0:00

From the CISO series, it's

0:02

cybersecurity headlines. US

0:07

government bans Kaspersky and sanctions

0:09

12 executives. Evolve Bank

0:12

confirms data breach, undermining lockbits,

0:14

Federal Reserve claim, and the

0:16

UK's largest nuclear site pleads

0:19

guilty over cybersecurity failures. These

0:22

are some of the stories that my colleagues

0:24

and I have selected from this past week's

0:26

cybersecurity headlines. And now we're ready

0:28

for some insight, opinion, and expertise on

0:30

all of these. From our guest, Jim

0:32

Bowie, the CISO over at Tampa General

0:34

Hospital. Jim, I know you're a busy

0:36

guy. Thank you so much for making the time and being here. Thanks.

0:39

It's good to be here. Yeah, I cannot wait to

0:41

get into these stories. You were helping curate them this

0:44

week for the week interview, so I'm really excited for

0:46

some of your thoughts. A lot of big stories, a

0:48

lot of big angles I want to get your thoughts

0:50

on. Before we get into those,

0:52

though, I have to thank our sponsor for today, Prelude

0:55

Security. We're 30 minutes away

0:57

from peace of mind. Join

0:59

us on YouTube Live. Do so good at

1:01

cisoseries.com. Hit that old events dropdown and look

1:03

for the cybersecurity headlines week in review image.

1:06

You can click on it to join us. If you are in

1:08

our Discord for Super Cyber Friday, we're going to be

1:11

posting links there as well, so make sure you check

1:13

those out. And be sure to contribute your comments. I

1:16

want Jim's thoughts, but I also want

1:18

your thoughts. I see you, CCL, Kevin

1:20

Farrell, incredulous, chordate in there as well.

1:23

Let me hear your thoughts as we're going through this. Would

1:25

love to get some more. We got about 20 minutes, though,

1:27

so let's just jump right in. First

1:29

up here, the U.S. bans Kaspersky and sanctions

1:31

12 executives. These

1:34

sanctions were issued by the Treasury Department's Office

1:36

of Foreign Asset Control. We know it is

1:38

good old OFAC and pretty much freezes all

1:40

their property and interests. These actions

1:42

come on the heels of an announcement made

1:45

by the government on June 20th regarding a

1:47

ban on selling Kaspersky antivirus software due to

1:49

it being a Russian organization. The

1:51

ban starts on July 20th and software updates

1:53

to its U.S. customers will be prohibited on

1:56

September 29th. Commerce

1:58

Secretary Gina Raimondo. said now

2:00

would be a good time for companies to

2:02

find an alternative to Kaspersky for their security

2:04

needs. I'm just going to say sound advice

2:06

there. Thank you, Secretary Raimondo. But

2:09

that US individuals and businesses can continue

2:11

to use or have existing Kaspersky products

2:13

and services that are not violations of

2:15

the law. So you will not go

2:17

to jail for keeping using things that

2:19

aren't going to get software updates. So

2:21

Jim, Kaspersky has alternated

2:23

over the years between having some

2:26

good collection of researchers to being a

2:28

Russian organization at a time when associating

2:30

with a Russian organization, not exactly great

2:32

optically. So why now? You get a

2:34

sense this is part of a strategy

2:36

about maybe eliminating risk, maybe some new

2:38

evidence came to light or is this

2:40

hey, it's election season, maybe this is

2:42

just some good press. I

2:44

think you nailed it at the end there. I think it's election

2:46

season. If they were going to do

2:49

this and for those at home, if

2:51

you remember, in 2017, it

2:53

came to light that the Russian

2:56

government somehow used Kaspersky or they were in

2:58

league with Kaspersky to take NSA tools, hacking

3:00

tools. I would imagine they

3:02

would have done it then they did ban the

3:05

computer use on government networks. So I thought that was

3:07

the end of it. But I think I think you're

3:09

right. This is saber rattling. I was actually surprised I

3:12

was watching last night the debate purely

3:14

because I thought they'd bring this up. Because

3:16

the timing of it lined up. I was like, hey, they did

3:18

this two days before this week say we're tough on Russia. Here's

3:20

what I've done. I don't

3:23

think this protects the

3:25

private world any more than it was

3:28

four days ago. I think it's saber

3:30

rattling. Well, and

3:32

I mean, correct me if I'm wrong here,

3:34

but my understanding is any security professional worth

3:37

anything would have already made this decision, you know,

3:39

almost 10 years ago now at this point. Yeah,

3:41

Kaspersky made it through your risk assessment profile and

3:43

you gave it a thumbs up. You may want

3:46

to reevaluate your DRC team. Some

3:50

good thoughts. So yeah, we will see

3:52

if that does play out though in the political season. It's a

3:54

really good point. I didn't even think of that

3:56

coming up. I just thought maybe

3:58

you're a masochist or something for watching the debate. That's a

4:00

separate issue. Next up

4:02

here, Evolve Bank confirms data breach

4:04

undermining Lockbit's Federal Reserve claim. Arkansas-based

4:07

Evolve Bank and Trust confirmed this week

4:09

the theft of customer information, which has

4:11

now been posted on the dark web.

4:13

Bank representatives say the information evolved PII,

4:16

but not financial or banking information. So

4:18

just your personal information, don't worry about

4:20

it. This appears to be a job

4:22

pulled off by attackers affiliated with Lockbit,

4:24

which itself had claimed to have breached

4:26

the US Federal Reserve. In

4:28

fact, among the documents was a press

4:30

release about the Federal Reserve enforcement action

4:33

against Evolve Bank alongside regarding

4:35

deficiencies in anti-money laundering controls

4:37

and risk management practices. So

4:40

Jim, the story has a touch of the

4:42

more you look, the more you find given

4:44

that Evolve isn't your average mom and pop

4:46

bank, many of the customers whose data was

4:48

stolen are startups and many of them financial

4:50

companies at some point, a lot of FinTech

4:53

in there. It also has the Lockbit angle,

4:55

a group seemingly on

4:57

the rise again, after there's a posted shutdown earlier

4:59

this year. What's your take on this? My

5:02

take is Lockbit's good hype, good hype man,

5:04

right? They posted that

5:07

and within two hours I had to call my

5:09

leadership, my senior leadership because I knew that was

5:11

gonna hit Forbes and whatever. And they were gonna

5:13

be like, what's going on? And it had nothing

5:15

to do with our company where health organization, right?

5:19

And I was like, they could be lying. You

5:21

don't know, just take it with a grain of

5:23

salt till there's some proof. And as it turned

5:25

out the way it is, actually VX Underground had

5:27

a good theory that they probably don't speak English.

5:29

They saw a document that said Federal Reserve on

5:31

it and got a little happy from it, right?

5:34

And if it happened to be true, kind of beside the

5:36

point then at that point, right? Yeah. Yeah,

5:39

and since they've, oh, sorry, go ahead. Well, I'm just

5:41

wondering, so that's an interesting perspective. I hadn't even thought

5:43

about that, kind of the wasted effort or like the,

5:46

I don't wanna call it wasted due diligence, right?

5:48

Cause you do want to look into these, when

5:50

these claims kind of come up, but I'm wondering

5:53

how much is that a factor in like time

5:55

wasted where we can't trust these threat actors. We

5:57

have to assume everything, especially from Lockbit who has

5:59

a... track history seems to be credible. It's

6:03

a lot of time wasted. I have a couple

6:05

people dedicated purely our team to cyber threat intelligence.

6:07

And that's all they do all day is sift

6:09

through this and wait to see and set up

6:11

alerts. And it's a good

6:13

chunk of your FTEs. But

6:16

it's important because if I don't get ahead of it to

6:20

my senior leadership, my other peers in organization, they

6:22

will lose confidence. And if I can say ahead

6:24

of time, hey, this is a problem, you're gonna

6:26

see this. It doesn't affect us, it does affect

6:28

us. It helps a lot with the trust. All

6:31

right, next up here, UK's largest

6:34

nuclear site pleads guilty over cybersecurity

6:36

failures. The company that

6:38

manages the Cellafield nuclear site in

6:40

Northern England has pleaded guilty to three

6:43

criminal charges over cybersecurity failings. Cellafield

6:45

is no longer a functioning nuclear

6:47

plant, but is currently housing more

6:49

plutonium than any other location on

6:51

earth. And also has a

6:53

number of facilities for things like nuclear decommissioning

6:55

and waste processing and storage. As

6:58

such, it's considered one of the most complex and

7:00

hazardous nuclear sites in the world. I

7:03

would assume most nuclear sites fall into complex

7:05

and hazardous in some degree. The

7:07

criminal charges focus on failures to comply with approved

7:10

security plans between 2019 and early 2023, which

7:13

is a long time. In admitting

7:15

these failures, Cellafield management is also denying

7:17

reports from the Guardian that the facility

7:20

might also have been compromised by hacking

7:22

groups linked to both China and Russia.

7:25

So Jim, basically every sentence in the story

7:27

is something more that I don't want to

7:29

hear. There was a story in

7:31

the BBC from December of last year that

7:33

shows the chief of security, Ewan Hutton, defending

7:35

his actions while still admitting that there were

7:38

problems like cracks in an open air pond

7:40

full of radioactive sludge, but that, hey, they're

7:42

keeping an eye on it. Again,

7:45

not great. I know

7:47

this is a UK story, this plant is in the UK, but

7:50

every country seems like they're having similar types of

7:52

issues. Do we wait until we

7:54

get another three mile island or love

7:56

canal before acting here? No.

8:00

This is I was like my shock was the same as

8:02

yours reading that article and I was just hoping at the

8:04

end We got some ninja turtles out of

8:06

it or something right That's the only

8:08

positive that could have come out of it. But uh You

8:11

have this problem in our infrastructure here. You've got the

8:15

Is it the hui hui? I can never

8:17

pronounce them that are deep into our infrastructure.

8:19

Yes. Yes. Yes You've got volt typhoon. They

8:21

were going to shut off all of our

8:23

infrastructure or communications once china If china decides

8:25

to invade jaiwan you've we've got

8:27

the same massive problems here We've got I was

8:29

dealing with a peer of mine. I was talking

8:31

to another energy company

8:34

And they were talking about how they use torrents

8:37

to update their their firmware on their devices and

8:39

i'm like, ah Just we're we're way behind in

8:41

this legacy equipment. There's two There's

8:44

two industries that are just commonly getting

8:46

hit and that's healthcare and it's uh

8:48

energy infrastructure Utilities

8:50

and it's because of legacy stuff like that And

8:52

we're just going to keep having that problem and

8:54

I don't know the answer on modernizing because they've

8:57

shut down all the programs for the most part

8:59

Yeah, it's it's that problem of needing

9:02

to you know, these are essential

9:04

services around like power is essential,

9:06

right? Healthcare is essential and

9:09

it what I mean it that leads into a

9:11

whole other realm

9:13

of uh, you know In inheriting technical debt,

9:15

right like taking on technical debt So you

9:18

can keep operations moving over the long term

9:20

and then that turns into this legacy long

9:22

tail Where we're dealing with, you

9:24

know trying to network SCADA systems that were never designed

9:26

for it and building on all that kind of stuff

9:28

so yeah, it really I

9:31

mean at some point You

9:33

I would have thought it was the colonial pipeline attacks, right?

9:35

That would have been the definitive wake-up

9:38

call to be like we need to you

9:40

know Take this on I like

9:43

you said some of the programs for this. I have

9:45

gone away I know ceasa is making a lot of

9:47

initiatives To to more systemically

9:49

address this but it does feel like uh,

9:51

you know drops in a bucket at this point

9:55

Yeah, it's it's just hard. You've got like you said,

9:57

you know in it on the head. You've got these

9:59

systems that weren't designed to do these things that weren't

10:01

supposed to live for 50 years. You don't have anyone

10:03

making new systems to replace it, and

10:05

you've got to have access to do the things they need to do. It's

10:08

a real tough problem. At some point, maybe we'll run

10:10

out of like quarter-inch floppies, and

10:12

then we'll all be forced to move

10:14

on, at least for some of the

10:16

critical infrastructure stuff. So here's hoping. All

10:18

right, before we move on, now we

10:20

have to spend a word and a

10:22

moment with our sponsor for today, Prelude

10:24

Security. 30 minutes or less isn't just

10:26

for pizza delivery. It can be how

10:28

fast you know you're protected against the

10:30

latest threats. Visit preludesecurity.com/threats

10:32

for a free delivery

10:34

of threat-hunting queries, detection

10:37

rules, and security tests

10:39

based on any piece

10:41

of threat intelligence. We

10:43

can review listeners can head

10:46

to preludesecurity.com/threats to upload their

10:48

intelligence and know with certainty.

10:51

That's P-R-E-L-U-D-E,

10:55

security.com/threats. Next

10:59

up here, fresh move it bug under

11:01

attack just hours after disclosure. A

11:04

new high severity vulnerability in move it transfer

11:06

software is being actively exploited just hours after

11:08

it was made public. Researchers determined

11:10

that attackers could exploit the bug by

11:12

using a forced authentication attack with a

11:15

malicious SMB server and a valid username,

11:17

or by impersonating any user on the

11:19

system by uploading their own SSH public

11:21

key to the server without logging in,

11:23

then use the key to authenticate. Ad

11:26

mention move to patch versions as soon as possible.

11:29

I guess table stakes advice there for everybody.

11:31

But Jim, I'm curious, what do you make

11:33

of these two attack vectors? Are they original

11:36

or do they reveal new flaws in the

11:38

design of move it? I'm

11:42

probably pretty sure they've been there. I don't think they're a

11:44

new thing. I just think they found it. They

11:46

took up to give them credit initially. If y'all

11:49

are move it customers, you would have gotten emails

11:51

for weeks before this saying, hey, patch, patch, patch,

11:53

patch. So I have

11:55

to give them credit on that front. What I don't give them credit

11:57

for is they thought it was a 7.5.

12:00

and it was this particular part, but once there's blood in

12:02

the water, people start looking at things, and then it had

12:04

to escalate it to 9.1 when

12:06

they realized there was another third-party component, so the

12:08

patch actually doesn't work to

12:11

mitigate the problem. So, Census actually

12:13

pulled a report, and I think it

12:15

was 2,700 instances online before

12:19

this was released, and then once they came out and said,

12:21

hey, you need a patch, now there's only 1,800 two days

12:23

later. So people are listening to this

12:25

one because of last year's instance

12:28

with the Clop ransomware group. I

12:31

imagine all 1,800 of those are probably healthcare too.

12:33

Yeah, and I know I've received my

12:36

fair share of move-it disclosures over the

12:38

past couple of months here. For sure,

12:40

CCL and the chat had a questionnaire,

12:42

didn't they try to implement their own

12:44

version of SFTP, or

12:47

SFTP, yes. I'm not sure

12:49

on that CCL. I will have

12:51

to look into that. I don't wanna overspeak the

12:53

case for move-it here, but

12:55

yeah, definitely, it's one of

12:57

these things where I feel like this is almost

13:00

on the level of, we

13:02

hear about new specter-level vulnerabilities. Obviously, this is way more

13:04

practical and way more in your face. I feel like

13:06

we're just going to be hearing about this because

13:09

there's such inertia to move off of

13:11

these types of platforms that we're just gonna be hearing about

13:13

this for years to come. Yeah, it's

13:16

a problem, and just in

13:18

the same way that faxing's a problem, right? It's an auto. You

13:21

would think if we're not using FTP, we're using

13:23

faxing and healthcare, and you've gotta move on to

13:25

something, I don't know, crazy, new, secure connections, but

13:30

it goes back to legacy stuff, and it has

13:32

to be out there, it has to be exposed,

13:34

and you better have your lockdown IPs

13:36

right and sourced, not just any rule. All

13:40

right, our next story here. DHS

13:43

aims to streamline clearance approvals to

13:45

increase headcount. As lawmakers

13:47

at a House hearing pointed at

13:49

the federal government's cumbersome, pointed out

13:51

the federal government's cumbersome hiring process

13:53

that has undermined its ability to

13:56

recruit cyber talent. CIO Eric Hyson

13:58

responded that the DHS uses a

14:00

multi-pronged approach included through its cybersecurity

14:02

talent management system and by assessing

14:04

clearance protocols, but that it's looking

14:07

to reduce requirements and expand the

14:09

use of interim clearances at both

14:11

the secret and

14:13

top secret level. This

14:15

solution is just one of many

14:17

proposed to assist with the estimated

14:19

500,000 vacant cyber-related jobs in

14:21

the country. So, Jim, very

14:24

much a tricky situation. You're understaffed. You need

14:26

to be like there's a recognized

14:28

need that we need to staff up bringing talent.

14:31

You don't want to have,

14:33

you want qualified people, but there is a

14:36

clearance process. I guess, how

14:38

do we fill this in without lowering the

14:40

bar too far? I'll

14:42

counterpoint on that. I think your bigger

14:44

national security threat is not filling these

14:46

positions. The

14:50

issue, and I was reading deep into this

14:52

because I can turn your 20 minute show

14:54

into a four hour show about this, but

14:56

the lowering the barrier to entry to cybersecurity,

14:59

the gatekeeping of, I'm going to light Twitter on fire

15:01

here. You don't need a bachelor's degree to do this

15:03

job. You don't need a four year degree. You can

15:05

have great programs. There are great programs out there that

15:07

do it, but

15:10

if you give me a talented, smart,

15:12

capable person, we can teach them this

15:14

stuff. It's not rocket science and the

15:16

99% of the cases, don't get me

15:18

wrong. There's great people out there doing

15:20

all kinds of crazy research

15:22

that's needed in that point. But for

15:24

what Sisa and DHS is talking about

15:27

here, you

15:29

need people that can do full management help with reporting. All

15:32

that is trainable by just competent people. And

15:34

apparently I just lost power. So, Oh, no.

15:36

You can do that out. All right. Yeah.

15:39

But

15:43

it's a problem not to do it. They're

15:46

not restricting people

15:48

from the ability

15:50

to, if they're having, they still

15:52

need to exercise classified materials. They're

15:54

still getting clearances. If

15:56

they are not, then they don't need it. And

15:58

that's what this is. Yeah,

16:01

and I know they've started to do work

16:03

because I have some families

16:05

working in the federal government for years, and I know

16:07

that they have, like, they are

16:09

very strict with harm, like you were

16:12

saying, degrees needed to obtain, you know,

16:14

certain positions, certain levels within

16:16

any different agency. I remember my mom laughing because someone

16:18

got up to a higher grade because they had a

16:21

master's in music, and they were in the Department of

16:23

Justice, but they had a master's degree, so they qualified

16:25

for this position. I know there's

16:27

been some work both on the military and

16:29

in the civilian side to make

16:32

those softer, right, not make those as hard

16:34

requirements, but specifically with cyber. But

16:37

yeah, I hadn't thought about that in terms of, like,

16:39

just looking at purely at a risk proposition,

16:42

right? The risk of not being properly staffed

16:44

versus, you know, the risk of an insider,

16:46

you know, threat of someone not being cleared

16:48

or something like that. I think that's a

16:50

really interesting way to think about that, and

16:52

I would expect nothing less from a CISO.

16:56

But I won't let you sit

16:58

in the dark here too long, Jim, so

17:00

we will finish up with our last story

17:02

here. CDK global outage caused by Black Suit

17:04

ransomware attack. In an

17:06

update to one of last week's biggest stories,

17:09

Believing Computer has learned that the operation behind

17:11

CDK Global's massive IT outage and disruption to

17:13

car dealerships across North America is Black Suit,

17:15

an operation launched in May 2023 and which

17:17

is believed to be

17:20

a rebrand of the Royal Ransomware operation,

17:22

and therefore the direct successor of the

17:24

Conti cybercrime syndicate is just a wonderful

17:26

cybercrime family, really, at this point. If

17:29

you read some of the dark web monitoring

17:31

accounts on X, you'll see that Black Suit

17:33

has been very busy of late. So

17:36

Jim, CDK is starting to look like

17:38

this season's version of change healthcare, but

17:40

I have a specific question here. CDK

17:42

is warning that threat actors are contacting

17:45

dealerships posing as CDK agents or affiliates

17:47

in order to gain access to their

17:49

systems. Kind of a perfect social engineering

17:51

situation, you know, appearing to be the

17:53

helpful company spokesperson

17:55

helping you out in distress. As

17:58

a CISO, how How do

18:00

you prepare for this, especially with such a

18:02

disparate kind of dealership structure that's just kind

18:04

of inherent with how those businesses work? This

18:08

one's tough when you have, like you

18:10

said, thousands of different dealers, different organizations,

18:12

but as a CISO dealing with this change, like

18:14

we had to with the healthcare, change healthcare incident,

18:17

you have to get ahead of things. You have to really

18:19

hope that your senior leadership's with you

18:21

and communicating, allowing

18:24

you to communicate out. Going to

18:26

similar situation as this, the whole

18:28

streamline of our revenue stream was down because of

18:30

the change healthcare as well as most

18:32

of America. These

18:35

car dealerships are dealing with that same problem. You need

18:37

to, you're going to have panic. You're going to have

18:40

a need. Anyone who's offering a branch, they're

18:42

going to be all over it. That's where that

18:44

social engineering comes into play. That's where you as a CISO

18:46

and you as a cybersecurity team need to get in front

18:48

of your CEO and CIOs

18:50

and be like, I need to meet with all

18:52

these different teams and put these communications out like,

18:55

do not trust anyone. Do

18:57

not give them access. It's not us. That's

19:00

just the only way you can really handle that part. All

19:03

right. Well, before we get out of here, one, do recognize,

19:06

we had a comment from Kevin Farrell kind of about our

19:09

federal hiring discussion that says they should

19:11

be able to streamline the clearance process

19:13

for applicants who currently hold public trust

19:15

clearances for sure. That's

19:17

his totally unbiased opinion. So thank you, Kevin,

19:20

for that. Love, love that

19:23

thought. And yeah, I think there's just

19:25

a lot of, I mean,

19:27

there's a lot of, I don't want to call that

19:29

a little thing, but there's a lot of things that

19:31

you could do to, I feel like, make a big

19:33

difference. Of course, if any big bureaucracy, training a battleship,

19:36

roll out your metaphor of choice,

19:39

but speed and alacrity, not exactly

19:41

the federal government's M.O. Before

19:44

we get out of here, Jim, was there any

19:46

story here that was a thumbs up or an

19:48

eye roller for you this week that just kind

19:50

of caught your attention? The

19:52

eye roller was a locked bit claiming to hack the Federal Reserve,

19:56

but it was important to

19:58

look at on that front. Yeah,

20:02

yeah, for sure. And also

20:04

we had just a few

20:06

hours ago, we had kind of

20:08

the revelations that Nobelium, aka

20:10

Cozy Bear, has been attacking

20:12

TeamViewer2. I know we'll be getting

20:14

some coverage on that on cybersecurity headlines.

20:17

So look for that. Lots of,

20:20

listen, it's rough out there for using

20:22

third party software. It's a

20:25

rough time out there for you. Jim,

20:27

is there anywhere we can send people to follow

20:29

you on cyberspace? You had some great insights today.

20:31

Really appreciate it. Where can people follow you online?

20:34

LinkedIn is the best place if you want to reach

20:36

out. And if you have any questions or follow up

20:38

on this, just say, Hey, we talked on the show

20:40

or I saw you on the show and I'm happy to

20:42

get back to you. If you're a CISO on LinkedIn, it's

20:44

all vendors trying to sell you stuff. So please differentiate yourself.

20:46

I won't know it was you. Yeah,

20:48

I just want five minutes of your time. Don't worry, Jim. Yeah,

20:51

exactly. Well, thank you so

20:53

much, Jim Bowie, the CISO at Tampa

20:55

General Hospital. Stay in with us in

20:58

the dark. Shout out to your uninterrupted

21:00

power supply. Hold it down down there.

21:02

That's pretty impressive. And

21:05

thank you also to Jay Walter Smith for

21:07

also rolling your eyes at the

21:10

whole lock bits claim

21:12

on the Federal Reserve. Hey, listen, you can't blame him

21:14

for trying, I guess. I mean, you can blame them

21:16

for like everything else. They're, they seem like they're horrible

21:18

people, but anyway, uh, so glad

21:21

to see you're not alone on that one, Jim. Thanks

21:23

also to our sponsor for today,

21:25

PrayLude Security. You're 30 minutes away

21:28

from peace of mind. Visit them

21:30

at prayludesecurity.com/threats, P R E L

21:32

U D E security.com/threats. Thanks also

21:35

to our audience today. Uh, we

21:37

had some people on LinkedIn and

21:39

YouTube getting in, leaving some comments.

21:42

Always appreciate everybody coming in, throwing

21:44

some questions, some insight and their

21:46

own expertise. We are here every

21:49

single Friday, uh, except for next

21:51

Friday, which is we're taking off for the 4th

21:53

of July. So if you could, you could still

21:56

show up on YouTube and follow the CISO series,

21:58

we just won't be broadcasting. That's okay. We'll

22:00

be back the week after that 3 30 p.m. Eastern

22:04

Most Fridays you can find us here. We always have a fun

22:06

time But you could still get your

22:08

daily news fix except for 4th of July cyber

22:10

security headlines every day six minutes We'll get you

22:12

all cut up a lot of exclusions 4th of

22:14

July. We're celebrating America I

22:16

hope you are too if you're in the US if

22:19

if not just have a fun 4th of

22:21

July until the next time we meet

22:23

I'm rich. Dravolino reminding you to have

22:25

a super sparkly day Cyber

22:30

security headlines are available every weekday head

22:32

to see so series comm for the

22:34

full stories behind the headlines