CyberWire Daily

• Triofox and the key to disaster. [Research Saturday]

  This week, we are joined by John Hammond, Principal Security Researcher at Huntress, who is sharing his PoC and research on "CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild." A critical 9.0 severity vulnerability (CVE-2025-30406) in Gladinet CentreStack and Triofox is being actively exploited in the wild, allowing remote code execution via hardcoded cryptographic keys in default configuration files. Huntress researchers observed compromises at multiple organizations and confirmed hundreds of vulnerable internet-exposed servers, urging immediate patching or manual machineKey updates. Mitigation guidance, detection, and remediation scripts have been released to help users identify and secure affected installations. The research can be found here: ⁠CVE-2025-30406 - Critical Gladinet CentreStack & Triofox Vulnerability Exploited In The Wild Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  22:26
• All systems not go.

  SentinelOne suffers a global service outage. A major DDoS attack hits a Russian internet provider. U.S. banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new Browser-in-the-Middle (BitM) attack targeting Safari users. A Florida health system pays over $800,000 to settle insider breach concerns. CISA issues five urgent ICS advisories. Our guest is  Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. The feds are putting all our digital data in one basket. CyberWire Guest On our Industry Voices segment, at the 2025 RSA Conference, we were joined by Matt Covington, VP of Product at BlackCloak, discussing the emergence of advanced impersonation techniques like deepfakes and digital executive protection. Listen to Matt’s conversation here. Selected Reading Cybersecurity Firm SentinelOne Suffers Major Outage (Bank Infosecurity) DDoS incident disrupts internet for thousands in Moscow (The Record) Banks Want SEC to Rescind Cyberattack Disclosure Requirements (PYMNTS.com) Australian ransomware victims now must tell the government if they pay up (The Record) New BitM Attack Exploits Safari Vulnerability to Steal Login Credentials (Cyber Security News) Florida Health System Pays $800K for Insider Record Snooping (Bank Infosecurity) UTG-Q-015 Hackers Launched Large Scale Brute-Force Attacks Against Govt Web Servers (Cyber Security News) CISA Releases Five ICS Advisories Targeting Vulnerabilities and Exploits (Cyber Security News) Trump Taps Palantir to Compile Data on Americans (The New York Times) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  37:05
• When "out of the box" becomes "out of control."

  Children’s DNA in criminal databases. ASUS routers get an unwanted houseguest. New APT41 malware uses Google Calendar for command-and-control. Interlock ransomware gang deploys new Trojan. Estonia issues arrest warrant for suspect in massive pharmacy breach. The enemy within the endpoint. New England hospitals disrupted by cyberattack. Tim Starks from CyberScoop is discussing ‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots. And Victoria’s Secrets are leaked. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today we have Tim Starks from CyberScoop discussing ‘Whatever we did was not enough’: How Salt Typhoon slipped through the government’s blind spots. Selected Reading  The US Is Storing Migrant Children’s DNA in a Criminal Database (WIRED) GreyNoise Discovers Stealthy Backdoor Campaign Affecting Thousands of ASUS Routers (GreyNoise) Mark Your Calendar: APT41 Innovative Tactics (Google Threat Intelligence Group) Interlock ransomware gang deploys new NodeSnake RAT on universities (BleepingComputer) Estonia issues arrest warrant for Moroccan wanted for major pharmacy data breach (The Record) Israeli company Syngia thwarts North Korean cyberattack (The Jerusalem Post) St. Joseph Hospital owner says company targeted in cybersecurity incident (WMUR) Victoria’s Secret Website Taken Offline After Cybersecurity Breach (GB Hackers) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  32:08
• Fingers point east.

  The Czech Republic accuses Chinese state-backed hackers of cyber-espionage. CISA’s leaders head for the exits. Cybercriminals are using fake AI video generator websites to spread malware. A stealthy phishing campaign delivers the Remcos RAT via DBatLoader. A fake Bitdefender website spreads malware targeting financial data. Medusa ransomware claims to have breached global real estate firm RE/MAX. An Iranian national faces up to 30 years in prison for ransomware targeting US cities. Our guest is Tony Velleca, CyberProof's CEO,  discussing exposure management and a more risk-focused approach to prioritize threats. Mind reading for fun and profit.  Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On today’s Industry Voices segment, at the 2025 RSA Conference we were joined by Tony Velleca, CyberProof's CEO, who is discussing exposure management and moving towards a more risk-focused approach to prioritize threats. Listen to Tony’s interview here. Selected Reading Chinese spies blamed for attempted hack on Czech government network (The Record) CISA loses nearly all top officials as purge continues- (Cybersecurity Dive) Google warns of Vietnam-based hackers using bogus AI video generators to spread malware (The Record) Chrome 137, Firefox 139 Patch High-Severity Vulnerabilities (SecurityWeek) New Phishing Campaign Uses DBatLoader to Drop Remcos RAT: What Analysts Need to Know (Hack Read) Hackers Mimic Popular Antivirus Site to Deliver VenomRAT & Steal Finance Data (Cybersecurity News) RE/MAX deals with alleged 150GB data theft: Medusa ransomware demands $200K (Cyber News) CISA Releases ICS Advisories Covering Vulnerabilities & Exploits (Cybersecurity News) Iranian pleads guilty to launching Baltimore ransomware attack, faces 30 years behind bars (The Record) Neural Privacy Under Threat: The Battle for Neural Data  (tsaaro consulting) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  34:47
• BEAR-ly washed and dangerous.

  “Laundry Bear” airs dirty cyber linen in the Netherlands. AI coding agents are tricked by malicious prompts in a Github MCP vulnerability.Tenable patches critical flaws in Network Monitor on Windows. MathWorks confirms ransomware behind MATLAB outage. Feds audit NVD over vulnerability backlog. FBI warns law firms of evolving Silent Ransom Group tactics. Chinese hackers exploit Cityworks flaw to breach US municipal networks. Everest Ransomware Group leaks Coca-Cola employee data. Nova Scotia Power hit by ransomware.  On today’s Threat Vector, ⁠David Moulton⁠ speaks with ⁠his Palo Alto Networks colleagues Tanya Shastri⁠ and ⁠Navneet Singh about a strategy for secure AI by design.  CIA’s secret spy site was… a Star Wars fan page? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector In this segment of Threat Vector, host ⁠David Moulton⁠ speaks with ⁠Tanya Shastri⁠, SVP of Product Management, and ⁠Navneet Singh⁠, VP of Marketing - Network Security, at Palo Alto Networks. They explore what it means to adopt a secure AI by design strategy, giving employees the freedom to innovate with generative AI while maintaining control and reducing risk. You can hear their full discussion on Threat Vector ⁠here⁠ and catch new episodes every Thursday on your favorite podcast app. Selected Reading Dutch intelligence unmasks previously unknown Russian hacking group 'Laundry Bear' (The Record) GitHub MCP Server Vulnerability Let Attackers Access Private Repositories (Cybersecurity News) Tenable Network Monitor Vulnerabilities Let Attackers Escalate Privileges (Cybersecurity News) Ransomware attack on MATLAB dev MathWorks – licensing center still locked down (The Register) US Government Launches Audit of NIST’s National Vulnerability Database (Infosecurity Magazine) Law Firms Warned of Silent Ransom Group Attacks  (SecurityWeek) Chinese Hackers Exploit Cityworks Flaw to Target US Local Governments (Infosecurity Magazine) Everest Ransomware Leaks Coca-Cola Employee Data Online (Hackread) Nova Scotia Power Suffers Ransomware Attack; 280,000 Customers' Data Compromised (GB Hackers) The CIA Secretly Ran a Star Wars Fan Site (404 Media) Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at [email protected] to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

  --------  

  35:43

Mais podcasts de Notícias

Podcasts em tendência em Notícias

Sobre CyberWire Daily

CyberWire Daily: Podcast do grupo