CyberWire Daily - Former cybersecurity officials lose clearances.
Episode Date: April 10, 2025Trump targets former cybersecurity officials. Senator blocks CISA nominee over telecom security concerns. The acting head of NSA and Cyber Command makes his public debut. Escalation of Cyber Tensions ...in U.S.-China Trade Relations. Researchers evaluate the effectiveness of Large Language Models (LLMs) in automating Cyber Threat Intelligence. Hackers at Black Hat Asia pown a Nissan Leaf. A smart hub vulnerability exposes WiFi credentials. A new report reveals routers’ riskiness. Operation Endgames nabs SmokeLoader botnet users. Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. The folks behind the Flipper Zero get busy. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest Our guest is Anushika Babu, Chief Growth Officer at AppSecEngineer, joins us to discuss the creative ways people are using AI. Selected Reading Trump Signs Memorandum Revoking Security Clearance of Former CISA Director Chris Krebs (Zero Day) Senator puts hold on Trump's nominee for CISA director, citing telco security 'cover up' (TechCrunch) Infosec experts fear China could retaliate against tariffs with a Typhoon attack (The Register) New US Cyber Command, NSA chief glides in first public appearance (The Record) LARGE LANGUAGE MODELS ARE UNRELIABLE FOR CYBER THREAT INTELLIGENCE (ARXIG) Nissan Leaf Hacked for Remote Spying, Physical Takeover (SecurityWeek) TP-Link IoT Smart Hub Vulnerability Exposes Wi-Fi Credentials (Cyber Security News) Study Identifies 20 Most Vulnerable Connected Devices of 2025 (SecurityWeek) Authorities Seized Smokeloader Malware Operators & Seized Servers (Cyber Security News) Flipper Zero maker unveils ‘Busy Bar,’ a new ADHD productivity tool (Bleeping Computer) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
Cyber threats are evolving every second and staying ahead is more than just a challenge,
it's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping
unauthorized applications, securing sensitive data, and ensuring your organization runs
smoothly and securely.
Visit ThreatLocker.com today to see how a default deny approach can keep your company
safe and compliant.
Trump targets former cybersecurity officials, a senator blocks the CISA nominee over telecom security concerns.
The acting head of NSA and Cyber Command makes his public debut.
There's escalation of cyber tensions in the US-China trade relations.
Researchers evaluate the effectiveness of large language models in automating cyber
threat intelligence.
Hackers at Blackhead Asia pwn a Nissan Leaf.
A smart hub vulnerability exposes Wi-Fi credentials.
A new report reveals router riskiness.
Operation Endgame nabs smoke loader botnet users.
Our guest is Anushika Babu, chief growth officer
at AppSec engineer, joining us to discuss creative ways
people are using AI. And the folks behind Flipper Zero,
get busy.
It's Thursday, April 10th, 2025.
I'm Dave Bittner and this is your CyberWire Intel Briefing.
Thanks for joining us here today.
It is great to have you with us.
Yesterday, President Donald Trump signed executive orders
revoking the security clearances of Chris Krebs, former director of the
Cybersecurity and Infrastructure Security Agency, and Miles Taylor, former
Department of Homeland Security official. Both individuals had previously
criticized Trump's administration. The president also directed the Department
of Justice to investigate their actions during
their tenure.
Krebs had publicly refuted Trump's claims of election fraud in 2020, asserting the election's
integrity, which led to his dismissal at that time.
Taylor, known for his anonymous 2018 op-ed and subsequent book criticizing the Trump administration
had also faced the president's ire.
These moves are part of Trump's broader effort to address dissent within his administration.
It's hard to frame these moves as anything other than retaliatory and noteworthy that
not only did the president strip Chris Krebs of his clearance, but also
everyone with a clearance at Sentinel-1, the cybersecurity firm where Krebs is now employed.
In the legislative arena, Senator Ron Wyden has placed a hold on the confirmation of Sean
Planky, Trump's nominee to lead CISA.
Wyden's objection stems from what he describes
as a multi-year cover-up of significant vulnerabilities within the US
telecommunications sector. He insists that CISA release an unclassified report
from 2022 detailing these cybersecurity shortcomings before proceeding with
Planky's nomination. This action underscores the demand for greater transparency and accountability in addressing
national cybersecurity challenges.
Meanwhile, at a Senate hearing, lawmakers questioned Lt. Gen. William Hartman, acting
head of U.S. Cyber Command and the NSA, following the surprise firing of his predecessor, General Timothy
Hogg.
Senators from both parties voiced concern over the abrupt dismissal, calling it disrespectful
and destabilizing.
Though the hearing was brief and lightly attended, discussions touched on Cyber Command's modernization,
leadership structure, and growing cyber threats from China.
Hartman defended the dual-hat role, stressing its value for agility and unified national
security efforts.
On the international front, the ongoing trade war between the U.S. and China has increasingly
extended into cyberspace.
China has initiated an antitrust investigation into Google
and imposed new tariffs and export controls
in retaliation against US economic measures.
These actions highlight the deepening complexities
of cyber diplomacy and the intertwining
of economic policies with cybersecurity strategies.
Collectively, these events depict a turbulent period for U.S. cybersecurity policy, characterized by internal political disputes, leadership uncertainties, and intensifying international
cyber conflicts.
The outcomes of these developments will likely have profound implications for the nation's cybersecurity posture and its approach to global cyber diplomacy.
A recent study by Mezzi, Masachi, and Tuma evaluates the effectiveness of large language
models in automating cyber threat intelligence tasks.
Using a data set of 350 real-world CTI reports, the researchers assessed LLM's performance
under zero-shot, few-shot, and fine-tuned conditions. The findings reveal that LLMs
struggle with processing full-length CTI reports, exhibiting inconsistencies and overconfidence
in their outputs. Even with few-shot learning and fine-tuning, improvements were limited.
The study highlights concerns about deploying LLMs in CTI scenarios, emphasizing the need
for human oversight due to the critical importance of reliability and confidence in cybersecurity
contexts. Researchers at PC Automotive revealed a set of vulnerabilities
in 2020 Nissan LEAF electric vehicles
that allow attackers to remotely hack the car
via its infotainment system's Bluetooth.
Demonstrated at Black Hat Asia 2025,
the exploit enables spying, like tracking location and recording in-cabin conversations,
and physical control of features like doors, lights, and even the steering wheel while
in motion.
The flaws, now assigned eight CVEs, were confirmed by Nissan, which pledged ongoing cybersecurity
improvements without revealing specific mitigations.
A critical vulnerability in the TP-Link Toppo H200 Smart Hub exposes users' Wi-Fi credentials
due to plain text storage and firmware.
Attackers with physical access can extract these credentials, potentially compromising the entire home network.
Rated medium severity at 4.4, the flaw affects firmware version 1.4 or earlier.
Discovered by Mumbai-based researchers, the issue underscores persistent IoT security
concerns.
The hub connects and controls smart devices, making the vulnerability a
serious risk despite the need for direct device access.
ForeScout's 2025 Riskiest Connected Devices report reveals routers are now the riskiest
devices in enterprise networks, responsible for over half of the most critical vulnerabilities.
Device risk overall has jumped 15% from last year, while computers hold the most bugs,
routers, firewalls, and ADCs top the list for severity, often exploited as zero days.
The top 20 riskiest device types now include 12 newcomers like point-of-sale systems and
healthcare workstations.
IOMT devices also carry major threats.
Retail leads in risk exposure, followed by finance, government, healthcare, and manufacturing.
Over 50% of non-legacy Windows devices across sectors still run Windows 10, nearing end of support.
There's also a shift away from encrypted SSH to unencrypted Telnet.
Forescout warns modern threats span IT, IoT, OT, and IOMT, demanding broader cross-domain
security strategies. Law enforcement in Europe and North America arrested five users of the Smokeloader botnet
service during the second phase of Operation Endgame.
These individuals used the malware for cybercrimes like ransomware deployment, crypto mining,
and surveillance.
This marks a shift in enforcement focus from infrastructure to
the end users of malware. Europol identified suspects via a database
seized from the operations 2024 first phase. Smokeloader, active since 2011,
remains a potent modular malware despite earlier takedowns thanks to cracked
versions. It uses sophisticated evasion techniques and encrypted communication to install various
payloads.
Some arrestees ran small-scale crime-as-a-service operations.
Cooperation by suspects has yielded new intelligence.
Operation Endgame is ongoing, with Europol launching a portal for tips and updates.
Security researchers are countering the threat with custom tools like Smokebuster.
Coming up after the break, my conversation with Anishiko Babu from AppSec engineer.
We're discussing creative ways people are using AI.
And the folks behind the Flipper Zero get busy. Stay with us.
Bad actors don't break in, they log in. Attackers use stolen credentials in nearly 9 out of 10 data breaches, and once inside,
they're after one thing, your data.
Veronis' AI-powered data security platform secures your data at scale.
Across LAS, SAS, and hybrid cloud environments,
join thousands of organizations who trust Veronis to keep their data safe.
Get a free data risk assessment at Veronis.com.
Anushika Babu is chief growth officer at AppSec engineer. I recently caught up with her to discuss some of the creative ways people are using AI.
So Dave, the thing is, I think marketing was literally the first chess piece to fall when AI really
started becoming very commercial.
I think marketing departments started to shrink, especially because a lot of marketing work
today, especially in technology and SaaS companies, much like the ones that we are part of, have
a lot of fact that can be trimmed, a lot of repetitive tasks.
And so I feel like a lot of people kind of fell on that
as the very first thing that they wanted to like root out
and like cut the fat, so to speak.
But I don't think like there was all that much method
to the madness right at the beginning.
Today, I think people have taken less of a,
oh my God, I'm going to lose my job kind of stance and more of a, oh, this is a great tool.
I can totally use this to improve my workflows and make markups a little more efficient. And then
using it to integrate better visibility between marketing and sales and mark ops and
making it less of a working in silos kind of thing. For instance, one of the best users that I have
seen lately, just to give you a problem statement around this issue first, is that the marketing guys are always going to be working in a silo away from sales,
and then sales is always working away from mark ops.
And then one of the things that I have seen that has brought in an integration
that has never been possible before is just at scale. People have been downloading AI written out sales transcripts of demo calls.
And then one of the amazing things that marketing is doing is finding patterns within these
transcripts of problems that the customers are facing or objections that are constantly being
raised, other competitors that they hadn't thought of, and things like that.
And they're finding patterns that were not there before, which, yes, benefits the sales
team, but also drives into the marketing material that is put out.
So I love that this loop is being closed, which was never quite possible when humans
are involved, human egos are involved, and sales doesn't want to give too much information
to marketing and vice versa. And this problem has kind of been solved by such a simple thing
as just a sales transcript, a demo called transcript that is being written out by AI
and pattern finding at scale.
Yeah, that's a really interesting use case.
I mean, are you finding that in general,
this is a companion piece that these AI tools are helping
to take away some of the grudge work that folks have to do
that takes up a lot of time that frustrates them?
Yes, exactly.
So, I mean, that's, that's the part that makes it fun, right?
Because there does not have to be that much fear around it.
It is a tool like anything else.
And if you take a step back and really see it for what it is, it is a tool and
it can be used to do amazing things and be able to make you more competitive in
a very, very clustered and, you know, tight kind of market.
It can give you a little bit of edge if you look at it correctly.
What are some of the potential perils here? I mean, we've certainly heard
about AI platforms hallucinating and things
like that. I mean, this sort of thing requires some
oversight.
Yeah.
So one of the things that I teach
in some of my workshops is also,
don't back your AI into a corner, right?
Because it will get, it will be forced to lie
and it will lie.
So one of the things that we actually,
we did this experiment in one of my workshops is,
you write out a prompt that basically gives the AI an idea of
exactly what outcome you're hoping to get in the sense that,
I really hope that this place is, for example,
if you were trying to really get an outcome from
your AI that a kangaroo uses all four limbs,
and you keep pushing at that in your prompt.
You say something like,
oh, when the kangaroo uses its front four limbs, for example,
if you start the prompt that way,
you're basically backing the AI into a corner
and creating a situation where it will hallucinate,
and it will give you the answer that you're trying to get out of it.
Unfortunately, yes, it does that. it will hallucinate and it will give you that the answer that you're trying to get out of it.
Unfortunately, yes, it does that.
So the idea is to learn prompt engineering
that's accurate, formatted correctly,
there is a right and wrong way to engineer prompts.
It has to have a format, it has to have a context,
it has to have an audience for who is going to be using
the outcome of that prompt, stuff like that, right?
So there's a whole anatomy to a prompt
that you have to go around and try not to like drop in hints
about what would make you happy.
For the cybersecurity marketers in our audience, what are your recommendations in terms of
getting started with these tools?
Where are some of the good places to begin?
I think one of the places that cybersecurity marketers have a lot of difficulty with is
content marketing.
I feel like that might be the hardest part. One, because a lot of people
that you will be working with that are very technical are also very camera shy and they hate
being in front of the camera and they hate talking and they hate putting out that kind of marketing
content and the content that requires you to be in some way a little bit exposed. So that bothers them.
So one of the things that I found
cybersecurity marketers to embrace is
something as simple as Descript or one of those tools.
So basically, it is just a video recording tool,
which lets you edit by deleting text.
It comes out like a document and then you edit by deleting text. That's it. It comes out like a document,
and then you edit the document,
and that edits the video,
which is very useful because a lot of these guys
are not gonna be video editors per se,
but tools like that really do help.
I have also found that simple,
just sales transcribing tools,
sales demo transcribing tools work really well.
I know of marketers who are using Gong a lot,
and they use that to get
the sales transcripts and be able to identify patterns.
I think they also do love the customer survey stuff.
So basically, they just get a lot of the most recent surveys
that have gone out and just the results of it
in like a spreadsheet,
convert that into a CSV and upload it to AI.
And even when you have like 5,000, 6,000 data points,
especially when you have 5,000, 6,000 data points
and you don't want to have to go through all of that
in a customer sheet, in a customer sheet.
In a survey sheet, one of the excellent things that AI is able to do is find patterns of
displeasure, annoyance that your customers might have, which will come out in surveys.
It can even suggest a better format for a survey the following time, depending on what redundancies are there in that one.
Yeah, I mean, there are so many, honestly, it's so good.
Another one is the social media scheduling and knowing.
Social media listening, I feel,
is even more important because you're getting the idea
of customer sentiment across
entire social media channels, which would have been impossible to track in any other
way.
I guess it's fair to say that these tools are here to stay.
Yep, they're here to stay.
And I mean, I don't think it's wise to imagine that it's a trend.
I do think the fear of it is a trend.
I do think the hype around it is a trend also in a way,
but the overall, the amount of things it is going to change,
it's like what the calculator did to math, right?
Like everybody has gone up in terms,
like as soon as the calculator came out,
math became harder because obviously you have that tool.
So you can allow for students, for example,
to rise to the occasion and just get better at it.
It's the same thing with the AI.
It's another tool that has come out
that will change the way marketers market also.
And so you just rise to the occasion.
That's Anushiko Babu, Chief Growth Officer at AppSec engineer.
Do you know the status of your compliance controls right now? Like right now.
We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta. Here's the gist, Vanta brings automation to evidence collection
across 30 frameworks like SOC 2 and ISO 27001. They also centralize key workflows like policies,
access reviews, and reporting, and helps
you get security questionnaires done five times faster with AI. Now that's a
new way to GRC. Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber for a thousand dollars off.
And finally, our neurodiversity desk tells us Flipper Devices, the same crew that gave security pros their beloved flipper zero,
also known as the swiss army knife of wireless mischief, is stepping into productivity with
a new sidekick, the busy bar.
But instead of sniffing RF signals, it's blocking distractions like a digital bouncer for your
brain.
Designed with ADHD in mind, and honestly, anyone who's ever tried writing a report
while Slack explodes, Busy Bar brings a hacker's sensibility to focus.
It packs a Pomodoro timer, LED display, tactile fidget buttons, and ties into the Busy mobile
app to silence alerts, wrangle smart home devices,
and beam a big do-not-disturb sign to the world.
Flip into busy mode and your environment autotunes.
Notifications vanish, blinds drop,
and lights dim like it's time to crack a CTF challenge.
With Apple and Google Home integration,
your workspace becomes your
Ops Center. Coming soon for just $249 bucks because operational security
starts with personal focus. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating
and review in your favorite podcast app. Please also fill out the survey in the show notes
or send an email to cyberwire at n2k.com.
N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed
by Trey Hester with original music and Sound Design by Elliot Peltzman.
Our executive producer is Jennifer Iben.
Peter Kilpe is our publisher and I'm Dave Bittner.
Thanks for listening.
We'll see you back here tomorrow. Looking for a career where innovation meets impact? Vanguard's technology team is shaping
the future of financial services by solving complex challenges with cutting-edge solutions.
Whether you're passionate about AI, cybersecurity, or cloud computing, Vanguard offers a dynamic and
collaborative environment where your ideas drive change. With career growth
opportunities and a focus on work-life balance, you'll have the flexibility to
thrive both professionally and personally. Explore open cybersecurity
and technology roles today at Vanguardjobs.com.