CyberWire Daily - All eyes on AI.

Starting point is 00:00:00 You're listening to the Cyberwire Network, powered by N2K. AI is making fishing attacks faster, more convincing, and harder for people to spot, and traditional security awareness and fishing training weren't designed for this level of attack. Hawkshunt helps security teams prepare employees for the attacks they face every day, with personalized fishing training that adapts to each employee and reduces risky behavior over time. For IT and security leaders looking to strengthen their human layer of defense without adding more manual work, visit hoxhunt.com slash cyberwire to learn more. That's H-O-X-H-U-N-T.com slash cyberwire. Five Eyes warns that AI could supercharge cyber attacks within months.

Starting point is 00:01:08 Tata Electronics confirms breach as stolen data allegedly includes Apple and Tesla documents. Researchers publish new analysis affordably. Gizmodo Breach exposes readers to click-fix malware campaign. Boot ROM exploit can bypass Apple's secure ROM. Scattered spider members plead guilty in the UK. Attackers exploit gravity SMTP flaw to harvest secrets from WordPress sites. Executive order accelerates federal shift to post-quantum cryptography. Dave Bittner sits down with Ellen Bame,

Starting point is 00:01:39 the senior vice president of IoT Strategy and Operations at Key Factor. to discuss NIST's progress in its PQC efforts and keeping tabs on the tabkeepers. Today is Tuesday, June 3rd, 26. I'm Maria Varmazis in for Dave Bittner, and this is your Cyberwire Intel Briefing. And first off, we start with a correction. Yesterday's podcast incorrectly stated that Relya Quest was a victim of the Clue-Suppai-Chain attack campaign. ReliaQuest discovered the attack and reported it to Clue, but the company itself does not use Clue and was not affected. We apologize for the error. Let's dive into our Intel briefing now.

Starting point is 00:02:41 First up, the Five Eyes Intelligence Alliance, made up of the United States, United Kingdom, Canada, Australia, and New Zealand, is warning that the next generation of AI models could dramatically reshape the cyber threat landscape in a matter of months, not years. In a rare joint statement, officials said, so-called frontier AI models are expected to accelerate both offensive and defensive cyber capabilities, enabling attackers to identify vulnerabilities, develop exploits, and conduct sophisticated operations at unprecedented speed. The Alliance urged organizations to focus on cybersecurity fundamentals, including rapid patching, reducing unnecessary internet exposure, and strengthening resilience

Starting point is 00:03:22 before AI-driven attacks become more common. At the same time, the agencies encourage defenders, to adopt AI tools of their own to improve threat detection and incident response. And in related news, a new report is fueling debate over the cybersecurity capabilities of advanced AI systems. According to remarks attributed to Senator Mark Warner, NSA officials described a red team exercise in which Anthropics experimental mythos model was able to compromise almost all targeted classified systems in hours rather than weeks. The claim has circulated widely, though outside experts caution that the statement lacks public technical details and may oversimplify what occurred in a controlled testing environment.

Starting point is 00:04:07 Tata Electronics, a major supplier to Apple and Tesla, has confirmed a cybersecurity incident affecting some of its systems after threat actors claim to have stolen more than 630 gigabytes of data. Researchers who reviewed the leak say it contains over 200,000 files, including what appear to be Apple manufacturing specifications, Tesla, engineering documents, employee records, emails, and operational data. Tata says the breach has not disrupted business operations, while Apple is reportedly investigating. Soc Radar yesterday published an updated analysis of the Ford of Lead campaign that's targeted

Starting point is 00:04:42 more than 430,000 Fortinette Fortigate devices since February 26. Sock Radar attributes the operation to a financially motivated initial access broker or IAB, likely based in Russia. The threat actor first gains administrative access to the Fortigate firewalls via credential stuffing and brute force attacks, then deploys a tool dubbed Fortigate Sniffer, which is designed to collect clear text and hashed credentials from traffic passing through compromised devices.

Starting point is 00:05:13 Sock Rader says that this tool abuses the Fort iOS-diagnose Sniffer Packet command across 24 protocols, distributed GPU cracking through Hashtopoulos and Hashcat, and Session Cookie Replay for persistent access. Socrator found that the Forde Bleed campaign used Fortigate Sniffer and other tools to harvest more than 110 million credentials. Visitors to the technology news site Gizmodo were briefly exposed to a click-fix malware campaign after attackers compromised the publication's content management system.

Starting point is 00:05:46 The malicious code displayed fake verification prompts that attempted to trick readers into copying and running commands on their own computers, which is a hallmark of the increasingly popular ClickFix social engineering technique. His motto removed the malicious content after discovering the compromise. Researchers at Paradigm Shift have disclosed a new exploit affecting Apple's secure ROM,

Starting point is 00:06:08 which is the foundational code of Apple's secure boot chain on iPhones, according to a new report from Security Week. The exploit dubbed USB Lighter 8 chains a hardware bug in the USB controller and a configuration flaw in the device firmware. The exploit is effective against iPhones with A12 and A13 chips, including iPhone XS, XR, and 11. That said, an attacker would need physical access to a device

Starting point is 00:06:33 in order to run the code, and the exploit itself does not grant access to user data due to Apple's SEP or secure enclave processor, offering an additional layer of protection. The researchers say that the exploit does not affect SEP itself, but it opens up wider attack vectors to compromise the secure enclave. Security Week notes that such an exploit could be useful for forensic vendors. Two British men, 20-year-old Talha Joubert from East London

Starting point is 00:07:03 and 18-year-old Owen Flowers from the West Midlands, pleaded guilty yesterday to their involvement in the scattered spider criminal gang, according to the record. The two were arrested in 2024 following a notable cyber attack against transport for London. The UK's National Crime Agency said in a statement, the pair compromised transport for London or TFL's network, forcing all 28,000 employees to attend a TFL office for a password reset. The organization suffered a reported 29 million pounds in loss and recovery costs.

Starting point is 00:07:36 Data from TFL's oyster refunds system was accessed, and the incident also affected TFL's customer refund system, leaving some out of pocket for much longer than usual. It also closed down the application system for oyster photo cards for children and young people. Word fences warning that attackers are actively exploiting a vulnerability in the Gravity SMTP WordPress plugin, which is installed on roughly 100,000 websites. The flaw, tracked as CVE 264020, allows unauthenticated attackers to access detailed system reports containing server information, plugin inventories, and potentially sensitive critical.

Starting point is 00:08:16 including API keys and authentication tokens. Researchers have observed millions of exploitation attempts in recent weeks. Site administrators are being urged to update to Gravity SMTP version 2.1.5 or later, rotate any exposed credentials, and review logs for signs of compromise. President Trump has signed an executive order aimed at speeding the U.S. government's transition to post-quantum cryptography, recognizing the growing threat that future quantum computers could pose to today's encryption standards. The order moves up federal migration timelines, with key government systems expected to adopt quantum-resistant cryptography by 2030 and 2031. It is part of a

Starting point is 00:08:59 broader push that also includes investments in quantum computing and quantum sensing technologies. After the break, Dave Bittner welcomes Ellen Bame, senior vice president of IoT strategy and operations at Key Factor, for a discussion on NIST's post-es, post-es, quantum cryptography efforts. And keeping tabs on the tabkeepers, stay with us. When it comes to mobile application security, good enough is a risk. A recent survey shows that 72% of organizations reported at least one mobile application security incident last year, and 92% of responders reported threat levels have increased in

Starting point is 00:09:57 the past two years. Guard Square delivers the highest level of security for your mobile apps without compromising performance, time to market, or user experience. Discover how Guard Square provides industry-leading security for your Android and iOS apps at www.gardsquare.com. What's the one thing in business that's spreading as fast as AI? AI risk. Every new tool your team signs up for, every vendor that turns on AI features, every new integration, each one creates another opportunity for something to go wrong. And most security programs just weren't built for AI's pace of growth. Enter Vanta. Vanta is the number one agentic trust platform, used by more than 16,000

Starting point is 00:10:54 fast-moving companies like RAMP, Cursor, and Harvey to help ensure they're always audit-ready. And now, Vanta is helping companies watch for the risks that show up between audits, across vendors, AI tools, and their entire environment. The Vanta-A-Tools. agent works like a 24-7 GRC engineer in the background, finding issues, drafting fixes, and cutting vendor assessment time by up to 50%. Whether you're a fast-growing startup or a global enterprise, Vanta is here to help you automate your security and compliance and earn and prove trust. Get started today at vanta.com slash cyber. That's V-A-N-T-A-com slash cyber. Recently, Dave Bittner sat down with Ellen Bame,

Starting point is 00:11:52 Senior Vice President of IoT Strategy and Operations at Key Factor, for a discussion on NIST's post-Quantum cryptography efforts and the path to quantum readiness. Here's their conversation. So today we're talking about a report that NIST recently put out, talking about cybersecurity and privacy, and specifically some of the post-quantum efforts there. Can we start off with some high-level stuff?

Starting point is 00:12:19 In your estimation, where do we find ourselves in this particular moment when it comes to our readiness and preparedness for this coming quantum wave? So this is quite a timely topic. And I've been speaking to several of our customers about it over the past few months as we continue to get closer to the impending Q-day, which timelines have been, 2029, 2030. It's really not that far away, given where we are today and the work that we need to do to prepare for that event. So I'm excited to be having more of those conversations with customers because they realize that this isn't just something we're talking about anymore. It's, we're actually taking the initial steps in terms of getting ready for it. And I think people have move past the fear and that sort of messaging, you know, about, oh, that the world will end

Starting point is 00:13:26 type of thing, a little bit of like the Y2K fear factor. We all know that this is going to be a real thing. And so it's, it's, I'm encouraged to see that now we're taking some action on it as opposed to just continuing to talk about it as something far out in the future. Well, this report from NIST, what were some of the things in it that caught your attention? So I'm encouraged to see, you know, there's real timelines here talking about migration. There's recommendations specifically on where to start. And this is very practical in my opinion because it starts with discovery and inventory and understanding what you have within your enterprise.

Starting point is 00:14:12 So if I was to give one piece of advice and this is again supported in the document is have a plan to be able to understand what you currently have in your enterprise. And then we can start to figure out how to migrate. So I know it sounds pretty basic, but many enterprises have thousands of applications. They have multiple teams that have stood up environments over time. And there is a lot of legacy cryptographic pieces. that exist within all of that to run the enterprise, to run the operations as they exist today. And so it's going to take time to discover that.

Starting point is 00:14:57 So if you haven't yet, figure out a team who should be responsible for that activity and then at least start to come up with a plan for how we're going to prioritize the inventory piece of it as step number one. What do you suppose this is going to look like for the typical or? organization. I mean, am I right in imagining that there are some devices that people have as part of their infrastructure that are simply going to be left behind? Yes, that's a great point. I mean, is it possible to catch everyone and be 100% perfect? I think the answer is no, even though some of us want to be just like having perfect homes like we were talking about

Starting point is 00:15:40 earlier, having everything in order, all the dishes put away. But it's not a point in time. event, right? Yes, the day when the computer can break the current algorithms that we have is going to be a point in time, but our ability to be able to remediate and update and have that ability to replace our cryptography with something stronger is going to be a forever activity. So it's more of a let's start with what you have now that is the highest, priority applications that is likely tied to your, how your business makes money and use that as a way to start to chip ice off of that block and move down that path of having everything being able to be swapped out to stronger crypto based on the priorities of your business.

Starting point is 00:16:39 So for the security folks in our audience, I mean, does this come down to, in part, a conversation and with leadership about their appetite for risk when it comes to these things? 100%. And that's a very important talk track that we're having with several of our security leaders and PKI customers because there's competing priorities for sure when it comes to the board,

Starting point is 00:17:08 when it comes to the executive staff, the CSO, looking at, okay, well, I've got AI, and I have these other sort of business transformation initiatives and they all take money and here's this event of post-quantum readiness. How do I prioritize that against all these other pieces that I need to be funding and I need to be building programs around? I think it's very important to be able to quantify that business case in terms of, again, risk to outages of systems,

Starting point is 00:17:44 risk because perhaps something could be hacked into or because the encryption is really just just a it's broken and or once it's it you know an actor can get inside then data is stolen so then there's data loss or just lack of business continuity so i think he trying to take some of those actions which when a post quantum computer can break that encryption and then think about what would happen on the negative side, that's how you start to have the conversation. And it's not just, oh, we're going to increase our level of cyber insurance, because that's more of just a band-aid, I think, on top of it. It's how do we actually go in and secure these systems because we know it's the right thing to do.

Starting point is 00:18:36 I'm curious, you know, in your comings and goings with the customers that you speak with in the circles that you're in. Do you come across folks who are just skeptical about this whole thing, who just kind of turn their nose up and say, yeah, I don't think this is really going to be a problem? There always is. And part of it, I think, is because people like to debate and have different opinions, which is great.

Starting point is 00:18:59 That's what moves us forward when we're all thinking differently and not in the same way. We have, if you think about encryption over time, there are still systems, and cryptographic assets within enterprises today that are using Shaw 1. And I know I've heard my CTO talk about the migration from Shaw 1 to stronger algorithms.

Starting point is 00:19:25 And that took 10 years of time. And even though the world didn't stop working because we didn't move everything over. So you have those types of arguments to say, well, this is just the next ever. of us having to migrate to a better, stronger math. There will be people that say this isn't going to be that bad, but I feel like the pace of technology and the exponential growth of, you know, what these computers will be able to do and the critical infrastructure that we have now that is

Starting point is 00:20:01 becoming more and more connected, I think could make this a bigger impact than transitions that we've had in the past. The other piece that's new, and this is all happening at the same time, right, is the impact of AI. And AI agents are being created. They are being taught. They are learning on their own. They're capable to take actions and make decisions. And that is a whole different set of people. And I would say people. They're things, right? But we used to have people that were attackers and now we have, I don't know, what's in order of magnitude more of AI attackers that we have anybody's guess. So that's also what's different. That's also what's happening right now. And two years ago, that wasn't the case. Like, 2023, you know, where we're using AI agents the way

Starting point is 00:20:53 we are using them today. Not at all. It's that has, that has hugely changed the risk landscape and why we need to think about this more more seriously right now. Most environments trust far more than they should, and attackers know it. Threat Locker solves that by enforcing default deny at the point of execution. With Threat Locker Allow listing, you stop unknown executables cold. With ring fencing, you control how trusted applications behave, and with Threat Locker DAC, defense against configurations, you get real assurance that your environment is free of misconfigurations,

Starting point is 00:21:37 and clear visibility into whether you meet compliance standards. threat locker is the simplest way to enforce zero-trust principles without the operational pain. It's powerful protection that gives CSO's real visibility, real control, and real peace of mind. Threat Locker make zero-trust attainable, even for small security teams. See why thousands of organizations choose Threat Locker to minimize alert fatigue, stop ransomware at the source, and regain control over their environments. Schedule your demo at Threatlocker.com slash end. N2K today.

Starting point is 00:22:13 Hey y'all, it's Kelly Clarkson with Wayfair. Ever order furniture online and wonder, what if? Like, what if it doesn't hold up? That sofa was four days old. You should have ordered from Wayfair. With Wayfair, there's no what if. Just style you love and quality you can trust. Visit Wayfair.ca.

Starting point is 00:22:31 Wayfair, every style, every home. And finally, a story that asks an uncomfortable question. If facial recognition can identify your critics, what else can it do? Well, according to documents exposed in a recent data breach, Madison Square Garden maintained a file called Facial Recognition Activists. Doc X that tracked several prominent critics of the venue's facial recognition program.

Starting point is 00:23:02 The document reportedly included background information, social media handles, quotes from media interviews, and screenshots of posts criticizing MSG's use of the technology. Now, MSG, and that's Madison Square Garden, to be clear, has used facial recognition technology since 2018, and the system has been previously used to identify people entering the venue and deny entry to certain individuals,

Starting point is 00:23:28 including lawyers connected to firms involved in litigation with the company. The leaked document suggests that the venue was also keeping tabs on some of the people most vocal about opposing the practice. Now, for privacy advocates, this is the kind of revelation that reinforces a long-standing concern. that once surveillance technology is in place, questions inevitably follow about how that information is being used and who ends up on the list,

Starting point is 00:23:56 because it is one thing for facial recognition to recognize your face. But it's another thing entirely when it appears to recognize your Twitter account, your media quotes, and apparently also your position on biometric surveillance. And that's the Cyberwire Daily, brought to you by N2K Cyberwire. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your podcast app. Please also fill out the survey and the show notes or send an email to Cyberwire at N2K.com.

Starting point is 00:24:44 N2K's lead producer is Liz Stokes. We are mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibn. Peter Kielpe is our publisher, and I'm host Maria Vermazes in for Dave. Vittner this week. Thank you for listening. We'll see you tomorrow.

CyberWire Daily - All eyes on AI.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.