The CyberWire Daily Podcast 5.23.24
Ep 2074 | 5.23.24

Checkmate at check in.


Spyware is discovered on U.S. hotel check in systems. A Microsoft outage affects multiple services. Bitdefender uncovers Unfading Sea Haze. University of Maryland researchers find flaws in Apple’s Wi-Fi positioning system. Scotland’s NRS reveals a sensitive data leak. Rapid7 tracks the rise in zero-day exploits and mass compromise events. The SEC hits the operator of the New York Stock Exchange with a ten million dollar fine. Operation Diplomatic Specter targets political entities  in the Middle East, Africa, and Asia. The FCC considers AI disclosure rules for political ads. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with guests Brianna Bace and Unal Tatar PhD sharing their work on Legal Perspectives on Cyberattacks Targeting Space Systems. Tone-blasting underwater data centers. 

Today is Thursday May 23rd, 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Spyware is discovered on U.S. hotel check in systems. 

TechCrunch discovered that the consumer-grade spyware app pcTattletale was running on the check-in systems of at least three Wyndham hotels in the US. The spyware continuously captured screenshots of hotel booking systems, exposing guest details and partial payment card numbers due to a security flaw. These screenshots were accessible to anyone online who knew how to exploit the flaw.

Security researcher Eric Daigle found the compromised systems during an investigation into spyware, often called "stalkerware," due to its use in tracking individuals without their consent. Despite his attempts to notify pcTattletale, the flaw remains unfixed.

The app’s presence on the hotel systems is unclear; it could be due to employees being tricked into installing it or intentional use by hotel management for monitoring. Wyndham, a franchise organization, stated that its hotels are independently owned and operated, and did not confirm if it was aware of pcTattletale's use.

pcTattletale markets itself for monitoring children and employees, but also promotes its use for tracking unfaithful spouses. The spyware requires physical access to install, and pcTattletale offers a service to install the spyware on target devices remotely. The company has not responded to requests for comment.

A Microsoft outage affects multiple services. 

A major Microsoft outage has affected, Copilot for web and mobile, Copilot in Windows, ChatGPT internet search, and DuckDuckGo. The outage began at around 3 AM EDT, primarily impacting users in Asia and Europe. While Bing search works via direct URL, the homepage showed a blank page or a 429 error. Copilot services were completely offline. DuckDuckGo displayed error messages due to Bing API issues. Microsoft and OpenAI are investigating the cause, and it seems at this time systems have been restored. 

Bitdefender uncovers Unfading Sea Haze. 

Bitdefender Labs uncovered a new cyber threat actor, "Unfading Sea Haze," targeting high-level organizations in South China Sea countries, likely aligned with Chinese interests. Their attacks, spanning back to 2018, primarily hit military and government targets. Using tools like Gh0st RAT variants and .NET payloads, they exploited poor credential hygiene and inadequate patching. Unfading Sea Haze's persistence and sophisticated tactics, such as spear-phishing with malicious LNK files, highlight the need for robust cybersecurity practices. Despite five years of activity, they remained undetected, underscoring the importance of vigilant security measures.

University of Maryland researchers find flaws in Apple’s Wi-Fi positioning system. 

Researchers at the University of Maryland (Go Terps!) identified a privacy vulnerability in Apple's Wi-Fi Positioning System (WPS), enabling global tracking of users' locations and movements. This vulnerability allows attackers to build a worldwide database of Wi-Fi access points quickly. The study shows the potential for mass surveillance and tracking, including in sensitive areas like war zones and disaster sites. Researchers recommend enhanced privacy measures, such as rate limiting, authentication for WPS queries, BSSID randomization, and opt-out options. Apple has started addressing these issues, but more comprehensive solutions are needed to protect against unauthorized tracking of Wi-Fi access points.

Scotland’s NRS reveals a sensitive data leak. 

National Records of Scotland (NRS) revealed that sensitive data was leaked following a ransomware attack on NHS Dumfries and Galloway, resulting in 3TB of data being published on the dark web. The breach included demographic records and patient information held temporarily on the NHS network. Less than 50 individuals were directly impacted and have been contacted. The attack, by the Inc Ransom gang, increased identity theft risks. The incident is under investigation by Police Scotland.

Rapid7 tracks the rise in zero-day exploits and mass compromise events. 

Rapid7's 2024 Attack Intelligence Report highlights the continued rise in zero-day exploits and mass compromise events, often combined. Key findings include more than half of new widespread threat CVEs being exploited before patches are available, indicating that mass supply chain compromises through zero-day vulnerabilities will persist. The report also notes the professionalization of cybercriminals who buy zero-day exploits. Additionally, it emphasizes the critical need for multi-factor authentication (MFA), as 40% of incidents investigated in 2023 resulted from missing or inconsistent MFA enforcement. Rapid7 stresses the importance of prevention, particularly at the network edge, and proactive defensive measures.

The SEC hits the operator of the New York Stock Exchange with a ten million dollar fine. 

The US Securities and Exchange Commission (SEC) announced that Intercontinental Exchange (ICE) will pay a $10 million fine for charges related to a 2021 hacker attack. Hackers exploited a zero-day vulnerability on one of ICE's VPNs, planting malicious code. ICE, which operates the NYSE, delayed notifying legal and compliance officials at its subsidiaries, hindering proper disclosure. The SEC criticized this delay, emphasizing the need for immediate notification. ICE agreed to the fine without admitting or denying the findings.

Operation Diplomatic Specter targets political entities  in the Middle East, Africa, and Asia. 

Palo Alto Networks’ Unit 42 describes a Chinese advanced persistent threat (APT) group, dubbed "Operation Diplomatic Specter," has targeted political entities in the Middle East, Africa, and Asia since late 2022. They have conducted espionage against at least seven governmental entities, using rare email exfiltration techniques to collect sensitive information from diplomatic missions, embassies, military operations, political meetings, ministries, and high-ranking officials. The group employs unique backdoors named TunnelSpecter and SweetSpecter. Their tactics include exploiting Exchange server vulnerabilities (ProxyLogon and ProxyShell) to infiltrate mail servers, emphasizing the need for organizations to patch known vulnerabilities. 

The FCC considered AI disclosure rules for political ads. 

FCC Chairwoman Jessica Rosenworcel proposes examining whether campaigns and political action committees should disclose when political ads on radio and TV use AI-generated content. This comes after AI-generated robocalls mimicking President Biden discouraged New Hampshire primary voters from casting their votes. If supported by the other commissioners, the FCC will seek public input on requiring broadcasters to disclose AI use in political ads and define AI-generated content. The proposal aims to ensure transparency and prevent voter deception in the 2024 election cycle.


Coming up on our guest segment, we have some N2K crossover. N2K T-Minus Space Daily podcast host Maria Varmazis speaks with Brianna Bace and Unal Tatar PhD sharing their work entitled: Law in Orbit: International Legal Perspectives on Cyberattacks Targeting Space Systems. 

We’ll be right back

Welcome back. Thanks so much, Maria. We have details in our show notes. and, be sure to check out T-Minus Space Daily for your daily space intelligence. 

Tone-blasting underwater data centers. 

For nearly a decade, underwater data centers have been the cutting-edge trend in tech, boasting numerous perks like saving land space and benefiting from natural, cold-water cooling. From Microsoft's Project Natick to China's Hainan Undersea Data Center, these aquatic facilities have promised efficiency and durability. But there's a catch – they're vulnerable to... sound waves!

Yes, you heard that right. Researchers from the University of Florida and the University of Electro-Communications in Japan discovered that a simple pool speaker playing a high D note can wreak havoc on these submerged data hubs. The dense water not only cools the servers but also carries sound waves that can disrupt their operations.

Researchers tested this in both a lab water tank and a campus lake, finding that just two and half minutes of targeted acoustic attack could increase database latency by up to 92.7 percent. Solutions like sound-proof panels and active noise cancellation proved either too hot or too expensive.

But don't worry, they’re working on a machine learning algorithm to detect and counteract these watery wails. As UF professor Kevin Butler put it, "The ocean is awash in sound already. These attacks can happen inadvertently, like from a submarine sonar blast." So, while the sea may seem serene, it’s a whole new battleground for data security.

I just hope that pod of killer whales that’s been taking down yachts don’t catch wind of this.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.



We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at


This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.