CyberWire Daily - A farmers market of stolen data.
Episode Date: August 25, 2025Farmers Insurance discloses a data breach affecting over a million people. Agentic AI tools fall for common scams. A new bill in Congress looks to revive letters of marque for the digital age. Cybercr...iminals target macOS users with the Shamos infostealer. New Android spyware masquerades as antivirus to target Russian business executives. CISA seeks public comments on SBOM updates. A major third party electronics manufacturer reports a ransomware attack. Salesforce patches multiple vulnerabilities in its Tableau products. Over 370,000 user Grok conversations were accidentally indexed by Google. Ben Yelin examines the UK’s decision to drop digital backdoor requirements. WIRED gets duped by an AI author. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Ben Yelin from University of Maryland Center for Cyber Health and Hazard Strategies joins to discuss the U.K. dropping ‘back door’ demand for Apple user data. Read the article Ben discusses. If you enjoyed this conversation and want to hear more from Ben, check out our Caveat podcast here. Selected Reading Farmers Insurance Data Breach Impacts Over 1 Million People (SecurityWeek) "Scamlexity": When Agentic AI Browsers Get Scammed (Guardio) Bill would give hackers letters of marque against US enemies (The Register) Fake macOS help sites push Shamos infostealer via ClickFix technique (Help Net Security) New Android malware poses as antivirus from Russian intelligence agency (Bleeping Computer) CISA Requests Public Feedback on Updated SBOM Guidance (SecurityWeek) Electronics manufacturer Data I/O reports ransomware attack to SEC (The Record) Salesforce patches multiple flaws in Tableau Server, at least one critical (Beyond Machines) 370,000 Grok AI chats leaked after being indexed on Google (Cyber Daily) How WIRED Got Rolled by an AI Freelancer (WIRED) Audience Survey Complete our annual audience survey before August 31. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the Cyberwire Network, powered by N2K.
The DMV has established itself as a top-tier player in the global cyber industry.
DMV rising is the premier event for cyber leaders and innovators
to engage in meaningful discussions and celebrate the innovation happening in and around the Washington
D.C. area. Join us on Thursday, September 18th, to connect with the leading minds shaping
our field and experience firsthand why the Washington, D.C. region is the beating heart of
cyber innovation. Visit DMVRising.com to secure your spot.
Risk and compliance shouldn't slow your business down. Hyperproof helps.
helps you automate controls, integrate real-time risk workflows, and build a centralized system of trust so your teams can focus on growth, not spreadsheets.
From faster audits to stronger stakeholder confidence, Hyperproof gives you the business advantage of smarter compliance.
Visit www.hyperproof.io to see how leading teams are transforming their GRC programs.
Farmers insurance discloses a data breach affecting over a million people.
Agentic AI tools fall for common scams.
A new bill in Congress looks to revive letters of mark for the digital age.
Cybercriminals target macOS users with the Shamos Info-Stealer.
New Android spyware masquerades as antivirus to target Russian business.
executives. SISA seeks public comments on S-bomb updates. A major third-party electronics
manufacturer reports a ransomware attack. Salesforce patches multiple vulnerabilities in its
tableau products. Over 370,000 user groc conversations were accidentally indexed by Google.
Ben Yellen examines the UK's decision to drop digital backdoor requirements, and Wired gets
duped by an AI author.
It's Monday, August 25th, 2025.
I'm Dave Bittner, and this is your Cyberwire Intel briefing.
Thanks for joining us here today.
It's great as always to have you with us.
Farmer's insurance disclosed a data breach affecting more than one million people after a third-party vendor reported unauthorized access to its database on May 30th.
The company, which serves about 10 million U.S. households, confirmed that attackers stole customer data, including names, addresses, dates of birth, driver's license numbers, and partial social security numbers.
Farmers' New World Life Insurance reported 40,000 impacted individuals, while Farmers Group and
affiliates reported over a million. The insurer clarified it was not directly targeted,
but was affected through its vendor. Farmers, a subsidiary of Zurich Insurance Group,
has not disclosed the vendor's identity or whether ransomware was involved.
The investigation is ongoing, and the company has filed breach notifications with state
regulators.
AI-powered browsers are moving from concept to reality, with agentic AI tools going beyond
search and automation, performing tasks like shopping and handling emails autonomously.
But convenience comes with major risks.
AI browsers inherit AI's weaknesses.
They act without skepticism, trust too easily, and can be manipulated.
Tests by Gardio Labs on comments.
showed it falling for basic scams, buying from a fake Walmart site and clicking fishing links
from bogus bank emails, sometimes even auto-filling payment data. More advanced risks stem from
prompt injection attacks like prompt fix, where hidden instructions trick the AI into harmful
actions, such as downloads or data leaks. The threat is clear. Scammers no longer need to fool
people, only their AI. Without built-in guardrails, AI browsing turns everyday convenience into a new
scam attack surface. A new bill in Congress would revive an old naval practice for the digital age.
Arizona Republican David Swikert introduced the Scam Farms Mark and Reprisal Authorization Act of 2025,
which would let the president issue letters of Mark to commission U.S. cyber-privateers.
Once used during the War of 1812 to authorize private ships against British vessels,
these letters would now target cybercriminals and even foreign governments behind online attacks.
Swikert argues current defenses lag behind fast-growing cybercrime,
which cost Americans over $16 billion last year, the highest in 25 years.
His office says sanctioned hackers could seize assets, defend infrastructure,
and deter future attacks.
Critics caution, foreign governments may see this as an escalation.
The bill's future is uncertain, but it raises a provocative question.
Can 19th century tactics work against 21st century digital predators?
Cybercriminals are targeting macOS users with the Shamos InfoStealer,
disguised as technical help.
According to CrowdStrike, attackers ran a campaign from June through August of
this year using malvertising and fake support sites. Victims searching for fixes were tricked
into running a one-line terminal command, a click-fix technique that bypasses Apple's gatekeeper
protections. Once installed, Shamos collects credentials, Apple Notes, keychain data, browser info,
and cryptocurrency wallets, exfiltrating them in a zip archive. It also installs a spoofed ledger
wallet, a botnet module, and persistence mechanisms. In a parallel campaign, Shamos was spread
via a fake GitHub page offering I-Term 2. ClickFix, first seen in late 2024, has surged in
popularity across macOS, Windows, and Linux due to its simplicity and reliability, making it a
favored tool for both cybercriminals and APT groups. A new Android spyware is masquerading as an antivirus
app to target Russian business executives, according to Dr. Webb.
Active since January, the malware mimics tools branded as GuardCB or Security FSB falsely linked
to Russia's FSB.
Once installed, it requests extensive permissions, enabling it to exfiltrate SMS, contacts
and files, log keystrokes, activate the camera or mic, and stream the screen.
the fake app simulates scans to appear legitimate.
Researchers note continuous development
with multiple versions designed exclusively
for Russian-speaking victims.
Sisa has released draft guidance
updating the minimum elements
for a software bill of materials
and is seeking public comment until October 3rd.
Building on the 2021 NTIA framework,
the update reflects advances
in software supply chain security
and transparency. S-bombs list software components, enabling organizations to spot vulnerabilities
and manage risks. The guidance defines three key areas, data fields, automation support,
and practices and processes, and emphasizes machine-readable formats like S-P-D-X and
Cyclone-D-X. It also covers S-bomb use in cloud and AI software, and stresses integrating S-bombs
into development life cycles.
Data I.O., a Redmond-based electronics manufacturer,
reported a ransomware attack that began August 16th,
disrupting, shipping, manufacturing, and production systems.
The company, which supplies tech for vehicles,
charging stations, and consumer devices,
serving clients like Tesla, Panasonic, Amazon, and Microsoft,
filed notice with the SEC,
warning of potential material financial impact.
containment steps include taking systems offline while a third party investigates.
No restoration timeline has been set.
Data I.O. is the second firm in the last week to disclose ransomware to the SEC
amid rising attacks on the manufacturing sector.
Salesforce has patched multiple vulnerabilities in Tableau Server and Tableau Desktop,
including a critical type confusion flaw that could let attackers execute
malicious code. Other flaws allow path traversal and arbitrary file rights, potentially leading to
full compromise of tablo instances. Multiple versions are affected. Salesforce urges all customers,
especially those with external facing servers, to upgrade immediately to protect against
account hijacking, insider threats, and malware-driven attacks.
Forbes reports that 370,000 user conversations
were accidentally indexed by Google
and made publicly searchable
due to the share feature
in XAI's GROC.
The feature was intended for private sharing
via link, but did not warn users
their content could be exposed to search engines
like Google or Bing.
Some conversations contained personal data
such as names, files,
spreadsheets, and even a password.
Others included prohibited requests
from drug recipes to malware,
coding. Google clarified that publishers, not search engines, control indexation. XAI prohibits
using GROC for harmful purposes, though violations were evident. The issue mirrors similar incidents,
including chat GPT conversations and Google Drive documents becoming searchable through public link
sharing, highlighting ongoing risks in how share features handle user data.
Coming up after the break, Ben Yellen examines the UK's decision to drop digital backdoor requirements
and Wired gets duped by an AI author. Stay with us.
Compliance regulations, third-party risk, and customer security demands are all growing and changing fast.
Is your manual GRC program actually slowing you down?
If you're thinking there has to be something more efficient than spreadsheets, screenshots, and all those manual processes, you're right.
GRC can be so much easier.
And it can strengthen your security posture while actually driving.
revenue for your business.
You know, one of the things I really like about Vanta is how it takes the heavy lifting
out of your GRC program.
Their trust management platform automates those key areas, compliance, internal and third-party
risk, and even customer trust, so you're not buried under spreadsheets and endless manual
tasks.
Vanta really streamlines the way you gather and manage information across your entire business.
And this isn't just theoretical.
A recent IDC analysis found that compliance teams using Vanta are 129% more productive.
It's a pretty impressive number.
So what does it mean for you?
It means you get back more time and energy to focus on what actually matters,
like strengthening your security posture and scaling your business.
Vanta, GRC, just imagine how much easier trust can be.
Visit Vanta.com slash cyber to sign up today for a free
demo. That's V-A-N-T-A-com slash cyber.
You can get protein at home, or a protein latte at Tim's. No powders, no blenders, no shakers.
Starting at 17 grams per medium latte, Tim's new protein lattes, protein without all the work,
at participating restaurants in Canada.
It is always my pleasure to welcome back to the show. Ben Yellen. He is from the University of Maryland Center for Cyber Health and Hazard Strategies and also my co-host on the caveat podcast. Ben, welcome back.
Thanks, Dave. So I've been seeing some privacy advocates have been crowing and celebrating that...
There are parades in the streets and privacy land. Yeah, that the UK has pulled back on some requirements when...
When it comes to Apple encryption in I-Chat,
describe to us what's going on here, Ben.
Yes, this is another dispatch from the encryption wars
that have been going on forever
and probably will go on forever.
So earlier this year in January,
the government in the United Kingdom issued an undisclosed order,
demanding that Apple create a way for them to retrieve
all of the content any user worldwide
has uploaded to its cloud service.
There was also a gag order that went along,
with this regulation, which meant that Apple wasn't allowed to talk about that, lest they face
legal penalties.
So everything we know about this law has been leaked from one source or another, but it
presented a lot of concern, not just in the United Kingdom, but around the world.
The Apple Cloud Service relies on that security as a major selling point to its customers.
They have advanced data protection, which those of us who use.
use the ICloud rely on to make sure that our data is safe. Apple responded to this by, as you
would expect, not being very happy about it. They rolled back their most advanced data protection
feature for the new ICloud users in the UK in February. And there was a lot of international
pushback against, well, this was called, I think, technically a technical capability notice
issued by the British Home Office to Apple. And there was an outcry here.
in the United States. Members of both political parties in Congress wrote a letter to our
Director of National Intelligence, Tulsi Gabbard, expressing their concern that U.S. persons' data
could be vulnerable to this backdoor in the United Kingdom. So the U.K. has abandoned its
plan to require this backdoor on behalf of Apple. They have backed away from this. This was announced
publicly over X-Twitter by our Director of National Ingram.
intelligence. She said that this was a major priority, not just the president, but also
vice president, Vance, something that he's cared about significantly to ensure our constitutional
rights and civil liberties are protected. So another victory for privacy advocates in the
encryption wars, I think for years, going back to the Apple FBI, Bruhaha in 2020, there's just
been this long-run fight about governments demanding or requesting back doors to user data,
and Apple, which prides itself on its privacy features, pushes back hard, and they're coming
out on top. Yeah. What about the possibility that something like this exists with other
countries? Like, this could have gone through with the UK government and none of us ever known
it, right? Right. Yeah, I mean, probably the fact that it's a relatively small D democratic government
and there are probably unnamed bureaucrats involved in enforcement of this who are leaking information
to the press, like that might not exist in other countries around the world. I think that's something
that we all need to be very cautious about. Apple, again, we don't know everything that it does
or how it responds to every order of this type, but just given their history in standing up for
privacy against some of the most powerful governments in the world and the fact that, you know,
they say to their customers, your data is safe even from us. Because of our encryption, because
of our advanced data protection, we have no access to your information. And it will always be that
way. I think that can give people a certain level of confidence. But again, I don't know what's
happening in China and Russia. Right. Right. And Apple has made concessions to the Chinese government.
They sure have.
Yeah. So, yeah, there's certainly reasons to be, to be skeptical, but I think this is a feather in the cap of privacy advocates.
The fact that this was happening in, like, a prominent Western democracy, I think gave extra fuel to the fire for privacy advocates to say, like, hey, if we believe in data privacy, this should not be happening in a country like the UK, and the UK apparently responded.
Yeah. I'd take the win, right?
Yeah, take the W.
exactly. Don't ask too many questions, Dave. Okay, fair enough. All right, Ben Yellen is from the University of
Maryland Center for Cyber Health and Hazard Strategies and also my co-host over on the caveat podcast. Ben,
thanks so much for joining us. Thank you.
Now we'd love to hear from you.
Your voice can help shape the future of N2K networks.
Tell us what matters most to you by completing our annual audience survey.
Your insights help us grow to better meet your needs.
There's a link to the survey in our show notes.
We're collecting your comments through August 31st.
Thanks.
Bankmore oncours when you switch to a Scotia Bank banking package.
Learn more at Scotia Bank.
Bank.com slash banking packages.
Conditions apply.
Scotia Bank, you're richer than you think.
As a BMO Eclipse Visa
Infinite Cardholder, you don't just earn
points. You earn
five times the points. On the must-haves
like groceries and gas, and little extras
like takeout and ride share. So you build
your points faster. And then you can
redeem your points on things like travel
and more. And we could all use
a vacation. Apply now and get
up to 60,000 points.
So many points. For more
visit bemo.com slash eclipse visit us today terms and conditions apply and finally as we often say over on the
hacking humans podcast no one is immune from the occasional scam even wired the tech magazine that prides itself on dissecting
a i's every flaw got duped back in april an editor received was
but looked like a pitch tailor-made for the publication,
titled, Do You Take This Discord Server, The Rise of Hyper-Niche Internet Weddings?
It ticked all the wired boxes, quirky subculture, smart cultural angle, and internet weirdness to spare.
The editor assigned it, the writer played along, and by May 7th the piece was live on Wired's website.
Then things unraveled.
The writer couldn't clear Wired's payment system,
insisting on PayPal or a paper check instead.
That raised eyebrows.
A deeper look confirmed the worst.
The article was AI generated, the byline of fabrication.
Wired retracted the story and published an editor's note,
admitting lapses in fact-checking and editorial review.
The irony was hard to miss.
A leading watchdog of AI misinformation fell victim to the very thing it warns about.
Again, it could happen to any of a.
us. So an empathetic tip of the hat to Wired for owning up to the mistake so others may learn from it.
And that's the CyberWire. For links to all of today's stories, check out our daily briefing at the CyberWire.
Don't forget to check out the Grumpy Old Geeks podcast where I contribute to a regular segment on Jason and Brian's show every week.
You can find Grumpy Old Geeks where all the fine podcasts are listed.
We'd love to hear from you.
We're conducting our annual audience survey to learn more about our listeners.
We're collecting your insights through the end of August, so there's only a few more days.
There's a link in the show notes.
N2K's senior producer is Alice Caruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester
with original music by Elliot Peltzman.
Our executive producer is Jennifer Ibin,
Peter Kilpe as our publisher,
and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow.
Thank you.