CyberWire Daily - Balancing budget cuts and cybersecurity.

Episode Date: March 14, 2025

The White House is urging federal agencies not to lay off cybersecurity teams. Google doesn’t deny receiving a secret legal order from the UK government. Microsoft researchers identify a simple meth...od to bypass AI safety guardrails. Scammers are impersonating the Clop ransomware gang. Cisco issues security advisories for multiple IOS XR vulnerabilities. CISA warns of multiple ICS security issues. A LockBit ransomware developer has been extradited to the U.S. GCHQ’s former director calls for stronger cybersecurity collaboration. Rick Howard and Kim Jones pass the mic for the CISO Perspectives podcast. Sniffing out Stingrays. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we have Dave speaking with Rick Howard, a friend of the show, and Kim Jones, a veteran CISO, educator, and expert in the field, as Rick passes the mic to Kim for a brand new season of CISO Perspectives, formerly CSO Perspectives.  Selected Reading White House instructs agencies to avoid firing cybersecurity staff, email says (Reuters) Elon Musk Made Visit to U.S. Spy Agency (Wall Street Journal) Google refuses to deny it received encryption order from UK government (The Record) New Context Compliance Exploit Jailbreaks Major AI Models (GB Hackers) Fraudsters Impersonate Clop Ransomware to Extort Businesses (Infosecurity Magazine) Cisco Warns of IOS XR Software Vulnerability Let Attackers Trigger DoS condition (Cyber Security News) CISA Releases Thirteen Industrial Control Systems Focusing Vulnerabilities & Exploits (Cyber Security News) LockBit Ransomware Developer Extradited to US (SecurityWeek) Cyber Industry Falls Short on Collaboration, Says Former GCHQ Director  (Infosecurity Magazine) Meet Rayhunter: A New Open Source Tool from EFF to Detect Cellular Spying (Electronic Frontier Foundation) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show.  Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices

Transcript
Discussion (0)
Starting point is 00:00:00 You're listening to the CyberWire Network, powered by N2K. We've all been there. You realize your business needs to hire someone yesterday. How can you find amazing candidates fast? Well, it's easy. Just use indeed. When it comes to hiring, Indeed is all you need. Stop struggling to get your job post noticed.
Starting point is 00:00:31 Indeed's Sponsored Jobs helps you stand out and hire fast. Your post jumps to the top of search results, so the right candidates see it first. And it works. Sponsored jobs on Indeed get 45% more applications than non-sponsored ones. One of the things I love about Indeed is how fast it makes hiring. And yes, we do actually use Indeed for hiring here at N2K Cyberwire. Many of my colleagues here came to us through Indeed. Plus, with sponsored jobs there are no subscriptions, no long-term contracts.
Starting point is 00:01:04 You only pay for results. How fast is Indeed? Oh, in the minute or so that I've been talking to you, 23 hires were made on Indeed, according to Indeed data worldwide. There's no need to wait any longer. Speed up your hiring right now with Indeed. And listeners to this show will get a $75 sponsored job credit to get your jobs more visibility at indeed.com slash cyber wire. Just go to indeed.com slash cyber
Starting point is 00:01:33 wire right now and support our show by saying you heard about indeed on this podcast. Indeed.com slash cyber wire. Terms and conditions apply. Hiring, indeed, is all you need. The White House is urging federal agencies not to lay off cybersecurity teams. Google doesn't deny receiving a secret legal order from the UK government. Microsoft researchers identify a simple method to bypass AI safety guardrails. Scammers are impersonating the Klopp ransomware gang. Cisco issues security advisories for multiple iOS XR vulnerabilities. CISA warns of multiple iOS XR vulnerabilities.
Starting point is 00:02:25 CISO warns of multiple ICS security issues. A Lockbit ransomware developer has been extradited to the US. GCHQ's former director calls for stronger cybersecurity collaboration. Rick Howard and Kim Jones pass the mic for the CISO Perspectives Podcast. And sniffing out stingrays. It's Friday, March 14th, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing. We begin today with a quick correction. Earlier this week, we reported on a security advisory from CISA highlighting vulnerabilities
Starting point is 00:03:25 from Avanti and Veracore. I misspoke, tagging Veracode in our reporting instead of Veracore. We regret the error and appreciate the kind note from the fine folks at Veracode bringing it to our attention. Turning to today's news, the White House is urging federal agencies not to lay off cybersecurity teams as they submit budget cut plans. U.S. Federal CIO Greg Barbaccia emphasized in an email that cybersecurity is national security and should be protected.
Starting point is 00:04:01 The warning comes amid concerns that deep budget cuts mandated by President Trump and adviser Elon Musk could weaken national cyber defenses. Former NSA cybersecurity director Rob Joyce warned that mass layoffs would be devastating. The Musk-led Department of Government Efficiency has also drawn criticism for granting unusually broad access to sensitive government data. At the Social Security Administration, officials raised alarms about the security risks posed by Doge.
Starting point is 00:04:33 Meanwhile, the Department of Homeland Security's CISA has already lost over 130 positions as of mid-February. Elon Musk reportedly visited the NSA on Wednesday, meeting with leadership to discuss staff cuts and operations. The NSA, a key player in U.S. cybersecurity and home to Cyber Command, is under Musk's scrutiny as he pushes for government downsizing. His visit signals potential changes to intelligence and cyber operations. While Musk recently called for an NSA overhaul, he hasn't detailed specific reforms.
Starting point is 00:05:10 Intelligence officials are bracing for swift changes that could impact national cybersecurity. Google has refused to deny receiving a secret legal order from the UK government, raising concerns among US lawmakers. A bipartisan group in Congress fears that British authorities may be demanding access to encrypted messages from US tech companies. This follows reports that Apple received a similar order, known as a technical capability notice, which it is reportedly contesting in a closed court hearing.
Starting point is 00:05:47 Lawmakers criticize the secrecy surrounding these orders, arguing it hinders congressional oversight and threatens Americans' privacy. Under the UK's Investigatory Powers Act, companies that receive a technical capability notice are barred from confirming it. Experts, including from Britain's intelligence community, have called for more transparency, with academics warning that the government's refusal to clarify the situation is unsustainable
Starting point is 00:06:14 and unjustifiable. Microsoft researchers have identified a simple, yet effective method to bypass AI safety guardrails called the context compliance attack or CCA. Unlike complex prompt engineering techniques, CCA manipulates AI systems by injecting fabricated conversation history, making them perceive restricted content as a legitimate follow-up request. This vulnerability affects major AI models including GPT, Cude, Lama, and Gemini, highlighting a fundamental flaw in systems that rely on client-supplied chat history.
Starting point is 00:06:55 Open-source models are especially vulnerable as they cannot verify message authenticity. While stateless architectures improve scalability, they also allow attackers to manipulate context. Microsoft suggests mitigating this risk through cryptographic signatures and server-side conversation tracking. The attack's effectiveness underscores the need for a more comprehensive AI security strategy beyond traditional input filtering. Microsoft has made CCA available for research via its pirate toolkit. Barracuda researchers warn that scammers are impersonating the Klopp ransomware gang to extort businesses. Unlike real Klopp attacks, fake extortion emails lack key elements
Starting point is 00:07:43 like payment deadlines, secure chat links, and company names. These scams reference media reports about actual clot breaches to seem legitimate. Similar fraud tactics have been seen with B&Lian ransomware impersonations. Cisco has issued security advisories for multiple iOS XR vulnerabilities, highlighting a critical BGP Confederation memory corruption flaw with a CVSS score of 8.6. The bug allows remote attackers to cause denial of service by sending crafted BGP updates containing excessively long as confed sequence attributes. This impacts multiple versions.
Starting point is 00:08:27 Cisco has released patched versions and provided a workaround for restricting AS path lengths. While no known exploits exist, organizations should update immediately or implement mitigation policies to prevent potential network-wide disruptions. CISA has issued multiple ICS security advisories warning of critical vulnerabilities in Siemens, Philips, and Sungrow products.
Starting point is 00:08:54 These flaws, affecting industrial control systems, include memory corruption, authentication bypass, privilege escalation, and unauthorized file access. Key risks include remote code execution, data exposure, and denial of service attacks across manufacturing, energy, and health care sectors. CISA urges immediate updates, network segmentation, and access restrictions to mitigate threats. The U.S. Justice Department announced the extradition of Rostislav Panyev, a Lockbit ransomware developer, from Israel to the United States. Panyev, a Russian-Israeli national, admitted to developing malware features that disable security software, spread infections, and printed ransom notes. He worked for LockBit from 2022 to 2024, earning over $230,000 in
Starting point is 00:09:48 cryptocurrency. LockBit, which extorted $500 million from over 2,500 victims worldwide, suffered a law enforcement takedown in 2024. The U.S. has charged seven individuals, offering rewards of up to $10 million for fugitives. Sir Jeremy Fleming, former GCHQ director, warns that geopolitical tensions and cyber threats are at an all-time high, requiring stronger cybersecurity collaboration. Speaking at Palo Alto Network's Ignite event in London, he stressed the growing impact of nation-state cyber attacks, ransomware, and disinformation campaigns. Critical infrastructure attacks, mega-breaches, and covert cyber intrusions are increasing, with ransomware remaining the top cybercrime threat. While basic cybersecurity measures help against most threats, nation-state attacks are harder to prevent.
Starting point is 00:10:47 Fleming urged organizations to integrate geopolitical intelligence with cyber threat analysis and enhance cyber information sharing across the industry. He emphasized that no single company can combat threats alone, advocating for faster, broader collaboration to detect nation-state cyber activity before it escalates. Coming up after the break, Rick Howard and Kim Jones pass the mic for the CISO Perspectives Podcast and sniffing out stingrays. Stick around. Cyber threats are more sophisticated than ever. Passwords? They're outdated and can be cracked in a minute. Cyber criminals are intercepting SMS codes and bypassing authentication apps. While businesses invest in network security, they often overlook the front door, the login. Ubiqui believes the future is passwordless. Ubiquis offer unparalleled protection against phishing for individuals, SMBs and enterprises.
Starting point is 00:12:09 They deliver a fast, frictionless experience that users love. Ubiqui is offering N2K followers a limited buy one get one offer. Visit ubiqui.com slash N2K to unlock this deal. That's Y-U-B-I-C-O. Say no to unlock this deal. That's YUBICO. Say no to modern cyber threats. Upgrade your security today. Do you know the status of your compliance controls right now?
Starting point is 00:12:41 Like right now. We know that real timetime visibility is critical for security but when it comes to our GRC programs we rely on point-in-time checks but get this more than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist Vanta brings automation to evidence collection across 30 frameworks, like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Starting point is 00:13:21 Now that's a new way to GRC. Get $1,000 off Vanta when you go to Vanta.com slash cyber. That's Vanta.com slash cyber for $1,000 off. It is always my pleasure to welcome back to the show Rick Howard. Rick, welcome back. Hey, Dave. I have to admit today's a little bittersweet because part of what we're doing today is sending you on your way. You have made the very smart decision to take yourself out to pasture, retire. Before somebody does it for me. That's a thanks, I think.
Starting point is 00:14:15 A preemptive move on your part, Rick, which is very smart. But one of the things that I know our listeners are going to be bummed about is you will no longer be making CSO perspectives. It is very sad that I don't get to do that, Dave. And you know, I've had the great honor and privilege of, you know, work on that show for almost five years and feels like it's another limb on my body that and to let it go is, like you said, bittersweet. But yeah, that's where we are. I'm leaving the show and turning it over to Better Hands. Well, speaking of Better Hands,
Starting point is 00:14:50 joining us on the line here is Kim Jones. Rick, I'm gonna let you do the introductions here. Sure. Ladies and gentlemen, let me introduce you to my new friend, Kim Jones. And, you know, when we started looking around for my replacement, you know, my we started looking around for my replacement, you know, my big ego said, there's no way that they can find someone who can replace me. Come on.
Starting point is 00:15:11 And the rest of us said, how hard could it be? And immediately they found my replacement like, you know, in a minute. And what's amazing to me is Kim has had almost the same experiences that I've had, military career, teacher, educator, serial see-saw, and so yes, we're having a better person come in and take my place on CSO perspective, so Kim. I won't go that far, but.
Starting point is 00:15:40 Well, thank you for doing this. It's gonna be in good hands as I go out the door. Yeah, I can't tell you how excited I am, Rick. Not to see you go out the door, but I'm excited. Wait, you can't take that back. Yeah. That's the rest of us. Yeah, yeah.
Starting point is 00:15:55 Well, Kim, tell us a little bit about yourself. Give us the short version of what your background is and what led you to where you are today. Sure, so let's see. As Rick mentioned, I cut my teeth in the military. I spent 10 years as a military intelligence officer. The dirty little secret is that Rick and I both went to the same finishing school for the military just a few years apart. Where I learned to dance. Absolutely.
Starting point is 00:16:21 You learned how to fold napkins and stuff. Yeah, it bounce quarters off of beds. Yes. We both went to West Point. I spent 11 years in. I was Army Intel as opposed to Signal like Rick. Got out in the late 90s, 1998 in the DC area and went to work as a consultant for various firms. 2003, I took my first in-house job as CISO, and I was a converged CISO. I got to tell people I ran the guns and the geeks for a financial services firm, credit
Starting point is 00:16:56 card processing firm. My first civilian boss in that role, a wonderful human being named Clyde Thomas, has in later years dubbed me as a smoke jumping CISO. I'm the guy who you have let go the first CISO and the second one is gone running away kicking and screaming after three months. So I'm the guy who gets to jump in and try and fix things. And I did that for various firms for about a dozen years. I left corporate for what I thought was the last time in 2018 and went into academia and built a cyber degree program
Starting point is 00:17:33 for Arizona State University trying to merge both halves of the cyber problem. Stop me if you've heard this before, Rick. We either get great geeks who have a hard time communicating and are terrible at governance and compliance, or we get great governance and risk and compliance folks who don't know the tech and have a terrible time communicating, and then I mentioned they all have a terrible time communicating.
Starting point is 00:17:54 I don't know what you're talking about. I've never run into that. Shocked. Shocked I am. So I tried to build a program that brought those three components there. I did that for a couple of years, went out on my own, and started consulting, doing risk advisory and fractional CISO work.
Starting point is 00:18:10 It was lured back into corporate by some friends of mine and went to work for Intuit, the TurboTax, QuickBooks, Credit Kermit company. On CISO staff, they're reporting to the CISO. They are doing various things. Spent most of my time there writing security operations, left there in a position called performance acceleration, focused on strategic issues around how we attract, train, integrate, retain the best talent, as well as how we forward look at the security problem going
Starting point is 00:18:42 forward. Left there in September and have been back on my own doing teaching, training, evangelizing. I'm also a SANS instructor. I teach Leader 514 for SANS. I still adjunct at a couple of universities here locally and I'm a lecturer in UC Berkeley's master's program. Other than that, I'm just bored. So, you know.
Starting point is 00:19:06 Well, let me just, I don't want to put too fine a point on it, Rick, but I think it's worth noting that we're bringing in someone whose core competency is cleaning up the messes that other people leave behind. So, I don't know what that means, but. Except for this last time is what you meant. Except for this one time is what you meant The first one sure here I don't want to say that was at the top of his resume but
Starting point is 00:19:37 Certainly bumped him up to the top of the list. Well, I see you I see the finishing school health, man Have you read Carnegie's how to win friends and influence people or you just go retire now not worry about it Yeah, it's gonna go cackling off into the distance. Well, Kim, on the one hand, I don't envy the situation that you're in here because so many people have enjoyed what Rick has put together here, but at the same time, you do walk in here with a pre-existing audience and the ability to make this your own.
Starting point is 00:20:02 What do you have in mind going forward? Well, it's a great question. And I could give the flip an answer, wow, I really have no idea, but that's not quite true. You know, one of the things I've admired about CISO Perspectives is Rick's ability to take some of the tractable issues we have out there that when you're sitting the chair,
Starting point is 00:20:23 and Rick, you know this as well, you don't necessarily have the time to deep dive, get your hands around them in a data-driven manner so that you can move things forward. We're all in the business of firefighting. And what I love about Rick's podcast is it says, let's step back for a second, think strategically and think about the problem holistically and look at the next level. I want to continue that for the audience as we go forth. I will tell you that one of the first things that I want to tackle is a passion point of mine.
Starting point is 00:21:00 I don't know if I'm doing an early reveal or not because we're still in the process of figuring out what the next season is going to be about. But one of my big pet peeves is what I would call affectionately the cyber talent ecosystem, similar to what I was working on it into it. And what I like to tell people is if you ask six CISOs, what are the skills that you need to get into cyber? What is the path that you need to get into cyber? And what is the problem we need to fix in cyber,
Starting point is 00:21:26 you'll get 47 different answers. And most of those answers will center around personal preference or personal journey. And whether or not you believe there are a million jobs out there or not, and I'm not sure I believe there are a million jobs out there or not, but there is still a need for us to try and figure out how this profession moves forward and how we make what
Starting point is 00:21:47 I truly call one of the few merit, true meritocracies that should exist within technology more accessible, more attainable and self-sustaining, we've got to come up with some consistency regarding those answers. And as someone who's played in this from all sides, as a hiring manager, someone focused on looking at it strategically, from an academician, from someone who mentors people within the environment, it's terrible. We don't have a straight answer. And one of the things that I genuinely want to do with our audience is to say, look, I
Starting point is 00:22:20 don't really care what the answer is, but damn it, we probably ought to come up with one because, you know, I'm not as old and old fart as Rick, but I'm not that far behind. Yeah, there's a whole lot of us who are these first generation cyber guys that are getting ready to step away from the chair. Take a look at what we're leaving behind in terms of pathing and progress. As you can hear, it's truly a passion point of mine. I want to have some detailed discussions about that from all avenues and all angles. That's one of the things that I'm working with Rick's awesome team to try and say, how
Starting point is 00:23:02 do we do this? Does this make sense to do this? And how do we make it interesting? So we can truly bring the conversation up to the surface as opposed to how most of us talk about this, which are at conferences, in passing, over a beer, say, yep, that's a problem, we probably ought to fix it. All right, well, Rick, we bid you a fond farewell
Starting point is 00:23:22 and all the best in retirement. I mean, in all seriousness, we hate to see you go, but we're excited for you to enter your next stage of life here. And Kim, we couldn't be more excited to have you join us here. Looking forward to what you're going to bring to CSO Perspectives. So, gentlemen, both of you, thanks so much for joining us here today. Fantastic, but an honor and a privilege. Thanks. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online?
Starting point is 00:24:05 Like many of you, I was concerned about my data being sold by data brokers. So I decided to try DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. DeleteMe's team does all the work for you with detailed reports,
Starting point is 00:24:30 so you know exactly what's been done. Take control of your data and keep your private life private by signing up for DeleteMe. Now at a special discount for our listeners, today get 20% off your DeleteMe plan when you go to joindeleteeme.com slash N2K and use promo code N2K at checkout.
Starting point is 00:24:51 The only way to get 20% off is to go to joindeleteeme.com slash N2K and enter code N2K at checkout. That's joindeleteeme.com slash N2K, code N2K. And finally, as regular listeners of our caveat Law and Policy podcast are well aware, for years stingray devices or cell cell-site simulators, have been the nosy eavesdroppers of the digital age, lurking in the shadows and pretending to be legitimate cell towers, tricking phones into spilling their secrets. Law enforcement loves them, privacy advocates hate them, and the rest of us just wonder if our phones are snitching on us. Enter Rayhunter, the EFF's new open-source watchdog,
Starting point is 00:25:49 designed to sniff out these pesky imposters. Running on a cheap $20 mobile hotspot, Rayhunter detects suspicious cell tower behavior, like forced downgrades to insecure networks or unusual IMSI requests. No Ph.D PhD in hacking required. If something fishy happens, Rayhunter turns red, letting users know it's time to shut down or alert the community. The EFF says the goal is real data on stingray use, not just paranoia.
Starting point is 00:26:21 With enough users worldwide, we might finally expose how, when, and where these digital spies operate. And that's the CyberWire. For links to all of today's stories, check out our daily briefing at the cyberwire.com. Be sure to check out this weekend's Research Saturday and my conversation with Jim Walter from Sentinel Labs. The research is titled Hellcat and Morpheus. Two brands, one payload as ransomware affiliates drop identical code.
Starting point is 00:27:06 That's Research Saturday, check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey and the show notes, or send an email to cyberwire at n2k.com.
Starting point is 00:27:28 N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Keltzman. Our executive producer is Jennifer Iben. Peter Kilpey is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. And now, a message from our sponsor Zscaler, the leader in cloud security. Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue
Starting point is 00:28:27 to rise by an 18% year-over-year increase in ransomware attacks and a $75 million record payout in 2024. These traditional security tools expand your attack surface with public-facing IPs that are exploited by bad actors more easily than ever with AI tools. It's time to rethink your security. Zscaler Zero Trust plus AI stops attackers by hiding your attack surface, making apps and IPs invisible, eliminating lateral movement, connecting users only to specific apps, not the entire network, continuously verifying every request based on identity and context.
Starting point is 00:29:07 Simplifying security management with AI-powered automation. And detecting threats using AI to analyze over 500 billion daily transactions. Hackers can't attack what they can't see. Protect your organization with Zscaler Zero Trust and AI. Learn more at zscaler.com slash security.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.