Researchers ID a new Mirai-based botnet. Android devices get their first round of updates for the new year. Criminals exploit legitimate Apple and Google services in sophisticated voice phishing attacks. Japan attributes over 200 cyberattacks to the Chinese hacking group MirrorFace. A PayPal phishing scam exploits legitimate platform functionality. SonicWall addresses critical vulnerabilities in its SonicOS software. CISA warns of active exploitation of vulnerabilities in Mitel MiCollab. A new government backed labelling program hopes to help consumers choose more secure devices. On today’s CertByte segment, Chris Hare and Steven Burnley unpack a question from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test. Streaming license plate readers - no password required.

Remember to leave us a 5-star rating and review in your favorite podcast app.

Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn.

CertByte Segment

Welcome to CertByte! On this bi-weekly segment hosted by Chris Hare, a content developer and project management specialist at N2K.

In each segment, Chris is joined by an N2K Content Developer to help illustrate the learning. This week, Chris is joined by Steven Burnley to break down a question targeting the CC - Certified in Cyber Security certification by ISC2®. Today’s question comes from N2K’s ISC2® Certified in Cyber Security (CC) Practice Test.

The CC(SM) - Certified in Cyber Security is an entry-level, ANAB accredited exam geared towards anyone who wants to prove their foundational skills, knowledge, and abilities. To learn more about this and other related topics under this objective, please refer to the following resource: ISC2 (n.d.). https://www.isc2.org/landing/cc-etextbook  

Have a question that you’d like to see covered? Email us at certbyte@n2k.com. If you're studying for a certification exam, check out N2K’s full exam prep library of certification practice tests, practice labs, and training courses by visiting our website at n2k.com/certify. To get the full news to knowledge experience, learn more about our N2K Pro subscription at https://thecyberwire.com/pro. 

Please note: The questions and answers provided here, and on our site, are not actual current or prior questions and answers from these certification publishers or providers.

Additional source: https://www.isc2.org/certifications/cc 

Selected Reading

New Mirai Botnet Exploits Zero-Days in Routers and Smart Devices (Infosecurity Magazine)

First Android Update of 2025 Patches Critical Code Execution Vulnerabilities (SecurityWeek)

A Day in the Life of a Prolific Voice Phishing Crew (Krebs on Security)

Japan links Chinese hacker MirrorFace to dozens of cyberattacks targeting security and tech data (AP News)

Casio says hackers stole personal data of 8,500 people during October ransomware attack (TechCrunch)

New PayPal Phishing Scam Exploits MS365 Tools and Genuine-Looking Emails (Hackread)

Multiple Sonicwall VPN Vulnerabilities Let Attackers Bypass Authentication (Cyber Security News)

CISA Warns of Mitel MiCollab Vulnerabilities Exploited in Attacks (SecurityWeek)

New Labels Will Help People Pick Devices Less at Risk of Hacking (SecurityWeek)

Researcher Turns Insecure License Plate Cameras Into Open Source Surveillance Tool (404 Media)

Share your feedback.

We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. 

Want to hear your company in the show?

You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info.

The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc.

Learn more about your ad choices. Visit megaphone.fm/adchoices