Tomcat got your server?

An Apache Tomcat vulnerability is under active exploitation. CISA rehires workers ousted by DOGE. Lawmakers look to protect rural water systems from cyber threats. Western Alliance Bank notifies 22,000 individuals of a data breach. A new cyberattack method called BitM allows hackers to bypass multi-factor authentication. A Chinese cyberespionage group targets Central European diplomats. A new cyberattack uses ChatGPT infrastructure to target the financial sector and U.S. government agencies. Australia sues a major securities firm over inadequate protection of customer data. Our Threat Vector segment examines how unifying security capabilities strengthens cyber resilience. Cybercriminals say, “Get me Edward Snowden on the line!” Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. Threat Vector Segment Security platformization is transforming the way organizations defend against cyber threats. In this episode of Threat Vector, host David Moulton speaks with Carlos Rivera, Senior Analyst at Forrester, about how unifying security capabilities strengthens cyber resilience. To listen to the full discussion, please check out the episode here or on your favorite podcast app, and tune in to new episodes of Threat Vector by Palo Alto Networks every Thursday. Selected Reading Critical Apache Tomcat RCE Vulnerability Exploited in Just 30hrs of Public Exploit (Cyber Security News) CISA Rehires Fired Employees, Immediately Puts Them on Leave (GovInfo Security) Western Alliance Bank Discloses Data Breach Linked to Cleo Hack (SecurityWeek) New BitM Attack Lets Hackers Steal User Sessions Within Seconds (Cyber Security News) US Lawmakers Reintroduce Bill to Boost Rural Water Cybersecurity (SecurityWeek) Chinese Hackers Target European Diplomats with Malware (GovInfo Security) Hackers Exploit ChatGPT with CVE-2024-27564, 10,000+ Attacks in a Week (Hackread) Australia Sues FIIG Investment Firm in Cyber 'Wake-Up Call' (GovInfo Security) Extortion crew threatened to inform Edward Snowden (?!) if victim didn't pay up (The Register) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices