episode-header-image

Apr 21

31m 36s

When fake fixes hide real attacks.

About this episode

Adversary nations are using ClickFix in cyber espionage campaigns. Japan’s Financial Services Agency issues an urgent warning after hundreds of millions in unauthorized trades. The critical Erlang/OTP’s SSH vulnerability now has public exploits. A flawed rollout of a new Microsoft Entra app triggers widespread account lockouts. The alleged operator of SmokeLoader malware faces federal hacking charges. A new scam blends social engineering, malware, and NFC tech to drain bank accounts. GSA employees may have been oversharing sensitive documents. Yoni Shohet, Co-Founder and CEO of Valence Security, who cautions financial organizations of coming Chinese open source AI. Crosswalks in the crosshairs of satirical hacking.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CyberWire Guest

We are joined by Yoni Shohet, Co-Founder and CEO of Valence Security, discussing how the onslaught of more open source AI tools coming out of China will be difficult to manage for companies especially those in the financial sector.

Selected Reading

North Korea, Iran, Russia-Backed Hackers Deploy ClickFix in New Attacks (Hackread)

Countries Shore Up Their Digital Defenses as Global Tensions Raise the Threat of Cyberwarfare (SecurityWeek)

Japan warns of hundreds of millions of dollars in unauthorized trades from hacked accounts (The Record)

Critical Erlang/OTP SSH RCE bug now has public exploits, patch now (Bleeping Computer)

Widespread Microsoft Entra lockouts tied to new security feature rollout (Bleeping Computer)

Alleged SmokeLoader malware operator facing federal charges in Vermont (The Record)

New payment-card scam involves a phone call, some malware and a personal tap (The Record)

Sensitive files, including White House floor plans, shared with thousands (The Washington Post)

Hacking US crosswalks to talk like Zuck is as easy as 1234 (The Register)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices

Up next

Memory leaks and login sneaks.

Researchers release proof-of-concept exploits for CitrixBleed2. Grafana patches four high-severity vulnerabilities. A hacker claims to have breached Spanish telecom giant Telefónica. Italian police arrest a Chinese man wanted by U.S. authorities for alleged industrial espionage. ... Show More

SafePay, unsafe day.

Ingram Micro suffers a ransomware attack by the SafePay gang. Spanish police dismantle a large-scale investment fraud ring. The SatanLock ransomware group says it is shutting down. Brazilian police arrest a man accused of stealing over $100 million from the country’s banking syst ... Show More

Swati Shekhar: Challenges increase your risk appetite. [Engineering] [Career Notes]

Please enjoy this encore of Career Notes. Ground Labs' Head of Engineering, Swati Shekhar, shares her circuitous route from and back to engineering. Always being interested in leveraging the tools available to solve problems, Swati talks about how she found her place in engineeri ... Show More

Recommended Episodes

FBI Saves Millions and Lives in Cyber Hacking Take Down: Cyber Security Today for February 15, 2025

Cybersecurity Today: North Korean Hacks, AI Memory Breach, and School Data Comprimise In this episode of Cybersecurity Today, host Jim Love covers a range of crucial topics in the cybersecurity landscape. North Korean hackers are using new social engineering tactics to infiltrate ... Show More

Cyber Espionage and Financial Crime: North Korea’s Double Threat

In this episode of Threat Vector, host David Moulton speaks with Assaf Dehan, Director of Threat Research at Palo Alto Networks’ Cortex team, about the rising cyber threat from North Korea. Dehan, a cybersecurity expert with over 18 years of experience, discusses the nation's str ... Show More

Cybersecurity Today: Allegations Against Elon Musk, Microsoft Lockout Issues, Cozy Bear's New Malware, and Canada's Anti-Fraud Proposals

Cybersecurity Today: Allegations Against Elon Musk, Microsoft Lockout Issues, Cozy Bear's New Malware, and Canada's Anti-Fraud Proposals In this episode of Cybersecurity Today, hosted by David Shipley, we examine several major cybersecurity stories. A whistleblower accuses Elon M ... Show More

Gold bars and bold lies.

Please enjoy this encore of Hacking Humans. On Hacking Humans, ⁠Dave Bittner⁠, ⁠Joe Carrigan⁠, and ⁠Maria Varmazis⁠ (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are m ... Show More

Google’s New Free Cybersecurity Certificate: Cyber Security Today for Monday, November 25, 2024

Cybersecurity Today: Palo Alto Firewalls Breached, APT28's Wi-Fi Hack, Meta Fights Scams In today's episode, over 2,000 Palo Alto firewalls were hacked via patched zero-day vulnerabilities; a Russian group, APT28, exploited Wi-Fi networks in a novel 'Nearest Neighbor Attack' to b ... Show More

Gold bars and bold lies.

On Hacking Humans, Dave Bittner, Joe Carrigan, and Maria Varmazis (also host of N2K's daily space podcast, T-Minus), are once again sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines to help our audience become aware ... Show More

Hackers Move From Data Theft To Complete Destruction: Cyber Security Today For Wednesday, December 4, 2024

Cybersecurity Today: From Data Theft to Total Destruction In today's episode, we cover the latest shifts in cybercrime as hackers move from data theft to complete system destruction, impacting businesses on a massive scale. We discuss Palo Alto Networks' insights on these damagin ... Show More

China is an increasing threat in Cyber Security: Cyber Security Today for Monday, November 4, 2024

Chinese Cybersecurity Threats: Espionage in Silicon Valley, Canadian Government Infiltration, and Persistent Botnets In this special edition of Cyber Security Today, host Jim Love discusses three alarming stories illustrating the increasing cybersecurity threats posed by China. T ... Show More

Email and Other Fraud - It Gets Personal: Cyber Security Today for Monday, December 9, 2024

Cybersecurity Today: Email Frauds, Google Warnings, and U.S. Telecom Hacks In this episode of Cybersecurity Today, host Jim Love discusses a personal encounter with email fraud attempts, including invoice scams and fake payroll changes. Google issues a stark warning to Gmail user ... Show More

Listen to millions of songs and podcasts on Anghami