The CyberWire Daily Podcast 6.18.24
Ep 2091 | 6.18.24

Servers seized, terrorists teased.


Europol and partners shut down 13 terrorist websites. A data breach at the LA County Department of Public Health affects over two hundred thousand. The Take It Down act targets deepfake porn. The Five Eyes alliance update their strategies to protect critical infrastructure. VMware has disclosed two critical-rated vulnerabilities in vCenter Server. The alleged heads of the "Empire Market" dark web marketplace are charged in Chicago federal court. A new malware campaign tricks users into running malicious PowerShell “fixes.”Researchers thwart Memory Tagging Extensions in Arm chips. A major e-learning platform discloses a breach. On our Industry Voices segment, we are joined by Guy Guzner, CEO and Co-Founder of Savvy to discuss "Reimagining app and identity security for SaaS." Clearview AI offers plaintiffs a piece of the pie. 

Today is Tuesday June 18th 2024. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Europol and partners shut down 13 terrorist websites. 

Europol and law enforcement from ten countries have shut down 13 terrorist websites in Operation HOPPER II. This operation targeted online platforms used by terrorist groups like ISIS and al-Qaeda to spread propaganda and recruit members. Four servers in Romania, Ukraine, and Iceland were seized, and the websites were removed. Coordinated by Europol's European Counter Terrorism Centre, the operation involved authorities from several European countries. Europol's EU Platform on Illicit Content Online (PERCI) facilitated the removal of terrorist content, showcasing the power of international cooperation in combating online terrorist activities.

A data breach at the LA County Department of Public Health affects over two hundred thousand. 

The Los Angeles County Department of Public Health (DPH) reported a data breach affecting over 200,000 people. Between February 19 and 20, 2024, an attacker obtained the login credentials of 53 employees through a phishing email. Stolen data includes personal, medical, and financial information. Impacted individuals are being notified by mail and offered a year of free identity monitoring from Kroll. The DPH has enhanced its security measures to prevent future attacks, disabled affected accounts, and reset devices. Law enforcement and the US Department of Health are involved in the investigation. The department advises individuals to verify their medical records for accuracy.

The Take It Down act targets deepfake porn. 

Lawmakers on Capitol Hill are urgently addressing the surge in deepfake AI porn targeting celebrities and high school students. A new bill, the Take It Down Act, led by Sen. Ted Cruz, R-Texas, aims to hold social media companies accountable for removing deepfake porn within 48 hours of a victim's request. It would criminalize publishing or threatening to publish such content, with enforcement by the Federal Trade Commission. The bill will be introduced by a bipartisan group of senators, supported by victims of deepfake porn. Despite consensus on the issue, there are competing bills in the Senate. Sen. Dick Durbin, D-Ill., proposed a bill allowing victims to sue those responsible, but it was blocked for being "overly broad." The Take It Down Act focuses on social media platform responsibilities. This comes as Senate Majority Leader Chuck Schumer pushes for AI legislation addressing nonconsensual deepfake images.

The Five Eyes alliance update their strategies to protect critical infrastructure.

Cybersecurity agencies from the Five Eyes alliance have updated their strategies to protect critical infrastructure, emphasizing the need for international collaboration due to the interconnected nature of these systems. The "Critical 5" nations—Australia, Canada, New Zealand, the UK, and the US—are enhancing security and resilience measures to prevent disruptions from incidents.

Key points include:

Adoption of new policies and tools, like Australia's 2023 Critical Infrastructure Resilience Strategy and the UK's Critical National Infrastructure Knowledge Base.

Addressing cyber threats through updated national strategies, such as the UK's National Cyber Strategy and the US's National Security Memorandum (NSM-22).

Enhancing information-sharing mechanisms between governments and infrastructure operators.

These nations stress that evolving threats like cyberattacks and climate change necessitate continuous adaptation of infrastructure protection strategies. Collaboration and shared knowledge remain vital for mitigating risks and ensuring the resilience of critical systems.

VMware has disclosed two critical-rated vulnerabilities in vCenter Server.

VMware by Broadcom has disclosed two critical-rated vulnerabilities in vCenter Server, used in its Cloud Foundation and vSphere suites. The flaws, CVE-2024-37079 and CVE-2024-37080, scored 9.8 on the CVSS v3 scale and are described as "heap-overflow vulnerabilities" in the DCE/RPC protocol, potentially allowing remote code execution. Despite no known exploitation "in the wild," patched versions are available. However, older versions like 6.5 and 6.7, no longer supported since October 2022, may remain vulnerable. Additionally, a third flaw, CVE-2024-37081, rated 7.8, allows local privilege escalation due to sudo misconfiguration. VMware acknowledged Matei "Mal" Badanoiu of Deloitte Romania for discovering the vulnerabilities.

The alleged heads of the "Empire Market" dark web marketplace are charged in Chicago federal court. 

Two men, Thomas Pavey and Raheim Hamilton, have been charged in Chicago federal court for operating "Empire Market," a dark web marketplace that facilitated over $430 million in illegal transactions from February 2018 to August 2020. Empire Market sold illegal drugs, counterfeit money, malware, and other illicit goods, using cryptocurrencies like Monero, Litecoin, and Bitcoin for payments. The marketplace shut down abruptly in 2020 amid DDoS attacks, leading to exit scam allegations. The two face charges for selling counterfeit currency, distributing controlled substances, possessing unauthorized access devices, and money laundering. If convicted, they could face life in prison and must forfeit crime proceeds, with $75 million in cryptocurrency, cash, and precious metals already seized.

A new malware campaign tricks users into running malicious PowerShell “fixes.”

Researchers at Proofpoint document a new malware campaign that uses fake Google Chrome, Word, and OneDrive errors to trick users into running malicious PowerShell "fixes" that install malware. Multiple threat actors, including ClearFake, ClickFix, and TA571, are behind this campaign. These attacks involve fake browser update prompts and JavaScript in HTML attachments, displaying false error messages. Users are instructed to copy and run PowerShell scripts, leading to malware installations like DarkGate, Matanbuchus, NetSupport, XMRig, and Lumma Stealer. The campaign exploits user unawareness of PowerShell risks and Windows' inability to detect malicious scripts. Despite requiring significant user interaction, the convincing social engineering increases the likelihood of successful infections.

Researchers thwart Memory Tagging Extensions in Arm chips. 

In 2018, Arm introduced Memory Tagging Extensions (MTE) to protect against memory safety bugs. MTE, now in devices like Google's Pixel 8, tags memory blocks to detect and prevent memory safety violations. However, researchers from Seoul National University, Samsung Research, and Georgia Tech found MTE can be bypassed via speculative execution attacks. Their study, "TikTag: Breaking Arm's Memory Tagging Extension with Speculative Execution," shows that attackers can extract MTE tags with a 95% success rate in under four seconds. Despite this, Arm maintains that MTE's value remains and suggests mitigations to prevent these attacks. The researchers' findings have prompted some responses from Arm and Google's Android Security Team, although not all issues have been fully addressed.

A major e-learning platform discloses a breach. 

Learnosity, an e-learning platform with over 40 million learners, disclosed a cybersecurity incident on June 17th. A phishing attack targeted HR staff, exposing an employee list but not downloading it. The affected employee lacked access to product or user data. Learnosity has secured its systems and is investigating the incident, offering 12 months of free credit monitoring to affected users. 


We’ll be right back. Coming up our Industry Voices segment, I am joined by Savvy’s CEO and Co-Founder Guy Guzner to talk about "Reimagining app and identity security for SaaS."


Clearview AI offers plaintiffs a piece of the pie. 

And finally, for a while there, Clearview AI was riding high.  The company's facial recognition technology could search millions—and eventually billions—of images to find a match for any uploaded photo. The dirty secret? All those images and data had been scraped from the web without the consent of the millions of people involved.

Clearview's ambitions grew, and the company began courting governments and law enforcement agencies. The problem with this strategy is that it leaves a paper trail, accessible through public records requests.

That was the beginning of the end. Kashmir Hill's exposé for The New York Times revealed Clearview’s existence, its web-scraping tactics, and its aggressive marketing efforts. The fallout was swift: lawsuits piled up, and foreign governments issued bans and hefty fines for violating privacy laws.

But Clearview's troubles weren’t confined to Europe. In the US, lawsuits over privacy violations proved successful. One significant case involved alleged breaches of Illinois privacy laws, resulting in a class action lawsuit. This case is now concluding, but the settlement is unique: instead of a cash payout, plaintiffs will receive a 23% stake in Clearview, valued at about $52 million.

Here’s Kashmir Hill with the latest for The New York Times:

“Anyone in the United States who has a photo of themselves posted publicly online — so almost everybody — could be considered a member of the class. The settlement would collectively give the members a 23 percent stake in Clearview AI, which is valued at $225 million, according to court filings. (Twenty-three percent of the company’s current value would be about $52 million.)"

Plaintiffs can cash out if the company goes public or gets acquired, or they can sell their stake. Alternatively, after two years, they can collect 17% of Clearview’s revenue.

Clearview's lawyer, Jim Thompson, told The New York Times the company was “pleased” with the agreement, suggesting a bleak outlook for its future. If Clearview expected to thrive, it likely wouldn’t have agreed to give away nearly a quarter of its value. But anticipating financial struggles, handing out a significant I.O.U. to plaintiffs is a clever way to preserve cash and stop the legal hemorrhaging.

So, Clearview may have lost the larger battle for privacy and reputation, but it managed to dodge a financial bullet with this settlement. By delaying cash payments and giving away a speculative stake in its uncertain future, Clearview has bought itself some time. Given its ongoing issues worldwide, it’s doubtful there will be much cash available to pay out in the future either. Clearview may have lost the war, but it seems to have won this particular battle.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.



We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at


This episode was produced by Liz Stokes. Our mixer is Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Our executive editor is Brandon Karpf. Simone Petrella is our president. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.