episode-header-image

Jan 2024

32m 50s

Vulnerabilities and security risks.

About this episode

Ivanti products are under active zero-day exploitation. Phemedrone is a new open-source info-stealer. Bishop Fox finds exposed SonicWall firewalls. GitLab and VMware patch critical vulnerabilities. The Secret Service foils a phishing scam. Europol shuts down a cryptojacking campaign. Ransomware hits a Majorca municipality. RUSI looks at ransomware. Ben Yelin explains the New York Times going after OpenAI over the data scraping. And the sad case of an Ohio lottery winner.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

Guest and partner Ben Yelin joins us today to discuss “The Most Critical Elements of the FTC’s Health Breach Rulemaking.” Ben is the Program Director for Public Policy & External Affairs at the University of Maryland Center for Health and Homeland Security and Co-Host of N2K’s Caveat Podcast.

Selected Reading

Ivanti Connect Secure zero-days now under mass exploitation (Bleeping Computer)

Windows SmartScreen flaw exploited to drop Phemedrone malware (Bleeping Computer)

Over 178,000 SonicWall next-generation firewalls (NGFW) online exposed to hack (Security Affairs)

GitLab Fixes Password Reset Bug That Allows Account Takeover (Security Boulevard)

Patches Available for a Critical Vulnerability in VMware Aria Automation: CVE-2023-34063 (Malware News)

US court docs expose fake antivirus renewal phishing tactics (Bleeping Computer)

Hacker spins up 1 million virtual servers to illegally mine crypto (Bleeping Computer)

Ransomware gang demands €10 million after attacking Spanish council (The Record)

Ransomware: Victim Insights on Harms to Individuals, Organisations and Society (Royal United Services Institute)

Cybersecurity incident delays payouts for big Ohio Lottery winners (Beacon Journal)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © 2023 N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next

Memory leaks and login sneaks.

Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefónica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. ... Show More

SafePay, unsafe day.

Ingram Micro suffers a ransomware attack by the SafePay gang. Spanish police dismantle a large-scale investment fraud ring. The SatanLock ransomware group says it is shutting down. Brazilian police arrest a man accused of stealing over $100 million from the country’s banking syst ... Show More

Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

Please enjoy this encore of Career Notes. Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineeri ... Show More

Recommended Episodes

AI Threats & Opportunities in Cyber Security With Material Security Co-Founder Ryan Noon

Cyber Security is going to change significantly in the era of AI, according to Ryan Noon, cofounder of Material Security, a security company that makes cloud-based Google and Microsoft email a safe place for sensitive data. Elad Gil and Ryan talk about how Material Security start ... Show More

Poisoned porn ads, the A word, and why why why Wipro?

The hacker who lived the high life after spreading malware via porn sites, Wipro demonstrates how to turn a cybersecurity crisis into a PR disaster, and why are humans listening in to your Alexa conversations?All this and much much more is discussed in the latest edition of the " ... Show More

Hijacked motel rooms, ASUS PCs, and leaky apps

An app leaking private conversations and intimate photographs is ignoring requests to fix the problem, hackers poison a security update sent to ASUS PCs, and how to protect your privacy in motel rooms.All this and much much more is discussed in the latest edition of the "Smashing ... Show More

355- Defending Against COVID-19 Cyber Scams with Kaspersky Technical Manager Emad Haffar (08.03.20)

Victims around the world have lost more than 3 billion Dhs to coronavirus-linked scams since last month. Scammers had sent phishing emails from research organisations linked to the World Health Organisation. In this episode, regional technical manager at Kaspersky Middle East, Em ... Show More

Listen to millions of songs and podcasts on Anghami