Podcasts
CyberWire Daily
Ep 2271
The CyberWire Daily Podcast 3.24.25
Ep 2271 | 3.24.25

Scammers celebrate with a bang.

Show Notes
Transcript

Money laundering runs rampant in Cambodia. Privacy advocates question a new data sharing EO from the White House. An NYU website hack exposes the data of millions. A game demo gets pulled from Steam after users report infostealing malware. The Cloak ransomware group claims a cyberattack on the Virginia Attorney General’s Office. 23andMe files for Chapter 11 bankruptcy. Medusa ransomware is using a malicious driver to disable security tools on infected systems. Clearview AI settles a class-action lawsuit over privacy violations. A look back at the CVE program. In today’s Industry Voices segment, we are joined by Joe Ryan, Head of Customer Enablement at Maltego Technologies, who is highlighting how to help analysts in resource-constrained environments overcome training gaps and use investigative tools more effectively. Luring AI bots into the digital labyrinth.

Today is Monday March 24th 2025. I’m Dave Bittner. And this is your CyberWire Intel Briefing.

Money laundering runs rampant in Cambodia. 

Scammers in Cambodia celebrate their biggest online frauds with fireworks, often after stealing victims’ life savings through romance scams or fake crypto platforms. According to the New York Times, these scams fuel a massive, fast-moving money-laundering network involving billions of dollars. Authorities like the FBI and Interpol have tried to intervene, but the system is resilient and global.

At the center is Huione Group, a Cambodian financial conglomerate with legitimate businesses and illicit arms. One Huione affiliate runs a Telegram-based marketplace linking scammers with money launderers, a hub responsible for at least $26.8 billion in crypto transactions. Another affiliate, Huione International Pay, operates like a professional bank, managing funds and coordinating with scammers.

The operation uses matchmakers, money mules, and sophisticated infrastructure. Some workers are trafficked victims forced into scams. The proceeds fund luxury lifestyles and further criminal services — from fake investment sites to stolen personal data. And yes, part of the take pays for fireworks to celebrate another payday.

Privacy advocates question a new data sharing EO from the White House. 

A new executive order from President Trump expands data-sharing between federal and state agencies, sparking concerns from privacy advocates. The order requires federal agencies to eliminate rules that limit the sharing of unclassified data and mandates access to data from all state programs receiving federal funds—even when stored with third parties.

Experts warn the move is designed to normalize the controversial practices of the Department of Government Efficiency (DOGE), which has been accused of overreach and violating privacy laws. Critics fear the order enables a centralized federal surveillance system and bypasses legal safeguards like System of Records Notices (SORNs).

DOGE has faced lawsuits for unauthorized data sharing, including a recent court order halting its access to Social Security data. Experts argue the EO could weaponize personal data and erode civil liberties under the guise of efficiency and fraud prevention. The White House has not commented.

An NYU website hack exposes the data of millions. 

A hacker breached NYU’s website Saturday morning, exposing personal data from over 3 million applicants dating back to 1989. The leak included names, test scores, intended majors, zip codes, financial aid info, and details on family members. The site, hijacked for at least two hours, displayed charts claiming racial disparities in NYU admissions, alleging lower average scores for Black and Hispanic students compared to white and Asian applicants—despite the Supreme Court’s 2023 ban on affirmative action.

Four downloadable files revealed Common Application data, including rejected applicants and sibling information. NYU restored the site by noon and reported the breach to law enforcement. The group behind the hack is tied to a 2023 University of Minnesota breach involving 7 million Social Security numbers. NYU, which opposed the affirmative action ruling, had seen a decline in minority admissions following the decision.

A game demo gets pulled from Steam after users report infostealing malware. 

Valve has removed the game Sniper: Phantom’s Resolution from Steam after users reported it contained infostealing malware. Though billed as a demo, the installer directed players to download from an external GitHub repository. Reddit users found the file included tools for privilege escalation, cookie theft, and persistence via startup scripts. The developer’s GitHub and website were taken down, and Valve acted following reports. Users who installed the game are urged to scan their systems. This follows a similar Steam malware case last month.

The Cloak ransomware group claims a cyberattack on the Virginia Attorney General’s Office. 

The ransomware group Cloak has claimed responsibility for a cyberattack that disrupted nearly all systems at the Virginia Attorney General’s Office (AGO) in February. Employees were forced to revert to paper filings as internal services, VPN, and the website went offline. On March 20, Cloak posted alleged stolen AGO data on its leak site, indicating a failed extortion. Active since 2022, Cloak uses ARCrypter ransomware and often targets small to mid-sized businesses, with this being its first confirmed U.S. attack this year. 

23andMe files for Chapter 11 bankruptcy. 

Genetic testing company 23andMe filed for Chapter 11 bankruptcy amid growing concerns over its handling of sensitive customer data. The company, which holds genetic profiles of over 15 million users, suffered a major breach in 2023 that exposed personal information from nearly 7 million accounts—many targeting Jewish and Chinese customers. A class-action lawsuit followed, accusing 23andMe of failing to notify affected users. As trust eroded, sales declined, contributing to mounting losses. The company says it will maintain current data protections during its sale process.

Medusa ransomware is using a malicious driver to disable security tools on infected systems. 

Medusa ransomware is using a malicious driver—smuol.sys—to disable security tools on infected systems, according to Elastic Security Labs. Masquerading as a legitimate CrowdStrike driver, it’s signed with a revoked certificate from a Chinese company and protected by VMProtect. Elastic, which calls it AbyssWorker, found samples dating from August 2024 to February 2025, many using stolen certificates. The driver, previously used in other malware campaigns, can manipulate processes, files, and system operations to disable defenses, often by spoofing system time to bypass signature checks.

Clearview AI settles a class-action lawsuit over privacy violations. 

Clearview AI has settled a class-action lawsuit over privacy violations for an estimated $50 million, approved by a federal judge. The deal gives plaintiffs and their lawyers a stake in the company’s future value rather than a direct payout. The lawsuit accused Clearview of scraping billions of facial images from the web without consent, violating Illinois’ Biometric Privacy Act. Clearview denies wrongdoing. Critics, including 22 state attorneys general, argue the settlement doesn’t do enough to prevent future misuse of biometric data.

There’s no small irony here, attaching the plaintiffs' benefits to the success of Clearview. 

A look back at the CVE program. 

A thoughtful piece by Cynthia Brumfield for CyberScoop looks at the CVE (Common Vulnerabilities and Exposures) program. Launched in 1999 by MITRE researchers, it has become a cornerstone in global cybersecurity, enabling consistent tracking and sharing of vulnerability data. Now in its fifth iteration, it includes over 413 reporting organizations across 40+ countries and had 270,768 records by 2024. Despite challenges—like disputes over data quality, concerns about vendors potentially hiding vulnerabilities, and funding issues at NIST—the system remains resilient. Experts argue its federated structure, dispute resolution mechanisms, and community oversight help maintain transparency. The rise in CVEs, while sometimes criticized, reflects better visibility and reporting, not necessarily increased risk. Recent funding shortfalls under the Trump administration’s DOGE initiative tested the system’s durability, but MITRE and others stepped up. Despite imperfections, cybersecurity leaders agree the CVE system remains essential. It’s a long-standing public-private partnership that continues to evolve, and a future without it would leave defenders far less equipped to tackle digital threats.

Luring AI bots into the digital labyrinth. 

And finally, Cloudflare just introduced a delightfully devious new tool: AI Labyrinth. Think of it as a digital hedge maze—only instead of confusing Minotaurs, it’s designed to baffle AI crawlers that ignore “no crawl” signs. When these rude bots try to scrape your site, Cloudflare lures them into a labyrinth of AI-generated web pages filled with convincingly real but utterly useless content. While the bot burns CPU cycles navigating a maze of facts about soil types or lunar geology, your real content stays untouched.

This strategy not only wastes the bots’ time but acts as a high-tech honeypot. No human would click four links deep into nonsense, so if someone does, bingo—it’s a bot. The maze helps Cloudflare identify and fingerprint bad actors without alerting them they’ve been duped. It’s opt-in and even available on free plans. So yes, Cloudflare is fighting fire with fire—or more accurately, AI with more AI.

And that’s the CyberWire.

For links to all of today’s stories, check out our Daily Briefing at the cyberwire dot com.

 

 

We’d love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like the show, please share a rating and review in your podcast app. Please also fill out the survey in the show notes or send an email to cyberwire@n2k.com

We’re privileged that N2K CyberWire is part of the daily routine of the most influential leaders and operators in the public and private sector, from the Fortune 500 to many of the world’s preeminent intelligence and law enforcement agencies.

N2K makes it easy for companies to optimize your biggest investment, your people. We make you smarter about your teams, while making your teams smarter. Learn how at n2k.com.

 

N2K’s senior producer is Alice Carruth. Our CyberWire producer is Liz Stokes. We’re mixed by Tré Hester, with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Eiben. Peter Kilpe is our publisher, and I’m Dave Bittner. Thanks for listening.

CyberWire Daily
Podcast Info
HOST(S):
Dave Bittner
Dave Bittner is a security podcast host and one of the founders at CyberWire. He's a creator, producer, videographer, actor, experimenter, and entrepreneur. He's had a long career in the worlds of television, journalism and media production, and is one of the pioneers of non-linear editing and digital storytelling.
Schedule: Monday-Friday
Creator: CyberWire, Inc.
ADVERTISEMENT
Sponsored by Maltego
Sponsored by Maltego

Headquartered in Germany, Maltego developed the world’s most widely used all-in-one OSINT platform that empowers analysts from the FBI, INTERPOL, financial institutions, and major tech and service companies – including half of the DOW 30 – to speed up and improve the accuracy of their investigations. Learn more.