CyberWire Daily - Balancing budget cuts and cybersecurity.
Episode Date: March 14, 2025The White House is urging federal agencies not to lay off cybersecurity teams. Google doesn’t deny receiving a secret legal order from the UK government. Microsoft researchers identify a simple meth...od to bypass AI safety guardrails. Scammers are impersonating the Clop ransomware gang. Cisco issues security advisories for multiple IOS XR vulnerabilities. CISA warns of multiple ICS security issues. A LockBit ransomware developer has been extradited to the U.S. GCHQ’s former director calls for stronger cybersecurity collaboration. Rick Howard and Kim Jones pass the mic for the CISO Perspectives podcast. Sniffing out Stingrays. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have Dave speaking with Rick Howard, a friend of the show, and Kim Jones, a veteran CISO, educator, and expert in the field, as Rick passes the mic to Kim for a brand new season of CISO Perspectives, formerly CSO Perspectives. Selected Reading White House instructs agencies to avoid firing cybersecurity staff, email says (Reuters) Elon Musk Made Visit to U.S. Spy Agency (Wall Street Journal) Google refuses to deny it received encryption order from UK government (The Record) New Context Compliance Exploit Jailbreaks Major AI Models (GB Hackers) Fraudsters Impersonate Clop Ransomware to Extort Businesses (Infosecurity Magazine) Cisco Warns of IOS XR Software Vulnerability Let Attackers Trigger DoS condition (Cyber Security News) CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits (Cyber Security News) LockBit Ransomware Developer Extradited to US (SecurityWeek) Cyber Industry Falls Short on Collaboration, Says Former GCHQ Director  (Infosecurity Magazine) Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying (Electronic Frontier Foundation) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
We've all been there.
You realize your business needs to hire someone yesterday.
How can you find amazing candidates fast?
Well, it's easy.
Just use indeed.
When it comes to hiring, Indeed is all you need.
Stop struggling to get your job post noticed.
Indeed's Sponsored Jobs helps you stand out and hire fast.
Your post jumps to the top of search results, so the right candidates see it first.
And it works.
Sponsored jobs on Indeed get 45% more applications than non-sponsored ones.
One of the things I love about Indeed is how fast it makes hiring.
And yes, we do actually use Indeed for hiring here at N2K Cyberwire.
Many of my colleagues here came to us through Indeed.
Plus, with sponsored jobs there are no subscriptions, no long-term contracts.
You only pay for results.
How fast is Indeed?
Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed, according
to Indeed data worldwide.
There's no need to wait any longer.
Speed up your hiring right now with Indeed.
And listeners to this show will get a $75 sponsored job credit to get
your jobs more visibility at indeed.com slash cyber wire. Just go to indeed.com slash cyber
wire right now and support our show by saying you heard about indeed on this podcast. Indeed.com
slash cyber wire. Terms and conditions apply. Hiring, indeed, is all you need.
The White House is urging federal agencies not to lay off cybersecurity teams.
Google doesn't deny receiving a secret legal order from the UK government.
Microsoft researchers identify a simple method to bypass AI safety guardrails.
Scammers are impersonating the Klopp ransomware gang.
Cisco issues security advisories for multiple iOS XR vulnerabilities.
CISA warns of multiple iOS XR vulnerabilities.
CISO warns of multiple ICS security issues.
A Lockbit ransomware developer has been extradited to the US.
GCHQ's former director calls for stronger cybersecurity collaboration.
Rick Howard and Kim Jones pass the mic for the CISO Perspectives Podcast.
And sniffing out stingrays.
It's Friday, March 14th, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing.
We begin today with a quick correction.
Earlier this week, we reported on a security advisory from CISA highlighting vulnerabilities
from Avanti and Veracore.
I misspoke, tagging Veracode in our reporting instead of Veracore.
We regret the error and appreciate the kind note from the fine folks at Veracode bringing
it to our attention.
Turning to today's news, the White House is urging federal agencies not to lay off
cybersecurity teams as they submit budget cut plans.
U.S. Federal CIO Greg Barbaccia emphasized in an email that cybersecurity is national
security and should be protected.
The warning comes amid concerns that deep budget cuts mandated by President Trump and
adviser Elon Musk could weaken national cyber defenses.
Former NSA cybersecurity director Rob Joyce warned that mass layoffs would be devastating.
The Musk-led Department of Government Efficiency has also drawn criticism for granting unusually
broad access to sensitive government
data.
At the Social Security Administration, officials raised alarms about the security risks posed
by Doge.
Meanwhile, the Department of Homeland Security's CISA has already lost over 130 positions as
of mid-February.
Elon Musk reportedly visited the NSA on Wednesday,
meeting with leadership to discuss staff cuts and operations.
The NSA, a key player in U.S. cybersecurity and home to Cyber Command,
is under Musk's scrutiny as he pushes for government downsizing.
His visit signals potential changes to intelligence and cyber operations.
While Musk recently called for an NSA overhaul, he hasn't detailed specific reforms.
Intelligence officials are bracing for swift changes that could impact national cybersecurity.
Google has refused to deny receiving a secret legal order from the UK government,
raising concerns among US lawmakers.
A bipartisan group in Congress fears that British authorities may be demanding access
to encrypted messages from US tech companies.
This follows reports that Apple received a similar order, known as a technical capability
notice, which it is reportedly contesting in a closed court
hearing.
Lawmakers criticize the secrecy surrounding these orders, arguing it hinders congressional
oversight and threatens Americans' privacy.
Under the UK's Investigatory Powers Act, companies that receive a technical capability
notice are barred from confirming it.
Experts, including from Britain's intelligence community,
have called for more transparency,
with academics warning that the government's refusal
to clarify the situation is unsustainable
and unjustifiable.
Microsoft researchers have identified a simple,
yet effective method to bypass AI safety guardrails called the context
compliance attack or CCA. Unlike complex prompt engineering techniques, CCA
manipulates AI systems by injecting fabricated conversation history, making
them perceive restricted content as a legitimate follow-up request. This
vulnerability affects major AI models including GPT, Cude, Lama, and Gemini, highlighting
a fundamental flaw in systems that rely on client-supplied chat history.
Open-source models are especially vulnerable as they cannot verify message authenticity.
While stateless architectures improve scalability, they also allow attackers
to manipulate context. Microsoft suggests mitigating this risk through cryptographic
signatures and server-side conversation tracking. The attack's effectiveness underscores the need
for a more comprehensive AI security strategy beyond traditional input filtering. Microsoft has made CCA available for research via its pirate toolkit.
Barracuda researchers warn that scammers are impersonating the
Klopp ransomware gang to extort businesses.
Unlike real Klopp attacks, fake extortion emails lack key elements
like payment deadlines, secure chat links,
and company names. These scams reference media reports about actual clot breaches to seem
legitimate. Similar fraud tactics have been seen with B&Lian ransomware impersonations.
Cisco has issued security advisories for multiple iOS XR vulnerabilities, highlighting a critical
BGP Confederation memory corruption flaw with a CVSS score of 8.6.
The bug allows remote attackers to cause denial of service by sending crafted BGP updates
containing excessively long as confed sequence attributes.
This impacts multiple versions.
Cisco has released patched versions
and provided a workaround for restricting AS path lengths.
While no known exploits exist,
organizations should update immediately
or implement mitigation policies
to prevent potential network-wide disruptions.
CISA has issued multiple ICS security advisories warning of critical vulnerabilities in Siemens,
Philips, and Sungrow products.
These flaws, affecting industrial control systems, include memory corruption, authentication
bypass, privilege escalation, and unauthorized file access. Key risks include remote code execution, data exposure, and denial of service attacks across
manufacturing, energy, and health care sectors.
CISA urges immediate updates, network segmentation, and access restrictions to mitigate threats.
The U.S. Justice Department announced the extradition of Rostislav Panyev, a Lockbit
ransomware developer, from Israel to the United States.
Panyev, a Russian-Israeli national, admitted to developing malware features that disable
security software, spread infections, and printed ransom notes. He worked for LockBit from 2022 to 2024, earning over $230,000 in
cryptocurrency. LockBit, which extorted $500 million from over 2,500 victims worldwide,
suffered a law enforcement takedown in 2024. The U.S. has charged seven individuals,
offering rewards of up to $10 million for fugitives.
Sir Jeremy Fleming, former GCHQ director, warns that geopolitical tensions and cyber
threats are at an all-time high, requiring stronger cybersecurity collaboration.
Speaking at Palo Alto Network's Ignite event in London, he stressed the growing impact of nation-state cyber attacks, ransomware, and disinformation campaigns.
Critical infrastructure attacks, mega-breaches, and covert cyber intrusions are increasing, with ransomware remaining the top cybercrime threat.
While basic cybersecurity measures help against most threats, nation-state attacks are harder to prevent.
Fleming urged organizations to integrate geopolitical intelligence with cyber threat analysis
and enhance cyber information sharing across the industry.
He emphasized that no single company can combat threats alone,
advocating for faster, broader collaboration to detect nation-state cyber activity before it escalates.
Coming up after the break, Rick Howard and Kim Jones pass the mic for the CISO Perspectives Podcast and sniffing out stingrays.
Stick around.
Cyber threats are more sophisticated than ever. Passwords? They're outdated and can be cracked in a minute. Cyber criminals are intercepting SMS codes and bypassing authentication apps.
While businesses invest in network security, they often overlook the front door, the login. Ubiqui believes the future is passwordless. Ubiquis offer unparalleled protection against phishing for individuals, SMBs and enterprises.
They deliver a fast, frictionless experience that users love.
Ubiqui is offering N2K followers a limited buy one get one offer.
Visit ubiqui.com slash N2K to unlock this deal.
That's Y-U-B-I-C-O. Say no to unlock this deal. That's YUBICO.
Say no to modern cyber threats.
Upgrade your security today.
Do you know the status of your compliance controls
right now?
Like right now.
We know that real timetime visibility is critical for
security but when it comes to our GRC programs we rely on point-in-time checks
but get this more than 8,000 companies like Atlassian and Quora have
continuous visibility into their controls with Vanta. Here's the gist
Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001.
They also centralize key workflows like policies, access reviews, and reporting, and helps you
get security questionnaires done five times faster with AI.
Now that's a new way to GRC. Get $1,000 off Vanta when you go to Vanta.com
slash cyber. That's Vanta.com slash cyber for $1,000 off. It is always my pleasure to welcome back to the show Rick Howard.
Rick, welcome back.
Hey, Dave.
I have to admit today's a little bittersweet because part of what we're doing today is
sending you on your way. You have made the very smart decision to take yourself out to pasture, retire.
Before somebody does it for me.
That's a thanks, I think.
A preemptive move on your part, Rick, which is very smart.
But one of the things that I know our listeners are going to be bummed about is you will no longer be
making CSO perspectives. It is very sad that I don't get to do that, Dave. And
you know, I've had the great honor and privilege of, you know, work on that show
for almost five years and feels like it's another limb on my body that and to
let it go is, like you said, bittersweet. But yeah, that's where we are.
I'm leaving the show and turning it over to Better Hands.
Well, speaking of Better Hands,
joining us on the line here is Kim Jones.
Rick, I'm gonna let you do the introductions here.
Sure. Ladies and gentlemen,
let me introduce you to my new friend, Kim Jones.
And, you know, when we started looking around
for my replacement, you know, my we started looking around for my replacement,
you know, my big ego said, there's no way that they can find someone who can replace
me. Come on.
And the rest of us said, how hard could it be?
And immediately they found my replacement like, you know, in a minute. And what's amazing
to me is Kim has had almost the same
experiences that I've had, military career, teacher,
educator, serial see-saw, and so yes,
we're having a better person come in and take my place
on CSO perspective, so Kim.
I won't go that far, but.
Well, thank you for doing this.
It's gonna be in good hands as I go out the door.
Yeah, I can't tell you how excited I am, Rick.
Not to see you go out the door, but I'm excited.
Wait, you can't take that back.
Yeah.
That's the rest of us.
Yeah, yeah.
Well, Kim, tell us a little bit about yourself.
Give us the short version of what your background is
and what led you to where you are today.
Sure, so let's see. As Rick mentioned, I cut my teeth in the military. I spent 10
years as a military intelligence officer. The dirty little secret is that Rick and I
both went to the same finishing school for the military just a few years apart.
Where I learned to dance.
Absolutely.
You learned how to fold napkins and stuff. Yeah, it bounce quarters off of beds.
Yes.
We both went to West Point.
I spent 11 years in.
I was Army Intel as opposed to Signal like Rick.
Got out in the late 90s, 1998 in the DC area and went to work as a consultant for various
firms. 2003, I took my first in-house job as CISO, and I was a converged CISO.
I got to tell people I ran the guns and the geeks for a financial services firm, credit
card processing firm.
My first civilian boss in that role, a wonderful human being named Clyde Thomas, has in later
years dubbed me as a smoke jumping CISO.
I'm the guy who you have let go the first CISO and the second one is gone running away
kicking and screaming after three months.
So I'm the guy who gets to jump in and try and fix things.
And I did that for various firms for about a dozen years. I left corporate for what I thought was the last time
in 2018 and went into academia and built a cyber degree program
for Arizona State University trying to merge both halves
of the cyber problem.
Stop me if you've heard this before, Rick.
We either get great geeks who have a hard time communicating
and are terrible
at governance and compliance, or we get great governance and risk and compliance folks who
don't know the tech and have a terrible time communicating, and then I mentioned they all
have a terrible time communicating.
I don't know what you're talking about.
I've never run into that.
Shocked.
Shocked I am.
So I tried to build a program that brought those three components there.
I did that for a couple of years, went out on my own,
and started consulting, doing risk advisory and fractional
CISO work.
It was lured back into corporate by some friends of mine
and went to work for Intuit, the TurboTax, QuickBooks,
Credit Kermit company.
On CISO staff, they're reporting to the CISO.
They are doing various things.
Spent most of my time there writing security operations, left there in a position called
performance acceleration, focused on strategic issues around how we attract, train, integrate,
retain the best talent, as well as how we forward look at the security problem going
forward. Left there in September and have been back on my own
doing teaching, training, evangelizing.
I'm also a SANS instructor.
I teach Leader 514 for SANS.
I still adjunct at a couple of universities here locally
and I'm a lecturer in UC Berkeley's master's program.
Other than that, I'm just bored.
So, you know.
Well, let me just, I don't want to put too fine a point
on it, Rick, but I think it's worth noting
that we're bringing in someone whose core competency
is cleaning up the messes that other people leave behind.
So, I don't know what that means, but.
Except for this last time is what you meant.
Except for this one time is what you meant
The first one sure here I don't want to say that was at the top of his resume but
Certainly bumped him up to the top of the list. Well, I see you I see the finishing school health, man Have you read Carnegie's how to win friends and influence people or you just go retire now not worry about it
Yeah, it's gonna go cackling off
into the distance.
Well, Kim, on the one hand, I don't envy the situation
that you're in here because so many people have enjoyed
what Rick has put together here, but at the same time,
you do walk in here with a pre-existing audience
and the ability to make this your own.
What do you have in mind going forward?
Well, it's a great question.
And I could give the flip an answer,
wow, I really have no idea, but that's not quite true.
You know, one of the things I've admired
about CISO Perspectives is Rick's ability
to take some of the tractable issues we have out there
that when you're sitting the chair,
and Rick, you know this as well, you don't necessarily have the time to deep dive, get your hands
around them in a data-driven manner so that you can move things forward.
We're all in the business of firefighting.
And what I love about Rick's podcast is it says, let's step back for a second, think
strategically and think about the problem holistically and look at the next level.
I want to continue that for the audience as we go forth.
I will tell you that one of the first things that I want to tackle is a passion point of
mine.
I don't know if I'm doing an early reveal or not because we're still in the process
of figuring out what the next season is going to be about.
But one of my big pet peeves is what I would call affectionately the cyber talent ecosystem,
similar to what I was working on it into it.
And what I like to tell people is if you ask six CISOs, what are the skills that you need
to get into cyber?
What is the path that you need to get into cyber?
And what is the problem we need to fix in cyber,
you'll get 47 different answers.
And most of those answers will center around
personal preference or personal journey.
And whether or not you believe there are a million jobs
out there or not, and I'm not sure I believe
there are a million jobs out there or not,
but there is still a need for us to try and figure out
how this profession moves forward and how we make what
I truly call one of the few merit, true meritocracies that should exist within technology more accessible,
more attainable and self-sustaining, we've got to come up with some consistency regarding
those answers.
And as someone who's played in this from all sides, as a hiring manager, someone focused
on looking at it strategically, from an academician, from someone who mentors people within the
environment, it's terrible.
We don't have a straight answer.
And one of the things that I genuinely want to do with our audience is to say, look, I
don't really care what the answer is, but damn it, we probably ought to come up with one because, you know, I'm not as old and old fart as Rick, but I'm not
that far behind.
Yeah, there's a whole lot of us who are these first generation cyber guys that are getting
ready to step away from the chair.
Take a look at what we're leaving behind in terms of pathing and progress.
As you can hear, it's truly a passion point of mine.
I want to have some detailed discussions about that from all avenues and all angles.
That's one of the things that I'm working with Rick's awesome team to try and say, how
do we do this?
Does this make sense to do this?
And how do we make it interesting?
So we can truly bring the conversation up to the surface
as opposed to how most of us talk about this,
which are at conferences, in passing, over a beer,
say, yep, that's a problem, we probably ought to fix it.
All right, well, Rick, we bid you a fond farewell
and all the best in retirement.
I mean, in all seriousness, we hate to see you go,
but we're excited for you to enter your next stage of life here.
And Kim, we couldn't be more excited to have you join us here.
Looking forward to what you're going to bring to CSO Perspectives.
So, gentlemen, both of you, thanks so much for joining us here today.
Fantastic, but an honor and a privilege. Thanks.
Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try DeleteMe.
I have to say, DeleteMe is a game changer.
Within days of signing up, they started removing my personal information from hundreds of data
brokers.
I finally have peace of mind knowing my data privacy is protected.
DeleteMe's team does all the work for you
with detailed reports,
so you know exactly what's been done.
Take control of your data
and keep your private life private
by signing up for DeleteMe.
Now at a special discount for our listeners,
today get 20% off your DeleteMe plan
when you go to joindeleteeme.com slash
N2K and use promo code N2K at checkout.
The only way to get 20% off is to go to joindeleteeme.com slash N2K and enter code N2K at checkout.
That's joindeleteeme.com slash N2K, code N2K.
And finally, as regular listeners of our caveat Law and Policy podcast are well aware, for
years stingray devices or cell cell-site simulators,
have been the nosy eavesdroppers of the digital age, lurking in the shadows and pretending
to be legitimate cell towers, tricking phones into spilling their secrets.
Law enforcement loves them, privacy advocates hate them, and the rest of us just wonder
if our phones are snitching on us. Enter Rayhunter, the EFF's new open-source watchdog,
designed to sniff out these pesky imposters.
Running on a cheap $20 mobile hotspot,
Rayhunter detects suspicious cell tower behavior,
like forced downgrades to insecure networks or unusual IMSI requests.
No Ph.D PhD in hacking required.
If something fishy happens, Rayhunter turns red,
letting users know it's time to shut down or alert the community.
The EFF says the goal is real data on stingray use, not just paranoia.
With enough users worldwide, we might finally expose
how, when, and where these digital
spies operate. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
Be sure to check out this weekend's Research Saturday and my conversation with Jim Walter
from Sentinel Labs.
The research is titled Hellcat and Morpheus.
Two brands, one payload as ransomware affiliates drop identical code.
That's Research Saturday, check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review
in your favorite podcast app.
Please also fill out the survey and the show notes, or send an email to cyberwire at n2k.com.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Keltzman.
Our executive producer is Jennifer Iben.
Peter Kilpey is our publisher and I'm Dave Bittner.
Thanks for listening.
We'll see you back here next week. And now, a message from our sponsor Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue
to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record
payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs that
are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps
and IPs invisible, eliminating lateral movement, connecting users only to specific apps, not
the entire network, continuously verifying every request based on identity and context.
Simplifying security management with AI-powered automation.
And detecting threats using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security.