The CyberWire Daily Podcast 12.18.24
Ep 2212 | 12.18.24

Hacking allegations and antitrust heat.

Show Notes

The U.S. considers a ban on Chinese made routers. More than 200 Cleo managed file-transfer servers remain vulnerable. The Androxgh0st botnet expands. Schneider Electric reports a critical vulnerability in some PLCs. A critical Apache Struts 2 vulnerability is being actively exploited. Malicious campaigns are targeting Chinese-branded IoT devices. A Nebraska-based healthcare insurer discloses a data breach affecting over 225,000 individuals. IntelBroker leaks 2.9GB of data from Cisco’s DevHub environment. CISA issues a Binding Operational Directive requiring federal agencies to enhance cloud security. On today’s CERTByte segment, Chris Hare and Dan Neville unpack a question targeting the Network+ certification. INTERPOL says, “Enough with the pig butchering.“

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K, we share practice questions from N2K’s suite of industry-leading certification resources, and a study tip to help you achieve the professional certifications you need to fast-track your career growth in IT, cyber security, or project management.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Dan Neville to break down a question targeting the Network+ certification (N10-008 expires on 12/20/24 and the N10-009 update launched on June 20th of this year). Today’s question comes from N2K’s CompTIA® Network+ Practice Test, both exam versions of which are offered on our site.

According to CompTIA®, the Network+ certification "is the only certification on the market that covers the core skills necessary to support networks in any environment." The exam is geared towards anyone who already holds an A+ certification, along with about 9-12 months of networking experience.To learn more about this and other related topics under this objective, please refer to the following resources: CompTIA Network+ Study Guide (Sybex Study Guide)" page 762.

For the past 25 years, N2K's practice tests have helped more than half a million IT and cyber security professionals reach certification success. Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro.

Please note: The questions and answers provided here and on our site are not actual current or prior questions and answers from these certification publishers or providers.

Additional sources: www.comptia.org

Corrections:

CompTIA updates include Cloud+ (released in September 2024), Tech+ (formerly known as IT Fundamentals+, released on November 26, 2024), and Data+ (to be released in February 2025). PenTest+ and SecurityX were both released on December 17, 2024. SecurityX is a brand-new exam and an expert-level certification that replaces CASP+. All of these updated exams will be available in practice test form on our site by the end of this year or in early 2025. In the meantime, N2K offers all of the current versions of these exams on our website at: https://certify.cybervista.net/vendor/comptia/.  

A quick update on this episode: Given CompTIA's recent change to their publishing calendar, both the PenTest and SecurityX exams will now be released on January 21, 2025.

Selected Reading

U.S. Weighs Ban on Chinese-Made Router in Millions of American Homes (Wall Street Journal)

Attack Exposure: Unpatched Cleo Managed File-Transfer Software (BankInfo Security)

Androxgh0st Botnet Targets IoT Devices, Exploiting 27 Vulnerabilities (Hackread)

Schneider Electric reports critical flaw in Modicon Programmable Logic Controllers (Beyond Machines)

RATs can sniff out your Chinese-made web cameras: here’s how to defend yourself (Cybernews)

Regional Care Data Breach Impacts 225,000 People (SecurityWeek)

Hacker IntelBroker Leaked 2.9GB of Data Stolen From Cisco DevHub Instance (Cyber Security News)

New critical Apache Struts flaw exploited to find vulnerable servers (Bleeping Computer)

CISA Issues Binding Operational Directive for Improved Cloud Security (SecurityWeek)

Playbook for Strengthening Cybersecurity in Federal Grant Programs for Critical Infrastructure (CISA)

INTERPOL urges end to 'Pig Butchering' term, cites harm to online victims (INTERPOL) 

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.