Podcasts about scattered spider

Link to episode page This week's Cyber Security Headlines – Week in Review is hosted by Rich Stroffolino with guest Steve Zalewski, co-host, Defense in Depth Thanks to our show sponsor, Vanta Do you know the status of your compliance controls right now? Like…right now? We know that real-time visibility is critical for security, but when it comes to our GRC programs…we rely on point-in-time checks. But more than 9,000 companies have continuous visibility into their controls with Vanta. Vanta brings automation to evidence collection across over 35 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done 5 times faster with AI. Now that's…a new way to GRC. Get started at Vanta.com/headlines All links and the video of this episode can be found on CISO Series.com    

Social engineering attacks are becoming more sophisticated, and this episode of The Backup Wrap-up explores real-world tactics through our Mr. Robot series analysis. Curtis and Prasanna examine how social engineering works, from Instagram stalking to phone compromise, and discuss actual ransomware groups like Scattered Spider who use social engineering to impersonate employees and reset passwords. We break down the hospital hacking scene, revealing how underfunded IT departments create vulnerabilities that social engineering attacks exploit. The episode also covers email security, backup system risks, and the Sony hack parallels shown in the series. Learn how to protect your organization from social engineering by understanding what information to keep private, how to properly fund cybersecurity, and why your backup systems need protection from social engineering tactics.

If you like what you hear, please subscribe, leave us a review and tell a friend!

In this episode, Richard commences his look into infamous hacking group Scattered Spider.

In this episode of the Cyber Uncut podcast, David Hollingworth and Daniel Croft discuss the future of AI and copyright in Australia, ShinyHunters and their relationship to the Scattered Spider hacking collective, and a new ransomware operator targeting small businesses in the ANZ region. Hollingworth and Croft kick open things up with a discussion on the Australian Productivity Commission's suggestion that AI regulations in Australia should be eased, an idea that the pair are not impressed by. After a short chat on the latest developments with Elon Musk's Grok AI, Hollingworth and Croft discuss the latest wave of Salesforce-related hacks and the possible links between two hacking groups, ShinyHunters and Scattered Spider. The pair wrap things up with the emergence of a new ransomware operation that has already targeted businesses in Australia and New Zealand. Called PEAR, the group focuses purely on data theft over encryption, which seems to be an emerging trend in ransomware operations. Enjoy the episode, The Cyber Uncut team

This episode covers three critical cybersecurity developments affecting healthcare organizations. First, FBI warnings about Scattered Spider ransomware group targeting employees through Slack and Microsoft Teams, including their alarming tactic of creating fake identities to join incident response calls and monitor remediation efforts. Second, leaked chat logs from the Conti ransomware group reveal these criminal organizations operate like structured tech startups with HR policies, management layers, and performance reviews - highlighting the sophisticated nature of modern cyber threats. Finally, CrowdStrike intelligence reveals over 900 North Korean operatives have quietly embedded themselves in US companies using deepfakes and fake identities, wiring paychecks back to the regime. The episode also mentions CISA's new free Thorium tool for malware analysis and forensic investigations.X: This Week Health LinkedIn: This Week Health Donate: Alex's Lemonade Stand: Foundation for Childhood Cancer

Cyber Security Expert Theresa Payton joins Bo and Beth to discuss the latest cyber scam by Scattered Spider and President Donald Trump 's "A.I" Challenge" to schools nationwide. See omnystudio.com/listener for privacy information.

Good Morning BT with Bo Thompson and Beth Troutman | Wednesday, August 6th, 2025. 6:05 Beth’s Song of the Day/Bernie's "29th" Birthday 6:20 Guest: Theresa Payton (Cyber Security Expert) - PayPal/Crypto Scam from Scattered Spider 6:35 Pres Trump creates Task Force for 2028 Summer Olympics 6:50 RAM Biz Update; Guest: Ray Stagich (Weather Channel Meteorologist) - Wet Week in Charlotte 7:05 Panthers Preseason Opener vs Browns 7:20 Bernie's Birthday gifts from the GMBTeam 7:35 Roku launching ad free streaming service ("Howdy") 7:50 Crossing the Streams with Brett Winterble 8:05 Developing: ESPN acquiring rights to air WWE PLE's 8:20 Panthers/Browns joint practice today 8:35 Guest: Scott Huffmon (Poli-Sci Professor) - Texas Re-districting 8:50 Scott Huffmon Cont. - Epstein Files latest/Clinton Prosecution 9:05 Mark Garrison Reports: 80 Years Later - Hiroshima 9:50 WBT Text Line/Show WrapSee omnystudio.com/listener for privacy information.

In the first half of 2025 alone, cloud intrusions were up 136% compared to all of 2024. China was a big driver — CrowdStrike saw a 40% year-over-year surge in intrusions from suspected cloud-conscious China-nexus threat actors. In the government sector, interactive intrusions increased 71%, and targeted intrusion activity jumped 185%.   The CrowdStrike OverWatch threat hunting team has a firsthand look at how adversaries are changing their techniques. In the CrowdStrike 2025 Threat Hunting Report, published today, the team shares observations, trends, and shifts seen in its threat hunting and adversary engagements over the past 12 months.   In this episode, Adam and Cristian dive deep into the report's key findings and put them into context. They explore why the use of malware is going down (and why it won't go away), unpack the rise in government intrusions, and explain the role of generative AI (GenAI) in today's threat landscape. They examine the rise of prolific adversaries such as SCATTERED SPIDER and FAMOUS CHOLLIMA and discuss the techniques organizations can use to stop them.   Below are more key stats from this year's report: 73% of all interactive intrusions were eCrime 81% of interactive intrusions were malware-free In the first half of 2025, voice phishing (vishing) attacks surpassed the total number seen in 2024 FAMOUS CHOLLIMA insiders infiltrated 320+ companies in the last 12 months — a 220% year-over-year increase — by using GenAI throughout hiring and employment   Download the report to learn more.   Links:  

A critical vulnerability in SUSE [SOO-suh] Manager allows attackers to run commands with root privilege. A joint CISA and U.S. Coast Guard threat hunt at a critical infrastructure site reveals serious cybersecurity issues. Healthcare providers across the U.S. report recent data breaches. Cybercriminals infiltrate a bank by physically planting a Raspberry Pi on a network switch. Russian state-backed hackers target Moscow diplomats to deploy ApolloShadow malware. Luxembourg investigates a major telecom outage tied to Huawei equipment. China's cyberspace regulator summons Nvidia over alleged security risks linked to its H20 AI chips. A new report examines early indicators of system compromise. Today we are joined by Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, with their analysis of Scattered Spider. Pwn2Own puts a million dollar bounty on WhatsApp zero-clicks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire GuestOur guest today is Ryan Whelan, Managing Director and Global Head of Accenture Cyber Intelligence, discussing the possibilities of Scattered Spider. Selected Reading Critical flaw in SUSE Manager exposes enterprise deployments to compromise (Beyond Machines) CISA identifies OT configuration flaws during cyber threat hunt at critical infrastructure organization, lists cyber hygiene (Industrial Cyber) CISA Issues ICS Advisories for Rockwell Automation Using VMware, and Güralp Seismic Monitoring Systems (Cyber Security News) Florida Internal Medicine Practices Discloses November 2024 Data Breach (HIPAA Journal) Cybercrooks use Raspberry Pi to steal ATM cash (The Register) Russian Cyberspies Target Foreign Embassies in Moscow via AitM Attacks: Microsoft (SecurityWeek) Luxembourg probes reported attack on Huawei tech that caused nationwide telecoms outage (The Record) Nvidia summoned by China's cyberspace watchdog over risks in H20 chips (CGTN) Hackers Regularly Exploit Vulnerabilities Before Public Disclosure (Infosecurity Magazine) Pwn2Own hacking contest pays $1 million for WhatsApp exploit (Bleeping Computer) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Scattered Spider Related Domain Names A quick demo of our domain feeds and how they can be used to find Scattered Spider related domains https://isc.sans.edu/diary/Scattered+Spider+Related+Domain+Names/32162 Excel External Workbook Links to Blocked File Types Will Be Disabled by Default Excel will discontinue allowing links to dangerous file types starting as early as October. https://support.microsoft.com/en-us/topic/external-workbook-links-to-blocked-file-types-will-be-disabled-by-default-6dd12903-0592-463d-9e68-0741cf62ee58 CISA Releases Thorium CISA announced that it released its malware analysis platform, Thorium, as open-source software. https://www.cisa.gov/news-events/alerts/2025/07/31/thorium-platform-public-availability

In this week's episode, Joe McNamara and John Byrne examine significant shifts in the regulatory landscape, starting with a tribute to compliance leader Anna Rentschler. They dive into concerning changes to FCPA enforcement guidance that critics say abandons universal ethical standards, the OCC's unusual LinkedIn post signaling increased risk tolerance for banks, and growing threats to the Corporate Transparency Act. The discussion moves internationally to cover the UK's crypto asset sanctions compliance findings, the EU's latest money laundering risk assessment highlighting fintech vulnerabilities, and an FBI advisory on the Scattered Spider cybercriminal group.

Cyber Security Expert Theresa Payton joins Bo and Beth to discuss the latest announcement by the FBI regarding prompts to change your password after a string of cyber attacks by Scattered Spider.See omnystudio.com/listener for privacy information.

Das Hacker-Kollektiv „Scattered Spider“ nutzt es und viele andere Cyberkriminelle auch: „Social Engineering“. Die Angreifer erschleichen das Vertrauen ihrer Opfer und bringen Sie dazu, vertrauliche Informationen preiszugeben. Oft mündet das dann bei Unternehmen in Datendiebstahl großen Umfangs oder in einer Erpressung mit Hilfe gekaperter IT- und Datenstrukturen. Wie alle Kriminellen, nutzen auch solche Hacker gerne die Möglichkeiten der Künstlichen Intelligenz. Nicht um technologisch Schutzmechanismen zu überwinden, sondern vor allem um Identitätsdiebstahl und Phishing-Mail-Kampagnen täuschend echt zu gestalten. Cybercrime-Experten warnen vor den Gefahren von Angriffen auf die Firmen- und Kunden-Daten und das Allianz Risk Barometer benennt Hackerangriffe seit Jahren als das Top-Risiko für Unternehmen. Das mußte kürzlich auch die Konzerntochter Allianz Life, ein namhafter Versicherer in den USA, erleben. Kurz nachdem es bereits den Wettbewerber Aflac getroffen hatte. In beiden Fällen wird „Scattered Spider“ hinter den Angriffen vermutet. In der neuen Episode 184 der Turtlezone Tiny Talks beleuchten Dr. Michael Gebert und Oliver Schwartz die Vorgehensweise der Cyberkriminellen und den Umfang der Bedrohung. Und sie thematisieren, wie Unternehmen sich besser wappnen können. Denn bei „Social Engineering“ stehen vor allem Mitarbeiterinnen und Mitarbeiter im Mittelpunkt. Spannende 33 Podcast-Minuten zum Wochenende.

A sweeping malware campaign by North Korea's Lazarus Group targets open source ecosystems. President Trump announces a new electronic health records system. A new report reveals deep ties between Chinese state-sponsored hackers and Chinese tech companies. Researchers describe a new prompt injection threat targeting LLMs via browser extensions. Palo Alto Networks' Unit 42 proposes a new Attribution Framework. Honeywell patches six vulnerabilities in its Experion Process Knowledge System. Researchers track the rapid evolution of a sophisticated Android banking trojan. Scattered Spider goes quiet following recent arrests. Our guests are Jermaine Roebuck and Ann Galchutt from CISA, discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response." A Polish trainmaker sues hackers for fixing trains. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Jermaine Roebuck, Associate Director for Threat Hunting at CISA and Ann Galchutt, Technical Lead at CISA, who will be discussing "Open-Source Eviction Strategies Tool for Cyber Incident Response." Selected Reading Sonatype uncovers global espionage campaign in open source ecosystems (Sonatype) Trump administration is launching a new private health tracking system with Big Tech's help (AP News) Report Links Chinese Companies to Tools Used by State-Sponsored Hackers (SecurityWeek) Top 5 GenAI Tools Vulnerable to Man-in-the-Prompt Attack, Billions Could Be Affected (LayerX) Introducing Unit 42's Attribution Framework (Unit42) Honeywell Experion PKS Flaws Allow Manipulation of Industrial Processes (SecurityWeek) Behind Random Words: DoubleTrouble Mobile Banking Trojan Revealed Cybercriminals ‘Spooked' After Scattered Spider Arrests (Infosecurity Magazine) Polish Train Maker Is Suing the Hackers Who Exposed Its Anti-Repair Tricks (iFixit) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Securing Firebase: Lessons Re-Learned from the Tea Breach Inspried by the breach of the Tea app, Brendon Evans recorded a video to inform of Firebase security issues https://isc.sans.edu/diary/Securing%20Firebase%3A%20Lessons%20Re-Learned%20from%20the%20Tea%20Breach/32158 WebKit Vulnerability Exploited before Apple Patch A WebKit vulnerablity patched by Apple yesterday has already been exploited in Google Chrome. Google noted the exploit with its patch for the same vulnerability in Chrome. https://nvd.nist.gov/vuln/detail/CVE-2025-6558 Scattered Spider Update CISA released an update for its report on Scattered Spider, noting that the group also calls helpdesks impersonating users, not just the other way around. https://www.cisa.gov/news-events/cybersecurity-advisories/aa23-320a

In this special episode of Hacking Humans, while Joe and Maria take a well-earned summer break, we're joined by a special guest host: Rob Allen, Chief Product Officer at ThreatLocker. Rob dives into the tactics and profile of the cybercriminal group known as Scattered Spider—a crew that's gained notoriety for its cunning use of social engineering over traditional hacking techniques. Known for being young, agile, and highly manipulative, Scattered Spider has successfully bypassed security measures not by breaking systems, but by fooling the people who use them. Tune in for a fascinating breakdown of how this group operates and what you can do to defend against them. A listener caught this catch of the day on campus—an email claiming a “salary increase” and urging them to click a sketchy link. It came from outside the company, was riddled with grammar issues, and asked for info HR should already have. Complete our annual ⁠⁠⁠⁠audience survey⁠⁠⁠⁠ before August 31. Resources and links to stories: ⁠⁠Scattered Spider weaves web of social-engineered destruction ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Officials in St. Paul, Minnesota declare a state of emergency following a cyberattack. Hackers disrupt a major French telecom. A power outage causes widespread service disruptions for cloud provider Linode. Researchers reveal a critical authentication bypass flaw in an AI-driven app development platform. A new study shows AI training data is chock full of PII. Fallout continues for the Tea dating safety app. Hackers are actively exploiting a critical SAP NetWeaver vulnerability to deploy malware. CISA and the FBI update their Scattered Spider advisory. A Florida prison exposes personal information of visitors to all of its inmates. Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building. CISA and Senator Wyden come to terms —mostly— over the long-buried US Telecommunications Insecurity Report.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Keith Mularski, Chief Global Ambassador at Qintel, retired FBI Special Agent, and co-host of Only Malware in the Building discussing what it's like to be the new host on the N2K CyberWire network and giving a glimpse into some upcoming episodes. You can catch Keith and his co-hosts Selena Larson, Staff Threat Researcher and Lead, Intelligence Analysis and Strategy at Proofpoint, and our own Dave Bittner the first Tuesday of each month on your favorite podcast app with new episodes of Only Malware. Selected Reading Major cyberattack hits St. Paul, shuts down many services (Star Tribune) French telecom giant Orange discloses cyberattack (Bleeping Computer) Power Outage at Newark Data Center Disrupts Linode, Took LWN Offline (FOSS Force) Critical authentication bypass flaw reported in AI coding platform Base44 (Beyond Machines) A major AI training data set contains millions of examples of personal data (MIT Technology Review) Dating safety app Tea suspends messaging after hack (BBC) Hackers exploit SAP NetWeaver bug to deploy Linux Auto-Color malware (Bleeping Computer) CISA and FBI Release Tactics, Techniques, and Procedures of the Scattered Spider Hacker Group (gb hackers) Florida prison data breach exposes visitors' contact information to inmates (Florida Phoenix) CISA to release long-buried US telco security report (The Register) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Critical Authentication Flaw Identified in Base44 Vibe Coding Platform French telecom giant Orange discloses cyberattack FBI seizes $2.4M in Bitcoin from new Chaos ransomware operation Huge thanks to our sponsor, Dropzone AI What if your SOC could investigate every single alert without burning out your team? That's exactly what Dropzone AI does. They're the leader in autonomous security investigations, and companies like Zapier and Fortune 500s are already on board. Their AI works alongside your analysts, handling the routine so humans can be strategic. See them at BlackHat in Startup City, booth 6427. Or experience it yourself—dropzone.ai has a self-guided demo ready for you.  

If you like what you hear, please subscribe, leave us a review and tell a friend!

If you like what you hear, please subscribe, leave us a review and tell a friend!

This week on the Security Squawk Podcast, we're diving into three major cybersecurity incidents that highlight just how vulnerable even the most well-known organizations still are in 2025. First up, we cover the massive data breach at Co-op, where all 6.5 million members had their personal information stolen. That's right—every single member. We unpack what went wrong, how the breach was discovered, and the long-term fallout for one of the UK's largest retail cooperatives. Then, we turn our attention to the notorious Scattered Spider cybercrime group, which is back in the headlines after breaching major corporations like Clorox and Cognizant. And how did they get in? Not with some zero-day exploit or advanced malware—just simple, convincing phone calls. It's a wake-up call for any business that thinks cybersecurity is all about firewalls and antivirus. Finally, we bring it closer to home with a cyberattack that shut down systems in the Fort Smith Public School District in Arkansas. It's the latest in a growing trend of ransomware targeting schools and disrupting education. We explore what districts can do to prepare and why K–12 institutions remain such easy, high-impact targets for cybercriminals. If you're a business owner, IT professional, school administrator, or just someone who cares about protecting data, this is one episode you don't want to miss. ️ New to streaming or looking to level up? Check out StreamYard and get $10 discount! https://streamyard.com/pal/d/65161790...

In this episode of Cybersecurity Today, host David Shipley covers several key incidents impacting the cybersecurity landscape. Amazon's generative AI coding assistant 'Q' was compromised by a hacker who injected data-wiping code into the tool's GitHub repository. Scattered Spider, a notorious cybercrime group, continues its malware attacks on VMware ESXI hypervisors using advanced social engineering techniques. In a significant enforcement action, global law enforcement dismantled the Black Suit ransomware infrastructure under Operation Checkmate. Lastly, Insurance Giant Allianz Life revealed a data breach affecting its US customer base. Stay tuned to understand the latest threats and protective measures in cybersecurity. 00:00 Introduction and Headlines 00:30 Amazon AI Coding Tool Breach 03:07 Scattered Spider's VMware ESXI Attacks 06:44 Operation Checkmate: Black Suit Ransomware Takedown 08:16 Alliance Life Insurance Data Breach 10:25 Conclusion and Call to Action

Dallas Turner's $240,000 fraud loss isn't just celebrity news—it's a wake-up call for anyone with a bank account. When even NFL linebackers fall victim to social engineering, what does that mean for the rest of us? In this episode of The Audit, co-hosts Joshua Schmidt, Eric Brown, and Nick Mellem break down the sophisticated tactics behind this massive financial fraud and reveal why help desk vulnerabilities are becoming cybercriminals' favorite attack vector. From Scattered Spider's multi-industry campaigns to the unexpected cybersecurity challenges facing Formula 1 racing, this episode covers the evolving threats that no security professional can afford to ignore. 

Please enjoy this Special Edition episode of the Threat Vector podcast with an update on our previous Muddled Libra coverage. Muddled Libra is back and more dangerous than ever. In this episode of Threat Vector, David Moulton speaks with Sam Rubin and Kristopher Russo from Unit 42 about the resurgence of the threat group also known as Scattered Spider. They break down the group's shift to destructive extortion, modular attack teams, and cloud-first tactics. Discover why traditional defenses fail, how attackers now exploit trusted tools, and what forward-leaning security leaders are doing to stay ahead. With real-world case studies, strategic advice, and insights from the front lines, this episode helps defenders understand today's threat landscape and what's coming next. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: @paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Please enjoy this Special Edition episode of the Threat Vector podcast with an update on our previous Muddled Libra coverage. Muddled Libra is back and more dangerous than ever. In this episode of Threat Vector, David Moulton speaks with Sam Rubin and Kristopher Russo from Unit 42 about the resurgence of the threat group also known as Scattered Spider. They break down the group's shift to destructive extortion, modular attack teams, and cloud-first tactics. Discover why traditional defenses fail, how attackers now exploit trusted tools, and what forward-leaning security leaders are doing to stay ahead. With real-world case studies, strategic advice, and insights from the front lines, this episode helps defenders understand today's threat landscape and what's coming next. Join the conversation on our social media channels: Website: ⁠⁠⁠⁠https://www.paloaltonetworks.com/ Threat Research: ⁠⁠⁠⁠https://unit42.paloaltonetworks.com/⁠⁠⁠⁠ Facebook: ⁠⁠⁠⁠https://www.facebook.com/LifeatPaloAltoNetworks/⁠⁠⁠⁠ LinkedIn: ⁠⁠⁠⁠https://www.linkedin.com/company/unit42/⁠⁠⁠⁠ YouTube: @paloaltonetworks Twitter: ⁠⁠⁠⁠https://twitter.com/PaloAltoNtwks⁠⁠⁠⁠ About Threat Vector Threat Vector by Palo Alto Networks is your premier podcast for security thought leadership. Join us as we explore pressing cybersecurity threats, robust protection strategies, and the latest industry trends. The podcast features in-depth discussions with industry leaders, Palo Alto Networks experts, and customers, providing crucial insights for security decision-makers. Whether you're looking to stay ahead of the curve with innovative solutions or understand the evolving cybersecurity landscape, Threat Vector equips you with the knowledge needed to safeguard your organization. Palo Alto Networks Palo Alto Networks enables your team to prevent successful cyberattacks with an automated approach that delivers consistent security across the cloud, network, and mobile. ⁠http://paloaltonetworks.com Learn more about your ad choices. Visit megaphone.fm/adchoices

Risky Biz returns after two weeks off, and there sure is cybersecurity news to catch up on. Patrick Gray and Adam Boileau discuss: Microsoft tried to make outsourcing the Pentagon's cloud maintenance to China okay (it was not) She shells Sharepoint by the sea-shore (by ‘she' we mean ‘China') Four (alleged) Scattered Spider members arrested (and bailed) in the UK Hackers spend $2700 to buy creds for a Brazilian payment system, steal $100M Fortinet has SQLI in the auth header, Citrix mem leak is weaponised, HP hardcodes creds and Sonicwalls get user-moderootkits. Just security vendor things! This week's episode is sponsored by Airlock Digital. CEO David Cottingham talks through what it takes to build a mature, resilient management platform for a security critical system. This episode is also available on Youtube. Show notes Update on DOD's cloud services Microsoft to stop using engineers in China for tech support of US military, Hegseth orders review A Little-Known Microsoft Program Could Expose the Defense Department to Chinese Hackers While DOD policy bans unauthorized apps like TikTok from being on employees phones over national security risks Microsoft Fix Targets Attacks on SharePoint Zero-Day – Krebs on Security National Guard was hacked by China's 'Salt Typhoon' group, DHS says Suspected contractor for China's Hafnium group arrested in in Italy | Cybersecurity Dive Singapore accuses Chinese state-backed hackers of attacking critical infrastructure networks | The Record from Recorded Future News UK Arrests Four in ‘Scattered Spider' Ransom Group – Krebs on Security Four people bailed after arrests over cyber attacks on M&S, Co-op and Harrods Brazilian police arrest IT worker over $100 million cyber theft | The Record from Recorded Future News At Least 750 US Hospitals Faced Disruptions During Last Year's CrowdStrike Outage, Study Finds | WIRED Hacker returns cryptocurrency stolen from GMX exchange after $5 million bounty payment | The Record Indian crypto exchange CoinDCX says $44 million stolen from reserves | The Record Chainalysis: $2.17 billion in crypto stolen in first half of 2025, driven by North Korean hacks | The Record PoisonSeed bypassing FIDO keys to ‘fetch' user accounts Risky Bulletin: Browser extensions hijacked for web scraping botnet A Startup is Selling Data Hacked from Peoples' Computers to Debt Collectors A surveillance vendor was caught exploiting a new SS7 attack to track people's phone locations | TechCrunch Ukrainian hackers wipe databases at Russia's Gazprom in major cyberattack, intelligence source says File transfer company CrushFTP warns of zero-day exploit seen in the wild | The Record HPE warns of hardcoded passwords in Aruba access points Pre-Auth SQL Injection to RCE - Fortinet FortiWeb Fabric Connector (CVE-2025-25257) Researchers, CISA confirm active exploitation of critical Citrix Netscaler flaw | Cybersecurity Dive Google finds custom backdoor being installed on SonicWall network devices - Ars Technica Hackers Can Remotely Trigger the Brakes on American Trains and the Problem Has Been Ignored for Years

This week, we are pleased to be joined by ⁠George Glass⁠, Associate Managing Director of ⁠Kroll⁠'s Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group's industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the group's history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus. Complete our annual ⁠⁠audience survey⁠⁠ before August 31. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are pleased to be joined by George Glass, Associate Managing Director of Kroll's Cyber Risk business, as he is discussing their research on Scattered Spider and their targeting of insurance companies. While Scattered Spider has recently turned its attention to the airline industry, George focuses on the broader trend of the group's industry-by-industry approach and what that means for defenders across sectors. George and Dave discuss the group's history, their self-identification as a cartel, and their increasingly aggressive tactics, including the use of fear-based social engineering, physical threats, and the recruitment of insiders at telecom providers. They also examine how organizations—especially those with vulnerabilities similar to past targets—can proactively defend against this threat and prepare an effective response if their industry becomes the next focus. Complete our annual ⁠audience survey⁠ before August 31. Learn more about your ad choices. Visit megaphone.fm/adchoices

Send us a textEp. 96 of the Cyber Law Revolution is live!In this episode, we discussed the sophistication of scattered spider as they target the insurance and airplane industries. Further, we do a quick dive into the implications of AI!Keep the questions and comments coming. 410-917-5189 or spollock@mcdonaldhopkins.com

They never really left — they just got quieter, faster, and bolder. In this episode of the Adversary Universe podcast, Adam and Cristian trace the resurgence of SCATTERED SPIDER, one of today's most aggressive and sophisticated adversary groups. Once known for SIM swapping and gaming community exploits, SCATTERED SPIDER has evolved into a high-speed, high-impact ransomware crew targeting the retail, insurance, and aviation sectors. Adam shares CrowdStrike's front-line insights into how the group operates, from conducting help desk social engineering and bypassing multifactor authentication (MFA) to hijacking hypervisors and exfiltrating data via software as a service (SaaS) integrations. Tune in to learn: How SCATTERED SPIDER blends SIM swapping, voice phishing, and cloud-native tradecraft Why they're one of the fastest threat actors we've seen, sometimes encrypting systems within 24 hours What defenders must do to spot them early and act fast And yes, why they still haven't been arrested Check the show notes for CrowdStrike's latest guidance and technical blog on SCATTERED SPIDER.

Significant Data Breaches and VulnerabilitiesMcDonald's AI-driven hiring platform, Olivia (by Paradox.ai), exposed 64 million applicant records due to weak security, including a password as simple as "123456." In Sweden, security personnel inadvertently revealed Prime Minister Ulf Kristersson's whereabouts by sharing fitness routes on Strava. Qantas suffered a breach affecting 5.7 million customers, with personal details like addresses and phone numbers exposed via a third-party platform compromised by the Scattered Spider group. These cases demonstrate the risks of inadequate security in automated systems and third-party integrations.Skepticism Around Jack Dorsey's Bitchat AppJack Dorsey's Bitchat, a decentralized messaging app using Bluetooth and end-to-end encryption, faces skepticism due to its lack of external security audits. Researchers identified flaws, such as a broken identity verification system enabling impersonation. Dorsey's warnings on GitHub advise against using the app until properly vetted, raising concerns about premature launches of privacy-focused tools.“Contagious Interview” AI-Powered ScamThe “Contagious Interview” scam, linked to North Korean hackers, targets job-seekers on platforms like LinkedIn. Posing as recruiters from fake companies (e.g., BlockNovas LLC), hackers use AI-generated personas and fake profiles to trick victims into installing malware disguised as interview tools. This malware, including BeaverTail and InvisibleFerret, steals passwords and cryptocurrency data, showing the potent combination of AI and social engineering in cybercrime.Quantum Computing Threat to EncryptionQuantum computing's rise threatens current encryption methods like RSA and ECC, posing risks to data security in industries like finance and healthcare. Experts recommend adopting post-quantum cryptography (PQC) by inventorying encryption-reliant systems, requiring vendors to provide PQC migration plans, and updating firmware to quantum-resistant signatures to protect against future decryption threats.OpenAI's Challenge to Productivity SoftwareOpenAI is poised to disrupt Microsoft 365 and Google Workspace with an AI-powered productivity suite. Leveraging generative AI, it offers collaborative writing, editing, brainstorming, and graphics assistance, potentially at a lower cost than Microsoft's Copilot. This move signals a shift toward AI-driven productivity tools, challenging established market leaders.xAI API Key LeakA DOGE employee, Marko Elez, accidentally exposed an xAI API key on GitHub, granting access to over 52 AI models, including grok-4-0709. Elez's role in DOGE, with access to sensitive U.S. government data, amplifies the risk. The unrevoked key and prior DOGE leaks suggest systemic security negligence, endangering AI models and government data.Cybersecurity TakeawaysThese incidents emphasize the need for robust cybersecurity in automated systems, thorough vetting of third-party platforms, caution with digital footprints (e.g., fitness apps), and external security reviews for new apps. Vigilance against AI-driven scams is critical, with users urged to verify sources and software.Broader Cyber Threat TrendsThe reliance on vulnerable third-party platforms, sophisticated AI-powered social engineering, internal security lapses, and the looming quantum computing threat demonstrate the need for proactive, future-proof cybersecurity strategies to safeguard sensitive data and systems.

Tom Uren and Amberleigh Jack talk about Huawei's contract to manage storage for Spain's lawful intercept system. News broke this week that Spain had signed a €12 million contract, but it turns out Huawei has been involved in the system since 2004! They also discuss arrests in the UK of four individuals associated with Scattered Spider. The criminal resumés of two of the suspects support the idea that there are key individuals with outsize impact. But they also reinforce that the online communities they are involved in act as training grounds for cyber criminals. Arrests will slow hacks, not stop them. This episode is also available on Youtube. Show notes

EP 251. This week's update with a side of Fries....McDonald's AI-driven hiring platform faces scrutiny after a critical security flaw exposed millions of applicants' personal data to potential hackers.  Swedish security personnel inadvertently disclosed Prime Minister Ulf Kristersson's private whereabouts through fitness app Strava, raising national security concerns. Qantas confirms a massive data breach affecting 5.7 million customers, exposing personal details via a third-party platform breach by the Scattered Spider group. Jack Dorsey's Bitchat app, touted for secure decentralized messaging, faces skepticism as untested security vulnerabilities spark concerns among researchers. As quantum computing nears, industries are urged to adopt post-quantum cryptography to safeguard sensitive data against future decryption threats. North Korean hackers deploy the sophisticated “Contagious Interview” scam, using AI-driven personas to trick job-seekers into installing malicious software.  OpenAI challenges Microsoft with a forthcoming AI-powered productivity suite, aiming to disrupt the dominance of Microsoft 365 and Google Workspace.  A DOGE employee's accidental leak of xAI's API key on GitHub provides access to advanced AI models, all r  adding up to some pretty silly security lapses.Please pass the ketchup!For this week's full transcript and additional links, click here.

There’s lots of juicy stories in our monthly security news roundup. The Scattered Spider hacking group makes effective use of social engineering to target MSPs, Microsoft pushes for better Windows resiliency by rethinking kernel access policies for third-party endpoint security software, and the US Justice Department files indictments against alleged operators of laptop farms that... Read more »

There’s lots of juicy stories in our monthly security news roundup. The Scattered Spider hacking group makes effective use of social engineering to target MSPs, Microsoft pushes for better Windows resiliency by rethinking kernel access policies for third-party endpoint security software, and the US Justice Department files indictments against alleged operators of laptop farms that... Read more »

British and Romanian authorities make arrests in a major tax fraud scheme. The Interlock ransomware gang has a new RAT. A new vulnerability in Google Gemini for Workspace allows attackers to hide malicious instructions inside emails. Suspected Chinese hackers breach a major DC law firm.  Multiple firmware vulnerabilities affect products from Taiwanese manufacturer Gigabyte Technology. Nvidia warns against Rowhammer attacks across its product line. Louis Vuitton joins the list of breached UK retailers. Indian authorities dismantle a cyber fraud gang. CISA pumps the brakes on a critical vulnerability in American train systems. Our guest is Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, with insights on Scattered Spider. Hackers ransack Elmo's World.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Cynthia Kaiser, SVP of Halcyon's Ransomware Research Center and former Deputy Assistant Director at the FBI's Cyber Division, discussing "Scattered Spider and Other Criminal Compromise of Outsourcing Providers Increases Victim Attacks." You can check out more from Halcyon here. Selected Reading Romanian police arrest 13 scammers targeting UK's tax authority (The Record) Interlock Ransomware Unleashes New RAT in Widespread Campaign (Infosecurity Magazine) Google Gemini flaw hijacks email summaries for phishing (Bleeping Computer) Chinese hackers suspected in breach of powerful DC law firm (CNN Politics) Flaws in Gigabyte Firmware Allow Security Bypass, Backdoor Deployment (Security Week) Nvidia warns of Rowhammer attacks on GPUs (The Register) Louis Vuitton UK Latest Retailer Hit by Data Breach (Infosecurity Magazine) Indian Police Raid Tech Support Scam Call Center (Infosecurity Magazine) Security vulnerability on U.S. trains that let anyone activate the brakes on the rear car was known for 13 years — operators refused to fix the issue until now (Tom's Hardware) End-of-Train and Head-of-Train Remote Linking Protocol (CISA) Hacker Makes Antisemitic Posts on Elmo's X Account (The New York Times) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In this episode of 'Cybersecurity: Today's Month in Review,' the panel of experts, including Laura Payne, David Shipley, and new guest Tammy Harper, delve into major cybersecurity stories from the past month. Discussions range from the recent arrest of a Montreal scam operator, Scattered Spider's targeted attacks on various sectors, and the impacts of AI on the cybersecurity landscape. The panel also highlights industry shifts, new threat tactics, and the importance of strategic communication during incidents. The episode concludes with reflections on AI's integration into enterprise systems, emphasizing preparation and ethical considerations. 00:00 Introduction to the Cybersecurity Month in Review 00:12 Meet the Panelists 00:26 Laura Payne's Introduction 01:04 David Shipley's Introduction 01:38 Tammy Harper's Introduction 04:09 First Story: Montreal Scam Arrest 10:52 David Shipley's Big Story: Scattered Spider 16:40 The Rise of Young Cybercriminals 32:36 Ingram Micro Ransomware Attack 33:27 Government Breaches and Fast Recovery 34:56 Ingram Micro Incident and Communication Failures 35:55 Importance of Communication in Incident Response 37:39 Ransomware Trends and Threat Actor Tactics 39:55 Shift from Encryption to Exfiltration 46:41 Government Actions and Market Impact 51:27 AI in Cybersecurity: Risks and Opportunities 58:53 Ethical AI and Future Considerations 01:08:12 Final Thoughts and Wrap-Up

Four suspected members of the hacker group Scattered Spider have been arrested in the UK, Reports indicate a massive uptick in AI-generated CSAM, and Bluesky is adding age verification features for users in the UK. It's Friday, July 11th and here's a quick look at tech in the news this morning from Engadget. Learn more about your ad choices. Visit podcastchoices.com/adchoices

Why were the Texas floods so deadly, and could more have been done to warn victims? Emily Foxhall at the Texas Tribune explores the issue. Today, a federal judge will hear new legal arguments against the Trump administration’s birthright-citizenship order. Tom Hals of Reuters tells us about the legal landscape and what to expect. Lily Hay Newman, a senior writer for Wired, takes us behind the scenes of a group of young cybercriminals called the Scattered Spider. Plus, measles has hit record levels in the U.S., Elon Musk lost his CEO at X, and the AI music going viral. Today’s episode was hosted by Shumita Basu.

In this conversation, Dr. Chase Cunningham, also known as Dr. Zero Trust, discusses the recent ransomware attack on Marks & Spencer, the implications of Ingram Micro's investigation into a ransomware incident, and the lessons learned from major cyber attacks. He highlights the importance of cybersecurity measures, job opportunities in the field, and government initiatives aimed at improving cybersecurity. The conversation also explores the rise of sophisticated cyber threats, including deepfake scams and the activities of the hacker group Scattered Spider, concluding with insights into the future of cybersecurity.TakeawaysMarks & Spencer's ransomware attack was the result of social engineering.The attack involved impersonation of employees to reset passwords.Micro segmentation and multi-factor authentication could have mitigated the attack.Ingram Micro is investigating a ransomware attack that is affecting its operations.Lessons from past cyberattacks emphasize the need for software updates and ongoing training.Deepfake scams are becoming a significant threat.There are numerous job opportunities in the field of cybersecurity.Government funding for cybersecurity is crucial for rural hospitals.The SEC is settling with SolarWinds over cybersecurity failures.Organizations often overlook cybersecurity best practices.

President Trump publicly released tariff letters to around a dozen countries—including Japan, South Korea, Thailand, and Indonesia—warning they'll face import taxes of at least 25% starting August 1 unless they finalize new trade deals. Meanwhile, a California National Guard deployment to an empty park in LA drew backlash as a political stunt, while Customs and Border Protection issued a call for advanced surveillance tech to analyze seized digital devices. Cybersecurity experts raised alarms over Scattered Spider, a hacker group targeting U.S. infrastructure using phishing and impersonation tactics. The DOJ and FBI released a memo denying any Epstein “client list” or foul play in his prison death—despite past contradictions—including new (but suspect) footage. Physician groups are suing HHS Secretary RFK Jr. over new federal COVID vaccine recommendations, and the Trump administration says a U.S.-friendly version of TikTok is on track to launch September 5 as part of a deal to avoid a full ban. Resources/Articles mentioned in this episode: NYT: Here Are Trump's New Tariff Threats  AP News: Troops and federal agents briefly descend on LA's MacArthur Park in largely immigrant neighborhood Wired: CBP Wants New Tech to Search for Hidden Data on Seized Phones Wired: A Group of Young Cybercriminals Poses the ‘Most Imminent Threat' of Cyberattacks Right Now Axios: Exclusive: DOJ, FBI conclude Epstein had no "client list," died by suicide Axios: Docs sue RFK Jr. over COVID vax policy changes  The Verge: TikTok's ‘ban' problem could end soon with a new app and a sale  Morning Announcements is produced by Sami Sage and edited by Grace Hernandez-Johnson Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, our hosts⁠⁠⁠⁠⁠⁠⁠⁠⁠ ⁠⁠Dave Bittner⁠⁠, ⁠⁠⁠⁠⁠⁠⁠Joe Carrigan⁠⁠⁠⁠⁠⁠⁠, and ⁠⁠⁠⁠⁠⁠⁠Maria Varmazis⁠⁠⁠⁠⁠⁠⁠ (also host of the ⁠⁠⁠⁠⁠⁠⁠T-Minus⁠⁠⁠⁠⁠⁠⁠ Space Daily show) are back sharing the latest in social engineering scams, phishing schemes, and criminal exploits that are making headlines. We start with some follow up, as Joe shares with us a complaint he has with Vanguard. Maria's story is on McAfee's latest research revealing that one in five Americans has fallen for a travel scam—often losing hundreds of dollars—despite many trying to stay vigilant, as scammers use fake websites, AI-altered photos, and phishing links to exploit deal-seeking travelers. Joe's got two stories this week: the first one is from Rachel Tobac on LinkedIn, breaking down how attackers like Scattered Spider are using phone-based impersonation, fake domains, and social engineering to breach insurance companies, and the second is on Aflac confirming it was hit in a cyberattack believed to be part of a broader campaign targeting the insurance sector, likely tied to the same threat group. Dave's story is on brushing scams, a scheme the United States Postal Service is warning about, where scammers send unordered packages—often low-cost items—to people's addresses so they can fraudulently post fake “verified” reviews online using the recipient's name and address to boost product rankings. Our catch of the day is from the scams sub-Reddit, where someone shared text messages from a scammer asking for only a small favor. Complete our annual audience survey before August 31. Resources and links to stories: New McAfee Report Finds Young Adults Fall for Travel Scams More Often Than Older Generations Rachel Tobac LinkedIn Aflac Latest Insurer to Suffer Cyberattack and Data Breach Brushing Scam - Unexpected Package US Postal Inspection Service ⁠⁠⁠⁠⁠⁠⁠Have a Catch of the Day you'd like to share? Email it to us at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠hackinghumans@n2k.com⁠⁠⁠⁠⁠⁠⁠⁠⁠.

Chris and Hector dive deep into the latest waves of cybercrime, from the FBI's battle with the Scattered Spider group targeting airlines, to takedowns of notorious data breach forums. The duo break down government responses, the real risks for average people, and share honest, hard-won advice for young hackers. Join our new Patreon! ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠https://www.patreon.com/c/hackerandthefed⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠ Send HATF your questions at ⁠⁠⁠⁠⁠⁠⁠⁠⁠⁠questions@hackerandthefed.com

On this week's show Patrick Gray and Adam Boileau discuss the week's cybersecurity news: Australian airline Qantas looks like it got a Scattered Spider-ing Microsoft works towards blunting the next CrowdStrike disaster Changes are coming for Microsoft's default enterprise app consenting setup Synology downplays hardcoded passwords for its M365 cloud backup agent The next Citrix Netscaler memory disclosure looks nasty Drug cartels used technical surveillance to find, fix and finish FBI informants and witnesses This week's episode is sponsored by RAD Security. Co-founder Jimmy Mesta joins to talk through how they use AI automation to assess the security posture of sprawling cloud environments. This episode is also available on Youtube. Show notes Qantas hit by cyber attack, leaving 6 million customer records at risk of data breach Scattered Spider appears to pivot toward aviation sector | Cybersecurity Dive Microsoft to make Windows more resilient following 2024 IT outage | Cybersecurity Dive (384) The Ultimate Guide to App Consent in Microsoft Entra - YouTube When Backups Open Backdoors: Accessing Sensitive Cloud Data via "Synology Active Backup for Microsoft 365" / modzero AT&T deploys new account lock feature to counter SIM swapping | CyberScoop Iran-linked hackers threaten to release Trump aides' emails | Reuters US government warns of new Iran-linked cyber threats on critical infrastructure | Cybersecurity Dive Actively exploited vulnerability gives extraordinary control over server fleets - Ars Technica Critical vulnerability in Citrix Netscaler raises specter of exploitation wave | Cybersecurity Dive Identities of More Than 80 Americans Stolen for North Korean IT Worker Scams | WIRED Cloudflare confirms Russia restricting access to services amid free internet crackdown | The Record from Recorded Future News Mexican drug cartel used hacker to track FBI official, then killed potential FBI informants, government audit says | CNN Politics Audit of the FBI's Efforts to Mitigate the Effects of Ubiquitous Technical Surveillance - Redacted Report NATO members aim for spending 5% of GDP on defense, with 1.5% eligible for cyber | The Record from Recorded Future News US sanctions bulletproof hosting provider for supporting ransomware, infostealer operations | CyberScoop US, French authorities confirm arrest of BreachForums hackers | TechCrunch Spanish police arrest five over $542 million crypto investment scheme | The Record from Recorded Future News Scam compounds labeled a 'living nightmare' as Cambodian government accused of turning a blind eye | The Record from Recorded Future News

Sony, Scattered Spider, Hikvision, Cybercrime, Iran, BSODs, Cloudflare, Josh Marpet, and more on the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-490

CISA warns organizations of potential cyber threats from Iranian state-sponsored actors.Scattered Spider targets aviation and transportation. Workforce cuts at the State Department raise concerns about weakened cyber diplomacy. Canada bans Chinese security camera vendor Hikvision over national security concerns.Cisco Talos reports a rise in cybercriminals abusing Large Language Models. MacOS malware Poseidon Stealer rebrands.Researchers discover multiple vulnerabilities in Bluetooth chips used in headphones and earbuds. The FDA issues new guidance on medical device cybersecurity. Our guest is  Debbie Gordon, Co-Founder of Cloud Range, looking “Beyond the Stack - Why Cyber Readiness Starts with People.” An IT worker's revenge plan backfires. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today's Industry Voices segment, Debbie Gordon, Co-Founder of Cloud Range, shares insights on looking “Beyond the Stack - Why Cyber Readiness Starts with People.” Learn more about what Debbie discusses in Cloud Range's blog: Bolstering Your Human Security Posture. You can hear Debbie's full conversation here. Selected Reading CISA and Partners Urge Critical Infrastructure to Stay Vigilant in the Current Geopolitical Environment (CISA) Joint Statement from CISA, FBI, DC3 and NSA on Potential Targeted Cyber Activity Against U.S. Critical Infrastructure by Iran (CISA, FBI, DOD Cyber Crime Center, NSA)  Prolific cybercriminal group now targeting aviation, transportation companies (Axios) U.S. Cyber Diplomacy at Risk Amid State Department Shakeup (GovInfo Security) Canada Bans Chinese CCTV Vendor Hikvision Over National Security Concerns (Infosecurity Magazine) Malicious AI Models Are Behind a New Wave of Cybercrime, Cisco Talos (Hackread) MacOS malware Poseidon Stealer rebranded as Odyssey Stealer (SC Media) Airoha Chip Vulnerabilities Expose Headphones to Takeover (SecurityWeek) FDA Expands Premarket Medical Device Cyber Guidance (GovInfo Security) 'Disgruntled' British IT worker jailed for hacking employer after being suspended (The Record) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Scattered Spider Update The threat actor known as Scattered Spider is in the news again, this time focusing on airlines. But the techniques used by Scattered Spider, social engineering, are still some of the most dangerous techniques used by various threat actors. https://cloud.google.com/blog/topics/threat-intelligence/unc3944-proactive-hardening-recommendations?e=48754805 AMI BIOS Vulnerability Exploited CVE-2024-54085 A vulnerability in the Redfish remote access software, including AMI s BIOS, is now being exploited. https://go.ami.com/hubfs/Security%20Advisories/2025/AMI-SA-2025003.pdf https://eclypsium.com/blog/ami-megarac-vulnerabilities-bmc-part-3/ Act now: Secure Boot certificates expire in June 2026 The Microsoft certificates used in Secure Boot are the basis of trust for operating system security, and all will be expiring beginning June 2026. https://techcommunity.microsoft.com/blog/windows-itpro-blog/act-now-secure-boot-certificates-expire-in-june-2026/4426856 The Windows Resiliency Initiative: Building resilience for a future-ready enterprise Microsoft announced more details about its future security and resilience strategy for Windows. In particular, security tools will no longer have kernel access, which is supposed to prevent a repeat of the Cloudflare issue, but may also restrict security tools functionality. https://blogs.windows.com/windowsexperience/2025/06/26/the-windows-resiliency-initiative-building-resilience-for-a-future-ready-enterprise/