CyberWire Daily - DOGEgeddon: The cyber crisis hiding in plain sight.
Episode Date: February 13, 2025Is DOGE a cyberattack against America? The White House plans to nominate a new national cyber director. Patch Tuesday updates. Ivanti discloses a critical stack-based buffer overflow vulnerability. Th...e GAO identifies cybersecurity gaps in the U.S. Coast Guard’s efforts to secure the Maritime Transportation System. An Arizona woman pleads guilty to running a laptop farm for North Korea. A notorious swatter gets a prison sentence. Our guests are Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast. Plague-themed phishing tests take it too far. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Today, we welcome Gianna Whitver and Maria Velasquez, co-hosts of the Breaking Through in Cybersecurity Marketing podcast, sharing their plans for 2025. You can listen to new episodes of Breaking Through in Cybersecurity Marketing every Wednesday airing on the N2K CyberWire network and wherever you get your podcasts. Selected Reading DOGE's Cyberattack Against America (Foreign Policy) Trump plans to nominate GOP insider Sean Cairncross as national cyber director (The Record) Microsoft Fixes Another Two Actively Exploited Zero-Days (Infosecurity Magazine) Chipmaker Patch Tuesday: Intel, AMD, Nvidia Fix High-Severity Vulnerabilities (SecurityWeek) ICS Patch Tuesday: Vulnerabilities Addressed by Schneider Electric, Siemens (SecurityWeek) Ivanti Connect Secure Vulnerabilities Let Attackers Execute Code Remotely (Cyber Security News) GAO Tells Coast Guard to Improve Cybersecurity of Maritime Transportation System (SecurityWeek) Arizona woman pleads guilty to running laptop farm for N. Korean IT workers, faces 9-year sentence (The Record) California Teenager Sentenced to 48 Months in Prison for Nationwide Swatting Spree (US Department of Justice) Phishing Tests, the Bane of Work Life, Are Getting Meaner (Wall Street Journal) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Hey everybody, Dave here.
Have you ever wondered where your personal information is lurking online?
Like many of you, I was concerned about my data being sold by data brokers.
So I decided to try
DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started
removing my personal information from hundreds of data brokers. I finally have peace of mind,
knowing my data privacy is protected. DeleteMe's team does all the work for you, with detailed
reports so you know exactly what's been done.
Take control of your data and keep your private life private by signing up for DeleteMe.
Now at a special discount for our listeners, today get 20% off your DeleteMe plan when you go to JoinDeleteMe.com delete me dot com slash n2k and use promo code n2k at checkout.
The only way to get 20 percent off is to go to join delete me dot com slash n2k and enter
code n2k at checkout.
That's join delete me dot com slash n2k code n2k. Is Doge a cyber attack against America?
The White House plans to nominate a new national cyber director.
We got some Patch Tuesday updates.
Ivante discloses a critical stack-based buffer overflow vulnerability,
the GAO identifies cybersecurity gaps in the U.S. Coast Guard's efforts to secure the
maritime transportation system, an Arizona woman pleads guilty to running a laptop farm
for North Korea, a notorious swatter gets a prison sentence, our guests are Gianna Whitver
and Maria Velasquez, co-hosts of the Breaking
Through in Cybersecurity Marketing podcast, and Plague-themed fishing tests take it too
far. It's Wednesday, February 12, 2024.
I'm Dave Bittner and this is your CyberWire Intel Briefing.
Thanks for joining us here today.
It's great to have you with us.
In an editorial for Foreign Policy, Bruce Schneier and Davy Ottenheimer make the case
that Elon Musk's Doge team represents a serious cyberattack against America.
The editorial highlights what may be the most alarming national security crisis in modern
U.S. history, not due to foreign cyberattacks, but because of unchecked internal access granted
under dubious authority.
The newly created Department of Government Efficiency, led by individuals with unclear
credentials, has infiltrated critical government systems, including the Treasury Department, OPM,
and even classified intelligence networks.
These intrusions have exposed vast amounts of sensitive data
and fundamentally weakened national cybersecurity defenses.
What sets this apart from previous breaches
is not just the scale, but the method.
Unlike adversaries who spend years
infiltrating systems in secrecy,
DOGE personnel have been granted high-level access in plain sight, stripping away essential
security safeguards. Career officials responsible for protecting these systems have been sidelined,
and critical protections like auditing and incident response have been dismantled.
The editorial argues that this is more than just reckless mismanagement, it's a systematic
gutting of national security protocols.
The Treasury's financial infrastructure, the identities of intelligence personnel, and
even AI trained on sensitive data are now potentially compromised.
Worse, unauthorized modifications to core systems could leave lasting vulnerabilities,
paving the way for future exploitation by foreign adversaries.
A federal judge has intervened, but that alone won't undo the damage.
The piece calls for immediate action, revoking unauthorized access, restoring security protocols,
and conducting rigorous audits.
Without these steps, the editorial warns,
the U.S. government risks long-term structural damage to its most essential systems,
damage that may already be irreversible.
President Donald Trump plans to nominate Sean Cairncross as the next national cyber director, despite his lack
of cybersecurity leadership experience. Cairncross, a longtime GOP insider, previously served as the
CEO of the Millennium Challenge Corporation and held senior roles within the Republican National
Committee. If confirmed, he would lead the White House's Office of the National Cyber Director, which was created in 2021 to oversee U.S. cyber strategy. The Biden
administration's approach to ONCD was marked by leadership turnover and
concerns about competing power centers. Observers worry the Trump administration
may downsize the office even as the U.S. faces
growing cyber threats from China-linked hacking campaigns.
Cairncross would replace Harry Coker, who recently left for Maryland's Commerce Secretary role.
Yesterday was Patch Tuesday.
Microsoft has released security updates for four new zero-day vulnerabilities, including
two actively exploited flaws.
The February Patch Tuesday update covers over 50 CVEs, including 22 remote code execution
bugs and 19 privilege escalation vulnerabilities.
Among the most concerning is one which allows attackers to delete critical system files
and escalate privileges,
potentially crippling servers.
Another affects Windows networking and grants system-level access, enabling attackers to
manipulate security settings and execute malicious code.
Intel issued 34 security advisories, including a critical privilege escalation flaw in server board BMC firmware,
AMD addressed multiple high severity vulnerabilities in processors, graphics drivers, and its system
management mode, while Nvidia patched security flaws in its GPU software and container toolkit.
Siemens and Schneider Electric also released updates for industrial control system vulnerabilities.
With major cyber threats ongoing, all these updates emphasize the need for organizations
to promptly patch critical systems to prevent exploitation.
Avante has disclosed a critical stack-based buffer overflow vulnerability in its Connect
Secure product, rated 9.9 on
the CVSS scale, the flaw allows remote authenticated attackers to execute arbitrary code.
Ivanti urges users to update immediately or implement interim measures like network segmentation
and log monitoring.
While no active exploitation is reported, past Avanti vulnerabilities have
been targeted by APT groups, emphasizing the need for prompt patching.
The Government Accountability Office has identified cybersecurity gaps in the U.S. Coast Guard's
efforts to secure the maritime transportation system, and they've issued five recommendations.
The Coast Guard must improve incident data accuracy, enhance cyber-deficiency tracking,
align its strategy with national goals, and address competency gaps in cybersecurity personnel.
GAO's findings, based on reports, inspections, and stakeholder interviews from 2019 through mid-2024 highlight threats
from state-sponsored actors like China, Iran, North Korea, and Russia, as well as cyber
criminals.
Past attacks have disrupted port operations, and future incidents could have severe consequences.
The Coast Guard assists MTS operators with cybersecurity guidance, inspections, and technical
support but lacks a complete cybersecurity incident tracking system.
GAO also found gaps in its cyber strategy and workforce competencies.
The Department of Homeland Security concurred with GAO's recommendations, emphasizing the
need for urgent improvements to prevent cyberattacks
on critical maritime infrastructure.
Christina Marie Chapman, age 48, of Arizona, pleaded guilty to running a laptop farm that
helped North Korean IT workers fraudulently gain employment at over 300 U.S. companies. From 2020 to 2023, she helped North Koreans steal identities
of over 70 Americans, making it appear they were U.S.-based
while working remotely from China, Russia, and other countries.
The scheme generated over $17 million,
most of which was sent to North Korea's government.
Chapman laundered the funds by processing paychecks and transmitting false documents
to U.S. agencies.
The workers she assisted had ties to North Korea's weapons programs and attempted to
gain employment at U.S. government agencies.
Chapman faces seven to nine years in prison, with sentencing set for June 16.
Her case is part of a broader FBI crackdown on North
Korean IT fraud, which has led to extortion attempts and security breaches at U.S. companies.
Alan Fillian, aged 18, of Lancaster, California, was sentenced to 48 months in prison for making interstate threats, including over 375 swatting calls from 2022
through 2024. His false threats targeted religious institutions, schools, government officials,
and individuals, often claiming to have planted bombs or planned mass shootings. His actions
led to armed law enforcement responses, detentions, and resource diversion.
Fillian admitted to running a swatting-for-profit operation,
advertising his services online.
He was arrested in January 2024 for a May 2023 threat
to a Florida religious institution,
where he falsely claimed to possess weapons
and planned a mass shooting.
He also pleaded guilty to threats against a high school, a historically black college,
and a federal law enforcement officer.
The FBI and U.S. Secret Service investigated the case, with multiple law enforcement agencies
assisting. Coming up after the break, my conversation with Gianna Whitver and Maria Velasquez, co-hosts
of the Breaking Through in Cybersecurity Marketing podcast and plagued theme fishing tests, take
it too far.
Stay with us.
Cyber threats are evolving every second and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity
solution trusted by businesses worldwide. ThreatLocker is a full suite of
solutions designed to give you total control, stopping unauthorized
applications, securing sensitive data, and ensuring your organization runs smoothly
and securely.
Visit threatlocker.com today to see how a default deny approach can keep your company
safe and compliant.
Do you know the status of your compliance controls right now?
Like right now.
We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta.
Here's the gist. Vanta brings
automation to evidence collection across 30 frameworks like SOC 2 and ISO 27001. They also
centralize key workflows like policies, access reviews, and reporting, and helps you get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for $1,000 off. Gianna Whitford and Maria Velasquez are co-hosts of the Breaking Through in Cybersecurity marketing
podcast, which you can find right here on the N2K Cyberwire network and wherever you
get your favorite podcasts.
I sat down with them to review what they've learned so far and
what their plans are for the coming year.
And it is my pleasure to welcome back to the show
Gianna Whitford and Maria Velasquez.
They are co-hosts of the Breaking Through in Cybersecurity
Marketing podcast.
Ladies, welcome back to the show.
We're so excited to be back on.
Thank you so much.
Well, I am excited to have you back and we are only a few weeks into 2025 here and I
wanted to check in with the two of you to talk about some of the plans you have for
the year for the podcast and beyond.
Maria, why don't I start with you?
What do you have on your radar?
Well, we have a theme this year that we settled on.
Gianna and I met early this January
to talk about the dreams, our vision, and of course,
to put it all into an actionable plan.
And our theme this year is to scale and automate.
So we're looking very closely at our day-to-day work.
How do we find efficiencies in working together?
We're growing as a company.
We have a few new team members this year, including myself.
So we're trying to find some synergies
and ways to work
together efficiently and then finding ways to automate. And
that AI was a big theme of it and how do we utilize AI in our
day to day to help grow the business. And then of course, our
members are always going to come first. So that was another big
theme is how do we grow the community and make sure we're
every day we wake up to give
back to our members to help them become better cybersecurity marketers, but also in their
career and personal lives if we can as well.
Janna, what are your goals?
I echo what Maria said because we came up with these goals together and I think that
a big focus this year will be on rewarding our community members for being wonderful
community members as well.
We want, like Maria said, every day we wake up and we think about our members, it's actually
our guiding north stars.
How can we be the most relevant, helpful, friendly, and welcoming community that really
helps marketers in this very interesting, fast-paced technical industry of cybersecurity
be successful.
So this year we're thinking about what can we do to give back to our members?
What new programs and offerings can we build that's based on their requests?
And what else can, just what can we do to help the community be better?
You know, I had the good fortune of attending the conference that you all recently hosted
in Philadelphia.
And I have to say that when you talk about a community, that was one of the things that
really struck me about the event, was that there was really a strong sense of community
among the people who were there.
Yeah, I think that makes our events different than a lot of others in this space, whether
it's a cybersecurity conference or a marketing conference or any other type of conference.
When you come to Cyber Marketing Con or any other event that we hold,
or even in our digital community, we try to embody this vibe.
It is that of community. It's that of welcoming.
It's that of openness and that of friendliness and helping each other.
There might be people from different companies coming to Cyber Marketing Con.
They might compete, but at Cyber Marketing Con and in the Cyber Security Marketing Society,
we're all marketers helping each other.
Go ahead.
I was just going to add, I think the secret to that kind of really strong sense of community
is the trust that we were able to earn from the community. Both Gianna and I started this as marketers.
We understand the challenges of marketing teams
and what it's like a day in the life
as a marketer that works in cybersecurity.
And we hold that to heart and we're really humbled
that we have earned that trust and we're able to keep it.
And so I think, and I say this jokingly sometimes,
I think if we host the next Cyber Marketing Con on the moon,
there's gonna be a lot of people that'll follow us there.
But you know, we do have a space podcast,
so maybe we could do a team up there.
That'd be wonderful, right?
I know I'm really curious,
when it comes to actually marketing the organization, do you feel an extra sense of pressure there that, you know, there's that whole thing about how the Cobblers
kids have no shoes, but is there an extra pressure that you have to be perfect with
marketing your own organization or does that sense of community kind of lift you up and
carry you along that journey as well? Oh boy
I mean, I think we put that pressure on ourselves
Both Gianna and I tend to be super ambitious humans lots of crazy ideas every day
We're always thinking of new business ideas. It's it's that kind of
Dynamic and culture that we've been able to build
So I think we put that pressure on ourselves.
And also I think it's super exciting because a lot of times we had in our previous jobs,
we had ideas to create new campaigns or new strategies and at times we're not able to.
So this is the time to try some crazy ideas that we've had for a while.
And if we fail, then we fail that we've had for a while. And if we
fail, then we fail, we learn and give back up. And I think the community is a forgiving
one. We all come together with our, we call them cyber beers and cyber tears. So we celebrate
our wins, but then also come together and able to cry and vent and give each other advice
on how we can get back up and do better next
time.
So yeah, I think the pressure is from us.
We're our most, our biggest critic, if anything.
Gianna, you concur?
I absolutely can concur there.
And I will add, since we were in the seat of the marketer and we're marketing to essentially
ourselves, I do think we're kind of good at it too.
So I'll say that.
I'll say, you know, we're doing a pretty good job.
But getting again, going back to the conference and witnessing all those folks together, there
really was a sense of mentorship.
You could tell you could see, you know, looking at people sitting around a table that these people who are, some of them are early on in their career and some of them are the more
seasoned veterans and you could see those conversations that back and forth happening
in real time. And so hats off to you for creating those opportunities.
Thank you. I mean, people are surprised by how many senior-level and executive-level
folks are in the Cybersecurity Marketing Society and attend our events and meetups and conferences.
So it's not just entry-level folks, it's a mix across all levels of an organization and
across every category as well in marketing. There's product marketers, the CMO is there,
there's social media marketers, there's content, demand gen,
digital, just anyone you could think of, even tons of security people who have podcasts.
So people are surprised, but that melting pot of different levels and different industries
makes our community so interesting and makes it so dynamic.
You have someone you could talk to who's at your level who understands your problems,
but then there's someone maybe a few years behind you and you're able to reach down and help them climb that
ladder or solve a problem because you've been there and it's like second nature to you,
but it's not to them and it feels so good to help someone in that way.
And I think the members of our community, I don't know, you know, I think the vibe that
we've put forth and the culture that we've created brings helpful
people into the society and to our conferences.
And that makes it exactly how you described, Dave, where folks from all different levels
are mixing.
The other thing that I think is really key is that it is a balance between critical mass
of having enough people there that you feel as though
there's something happening here.
There's a communal energy, but also small enough
that you can see that person across the room and say,
hey, that's someone I wanna talk to,
and there's time to make that connection.
Yeah, there's definitely a very small community feel to our conference, even though we've
grown to about 500 people at the last one.
So still a small conference, but nothing of the likes of our state conference or mega
conferences, South by Southwest, these huge conferences.
We still have that small feel because we are still essentially a small conference.
What you were saying with, you can look across the room and see someone you know
or feel like you could talk to them.
That is because of the culture we've built.
And it is because a lot of our attendees
come from our community.
So they know each other from our Slack community
or from our virtual meetups.
They've seen each other.
And a lot of the times there's this like spark
of realizing, hey, there's that person,
that person I now consider a colleague or a friend who's across the room and I feel like I
could go there and talk to them. And it's also something we intentionally do. We do a lot of
matchmaking. We do a lot of building interpersonal connections before the conference, during the
conference, and after the conference. So we'll try to make people match up before they meet
so they could meet professionally and talk about professional topics,
you know, find someone who can help them in their career.
And at the conference, we do speed networking.
We try to our best to make it so that everybody at the show
can meet everybody else at the show.
And then even if the conference gets a little bigger,
it still feels really
small.
Yeah, I would second that. One example at the conference is we had the buddy program.
So we had stickers on everybody's badge and everybody had to find the matching sticker.
And that was such a cool activity. And we loved seeing how people were so excited to
find theirs. And we had also a WhatsApp group that had everyone in it.
And that's where people were making plans for dinner
and networking and meetings.
We tried to find the things that we wish we could see
in other conferences and we implement them at ours.
And we try them and see what the feedback is
from the attendees.
And it's been positive one so far.
Yeah, absolutely.
Well, Gianna Whitver and Maria Velasquez are co-hosts
of the Breaking Through in Cybersecurity Marketing podcast.
You can find that right here on the N2K Podcast Network
and also wherever you get your favorite podcasts.
Ladies, thank you so much for taking the time for us today.
Thank you so much for having us.
Thank you, Dave for having us.
Thank you, Dave.
That's Gianna Whitver and Maria Velasquez from the Breaking Through in Cybersecurity
Marketing podcast.
Be sure to subscribe wherever you get your favorite podcasts. And now, a message from our sponsor Zscaler, the leader in cloud security.
Enterprises have spent billions of dollars on firewalls and VPNs, yet breaches continue
to rise by an 18% year-over-year increase in ransomware attacks and a $75 million
record payout in 2024.
These traditional security tools expand your attack surface with public-facing IPs that
are exploited by bad actors more easily than ever with AI tools.
It's time to rethink your security.
Zscaler Zero Trust Plus AI stops attackers by hiding your
attack surface, making apps and IPs invisible, eliminating lateral movement, connecting users
only to specific apps, not the entire network, continuously verifying every request based
on identity and context, simplifying security management with AI-powered automation, and detecting threats
using AI to analyze over 500 billion daily transactions.
Hackers can't attack what they can't see.
Protect your organization with Zscaler Zero Trust and AI.
Learn more at zscaler.com slash security. This episode is brought to you by Samsung Galaxy.
Ever captured a great night video only for it to be ruined by that one noisy talker?
With audio erase on the new Samsung Galaxy S25 Ultra, you can reduce or remove unwanted
noise and relive your favorite moments without the distractions.
And that's not all.
New Galaxy AI features like NowBrief will give you personalized insights based on your And finally, it was a calm Sunday morning when Alicia Riley received an email about
an Ebola outbreak at UC Santa Cruz.
As a disease expert, she panicked until she clicked the link and realized she was the
outbreak.
It was just a fishing test from the university's IT department.
Cue her rage. Fishing drills meant to
educate employees have become more elaborate and infuriating. According to
the Wall Street Journal, some tests dangle lost puppies, open enrollment
links, or even free Eagles tickets, which shockingly worked. One cybersecurity pro
once made a NASA employee cry by promising a trip to see the final space
shuttle launch.
But do these tests actually work?
Studies suggest not really.
One found they made people more susceptible to phishing.
And when tests go too far, like pretending Ebola is on campus, they undermine trust in
real alerts. Some workplaces
punish clickers harshly. One hospital revokes email access or even fires repeat offenders.
There's an argument that having employees worry that their organization is actively trying
to deceive them is, in the long run corrosive. So lessons learned?
Cybersecurity is important, but so is not causing mass hysteria.
These are challenging times, and a lot of people
are feeling anxious about a lot of things.
So if your organization is using phishing tests as part
of your security awareness training,
please be mindful and dial it in.
And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the CyberWire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app.
Please also fill out the survey and the show notes or send an email to cyberwire at n2k.com.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltsman.
Our executive producer is Jennifer Ivan.
Peter Kilpey is our publisher and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Hey everyone! Grab your favorite bug and put the kettle back on the stove, because afternoon
cyber tea is coming back! This season I am joined by an all-star team of thought leaders
and industry experts to dive into the critical trends that are shaping the future of cybersecurity.
We will explore how these technologies are revolutionizing the way we work, the way we live, and the way we interact with the world around us.
And as always, we will be bringing you thought-provoking discussions and fresh perspectives on what is driving the future of cybersecurity and what leaders can do now to protect their teams tomorrow.
New episodes will be coming to you in February, every other Tuesday, so subscribe now wherever
you get your favorite podcasts.