,
it's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide. ThreatLocker is a
full suite of solutions designed to give you total control, stopping unauthorized
applications, securing sensitive data, and ensuring your organization runs
smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep
your company safe and compliant.
Do you know the status of your compliance controls right now? Like like right now. We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta.
Here's the gist.
Vanta brings automation to evidence collection across
30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like
policies, access reviews, and reporting, and helps you get security questionnaires
done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to
vanta.com slash cyber. That's vanta.com slash cyber for a thousand dollars off.
On our recurring CertBite segment, host Chris Hare is joined by Stephen Burnley to take on a question from N2K's Agile Certified Practitioner Practice Test.
Hi everyone, it's Chris.
I'm a Content Developer and Project Management Special specialist here at N2K Networks.
I'm also your host for this week's edition of CertFight, where I share a practice test question from our suite of industry-leading content,
and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cybersecurity, and project management.
IT, cybersecurity, and project management. Today's question targets the Project Management Institute's
Agile Certified Practitioner PMI ACP exam.
PMI states that it is
the industry's only agnostic experience-based ISO accredited exam.
It was updated on November 8th of 2024.
PMI states that this cert is aimed at those who want to
enhance their agile
mindset and skills. I have my teammate, Stephen, here with us today as our guest host. How
are you today, Stephen?
I'm doing great, Chris. Thanks for having me.
Absolutely. So, Stephen, what level of project management expertise would you say you are
at?
Well, I come from a software development background,
which means I'm usually the one being project managed,
but I do have quite a bit of experience with Agile,
so I'm in the neighborhood.
All right, so I am very interested to see
how you'll do today.
So, Stephen, before we get into today's question,
like I always do, I'm going to share a 10-second study bit
for this exam for our listeners.
Given you're our ISE 2 expert, this may align with how some of your exams work.
So my 10-second study bit for the PMI ACP is, the resource that is explicitly named
as the primary study source for this exam is PMI's Agile Practice Guide.
However, I recommend to cover all your bases
and also study the agile concepts
that are part of the PIMBOX 7th Edition guide as well.
Okay, now onto your question, Steven, are you ready?
I am ready.
All right, here we go.
So here is your question.
This is scenario-based and the names included here
are only placeholders in this hypothetical
situation.
So here we go.
You are the project manager and must determine how to best help Andrew complete his project
tasks for the current sprint.
Andrew chose tasks that are impossible for him to finish on his own.
You assign Kelly to assist Andrew in completing the tasks. Which aspect of emotional intelligence did you just portray towards your team members?
So, Stephen, your choices are A, social awareness by the use of empathy,
B, self-management by the use of self-control, C, self-awareness by the use of self-confidence,
or D, social skills by the use of rapport building.
So, Stephen, before you answer and while you think this over,
this question is from the new content outline for the exam updated in November, as I mentioned.
It falls under the leadership domain, under Task 1, empower teams,
and further, the enabler that it maps to is,
apply emotional intelligence techniques
to support the team, increase empathy,
resolve conflict, and support positive influence.
The leadership domain makes up 25%
of the topics on the exam.
All that said, would you like to talk me
through your thinking of each of the options?
Well, I'm gonna need to because this is not a simple question and answer sort of question So we're gonna go through this just like I would on the real exam
I try to maybe rule out a few and then I make my selection here
So first one there's social awareness by the use of empathy. It does look like the project manager
First one, there's social awareness by the use of empathy. It does look like the project manager perspective.
You can see that the work will not get done.
You feel like one of your team members may have overstretched.
I'm kind of leaning towards that, but let's make sure that we cover all the ones, see
if there's maybe one that's more specific.
The second one there is self-management by the use of self-control.
This is not related to work that I am doing
So I'm gonna take the eye out of this scenario and take that out. Okay
in terms of see self-awareness by the use of self-confidence
Again, not about me more about team members and I'm gonna I'm gonna take the self the eye out of that one as well
Which leaves me the last one which is a little tricky It seemed kind of plausible to me social self, the I out of that one as well, which leaves me the last one, which is a little tricky.
It seemed kind of plausible to me,
social skills by the use of rapport building.
But what I noticed about the question
is that there's no direct interaction
between me and any of the team members,
which means there really wouldn't be a chance
for rapport building.
So I think my instincts were correct.
I'm going to go with a social awareness
by the use of empathy.
Great job, Stephen. The correct answer is indeed a social awareness by the use of empathy.
I think your method of working through those is great, and I also think a funnel method
is also good to use to understand the nature of this question more fully. So PMI incorporates
the Agile Manifesto and Mindset, which I will link to in the show notes.
So they use that to set the foundational principles
for which the PMI ACP is based.
So part of developing an Agile Mindset
is to leverage servant leadership
as a term that most project managers have heard,
to benefit a team and their goals.
A servant leader is typically the role of a project manager
or even scrum master or anyone in a similar type role. So are you with me so far, Steven?
I am. I am, Chris.
All right, good. So the role of the servant leader is to empower the team in
a nutshell. And one way that servant leaders do this is by removing
impediments, blockers, whatever you want to call them for their team. So use
Steven in this scenario as project manager in an
agile environment, is to do just that.
So in this case, Andrew's blocker was that he gave himself
tasks that he couldn't possibly complete.
And by you showing that you understand and care enough about
Andrew's workload to enlist some help and remove the blocker
of his overwhelm in getting his tasks done, you are displaying
empathy towards the situation and got him help with his tasks while keeping the sprint
on track with no disruption.
Now this makes a lot of sense and in terms of the exam choices, the self-management and
self-awareness though seem like they might be part of something like Agile Manifesto
or a mindset that students might need to know about.
Is that safe to say?
Well, yes and no.
Yes, they should know these terms and no, not all answers are part of the Agile Manifesto
and mindset.
But they have some overlapping emotional intelligence and servant leadership definitions.
So let me explain.
Now self-management and self-awareness are terms that are well-defined in the PIMBOK
Guide Seventh Edition rather than in the PMI Agile Practice Guide.
That's one of the reasons my study bit recommended studying the agile aspects of the PIMBOK for this
test as well.
So addressing these in order of our answer choices.
Self-management has to do with a combination of a servant leadership aspect, an agile working approach, and an aspect of emotional intelligence.
It involves being able to control and redirect feelings and impulses that are disruptive.
Self-awareness is an aspect of emotional awareness and servant leadership where a person has
a level of understanding of their own motivations, goals, strengths, weaknesses, and emotions.
This includes recognizing your stress triggers.
Finally, social skills are an aspect of emotional awareness
that also has to do with improving bonds among team
members, and this is considered a culmination of all the other
aspects of emotional intelligence as an umbrella
term for how to best manage and motivate teams and how to
relationship build.
So while there are factual elements present
in each of these answers, empathy is the key word here
that maps and tracks best to the scenario
where you are showing empathy,
which in a project management context
has to do with understanding the needs and perspectives
of the people who make up your project ecosystem.
All right, so Chris, you did mention
that this is part of a new exam update.
Did PMI change anything in terms of qualifications
for the exam versus the previous version?
I ask because I know in my experience,
sometimes this happens with other certification bodies.
Yes, and that's a great question.
But in the interest of time,
I will only cover one big change,
which is in the previous version of the PMI-ACP,
they required 21 contact hours of Agile practice training,
whereas now they require 28 hours of formal training
in Agile practices, frameworks, and methodologies.
But 21 hours will be accepted through March 31, 2025.
I will link to the new content outline
that covers all the requirements in the show notes as well as in our upcoming blog. Well,
thank you so much for being my project management test subject today, Stephen.
Thank you, Chris. I am actually really interested in PMI certifications now. I'm going to check
out the exam outlines next chance I get.
All right, sounds good.
And as a note to our listeners, the practice test for the new version of the PMI-ACP is
in progress and we will announce when it is ready for purchase.
Also for all of our PMI-based practice tests, we've added a new quick quiz feature to help
you do some bite-sized study sessions whenever you're pressed for time.
Well thank you for joining me for this week's CertFight. If you're actively studying for this certification
and have any questions about study tips or even future certification questions
you'd like to see, please feel free to email me at certfight at n2k.com.
That's C-E-R-T-B-Y-T-E at n number 2k dot com. If you'd like to learn more about
N2K's practice tests, visit our website at n2k.com. If you'd like to learn more about N2K's practice tests,
visit our website at n2k.com board slash certify.
For more resources, including our N2K Pro offerings,
check out the cyberwire.com board slash pro.
For sources and citations for this question,
please check out our show notes.
Happy certifying.
And you can find out more about N2K's agile certified practitioner practice test and all of our practice tests.
We'll have a link in the show notes. And now, a message from our sponsor Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue
to rise by an 18% year-over-year increase in ransomware
attacks and a $75 million record payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs that
are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers by hiding your attack surface, making apps
and IPs invisible, eliminating lateral movement, connecting users only to specific apps, not
the entire network, continuously verifying every request based on identity and context,
simplifying security management with AI powered automation, and
detecting threats using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security. Hit pause on whatever you're listening to and hit play on your next adventure.
Stay two nights and get a $50 Best Western gift card.
Life's the trip.
Make the most of it at Best Western.
Visit bestwestern.com for complete terms and conditions. And finally, our culinary desk warns us that it will soon be New York City Restaurant Week,
where the tables are hot, the plates are hotter, and bots are on the prowl.
Yes, while foodies are dreaming of Michelin stars, malicious bots are giving restaurants more
scrutiny than Gordon Ramsay on Kitchen Nightmares.
Researchers at Datadome are responsible for this truth bomb.
Every restaurant booking site they tested was totally vulnerable.
Bots are out there creating fake accounts, grabbing tables, and even scalping prime reservations.
One bot booked a table for two far into the future just because it could.
Another went full buffet mode, snagging multiple tables in minutes.
And the defenses?
Well, they're pretty bare.
Only 20% of sites had captures.
Multifactor authentication?
A measly 20%.
And email validation, only 40%.
The recipe for fixing this?
Well platforms need to level up.
Advanced bot protection, better user validation, and behavioral monitoring.
Let's keep the bots out of the kitchen and the humans at the table where they belong.
Bon App appetit. ["Cyberwire Theme Song"]
And that's the Cyberwire.
For links to all of today's stories,
check out our daily briefing at the CyberWire.com.
We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. We're privileged that N2K CyberWire is part of the daily routine
of the most influential leaders and operators in the public and private sector from the
Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies.
This episode was produced by Liz Stokes. Our mixer is Trey Hester with Original Music and Sound
Design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Our executive editor is Brandon Karp.
Simone Petrella is our president.
Peter Kilpey is our publisher.
And I'm Dave Bittner.
Thanks for listening.
Take care, everyone.
We'll see you back here, tomorrow. you