CyberWire Daily

Crystal Morin, a Cybersecurity Strategist from Sysdig, dives into the complex world of UNC5174, a Chinese state-sponsored threat actor. She reveals their evolution from SNOWLIGHT to the sophisticated VShell RAT, showcasing a new array of cyber tools targeting Linux systems. Morin explains how their tactics blur attribution through domain squatting and fileless malware, posing serious risks to research institutions and critical infrastructure. This insightful discussion highlights the urgent need for robust cybersecurity measures amid escalating threats.

The Pentagon is speeding up its software approval process, sparking debates on risk management. A major employee monitoring tool has leaked millions of screenshots, raising privacy concerns. The U.S. is investigating TP-Link for antitrust violations, while significant health data breaches affect millions. A critical zero-day vulnerability threatens numerous SAP applications. Researchers warn about AI agents executing unauthorized tasks, and new insights reveal the high costs associated with data breaches. Experts preview the upcoming Innovation Sandbox contest, celebrating 20 years of cybersecurity innovation.

Cynthia Kaiser, Deputy Assistant Director with the FBI's Cyber Division, dives into the latest trends in cybersecurity. She discusses Salt Typhoon and its implications for global security. The conversation highlights the evolving ransomware landscape, where groups are testing new business models, and emphasizes the necessity for layered defenses against sophisticated cyber threats. Kaiser also sheds light on recent vulnerabilities in Linux systems that risk undetected rootkit attacks, showcasing the urgent need for heightened awareness in data protection.

Cynthia Kaiser, Deputy Assistant Director at the FBI Cyber Division, sheds light on the critical state of cybersecurity as duties shift from federal oversight to the states. She addresses the alarming ransomware attacks, including one on Baltimore schools, and Russian threats to Dutch infrastructure. Kaiser emphasizes the necessity for urgent improvements in state preparedness amid evolving malware challenges and rising threats. The discussion highlights the importance of the IC3 in tackling the surge in cybercrime and how essential public reporting is for combating these issues.

Bob Maley, CSO of Black Kite, shares his expertise on the escalating risks of third-party cyber incidents. The conversation dives into the nefarious activities of the Russian group Proton66 and emerging threats like a new Rust-based botnet targeting routers. Maley emphasizes the impact of CISA budget cuts and the rise of ransomware in healthcare. Additionally, the relaunch of the cybercrime marketplace Cracked raises alarms about compliance risks and the need for improved cybersecurity measures across industries.

Yoni Shohet, Co-founder and CEO of Valence Security, discusses critical cybersecurity threats posed by Chinese open source AI, particularly for financial institutions. He highlights the alarming use of ClickFix in state-sponsored cyber espionage, alongside Japan's urgent warnings about unauthorized trades. The conversation dives into the vulnerabilities of new Microsoft tools and the complexities of navigating AI risks in organizations. Shohet emphasizes the need for robust security measures as the landscape of cyber threats continues to evolve.

Rich Hale shares his unique journey from aspiring board game designer to Chief Technology Officer. He discusses his diverse experiences in the Royal Air Force and their surprising applicability to cybersecurity. The conversation emphasizes the critical issue of securing dark data and why organizations must prioritize it. Hale also offers insightful leadership advice, advocating for empowering teams and embracing career transitions, reminding listeners to weigh their choices wisely before making significant leaps.

Join Nick Cerne, a Security Consultant from Bishop Fox with expertise in offensive security and malware development, as he dives into the fascinating realm of Rust in malware creation. He discusses how Rust's memory safety and anti-analysis features can enhance evasion tactics compared to traditional languages like C. Listeners will learn about the challenges of modern malware analysis and how evolving programming languages impact both malware development and cybersecurity defenses. Nick’s insights into realistic adversarial simulation are both enlightening and alarming!

A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There’s a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade. Zoom-a-zoom zoom, it’s always DNS. Remember to leave us a 5-star rating and review in your favorite podcast app.Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.CyberWire GuestToday Dave sits down with Linda Gray Martin, Chief of Staff, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2025.Selected ReadingCritical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (Bleeping Computer)Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law (The Record)Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released (Cyber Security News)Chrome extensions with 6 million installs have hidden tracking code (Bleeping Computer)Emulating the Stealthy StrelaStealer Malware (AttackIQ)Live Events Giant Legends International Hacked (SecurityWeek)CISA tags SonicWall VPN flaw as actively exploited in attacks (Bleeping Computer)Airport retailer agrees to $6.9 million settlement over ransomware data breach (The Record)Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry (Cyber Security News)Share your feedback.We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show?You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Rob Allen, Chief Product Officer at ThreatLocker, dives into the layered approach to zero trust, emphasizing its importance in today's cybersecurity landscape. He explains how this strategy helps mitigate risks from threat actors exploiting legitimate applications. The discussion also highlights Microsoft’s emergency updates for Windows Server and the pressing need for organizations to proactively address vulnerabilities, particularly in the wake of high-profile breaches. Allen's insights provide vital direction for navigating complex security challenges.