You're listening to the Cyberwire network, powered by N2K. Ryan Reynolds here from Mint Mobile. With the price of just about everything going up during inflation, we thought we'd bring our prices down. So to help us, we brought in a reverse auctioneer, which is apparently a thing. Mint Mobile unlimited, premium wireless, heavy to get 30, 30, 30, 50, get 20, 20, 20, a million, 15, 15, 15, 15, 15, just 15 bucks a month, sold. Give it a try at mintmobile.com/switch. $45 up from payment equivalent to $15 per month, new customers on first-three-month plan only, taxes and fees extra, speeds lower above 40 gigabytes of detail. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by Databrokers, so I decided to try "Delete Me". I have to say, "Delete Me" is a game changer. Within days of signing up, they started removing my personal information from hundreds of Databrokers. I finally have peace of mind, knowing my data privacy is protected. Delete Me's team does all the work for you with detailed reports, so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Delete Me. Now at a special discount for our listeners, today get 20% off your Delete Me plan when you go to joindeleteme.com/n2k and use promo code "n2k" at checkout. The only way to get 20% off is to go to joindeleteme.com/n2k and enter code "n2k" at checkout. Just join deleteme.com/n2k, code "n2k". French authorities outline the allegations against Telegram's CEO. Google finds familiar spyware in Mongolian government websites. The Marai botnet leverages obsolete security cameras. Iran's Peach Send Storm targets the space industry. A federal appeals court says platforms may be liable to algorithmically recommended content. Scam cycles are getting shorter. McDonald's officials are grimacing after hackers take over their Instagram account. Our guests today are Dave DeWalt, founder and CEO of Night Dragon and Nicole Bukhala, CEO and general manager at Databee, sharing their joint initiative which aims to propel future cybersecurity innovations. And a would-be extortionist fails to cover his tracks. This Thursday, August 29, 2024, I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great to have you with us. From CEO Pavel Durov is under formal investigation in France for alleged involvement in organized crime through the messaging platform. A French judge imposed bail conditions, including a five million euro payment, twice-weekly police check-ins and a travel ban from France. Durov faces accusations related to complicity in illegal activities on Telegram, such as child abuse, drug trafficking and money laundering. His arrest has sparked debates about the balance between free speech and law enforcement. The investigation, which began in February, highlights tensions between Telegram's operations and government compliance. France's move has strained diplomatic relations with Russia, where Durov also holds citizenship. While Telegram asserts compliance with EU laws, French authorities criticize the platform's lack of cooperation in criminal investigations. This case underscores the broader issue of how governments deal with encrypted platforms used for both lawful and illicit activities. Researchers at Google have revealed that Russian government hackers, specifically the APT29 group linked to Russia's foreign intelligence service, have used exploits resembling those developed by spyware firms Intellixa and NSO Group. These exploits were found embedded in Mongolian government websites, potentially compromising visitors' iPhones and Android devices through a watering hole attack. The exploits targeted vulnerabilities in Safari on iPhones and Chrome on Android, even though those vulnerabilities had been patched. The attack aimed to steal user-account cookies, potentially granting hackers access to government accounts. Google is unsure how the Russian hackers obtain the exploits, but speculate they may have purchased or stolen them. Google advises users to keep software updated to prevent such attacks. Cybersecurity researchers at Akamai have identified a zero-day vulnerability in CCTV cameras manufactured by Taiwan-based Avtech, which is being exploited by hackers to expand a botnet based on the notorious Mirai Malware. The flaw found in the camera's brightness setting allows remote control of the devices, enabling the spread of a Mirai variant called Corona. Despite the cameras being old and discontinued, they remain in widespread use, including in critical infrastructure. CISA issued an advisory warning about the vulnerability, highlighting its ease of exploitation and a lack of response from Avtech, Akamai notes that this incident reflects a growing trend of attackers exploiting older, unpached vulnerabilities to deploy malware. The vulnerability was publicly known since 2019, but only recently received a formal CVE designation. The Iranian hacking group APT33, also known as Peach Sandstorm, has intensified its focus on space-related infrastructure alongside other critical sectors, according to new findings from Microsoft. Active for over a decade, Peach Sandstorm is notorious for its aggressive cyber espionage, particularly through password spraying attacks. Recently, the group has developed a sophisticated multi-stage back door named Tickler, which allows them to remotely access and control victim networks. Since April of this year, Peach Sandstorm has targeted space, satellite, and defense sectors using Tickler to infiltrate these high-stakes environments. Microsoft reports that the group also manipulated victims' Azure cloud infrastructure gaining further control. Additionally, the hackers have been using fake LinkedIn profiles to conduct intelligence gathering in the space and satellite industries. These actions underline a significant and evolving threat to global space infrastructure, with Peach Sandstorm demonstrating a persistent interest in disrupting and exploiting this critical sector. In a significant legal development, a U.S. appeals court has opened the door for TikTok to face potential liability over the tragic death of 10-year-old Nyla Anderson. The young girl died after attempting the "Blackout Challenge," a dangerous trend that TikTok's algorithm had placed on her "For You" page. Initially, a lower court had ruled that TikTok was protected under Section 230 of the Communications Decency Act, which typically shields social media platforms from being held accountable for content posted by users. However, the Third Circuit Court of Appeals in Pennsylvania disagreed, arguing that by curating content through its algorithms, TikTok may have played an active role in the harm caused. Judge Paul Matty, in his opinion, emphasized that Section 230 wasn't meant to create a "lawless no man's land" for platforms. Instead, he argued, "platforms should be accountable when their algorithms actively push harmful content. This ruling challenges the broad immunity social media companies have relied on and could have far-reaching implications across the industry. The case will now return to the district court where TikTok will face renewed scrutiny over its role in Anderson's death." Cyber criminals have increasingly shifted to shorter, more targeted online scams, significantly reducing the duration of their operations over the past four years, according to a report from Chainalysis. Scammers are rapidly refreshing their infrastructure with 43% of scam revenues tracked in 2024 linked to newly active wallets. This trend reflects a move from large, prolonged schemes to quicker, smaller campaigns, often leveraging tactics like pig butchering. This approach reduces the risk of detection and allows criminals to launder stolen funds more effectively. Cisco has released patches for multiple vulnerabilities and its NXOS software, with the most critical being a high severity flaw in the DHCP V6 relay agent that could allow remote attackers to cause a denial of service condition. This flaw affects the Nexus 3000, 7000 and 9000 series switches in standalone NXOS mode with specific configurations. Other patched issues include medium severity command injection and sandbox escape vulnerabilities, potentially allowing unauthorized code execution or privilege escalation. Cisco reports no known exploitations of these vulnerabilities in the wild. Faster than you can say, would you like fries with that? Hackers took over McDonald's official Instagram account, promoting a fake cryptocurrency called Grimace and allegedly stealing $700,000 from investors. They used the account's 5.1 million followers and tweets from McDonald's social media head Guillaume Huynh to lend credibility to the scam. Promising investors a follow from the official account. The fake coin's market value surged to $25 million within 30 minutes before crashing when the hackers withdrew the funds and vanished. Huynh later confirmed that his Twitter account had been compromised. McDonald's apologized for the incident, stating they are working with authorities to investigate the breach and remove offensive content. The swift deletion of the fraudulent posts likely limited the number of victims. Coming up after the break, my conversation with Dave DeWalt founder and CEO of Night Dragon and Nicole Bukala, CEO and General Manager at DataB, stay with us. And now a word from our sponsor, No Before. It's all connected, and we're not talking conspiracy theories. When it comes to InfoSec tools, effective integrations can make or break your security stack. The same should be true for security awareness training. No Before, provider of the world's largest library of security awareness training, provides a way to integrate your existing security stack tools to help you strengthen your organization's security culture. No Before's security coach uses standard APIs to quickly and easily integrate with your existing security products from vendors like Microsoft, CrowdStrike and Cisco, 35 vendor integrations and counting. Security Coach analyzes your security stack alerts to identify events related to any risky security behavior from your users. Use this information to set up real-time coaching campaigns targeting risky users based on those events from your network, endpoint, identity or web security vendors. Then, coach your users at the moment the risky behavior occurs, with contextual security tips delivered via Microsoft Teams, Slack or email. Learn more at nobefore.com/securitycoach, that's nobefore.com/securitycoach, and we thank nobefore for sponsoring our show. Imagine this, your primary identity provider goes down, whether it's a cloud outage, network issue or even a cyber attack. Suddenly, your business grinds to a halt. But what if it didn't have to? Meet identity continuity from Strata, the game-changing solution that keeps your business running smoothly no matter what. Whether your cloud IDP crashes or your on-prem system faces a hiccup, identity continuity seamlessly shifts authentication to a secondary or even tertiary IDP, automatically and without disruption. Powered by the Mavericks Identity Orchestration Platform, identity continuity uses smart health checks to monitor your IDP's availability and instantly activates failover strategies tailored to your needs. When the coast is clear, it's a seamless switchback. No more downtime, no lost revenue, no frustrated customers, just continuous secure access to your critical applications every single time. Protect your business from the high costs of IDP outages, with identity continuity from Strata, downtime is a thing of the past. Learn more at strata.io, keep your business moving even when the unexpected happens. That's strata.io. Dave DeWalt is founder and CEO of Night Dragon, and Nicole Bukhala is CEO and General Manager at Databee. I recently sat down with them to share news of their joint initiative which aims to propel future cybersecurity innovations. So today we're talking about this collaboration that is going to be happening and indeed is happening between Night Dragon and Databee. I would love to start out with some descriptions of the two organizations for folks who may not be familiar. Nicole, everybody knows about Comcast, but I think Databee might be a new name for folks. How do you describe the organization? Yeah. There's actually two new names I'd like to introduce. One is Databee. The other is Comcast Technology Solutions. So within Comcast, which is a very large, highly diversified global company, Comcast Technology Solutions is an arm that brings Comcast's own internal inventions to market. To other large enterprises, it's highly diversified. There are four business units with offerings across advertising and media and critical infrastructure. And now, cybersecurity and enterprise data management through Databee. And so Databee is sort of like a series C startup within Comcast under the purview of Comcast Technology Solutions. Dave, for folks who haven't heard of it, few and far between as they may be, tell us about Night Dragon. Yeah. Thank you. Night Dragon, as I mentioned, is an investment and advisory firm. We focus in on the markets they've been called security technology, secure tech. So think of it like biotech or FinTech, but the world of security technology. At the core of that is our focus in on the five major domains that are essentially at risk or threats, which is space, air, oceans, land and cyber. Cyber is where a lot of our roots are, but we certainly see a lot of opportunity in all the markets. So Night Dragon focuses in on those threats and risks. We look for growth stage companies and part of our businesses investing from funds. And the other part is advising companies as part of the work we do with our platform. So in addition to being investors, we help operate companies, help companies scale. And we built a series of partnerships, one of which we have today and a very important one, which is really to help companies grow, especially in the worlds of data and AI meeting these threats and risks that are occurring. So happy to be on the call today. And Nicole, I'm curious about the motivation here. When you look at Night Dragon, Comcast Technology Solutions and DataB, what was it that drew you together to form this strategic partnership? So Comcast provides critical infrastructure, right? And it does so in many different ways. And Comcast Technology Solutions has expertise in that infrastructure. And right now, we're trying to diversify now into a new sector, right? We want to be selling a SaaS product in cybersecurity and data management to other large enterprises, some of our existing customers as well. And so it's exciting to me to be able to collaborate with the folks at Night Dragon, to be able to also meet some of the other founders that they invest in, right? Because there may be synergies that we see across the Night Dragon portfolio and also what CTS is bringing to market. Dave, Nicole mentions synergies. Do you have any examples of potential synergies here between Comcast Technology Solutions and Night Dragon? Yeah, I do. As a matter of fact, I would underscore what Nicole just mentioned, but maybe flipping around from my perspective for a minute, you know, it's somewhat of an unorthodox kind of partnership. I mean, Comcast partnering with a venture capital firm in the security world, you know, we don't see a lot of that, you know, over the years, but a credit to Comcast and Nicole for thinking about, you know, the partnership in a different way, an innovative way. And when you look at it from our perspective, what its Comcast have, they have, you know, very powerful infrastructure, telemetry of intelligence that they can gather. They have what I call the crowd. I always talk about crowd, cloud and AI. They have one of the biggest crowds of telemetry and data that you could see. Most of our companies at Night Dragon are all about crowd, cloud and AI too, depending on what sector that they're a part of. And we look for AI and machine learning to help generate threat intelligence and risk capabilities in a way that makes our world more secure for tomorrow. But the idea here is Comcast we see is really got the same mission. How do we make it a safer world? How do we make it more secure? How do we leverage data? How do we leverage that cloud in a way that can come together to, you know, be more than one plus one, Night Dragon and Comcast together, but also with our portfolio companies and their expertise making it, you know, a much bigger equation of value together. And we have a lot of respect for the people, for the process, for the capabilities that Cole brings, but also the whole entity of Comcast. And so we're looking forward to a lot more time together and a lot more fun hopefully. Yeah. Yeah. Thanks so much, Dave, for mentioning that. You know, I think the thing you said to me before that is really fascinating from that security sector perspective and also from all the buzz around generative AI is the fact that Comcast brings the table, again, that expertise and critical infrastructure. And we all know that the security problem is still not as well solved around critical infrastructure as it may be in other sectors, right? Critical infrastructure obviously powers a lot of other critical infrastructure, right? Some of the technologies, obviously, that are used in critical infrastructure can be very different, right, from some of the core technologies and therefore it necessitates a different approach to data analysis, to protection, to even the concept of doing the fun things in the data world, right, writing advanced models that can deliver cool insights, right? It's different. And so, you know, I'm excited, particularly about how this partnership, I think, is going to really dive into what are the emerging threats and challenges in the digital landscape and how do we really advance and provide greater value, right, not just to our customers, but also to better protect the world? Dave, I'm curious about this notion of having early access to each other's technology, to each other's developments. I mean, do you see that being a differentiating factor here in the collaboration? Absolutely. And I'm glad you asked that because, for us, as an investor, an operator of emerging technologies, in the coldest mentioned generative AI, or how to secure AI. So we're looking at all the companies, there's about 50 companies in AI security as an example. We look at them all, we inventory them all, we think we know where we can make an investment, but Comcast can be a great validator and they, with their infrastructure and footprint, can help us with due diligence, help us understand which of these companies might be the best for us to invest in, maybe eventually they'll invest alongside of us as well or go to market with these companies. So the partnership almost starts at the beginning of deal sourcing, where we're looking at markets and focus areas together. So I see it as a whole lifecycle from the beginning of our investment cycle to potentially liquidating at the end of the cycle, how do we work together throughout all of that for the betterment of our companies together, but also the betterment of our customers together. You know, Dave, it's an interesting point that you bring forward, which is the practitioner perspective that comes from the partnership with Comcast, and that's actually how data became to start, right? It had been developed by Comcast's own global CSO, Nuber Davis, and her team. And I've done emerging technology insecurity before. And one of the many challenges early on is product market fit, simply making sure that your idea is actually helping someone in a way that they will pay money for it. A second problem that I've seen in emerging technology insecurity is the question of scale. First, you create something and you deploy it at a small scale, but then eventually you may have some success, you may have a hard time scaling. And so Comcast also offers the perspective of scale. And so when we take Comcast scale and we take the practitioner mindset of what the practitioners are seeing, not only as the real problems they're facing today, but also what are the right architectural approaches to address those in the most cost efficient way. That's really the value of Comcast and Comcast cybersecurity in partnering with a venture firm and in looking at some of those early stage investments. I would just say, if I could, maybe in the call can end it, but I would just say, I'm very excited about the partnership. There's no doubt about it. A lot of respect for Nicole, a lot of respect for the company. The future is bright, as I said, there's so many new technologies company, AI, quantum threats and risks. I'm just proud to be a partner and Nicole, thank you for the sponsorship, the relationship and look forward to many years working together. Oh, well, thank you so much, Dave. And likewise, I mean, for us at Comcast, we've made a commitment to fully get into the cybersecurity industry. Think about what we have, we have our internal innovations in numerous org, we have Comcast Ventures, which is starting to, it has invested in cybersecurity before, several good investments, and it's now starting to do even more and looking to potentially collaborate with Night Dragon on that. As Dave said, it's unique that Comcast is doing this, and so we're just so honored to have the partnership with Night Dragon and have your guidance to help us with this journey. It's Dave Dewalt, founder and CEO of Night Dragon, and Nicole Bukhala, CEO and general manager at DataB. And now a word from our sponsor, Cortex. Security teams face a barrage of more, more security tools create more complexity, more devices need protection, more specialized focus areas create more silos. The security landscape is changing fast. How can security operations transform to meet current threats? Cortex, by Palo Alto Networks, consolidates SecOps tools into an integrated platform and helps organizations stop threats at scale with AI, automation and analytics. Learn more at Palo Alto Networks dot com slash Cortex. This episode is brought to you by Shopify. Forget the frustration of picking commerce platforms when you switch your business to Shopify, the global commerce platform that supercharges your selling, wherever you sell. With Shopify, you'll harness the same intuitive features, trusted apps and powerful analytics used by the world's leading brands. Sign up today for your $1 per month trial period at Shopify dot com slash tech, all lower case, that's Shopify dot com slash tech. And finally, in a classic case of crime doesn't pay, a Missouri man, Daniel Rhine, age 57, found himself on the wrong side of the law after attempting to extort his former employer. Rhine, a core infrastructure engineer who clearly took his job too literally, allegedly wreaked havoc on his ex-employer's systems, locking out administrators, deleting accounts and shutting down servers, all in a bid to score a $750,000 Bitcoin ransom. But here's where the plot thickens. Like a poorly scripted movie, Rhine left a trail leading right back to his virtual doorstep. Investigators traced the cyber sabotage to a remote desktop session linked to his own laptop. Now, instead of counting his ransom money, Rhine is facing some hefty charges including extortion, intentional damage to a protected computer and wire fraud. With the possibility of decades behind bars and up to $750,000 in fines, it's safe to say this caper didn't quite go as planned. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing at the Cyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com. Your privilege that N2K Cyberwire is part of the daily routine of the most influential leaders and operators in the public and private sector. From the Fortune 500 to many of the world's preeminent intelligence and law enforcement agencies. N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams while making your teams smarter. Learn how at N2K.com. This episode was produced by Liz Stokes. Our mixer is Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karp. Simone Petrella is our president, Peter Kilpe is our publisher, and I'm Dave Bitner. Thanks for listening. We'll see you back here tomorrow. [MUSIC] (beeping)
