Podcasts about SonicWall

Web Scanning SonicWall for CVE-2021-20016 - Update Scans for SonicWall increased by an order of magnitude over the last couple of weeks. Many of the attacks appear to originate from Global Host , a low-cost virtual hosting provider. https://isc.sans.edu/diary/Web%20Scanning%20SonicWall%20for%20CVE-2021-20016%20-%20Update/31952 Google Update Patches Exploited Chrome Flaw Google released an update for Chrome. The update fixes two specific flaws reported by external researchers, CVE-2025-4664 and CVE-2025-4609. The first flaw is already being exploited in the wild. https://chromereleases.googleblog.com/2025/05/stable-channel-update-for-desktop_14.html https://x.com/slonser_/status/1919439373986107814 RVTools Bumblebee Malware Attack Zerodaylabs published its analysis of the RV-Tools Backdoor attack. It suggests that this may not be solely a search engine optimization campaign directing victims to the malicious installer, but that the RVTools distribution site was compromised. https://zerodaylabs.net/rvtools-bumblebee-malware/ Operation RoundPress ESET Security wrote up a report summarizing recent XSS attacks against open-source webmail systems https://www.welivesecurity.com/en/eset-research/operation-roundpress/

Three Buddy Problem - Episode 46: We dig into a Coinbase breach headlined by bribes, rogue contractors and a $20 million ransom demand. Plus, (another!) batch of Ivanti and Microsoft zero-days being exploited in the wild, a new 'Intrusion Logging' feature coming to Android, Apple's iOS 18.5 patches, and the EU announcing its own vulnerability database and software vendor secure-coding pledge. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Ryan Naraine (https://twitter.com/ryanaraine) and Costin Raiu (https://twitter.com/craiu).

In this episode of The Cybersecurity Defenders Podcast, we discuss some intel being shared in the LimaCharlie community.Since March 2025, Volexity has tracked an escalation in sophisticated phishing campaigns executed by two suspected Russian threat actors, UTA0352 and UTA0355, targeting the Microsoft 365 accounts of individuals connected to Ukraine and human rights organizations. A recent security assessment by watchTowr uncovered a pre-authenticated Remote Code Execution (RCE) vulnerability in Commvault's on-premise Backup and Recovery solution (Innovation Release 11.38.20). CISA has added two SonicWall vulnerabilities to its Known Exploited Vulnerabilities (KEV) catalog, indicating an escalation in exploitation activity against the vendor's SMA series of secure remote access appliances. Bot traffic has overtaken legitimate human use on the internet, with the latest data showing that automated traffic now accounts for 51% of all internet activity—of which 37% is classified as malicious.

Una nueva era en ciberseguridad para MSPs llega con SonicPlatform, una solución integral de SonicWall que combina automatización, gestión multi-tenant, protección end-to-end y una garantía de hasta USD 1 millón. SonicWall marca así un nuevo estándar en servicios gestionados.

　一般社団法人JPCERT コーディネーションセンター（JPCERT/CC）は5月12日、SonicWall製SMA100シリーズにおける複数の脆弱性（CVE-2023-44221、CVE-2024-38475）を組み合わせた攻撃について発表した。影響を受けるシステムは以下の通り。

Take a Network Break! We start with follow-up from a listener on the best way to listen to our podcast that helps the most. The answer? Any listen on any platform helps. Even better is to tell a friend! We discuss two critical security issues. First, CISA adds active exploits against known SonicWall vulnerabilities to... Read more »

Take a Network Break! We start with follow-up from a listener on the best way to listen to our podcast that helps the most. The answer? Any listen on any platform helps. Even better is to tell a friend! We discuss two critical security issues. First, CISA adds active exploits against known SonicWall vulnerabilities to... Read more »

Take a Network Break! We start with follow-up from a listener on the best way to listen to our podcast that helps the most. The answer? Any listen on any platform helps. Even better is to tell a friend! We discuss two critical security issues. First, CISA adds active exploits against known SonicWall vulnerabilities to... Read more »

Cisco patches a level 10 vulnerability in IOS XE President nominates former Unilever CISO to be Pentagon CIO SonicWall patches a new zero-day vulnerability Thanks to today's episode sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com/CISO. Find the stories behind the headlines at CISOseries.com.

The LockBit ransomware gang has been hacked. Google researchers identify a new infostealer called Lostkeys. SonicWall is urging customers to patch three critical device vulnerabilities. Apple patches a critical remote code execution flaw. Cisco patches 35 vulnerabilities across multiple products. Iranian hackers cloned a German modeling agency's website to spy on Iranian dissidents. Researchers bypass SentinelOne's EDR protection. Education tech firm PowerSchool faces renewed extortion. CrowdStrike leans into AI amidst layoffs. Our guest is Caleb Barlow, CEO of Cyberbit, discussing the mixed messages of the cyber skills gaps. Honoring the legacy of Joseph Nye. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we are joined by Caleb Barlow, CEO of Cyberbit, who is discussing the mixed messages of the cyber skills gaps. Selected Reading LockBit ransomware gang hacked, victim negotiations exposed (Bleeping Computer) Russian state-linked Coldriver spies add new malware to operation (The Record) Fake AI Tools Push New Noodlophile Stealer Through Facebook Ads (Hackread) SonicWall urges admins to patch VPN flaw exploited in attacks (Bleeping Computer) Researchers Details macOS Remote Code Execution Vulnerability - CVE-2024-44236 (Cyber Security News) Cisco IOS XE Wireless Controllers Vulnerability Enables Full Device Control for Attackers (Cyber Security News) Cisco Patches 35 Vulnerabilities Across Several Products (SecurityWeek) Iranian Hackers Impersonate as Model Agency to Attack Victims (Cyber Security News) Hacker Finds New Technique to Bypass SentinelOne EDR Solution (Infosecurity Magazine) CrowdStrike trims workforce by 5 percent, aims to rely on AI (The Register) Despite ransom payment, PowerSchool hacker now extorting individual school districts (The Record)  Joseph Nye, Harvard professor, developer of “soft power” theory, and an architect of modern international relations, dies at 88 (Harvard University)  Nye Lauded for Cybersecurity Leadership (The Belfer Center for Science and International Affairs at Harvard University) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

SAN FRANCISCO — RSA Conference 2025 "Sixty percent of the attacks we're tracking target low-profile vulnerabilities—things like privilege escalation and security bypasses, not the headline-making zero days," says Douglas McKee, Executive Director of Threat Research at SonicWall. Speaking live from the show floor at RSA 2025, McKee outlined how SonicWall is helping partners prioritize threats that are actually being exploited, not just those getting attention. In a fast-paced conversation with Technology Reseller News publisher Doug Green, McKee unveiled SonicWall's upcoming Managed Prevention Security Services (MPSS). The offering is designed to help reduce misconfigurations—a leading cause of breaches—by assisting with firewall patching and configuration validation. SonicWall is also collaborating with CySurance to package cyber insurance into this new managed service, providing peace of mind and operational relief to MSPs and customers alike. “Over 95% of the incidents we see are due to human error,” McKee noted. “With MPSS, we're stepping in as a partner to reduce that risk.” McKee also previewed an upcoming threat brief focused on Microsoft vulnerabilities, revealing an 11% year-over-year increase in attacks. Despite attention on high-profile CVEs, SonicWall's data shows attackers often rely on under-the-radar vulnerabilities with lower CVSS scores. For MSPs, McKee shared a stark warning: nearly 50% of the organizations SonicWall monitors are still vulnerable to decade-old exploits like Log4j and Heartbleed. SonicWall's telemetry-driven insights allow MSPs to focus remediation on widespread, high-impact threats. SonicWall's transformation from a firewall vendor to a full-spectrum cybersecurity provider was on display at RSA Booth #6353 (North Hall), where the company showcased its SonicSensory MDR, cloud offerings, and threat intelligence. "We've evolved into a complete cybersecurity partner," McKee said. "Whether it's in the cloud or on-prem, we're helping MSPs and enterprises defend smarter." Visitors to the SonicWall booth were treated to live presentations and fresh coffee—while those not attending can explore SonicWall's insights, including its February 2024 Threat Report and upcoming threat briefs, at www.sonicwall.com.

Referências do EpisódioSonicWall SSL-VPN SMA100 Version 10.x Is Affected By Multiple VulnerabilitiesSonicWall SMA100 SSL-VPN Affected By Multiple VulnerabilitiesSonicBoom, From Stolen Tokens to Remote Shells - SonicWall SMA (CVE-2023-44221, CVE-2024-38475)TerraStealerV2 and TerraLogger: Golden Chickens' New Malware Families DiscoveredEarth Kasha Updates TTPs in Latest Campaign Targeting Taiwan and JapanFortiGuard Incident Response Team Detects Intrusion into Middle East Critical National InfrastructureRoteiro e apresentação: Carlos Cabral e Bianca OliveiraEdição de áudio: Paulo ArruzzoNarração de encerramento: Bianca Garcia

Updates from RSAC 2025. Former NSA cyber chief Rob Joyce warns that AI is rapidly approaching the ability to develop high-level software exploits. An FBI official warns that China is the top threat to U.S. critical infrastructure. Mandiant and Google raise alarms over widespread infiltration of global companies by North Korean IT workers. France accuses Russia's Fancy Bear of targeting at least a dozen French government and institutional entities. SonicWall has issued an urgent alert about active exploitation of a high-severity vulnerability in its Secure Mobile Access appliances. A China-linked APT group known as “TheWizards” is abusing an IPv6 networking feature. Gremlin Stealer emerges as a serious threat. A 23-year-old Scottish man linked to the Scattered Spider hacking group has been extradited from Spain to the U.S. Senators urge FTC action on consumer neural data. New WordPress malware masquerades as an anti-malware plugin. Our guest is Andy Cao from ProjectDiscovery, the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest. Our intern Kevin returns with some Kevin on the Street interviews from the RSAC floor.  Research reveals the risk of juice jacking isn't entirely imaginary.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Andy Cao from ProjectDiscovery, who is the Winner of the 20th Annual RSAC™ Innovation Sandbox Contest 2025 event. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Shane Harding CEO of Devicie and Nathan Ostrowski Co-Founder Petrą Security.  You can also catch Kevin on our Microsoft for Startups⁠ Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi⁠ of ⁠Cerby⁠, ⁠Travis Howerton⁠ of ⁠RegScale⁠, and ⁠Karl Mattson⁠ of ⁠Endor Labs⁠. Whether you are building your own startup or just love a good innovation story, listen and learn more here. Selected Reading Ex-NSA cyber boss: AI will soon be a great exploit dev (The Register)  AI makes China leading threat to US critical infrastructure, says FBI official (SC World) North Korean operatives have infiltrated hundreds of Fortune 500 companies (CyberScoop) France Blames Russia for Cyberattacks on Dozen Entities (SecurityWeek) SonicWall OS Command Injection Vulnerability Exploited in the Wild (Cyber Security News) Hackers abuse IPv6 networking feature to hijack software updates (Bleeping Computer)  New Gremlin Stealer Advertised on Hacker Forums Targets Credit Card Data and Login Credentials (GB Hackers) Alleged ‘Scattered Spider' Member Extradited to U.S. (Krebs on Security) Senators Urge FTC Action on Consumer Neural Data, Signaling Heightened Scrutiny (Cooley) New WordPress Malware as Anti-Malware Plugin Take Full Control of Website (Cyber Security News)  iOS and Android juice jacking defenses have been trivial to bypass for years (Ars Technica)Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Web Scanning for Sonicwall Vulnerabilities CVE-2021-20016 For the last week, scans for Sonicwall API login and domain endpoints have skyrocketed. These attacks may be exploiting an older vulnerability or just attempting to brute force credentials. https://isc.sans.edu/diary/Web%20Scanning%20Sonicwall%20for%20CVE-2021-20016/31906 The Wizards APT Group SLAAC Spoofing Adversary in the Middle Attacks ESET published an article with details regarding an IPv6-linked attack they have observed. Attackers use router advertisements to inject fake recursive DNS servers that are used to inject IP addresses for hostnames used to update software. This leads to the victim downloading malware instead of legitimate updates. https://www.welivesecurity.com/en/eset-research/thewizards-apt-group-slaac-spoofing-adversary-in-the-middle-attacks/ Windows RDP Access is Possible with Old Credentials Credential caching may lead to Windows allowing RDP logins with old credentials. https://arstechnica.com/security/2025/04/windows-rdp-lets-you-log-in-using-revoked-passwords-microsoft-is-ok-with-that/?comments-page=1#comments

SEASON: 5 EPISODE: 10Episode Overview:Welcome to another episode of Becoming Preferred, where we explore the latest strategies and tactics to help you level up your knowledge and improve your skills. Our guest is Scott McCrady, the CEO of SolCyber. With over 25 years of experience, Scott has been at the forefront of protecting people and businesses around the globe. In this episode, we'll delve into the misconceptions that small businesses, entrepreneurs, and business professionals have about cybersecurity, and discuss the impact of human behavior on cybersecurity breaches. Scott will also provide actionable advice on tackling ransomware threats and securing remote work environments. So, whether you are an entrepreneur, a business professional, or simply interested in learning more about cybersecurity and how to protect yourself, this episode is packed with valuable insights. Please join me for my conversation with Scott McCrady.Guest Bio: With 25 years of experience working in the networking, telecommunications, and information security space, Scott McCrady is currently serving as the CEO of SolCyber Managed Security Services. Scott has worked with large companies and start-ups, among them IBM and EDS, where he held Security Engineer and Team Leader positions (US and London).Previous to SolCyber, Scott built the Asia-Pacific-Japan business at Symantec; he ran the global Managed Security Service, and the Symantec and Accenture Joint Venture. Scott then transitioned to FireEye pre-IPO to create their global MSS and System Integrator, and traveled to Singapore to help build their APJ business. After a successful run with FireEye, Scott helped spin out SonicWall from Dell to private equity and reconstitute the business into a profitable, cash flow-positive entity.This experienced guest wants to tell start-up founders, IT Security Managers, CISOs, and other cyber risk management enthusiasts how cybersecurity is improving technology services. He simply wants to make our listeners' life easier, more successful, and safer!Resource Links:Website: https://solcyber.com/ Product Link: https://solcyber.com/security-journey/Insight Gold Timestamps:04:03 Cybersecurity has become a big business05:20 Over 50% of small businesses that get breached go out of business within 2 years after a breach05:54 What's the biggest mistake that they make when it comes to cybersecurity?07:21 What happens in cyber is everyone just sort of forgets about these layers of defense10:01 Two casinos, big casinos, in Vegas were breached13:21 T he technologies around cyber are really good13:27 The attackers generally tend to login, not break in15:43 W e used to call it the crunchy exterior with the soft gooey middle17:18 I s AI good for cybersecurity?19:54 Cyber insurance is a great thing to have, especially for small, medium businesses23:32 You can also go to third parties that have what we call vCISO, Virtual Chief Information Security Officers26:36 You can do it...Is it worth your time?30:21 The biggest problem we have right now...32:22 F or most organizations, it's probably a very good idea to use the Cloud36:53 W hat I tell everybody is, you've got to think about the vertical37:10 The thing that most companies should really think about is, what's your core vertical?39:06 Figure out what the basics are, or have somebody...

Microsoft Entra User Lockout Multiple organizations reported widespread alerts and account lockouts this weekend from Microsoft Entra. The issue is caused by a new feature Microsoft enabled. This feature will lock accounts if Microsoft believes that the password for the account was compromised. https://www.bleepingcomputer.com/news/microsoft/widespread-microsoft-entra-lockouts-tied-to-new-security-feature-rollout/ https://learn.microsoft.com/en-us/entra/identity/authentication/feature-availability Erlang/OTP SSH Exploit An exploit was published for the Erlang/OTP SSH vulnerability. The vulnerability is easy to exploit, and the exploit and a Metasploit module allow for easy remote code execution. https://github.com/exa-offsec/ssh_erlangotp_rce/blob/main/ssh_erlangotp_rce.rb Sonicwall Exploited An older command injection vulnerability is now exploited on Sonicwall devices after initially gaining access by brute-forcing credentials. https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2021-0022 Unpatched Vulnerability in Bubble.io An unpatched vulnerability in the no-code platform bubble.io can be used to access any project hosted on the site. https://github.com/demon-i386/pop_n_bubble

A critical vulnerability in Erlang/OTP SSH allows unauthenticated remote code execution. There's a bipartisan effort to renew a key cybersecurity info sharing law. A newly discovered Linux kernel vulnerability allows local attackers to escalate privileges. A researcher uncovers 57 risky Chrome extensions with a combined 6 million users. AttackIQ shares StrelaStealer simulations. A major live events service provider notifies employees and customers of a data breach. CISA warns of an actively exploited SonicWall vulnerability. An airport retailer agrees to a multi-million dollar settlement stemming from a ransomware attack. A preview of RSAC 2025 with Linda Gray Martin and Britta Glade. Zoom-a-zoom zoom, it's always DNS.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today Dave sits down with Linda Gray Martin, Chief of Staff, and Britta Glade, SVP of Content and Communities, from RSAC sharing what is new at RSAC 2025. Selected Reading Critical Erlang/OTP SSH pre-auth RCE is 'Surprisingly Easy' to exploit, patch now (Bleeping Computer) Bipartisan duo wants to renew 10-year-old cyberthreat information sharing law (The Record) Linux Kernel Vulnerability Let Attackers Escalate Privilege – PoC Released (Cyber Security News) Chrome extensions with 6 million installs have hidden tracking code (Bleeping Computer) Emulating the Stealthy StrelaStealer Malware (AttackIQ) Live Events Giant Legends International Hacked (SecurityWeek) CISA tags SonicWall VPN flaw as actively exploited in attacks (Bleeping Computer) Airport retailer agrees to $6.9 million settlement over ransomware data breach (The Record) Global Zoom Outage Caused by Server Block Imposed from GoDaddy Registry (Cyber Security News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Jon Williams, Vulnerability Researcher from Bishop Fox, discussing "Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware." Bishop Fox researchers reverse-engineered the encryption protecting SonicWall SonicOSX firmware, enabling them to access its underlying file system for security research. They presented their process and findings at DistrictCon Year 0 and released a tool called Sonicrack to extract keys from VMware virtual machine bundles, facilitating the decryption of VMware NSv firmware images. This research builds upon previous work, including techniques to decrypt static NSv images and reverse-engineer other encryption formats used by SonicWall. The research can be found here: Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware Learn more about your ad choices. Visit megaphone.fm/adchoices

This week, we are joined by Jon Williams, Vulnerability Researcher from Bishop Fox, discussing "Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware." Bishop Fox researchers reverse-engineered the encryption protecting SonicWall SonicOSX firmware, enabling them to access its underlying file system for security research. They presented their process and findings at DistrictCon Year 0 and released a tool called Sonicrack to extract keys from VMware virtual machine bundles, facilitating the decryption of VMware NSv firmware images. This research builds upon previous work, including techniques to decrypt static NSv images and reverse-engineer other encryption formats used by SonicWall. The research can be found here: Tearing Down (Sonic)Walls: Decrypting SonicOSX Firmware Learn more about your ad choices. Visit megaphone.fm/adchoices

IT.ie, a leading Irish IT managed services company, has announced the results of new research, conducted in partnership with SonicWall, which reveals a lack of confidence among office workers in their ability to thwart cyberthreats. The survey found that 51% of office workers feel more vulnerable to cyberattacks than they did a year ago, leading to 43% believing that they are at risk of causing a cybersecurity incident in the next 12 months. The research of 1,000 office workers based in Ireland was carried out by Censuswide on behalf of IT.ie and SonicWall, a global leader in cybersecurity innovation. It uncovers a need for more cybersecurity training for office workers, along with a greater sense of shared responsibility for upholding cybersecurity standards. The survey found that of the 43% who feel at risk of causing a breach, 60% attribute it to incomplete or non-existent cybersecurity training, and nearly a third (31%) blame poor communication from management regarding cyber risks. These feelings of being ill-prepared are reflected among the general office worker population, too, with 21% saying they do not feel adequately trained to deal with increased cybersecurity threats on a day-to-day basis. This is despite the fact that the EU's incoming cybersecurity legislation, the NIS2 Directive, outlines cybersecurity training as one of the minimum measures required for compliance. Generally, the recommended frequency for cybersecurity training is once per month - as long as it is aligned with a multilayered approach that includes defensive solutions such as firewalls and VPNs. However, IT.ie's research found that just 15% of office workers receive training this often and some 20%, admitted they have not received cybersecurity training in more than a year - or never. The research showed that 42% have the opportunity to brush up on their skills every two to six months, while 23% receive training every seven months to a year. This issue of substandard training may explain why 26% of office workers do not believe cybersecurity is their personal responsibility. Meanwhile, over one-in-ten (12%) office workers do not believe that their employer takes cybersecurity seriously. Eamon Gallagher, founder and managing director, IT.ie, said: "Our research clearly shows that employees have a growing sense of unease with regards to cybersecurity. In truth, they are right to fear causing a breach; the majority of cybersecurity incidents are caused by human error, so employees need to know that they are equipped with relevant, up-to-date know-how on reducing that risk. "At IT.ie, we work with organisations to ensure employees are not only regularly trained, but that the systems they are using are as watertight as technology will allow. Without this collective effort and a multi-layered security approach, organisations will inevitably face a greater risk of breaches or compromise. Now is the time to listen to employees: if they are worried about cybersecurity, then the business should be worried, too." Stuart Taylor, Regional Director for Northern Europe, Sonicwall, said: "Last year, SonicWall detected 210,258 never-before-seen malware variants. Evidently, cybercriminals are evolving fast and it's not enough to simply be aware; it's about building a resilient, multilayered defence that combines employee training with robust security solutions. SonicWall research has shown that in doing so, organisations can avoid 68 days of potential downtime. "Almost one-third of cyber events are now caused by business email compromise and our research with IT.ie highlights that while office workers recognise the growing risks, many still lack the confidence and tools to defend against them. A proactive approach, integrating firewalls, VPNs, endpoint security, and continuous education, is essential to protect businesses from increasingly sophisticated cyberthreats." See more stories here. More about Irish Tech News Irish Tech News are Ireland's No. 1 Online...

Con motivo de la 32ª edición del gran evento anual en España organizado por la Asociación nacional de la industria tecnológica Aslan, hemos realizado una tertulia centrada en la ciberseguridad y la IA. Sobre cómo la inteligencia artificial ha revolucionado todo y las amenazas y oportunidades que ofrece. Sobre ello han hablado Fernando Feliu, Executive Managing Director de Virtual Cable; Iván Mateos, Sales Engineer de Sophos; Alejandro Reyeros, Manager Channel Systems Engineer de Fortinet; y Eduardo Brenes, Territory Manager de Sonicwall.

Forecast = Expect a storm of insights as we tackle cybersecurity's cloudy diversity gaps, edge device downpours, and ransomware winds blowing from Black Basta! ‍ In this episode of Storm⚡️Watch, we kick things off with an insightful interview with Mary N. Chaney, the CEO of Minorities in Cybersecurity (MiC). MiC is a groundbreaking organization dedicated to addressing the lack of support and representation for women and minority leaders in cybersecurity. Mary shares how MiC is building a community that fosters leadership development and equips members with essential skills for career advancement. We also discuss the alarming statistics that highlight the underrepresentation of minorities in cybersecurity leadership roles and explore how MiC's programs, like The MiC Inclusive Community™ and The MiC Leadership Series™, are making a tangible difference. Next, the crew descends into a critical discussion about edge security products, drawing on insights from Censys. These devices, while vital for network protection, are increasingly becoming prime targets for attackers. We examine recent vulnerabilities added to CISA's Known Exploited Vulnerabilities catalog, including flaws in products from Palo Alto Networks and SonicWall, and explore how state-sponsored actors like Salt Typhoon are exploiting these weaknesses. The conversation underscores the importance of proactive patch management and tools like attack surface monitoring to mitigate risks. In the next segment, we analyze leaked chat logs from the Black Basta ransomware group with insights from VulnCheck. These logs reveal how Black Basta prioritizes vulnerabilities in widely used enterprise technologies, their rapid response to new advisories, and even their pre-publication knowledge of certain CVEs. We break down their strategy for selecting targets based on financial viability, industry focus, and vulnerability presence, offering actionable advice for defenders to stay ahead. Finally, we turn our attention to GreyNoise's recent observations of active exploitation campaigns targeting Cisco vulnerabilities by Salt Typhoon, a Chinese state-sponsored group. Using data from GreyNoise's global observation grid, we discuss how legacy vulnerabilities like CVE-2018-0171 remain valuable tools for advanced threat actors. This segment highlights the importance of patching unaddressed issues and leveraging real-time threat intelligence to protect critical infrastructure. Storm Watch Homepage >> Learn more about GreyNoise >>  

A report this week claims that Broadcom is investigating Intel's chip design business and is contemplating an acquisition. The news comes from the Wall Street Journal and says that while Broadcom is interested in chip design they are not interested in the foundry business. Analysts are intriguied because that means that Broadcom could either use Intel's designs to augment their existing lineup or perhaps package the businesses for sale to other partners or even competitors. Keith, do you think Broadcom is going to invest in Intel?Time Stamps: 0:00 - Welcome to the Rundown1:35 - Nokia Upgrades Internet Exchange Backbone4:38 - Veeam Loses Data in Restore Debacle7:47 - SanDisk Looks to Petabyte SSDs10:18 - SonicWall Gets Hit with Cyberattack13:43 - HPE Announces Gen12 Ahead16:24 - OpenSSH Found to Be Vulnerable to MITM Attacks20:12 - Broadcom Wants Intel Chip Designs?25:30 - The Weeks Ahead27:16 - Thanks for Watching Hosts:Tom Hollingsworth: https://www.linkedin.com/in/networkingnerd/Keith Townsend: https://www.linkedin.com/in/kltownsend/#Rundown, #Storage, @ @HPE, @SonicWall, @Broadcom, @IntelBusiness, @Intel, @SanDisk, @Veeam, @Nokia, @NokiaIndustries, @GestaltIT, @TechFieldDay, @TheFututumGroup, @TheCTOAdvisor, @NetworkingNerd,

Nakasone addresses AI at the Munich Cyber Security Conference. Court documents reveal the degree to which DOGE actually has access. Dutch police dismantle a bulletproof hosting operation. German officials investigate Apple's App Tracking. Hackers exploited security flaws in BeyondTrust. CISA issues 20 new ICS advisories. The new Astoroth phishing kit bypasses 2FA. Hackers waste no time exploiting a SonicWall proof-of-concept vulnerability. Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. Have I Been Pwned ponders whether resellers are worth the trouble.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Lawrence Pingree, VP of Technical Marketing at Dispersive, joining us to discuss why preemptive defense is essential in the AI arms race. You can read more in "How Cybercriminals Are Using AI: Exploring the New Threat Landscape." Selected Reading Putting the human back into AI is key, former NSA Director Nakasone says (The Record) Court Documents Shed New Light on DOGE Access and Activity at Treasury Department (Zero Day) Musk's DOGE team: Judges to consider barring it from US government systems (Reuters) Anyone Can Push Updates to the DOGE.gov Website (404 Media) Dutch Police seizes 127 XHost servers, dismantles bulletproof hoster (Bleeping Computer) Apple app tracking rules more strict for others – watchdog (The Register) PostgreSQL flaw exploited as zero-day in BeyondTrust breach (Bleeping Computer) CISA Releases 20 ICS Advisories Detailing Vulnerabilities & Exploits (Cyber Security News)  Astaroth 2FA Phishing Kit Targets Gmail, Yahoo, Office 365, and Third-Party Logins (GB Hackers)  SonicWall Firewall Vulnerability Exploited After PoC Publication (SecurityWeek) Have I Been Pwned likely to ban resellers (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Frequently Asked Questions: Privacy, Security, and the State of Tech (Early 2025)1. What is "SparkCat" and why is it significant?SparkCat is malware discovered hiding in both the Apple App Store and Google Play. It uses optical character recognition (OCR) to scan users' photo galleries for cryptocurrency wallet recovery phrases and uploads them to attacker-controlled servers. Over 242,000 Android users downloaded infected apps. It highlights the evolving sophistication of malware and the need for increased vigilance, even with apps from reputable sources.2. What is the UK government asking Apple to do, and what are the potential implications?The UK government has reportedly ordered Apple to create a backdoor allowing access to encrypted cloud backups of users worldwide, through a technical capability notice under the Investigatory Powers Act. Apple is likely to discontinue its encrypted storage service in the UK rather than compromise user security globally. If Apple complies, it could set a dangerous precedent for other governments to demand similar access, undermining encryption and weakening security for everyone.3. What is the story about the man trying to buy a landfill, and what does it illustrate?A man is trying to buy a landfill to search for a hard drive containing his lost Bitcoin fortune. While seemingly absurd, it illustrates the very real consequences of poor digital asset management and data security. It highlights the permanence (and potential inaccessibility) of digital assets and the lengths people will go to recover them, even resorting to extreme measures.4. Why is the US considering banning the DeepSeek AI app?The US is considering banning the Chinese AI app DeepSeek due to concerns that it collects data for a foreign government (China). The app pumps data to China Mobile unencrypted, and there are close ties between the company and the Chinese military. This aligns with the US government's broader concerns about foreign-owned apps, especially those from China, posing national security risks due to data privacy and potential surveillance.5. What is the massive brute-force attack targeting VPNs, and how can organizations protect themselves?A large-scale brute-force attack is targeting VPN devices from companies like Palo Alto Networks, Ivanti, and SonicWall, utilizing nearly 2.8 million IP addresses. Attackers are attempting to guess usernames and passwords to gain unauthorized access. To protect edge devices, organizations should change default admin passwords to strong, unique ones, enforce multi-factor authentication (MFA), use allowlists of trusted IPs, and disable web admin interfaces if they are not needed, and also ensure VPN software is fully up to date.6. Why is Google's removal of its pledge not to build AI for weapons or surveillance significant?Google's removal of its pledge not to build AI for weapons or surveillance is a concerning development. It suggests a shift in the company's ethical stance and a willingness to potentially engage in activities that could have negative consequences for human rights and global security. It raises questions about the future direction of AI development and the role of tech companies in shaping its use.7. What is "enshittification" and how does it relate to current tech trends?"Enshittification" refers to the gradual decline of online services as they prioritize profits over user experience. This process involves platforms initially offering value to users, then shifting focus to business customers, and finally exploiting both for maximum profit. Examples include Twitter restricting API access, Facebook prioritizing sponsored content, smart TVs becoming data-hungry ad machines, and Google Assistant's diminishing functionality. It reflects a broader trend of tech companies sacrificing user experience for financial gain.

Coming to you from the same room in Risky Business headquarters Patrick Gray and Adam Boileau discuss the week's cybersecurity news. They talk through: Sonicwall firewalls hand out remote code exec like candy Mastercard make a slapstick-grade mistake with their DNS The data breach at PowerSchool and other niche SaaS providers Academic research proposes taking down Europe's power grid Apple CPUs get a new speculative execution side channel And much, much more. This week's episode is sponsored by Push Security, who make an identity security product that runs inside browsers. Luke Jennings joins to discuss some of the pitfalls of federated authentication, like attackers using unexpected identity providers to log in to your apps. This episode is also available on Youtube. Show notes SonicWall warns hackers targeting critical vulnerability in SMA 1000 series appliances | Cybersecurity Dive MasterCard DNS Error Went Unnoticed for Years – Krebs on Security Data breach hitting PowerSchool looks very, very bad - Ars Technica OpenAI rival DeepSeek limits registration after ‘large-scale malicious attacks' | The Record from Recorded Future News Hackers imitate Kremlin-linked group to target Russian entities | The Record from Recorded Future News UK to examine undersea cable vulnerability as Russian spy ship spotted in British waters | The Record from Recorded Future News Questions grow over whether Baltic Sea cable damage was sabotage or accidental | The Record from Recorded Future News Researchers say new attack could take down the European power grid - Ars Technica At least $69 million stolen from crypto platform Phemex in suspected cyberattack | The Record from Recorded Future News BreachForums admin to be resentenced after appeals court slams supervised release | The Record from Recorded Future News Apple chips can be hacked to leak secrets from Gmail, iCloud, and more - Ars Technica Apple fixes zero-day flaw affecting all devices | TechCrunch I'm Lovin' It: Exploiting McDonald's APIs to hijack deliveries and order food for a penny Government websites vanish under Trump, from the Constitution to DEI Trail of Bits: Director, Technical Marketing Push Security: Security Researcher (remote in the USA) A new class of phishing: Verification phishing and cross-IdP impersonation

DeepSeek blames DDoS for recent outages. Hackers behind last year's AT&T data breach targeted members of the Trump family, Kamala Harris, and Marco Rubio's wife.The EU sanctions Russians for cyberattacks against Estonia. ENGlobal confirms personal information was taken in last year's ransomware attack. CISA issues a critical warning about a SonicWall vulnerability actively exploited. A large-scale phishing campaign exploits users' trust in PDF files and the USPS. Apple patches a zero-day affecting many of their products. A ransomware attack on an Ohio-based operator of skilled nursing and rehabilitation facilities affects over 70,000. President Trump has a tumultuous first week back in office. Our guest is Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. A nonprofit aims to clean up the AI industry's mess.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest We are joined by Bogdan Botezatu, Director, Threat Research and Reporting at Bitdefender, to discuss the dark market subculture and its parallels to holiday shopping. Check out Bitdefender's research on the topic here. Selected Reading DeepSeek Blames Disruption on Cyberattack as Vulnerabilities Emerge (SecurityWeek) DeepSeek FAQ (Stratechery) We tried out DeepSeek. It worked well, until we asked it about Tiananmen Square and Taiwan (The Guardian)  Hackers Mined AT&T Breach for Data on Trump's Family, Kamala Harris (404 Media) European Union Sanctions Russian Nationals for Hacking Estonia (SecurityWeek) ENGlobal Says Personal Information Accessed in Ransomware Attack (SecurityWeek) CISA Warns of SonicWall 0-day RCE Vulnerability Exploited in Wild (Cyber Security News) Hackers Use Malicious PDFs, pose as USPS in Mobile Phishing Scam (Security Boulevard) Amazon Prime Security Warning As Hackers Strike—What You Need To Know (Forbes)  Apple plugs exploited security hole in iOS, updates macOS (The Register) Nursing Home, Rehab Chain Says Hack Affects Nearly 70,000 (GovInfo Security) A Tumultuous Week for Federal Cybersecurity Efforts (Krebs on Security) Initiative Aims to Enable Ethical Coding LLMs (IEEE Spectrum) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Take a Network Break! We start with critical vulnerabilities affecting the Android OS, Cisco Meeting Management, and SonicWall, and then discuss a report that tens of thousands of Fortinet security appliances still haven’t been patched despite active exploits. Palo Alto Networks releases an open API to make it easier for developers to access Quantum Random... Read more »

Take a Network Break! We start with critical vulnerabilities affecting the Android OS, Cisco Meeting Management, and SonicWall, and then discuss a report that tens of thousands of Fortinet security appliances still haven’t been patched despite active exploits. Palo Alto Networks releases an open API to make it easier for developers to access Quantum Random... Read more »

Take a Network Break! We start with critical vulnerabilities affecting the Android OS, Cisco Meeting Management, and SonicWall, and then discuss a report that tens of thousands of Fortinet security appliances still haven’t been patched despite active exploits. Palo Alto Networks releases an open API to make it easier for developers to access Quantum Random... Read more »

Chinese AI startup DeepSeek shakes up the market. Trump freezes cyber diplomacy funding and puts a vital U.S.-EU data-sharing agreement at risk. A trojanized RAT targets script kiddies. U.K. telecom giant TalkTalk investigates a data breach. Researchers uncover a critical flaw in Meta's Llama Stack AI framework. Attackers leverage hidden text salting in emails. The “FlowerStorm” phishing framework targets multiple brands to steal customer credentials. A critical zero-day hits SonicWall VPN appliances. Swedish authorities seized a cargo ship suspected of damaging a key fiber optic cable. Freezing out crypto-kidnappers. Our guest is Jon Miller, CEO and Co-founder from Halcyon, sharing trends in ransomware and insights on Brain Cipher. The British Museum defends its artefacts from IT attacks. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest today is Jon Miller, CEO and Co-founder from Halcyon, sharing trends in ransomware along with some insights on Brain Cipher. For more detail, check out Halcyon's Power Rankings: Ransomware Malicious Quartile Q4-2024.  Selected Reading A shocking Chinese AI advancement called DeepSeek is sending US stocks plunging (CNN Business) Politicization of intel oversight board could threaten key US-EU data transfer agreement (The Record) Cyber diplomacy funding halted as US issues broad freeze on foreign aid (The Record) Weaponised XWorm RAT builder Attacking script kiddies to Steal Sensitive Data (GB Hackers) Change Healthcare Breach Almost Doubles in Size to 190 Million Victims (Infosecurity Magazine) TalkTalk investigating data breach after hacker claims theft of customer data (TechCrunch) Meta rushes to fix critical Llama Stack AI flaw (Cybernews) Seasoning email threats with hidden text salting (Cisco Talos) New Phishing Framework Attacking Multiple Brands To Steal Customer Logins (Cyber Security News) More than 2,000 SonicWall devices vulnerable to critical zero-day (The Record) Sweden seizes vessel after another undersea cable damaged (The Register) Nicolas Bacca: "We have invented a unique organisational model for intervening in cryptocurrency ransom" (The Big Whale)  British Museum hit by alleged IT attack by ex-worker (BBC News) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

In today's episode, learn how an attacker attempted to exploit webmail XSS vulnerablities against us. Sonicwall released a critical patch fixing an already exploited vulnerability in its SMA 1000 appliance. Cisco fixed vulnerabilities in ClamAV and its Meeting Manager REST API. Learn from SANS.edu student Anthony Russo how to take advantage of AI for SOAR. XSS Attempts via E-Mail https://isc.sans.edu/diary/XSS%20Attempts%20via%20E-Mail/31620 An analysis of a recent surge in email-based XSS attack attempts targeting users and organizations. Learn the implications and mitigation techniques. SonicWall PSIRT Advisory: CVE-2025-23006 https://psirt.global.sonicwall.com/vuln-detail/SNWLID-2025-0002 CVE-2025-23006 Details of a critical vulnerability in SonicWall appliances (SNWLID-2025-0002) and what you need to do to secure your systems. Cisco ClamAV Advisory: OLE2 Parsing Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-clamav-ole2-H549rphA A DoS vulnerability in the popular open source anti virus engine ClamAV Cisco CMM Privilege Escalation Vulnerability https://sec.cloudapps.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-cmm-privesc-uy2Vf8pc A patch of a privilege escalation flaw in Cisco s CMM module.

Three Buddy Problem - Episode 31: Dennis Fisher steps in for Ryan Naraine to moderate discussion on a very busy week in cybersecurity. The cast dig into the wave of big research reports, the disbanding of the Cyber Safety Review Board (CSRB), the ongoing flood of exploits targeting security appliances from Ivanti and SonicWall, and the recent Lumen research on Juniper router backdoors. Plus, the challenges of coordinating disclosures, the tough realities of intelligence work, and the complex landscape of nation-state attacks -- especially around Chinese threat actors and Western defenses. Cast: Juan Andres Guerrero-Saade (https://twitter.com/juanandres_gs), Costin Raiu (https://twitter.com/craiu) and Dennis Fisher. Ryan Naraine (https://twitter.com/ryanaraine) in on work travel.

CISA and FBI detail exploit chains used by Chinese hackers to compromise Ivanti Cloud Service Appliances. Energy systems in Central Europe use unencrypted radio signals. A critical SonicWall vulnerability is under active exploitation. The Nnice ransomware strain isn't. Cisco discloses a critical vulnerability in its Meeting Management tool. GhostGPT is a new malicious generative AI chatbot. ClamAV patches critical vulnerabilities in the open-source anti-virus engine. A new report questions the effectiveness of paying ransomware demands. DOGE piggybacks on the United States Digital Service. On our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI. Jen Easterly leaves CISA a legacy of resilience and dedication.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Industry Voices Today on our Industry Voices segment, we are joined by Joe Gillespie, Senior Vice President at Booz Allen, discussing Cyber AI. Selected Reading FBI/CISA Share Details on Ivanti Exploits Chains: What Network Defenders Need to Know (SecurityWeek) Researchers say new attack could take down the European power grid (Ars Technica) Critical SonicWall Vulnerability Exploited In Attacks Execute Arbitrary OS Commands (Cyber Security News) Nnice Ransomware Attacking Windows Systems With Advanced Encryption Techniques (GB Hackers) Cisco Fixes Critical Vulnerability in Meeting Management (Infosecurity Magazine) New GhostGPT AI Chatbot Facilitates Malware Creation and Phishing (Infosecurity Magazine) Open-Source ClamAV Releases Critical Security Patch Updates – What's Inside! (Cyber Security News) Companies who pay off ransomware attackers rarely get their data back, survey shows (Cybernews) Elon Musk Plays DOGE Ball—and Hits America's Geek Squad (WIRED) Under Trump, US Cyberdefense Loses Its Head (WIRED)  Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Bad Cameras, Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-441

Cybersecurity Alert: Free VPN Risks, Packers' Data Breach, and SonicWall Vulnerability In this episode, host Jim Love delves into critical cybersecurity issues including the hidden dangers of free VPNs, a payment skimmer attack on the Green Bay Packers' online pro shop, and a severe vulnerability in SonicWall's SonicOS firmware. Learn why 90% of free VPNs can compromise your security, the impact of the Packers' data breach affecting 8,500 fans, and the urgent need to update SonicWall devices to prevent potential exploitation. Stay informed to protect your privacy and data! 00:00 The Hidden Dangers of Free VPNs 02:30 The Green Bay Packers Payment Skimmer Attack 04:35 SonicWall's Critical Vulnerability Alert 06:29 Show Wrap-Up and Weekend Preview

Bad Cameras, Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and More, on this edition of the Security Weekly News. Show Notes: https://securityweekly.com/swn-441

Bad Cameras, Robot Dogs, Ivanti, SonicWall, Banshee, Telegram, Motorola, Aaran Leyland, and More, on this edition of the Security Weekly News. Visit https://www.securityweekly.com/swn for all the latest episodes! Show Notes: https://securityweekly.com/swn-441

The consequences of Internet content restriction. The measured risks of 3rd-party browser extensions. The consequences of SonicWall's unpatched 9.8 firewall severity. The incredible number of still-unencrypted email servers. SonicWall vulnerability patching Shadowserver Foundation & eMail Encryption Salt Typhoon Evicted HIPAA gets a long-needed cybersecurity upgrade. The EU standardizes on USB-C for power charging. What? Believe it or not, a CATCHA you solve by playing DOOM. And... what I learned from three weeks of study of AI Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow veeam.com threatlocker.com for Security Now

Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On today's CertByte segment, Chris Hare and Steven Burnley unpack a question from N2K's ISC2® Certified in Cyber Security (CC) Practice Test. Streaming license plate readers - no password required. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CertByte Segment Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K. In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today's question comes from N2K's ISC2® Certified in Cyber Security (CC) Practice Test. The CC(SM) - Certified in Cyber Security is an entry-level, ANAB accredited exam geared towards anyone who wants to prove their foundational skills, knowledge, and abilities. To learn more about this and other related topics under this objective, please refer to the following resource: ISC2 (n.d.). https://www.isc2.org/landing/cc-etextbook   Have a question that you'd like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K's full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.  Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers. Additional source: https://www.isc2.org/certifications/cc  Selected Reading New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (Infosecurity Magazine) First Android Update of 2025 Patches Critical Code Execution Vulnerabilities (SecurityWeek) A Day in the Life of a Prolific Voice Phishing Crew (Krebs on Security) Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data (AP News) Casio says hackers stole personal data of 8,500 people during October ransomware attack (TechCrunch) New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails (Hackread) Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication (Cyber Security News) CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks (SecurityWeek) New Labels Will Help People Pick Devices Less at Risk of Hacking (SecurityWeek) Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The consequences of Internet content restriction. The measured risks of 3rd-party browser extensions. The consequences of SonicWall's unpatched 9.8 firewall severity. The incredible number of still-unencrypted email servers. SonicWall vulnerability patching Shadowserver Foundation & eMail Encryption Salt Typhoon Evicted HIPAA gets a long-needed cybersecurity upgrade. The EU standardizes on USB-C for power charging. What? Believe it or not, a CATCHA you solve by playing DOOM. And... what I learned from three weeks of study of AI Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow veeam.com threatlocker.com for Security Now

The consequences of Internet content restriction. The measured risks of 3rd-party browser extensions. The consequences of SonicWall's unpatched 9.8 firewall severity. The incredible number of still-unencrypted email servers. SonicWall vulnerability patching Shadowserver Foundation & eMail Encryption Salt Typhoon Evicted HIPAA gets a long-needed cybersecurity upgrade. The EU standardizes on USB-C for power charging. What? Believe it or not, a CATCHA you solve by playing DOOM. And... what I learned from three weeks of study of AI Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow veeam.com threatlocker.com for Security Now

The consequences of Internet content restriction. The measured risks of 3rd-party browser extensions. The consequences of SonicWall's unpatched 9.8 firewall severity. The incredible number of still-unencrypted email servers. SonicWall vulnerability patching Shadowserver Foundation & eMail Encryption Salt Typhoon Evicted HIPAA gets a long-needed cybersecurity upgrade. The EU standardizes on USB-C for power charging. What? Believe it or not, a CATCHA you solve by playing DOOM. And... what I learned from three weeks of study of AI Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow veeam.com threatlocker.com for Security Now

The consequences of Internet content restriction. The measured risks of 3rd-party browser extensions. The consequences of SonicWall's unpatched 9.8 firewall severity. The incredible number of still-unencrypted email servers. SonicWall vulnerability patching Shadowserver Foundation & eMail Encryption Salt Typhoon Evicted HIPAA gets a long-needed cybersecurity upgrade. The EU standardizes on USB-C for power charging. What? Believe it or not, a CATCHA you solve by playing DOOM. And... what I learned from three weeks of study of AI Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow veeam.com threatlocker.com for Security Now

The consequences of Internet content restriction. The measured risks of 3rd-party browser extensions. The consequences of SonicWall's unpatched 9.8 firewall severity. The incredible number of still-unencrypted email servers. SonicWall vulnerability patching Shadowserver Foundation & eMail Encryption Salt Typhoon Evicted HIPAA gets a long-needed cybersecurity upgrade. The EU standardizes on USB-C for power charging. What? Believe it or not, a CATCHA you solve by playing DOOM. And... what I learned from three weeks of study of AI Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow veeam.com threatlocker.com for Security Now

The consequences of Internet content restriction. The measured risks of 3rd-party browser extensions. The consequences of SonicWall's unpatched 9.8 firewall severity. The incredible number of still-unencrypted email servers. SonicWall vulnerability patching Shadowserver Foundation & eMail Encryption Salt Typhoon Evicted HIPAA gets a long-needed cybersecurity upgrade. The EU standardizes on USB-C for power charging. What? Believe it or not, a CATCHA you solve by playing DOOM. And... what I learned from three weeks of study of AI Show Notes - https://www.grc.com/sn/SN-1007-Notes.pdf Hosts: Steve Gibson and Leo Laporte Download or subscribe to Security Now at https://twit.tv/shows/security-now. Get episodes ad-free with Club TWiT at https://twit.tv/clubtwit You can submit a question to Security Now at the GRC Feedback Page. For 16kbps versions, transcripts, and notes (including fixes), visit Steve's site: grc.com, also the home of the best disk maintenance and recovery utility ever written Spinrite 6. Sponsors: bitwarden.com/twit expressvpn.com/securitynow veeam.com threatlocker.com for Security Now

Researchers uncover a critical Windows zero-day.  An alleged Ukrainian cyberattack targets one of Russia's largest banks. Russian group BlueAlpha exploits CloudFlare services. Microsoft flags Chinese hacking group Storm-0227 for targeting critical infrastructure and U.S. government agencies. SonicWall patches high-severity vulnerabilities in its secure access gateway. Atrium Health reports a data breach affecting over half a million individuals. Rockwell Automation discloses four critical vulnerabilities in its Arena software. U.S. authorities arrest an alleged member of the Scattered Spider gang. Our guest is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. C3PO gets caught in the crypto mines.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Joining Dave today is Hugh Thompson, RSAC program committee chair, discussing the 2025 Innovation Sandbox Contest and its new investment component. Read more details in the press release.  Selected Reading New Windows 7 To 11 Warning As Zero-Day With No Official Fix Confirmed (Forbes) Russian users report Gazprombank outages amid alleged Ukrainian cyberattack (The Record) BlueAlpha Russian hackers caught abusing CloudFlare services (SC Media) U.S. org suffered four month intrusion by Chinese hackers (Bleeping Computer) Microsoft: Another Chinese cyberspy crew targeting US critical orgs 'as of yesterday' (The Register) SonicWall Patches 6 Vulnerabilities in Secure Access Gateway (SecurityWeek) Mitel MiCollab zero-day and PoC exploit unveiled (Help Net Security) Atrium Health Data Breach Impacts 585,000 People (SecurityWeek) Rockwell Automation Vulnerabilities Let Attackers Execute Remote Code (Cyber Security News) US arrests Scattered Spider suspect linked to telecom hacks  (Bleeping Computer) Nebraska Man pleads guilty to $3.5 million cryptojacking scheme (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

The hosts discuss hacker gadgets! We'll cover what we've been hacking on lately and discuss gadgets we want to work on in the future and other gadgets we want to get our hands on. Paul has been working with some M5Stack devices, a guide can be found here: https://securitypodcaster.com/m5stack-hacking-guide/ We will cover the Clockwork PI "uConsole" (RPI CM4) - https://www.clockworkpi.com/uconsole We want the RPI Pico 2 W and the RPI CM5 (https://www.raspberrypi.com/products/) Paul upgraded one of his Flipper Zeros with Momentum Firmware (https://momentum-fw.dev/) Paul and Larry have the new Crowview Note (https://www.kickstarter.com/projects/elecrow/crowview-note-empowering-your-device-as-a-laptop?ref=20bm9i) Bootkitties and Linux bootkits, Canada realizes banning Flippers is silly, null bytes matter, CVE samples, how dark web marketplaces do security, Perl code from 2014 and vulnerabilities in needrestart, malware in gaming engines, the nearby neighbor attack, this week in security appliances featuring Sonicwall and Fortinet, footguns, and get it off the freakin public Internet! Visit https://www.securityweekly.com/psw for all the latest episodes! Show Notes: https://securityweekly.com/psw-853

Enjoy this special encore episode, where we are joined by Jon Williams from Bishop Fox, as he is sharing their research on "It's 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable." SonicWall published advisories for CVE-2022-22274 and CVE-2023-0656 a year apart after finding that NGFW series 6 and 7 devices are affected by two unauthenticated denial-of-service vulnerabilities. The research states "Our research found that the two issues are fundamentally the same but exploitable at different HTTP URI paths due to reuse of a vulnerable code pattern." They also found that when they scanned SonicWall firewalls with management interfaces exposed to the internet, they found that 76% are vulnerable to one or both issues. The research can be found here: It's 2024 and Over 178,000 SonicWall Firewalls are Publicly Exploitable Learn more about your ad choices. Visit megaphone.fm/adchoices

UnitedHealth confirms breach numbers. Patient privacy pains. Amazon vs. APT29. CDK vulnerability threatens user security. Fog and Akira take aim at SonicWall. Level up or log off. LinkedIn in hot water. Open source, closed doors.  Watt's the risk? Today, we are joined by Itzik Alvas, Entro Security's CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. And Muni Metro hits Ctrl+Alt+Delete on floppy disks! Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you'll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we are joined by Itzik Alvas, Entro Security's CEO and Co-Founder, discussing their research team's work on non-human identities and secrets management. You can learn more here.  Selected Reading UnitedHealth: 100 Million Individuals Affected by the Change Healthcare Data Breach (Heimdal) OnePoint Patient Care data breach impacted 795916 individuals (Security Affairs) Amazon identified internet domains abused by APT29 (AWS Security Blog)  RDP configuration files as a means of obtaining remote access to a computer or "Rogue RDP" (CERT-UA#11690) (CERT-UA)  AWS Cloud Development Kit flaw exposed accounts to full takeover (The Register)  Arctic Wolf Labs Observes Increased Fog and Akira Ransomware Activity Linked to SonicWall SSL VPN (Arctic Wolf)  Lazarus Group Exploits Chrome 0-Day for Crypto with Fake NFT Game (Hackread)  LinkedIn hit with $335 million fine for using member data for ad targeting without consent (The Record)  Linux creator approves de-listing of several kernel maintainers associated with Russia (The Record)  U.S. CISA adds Cisco ASA and FTD, and RoundCube Webmail bugs to its Known Exploited Vulnerabilities catalog (Security Affairs) Cybersecurity Isn't Easy When You're Trying to Be Green (Dark Reading)  Goodbye, floppies - San Francisco pays Hitachi $212 million to remove 5.25-inch disks from its light rail service (TechSpot) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here's our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices