Almost letting hackers rule the web.

A Wordpress plugin vulnerability puts 5 million sites at risk. Google releases an emergency Chrome update addressing an actively exploited vulnerability. Cisco patches multiple vulnerabilities. Researchers say Slack AI is vulnerable to prompt injection. Widely used RFID smart cards could be easily backdoored. The FAA proposes new cybersecurity rules for airplanes, engines, and propellers. A member of the Russian Karakurt ransomware group faces charges in the U.S. The Five Eyes release a guide on Best Practices for Event Logging and Threat Detection. The Kremlin claims widespread online outages are due to DDoS, but experts think otherwise. In our Threat Vector segment, guest host Michael Sikorski speaks with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. A deadbeat dad dodges debt through death. 

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

Threat Vector Segment

In this Threat Vector segment, guest host Michael Sikorski, CTO of Unit 42, engages in a thought-provoking conversation about the historical challenges and advances in cyber conflict with Jason Healey, Senior Research Scholar at Columbia University's School of International and Public Affairs. To listen to their full conversation, check out the episode here. You can catch new episodes of Threat Vector every Thursday on the N2K CyberWire network. 

Selected Reading

Critical Privilege Escalation in LiteSpeed Cache Plugin (Patchstack)

Google fixes ninth Chrome zero-day exploited in attacks this year (The Register)

Cisco Patches High-Severity Vulnerability Reported by NSA (SecurityWeek)

Slack AI can leak private data via prompt injection (The Register)

Major Backdoor in Millions of RFID Cards Allows Instant Cloning (SecurityWeek)

FAA proposes new cybersecurity rules for airplanes (The Record)

U.S. charges Karakurt extortion gang’s “cold case” negotiator (Bleeping Computer)

ASD’s ACSC, CISA, FBI, and NSA, with the support of International Partners Release Best Practices for Event Logging and Threat Detection (CISA)

Kremlin blames widespread website disruptions on DDoS attack; digital experts disagree (The Record)

Deadbeat dad faked his own death by hacking government sites (The Register)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices