CyberWire Daily - Hackers beware, fines are in the air.

Starting point is 00:00:00 You're listening to the CyberWire Network powered by N2K. Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting-edge solutions. Whether you're passionate about AI, cybersecurity, or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work-life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity

Starting point is 00:00:43 and technology roles today at VanguardJobs.com. The UK unveils the full scope of its upcoming Cybersecurity and Resilience Bill. Apple warns of critical zero-day vulnerabilities under active exploitation. The Interlock Ransomware Group claims responsibility for a cyberattack on National Presto Industries. Microsoft flags a critical vulnerability in Canon printer drivers. Checkpoint Software confirms a data breach. The FTC warns 23andMe's bankruptcy trustees to uphold their privacy obligations. A Canadian hacker has been arrested and charged for allegedly breaching systems tied to the Texas Republican Party.

Starting point is 00:01:35 A GCHQ intern pleads guilty to stealing top-secret data. On our Threat Vector segment, David Moulton speaks with Richitu Chanakeshva, Senior Product Manager at Palo Alto Networks, about the urgent need for organizations to prepare for a post-quantum world, and the confabulous hallucinations of AI. No foolin', it's Tuesday, April 1st, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us. It's always great to have you with us. The UK has unveiled the full scope of its upcoming Cybersecurity and Resilience Bill aimed at boosting protection for critical national infrastructure. Tech Secretary Peter Kyle outlined three main pillars, expanding which organizations must

Starting point is 00:02:46 comply, strengthening regulatory powers, and giving the government flexibility to update rules quickly as threats evolve. Failing to meet directives, such as patching known vulnerabilities, could result in fines of £100,000 per day or 10% of annual turnover. Additional changes under review include adding data centers and publishing a unified strategy for regulators. The bill mandates faster incident reporting within 24 hours for significant breaches and aligns more strictly than EU and US counterparts. The urgency comes amid rising threats. Cyberattacks on UK utilities surged 586% in 2023.

Starting point is 00:03:32 Experts warn the plan, while crucial, demands sustained investment and staff training. The CSR bill is expected to enter parliament later this year, reflecting a sharp push to modernize UK cyberdefences. Apple has issued an urgent security alert addressing three critical zero-day vulnerabilities actively exploited in sophisticated attacks.

Starting point is 00:03:57 These flaws affect iPhones, iPads, Macs, Apple Watches, Apple TVs, and Vision Pro devices. One allows attackers with physical access to bypass USB restricted mode, while another lets malicious web content escape Safari's sandbox. The third involves a use-after free bug in core media that could lead to privilege escalation. Apple has released security patches for all affected systems and urges users to update immediately. The company also recommends avoiding untrusted apps, enabling lockdown mode, and activating automatic updates.

Starting point is 00:04:37 The vulnerabilities were discovered by security researchers, including the Citizen Lab, and are being exploited in targeted attacks. The Interloch Ransomware Group has claimed responsibility for a March 1 cyberattack on National Presto Industries, a company known for home appliances and military-grade ammunition. The attack, confirmed via Interloch's leak site reportedly involved data theft of nearly three million files. Though the company initially disclosed the incident without naming ransomware, the leak suggests multiple subsidiaries, including National Defense Corporation and Amtech, were

Starting point is 00:05:17 impacted. Interloch says extortion efforts failed after the company downplayed the breach's significance and claimed to have fully restored operations. Microsoft's Offensive Security team has disclosed a critical vulnerability affecting Canon printer drivers with a severity score of 9.4. The flaw impacts several Canon printer models using older driver versions and could allow attackers to halt printing or execute arbitrary code via malicious applications. Canon urges users to update drivers from its website. The vulnerability in EMF recode processing highlights ongoing risks tied to outdated drivers and the threat of BYOVD-style attacks. BYOVD stands for Bring Your Own

Starting point is 00:06:07 Vulnerable Driver. It's a technique used by attackers where they install a known vulnerable driver onto a system to exploit its weaknesses, usually to gain higher privileges like kernel-level access. Checkpoint Software has confirmed a data breach tied to claims by threat actor Core Injection but insists the incident occurred in December 2024, involved limited access, and posed no risk to customers or systems. The company says compromised credentials gave access to a small portal, exposing basic account and contact information

Starting point is 00:06:45 from three organizations. However, cybersecurity expert Alon Galle challenged this, pointing to leaked data showing over 121,000 accounts and admin-level access, far exceeding Checkpoint's description. He also noted the absence of any public SEC disclosure from December. The breach surfaces amid ongoing scrutiny of Checkpoint's security posture, including past vulnerabilities in its VPN and security gateway products. While Checkpoint downplays the breach as recycled data, experts continue to raise questions about the scope, access level, and transparency surrounding the incident.

Starting point is 00:07:27 The Federal Trade Commission has warned 23andMe's bankruptcy trustees that any sale of the company's assets must honor its prior promises to consumers about privacy and data security. Filed under Chapter 11 on March 23, 23andMe holds sensitive genetic and health data from millions of users. FTC Chair Andrew Ferguson emphasized that any buyer must uphold the company's commitments, including restrictions on sharing personal data without user consent or legal orders. The FTC insists these assurances remain binding under bankruptcy law. This comes amid ongoing scrutiny following a 2023 data breach affecting roughly 6.9 million users leading to a $30 million settlement. That breach exposed genetic and ancestry data through a credential stuffing attack. The DOJ also stated it is monitoring the case

Starting point is 00:08:25 closely to protect consumer data. 23andMe has not yet commented on the FTC's position, but continues offering users the option to delete their data or revoke research consent. Canadian hacker Aubrey Cottle, known online as Kurtainer and linked to the anonymous collective, has been arrested and charged in the U.S. for allegedly breaching systems tied to the Texas Republican Party. U.S. prosecutors say Cottle hijacked Epic, a hosting provider for the Texas GOP and Texas Right to Life, stealing personal data and sharing it publicly. The complaint, unsealed in Texas, includes evidence of Cottle taking credit for the hack

Starting point is 00:09:11 on Discord and TikTok. A 2022 raid on his Ontario home uncovered 20 terabytes of stolen data. He faces charges of unlawfully using identifying information and up to five years in prison if convicted. Cottle has previously targeted conservative platforms and appeared in media discussing anonymous operations. The FBI and Canadian authorities have been investigating him since 2022. The hack was reportedly in protest of Texas' abortion laws and resulted in widespread data

Starting point is 00:09:46 leaks from Epic Hosted sites. Hassan Arshad, a 25-year-old student on placement at the UK's GCHQ, pleaded guilty to stealing top-secret data. On August 24, 2022, just days before his year-long placement ended, Arshad took his phone into a secure area, downloaded classified information, including names and a highly valuable tool, and later transferred it to a hard drive at home. Prosecutors say the stolen software cost taxpayers millions. He admitted violating the Computer Misuse

Starting point is 00:10:26 Act and claimed curiosity motivated his actions, not financial gain. Investigators also found indecent images of a child on his devices, to which he previously pleaded guilty. Arshad, formerly part of GCHQ's internship program, faces sentencing on June 13th and remains on bail under restrictions, including a dark web ban. His lawyer described the act as reckless, while the judge warned a custodial sentence is likely. Coming up after the break on our Threat Vector segment, Dave Moulton speaks with Ritu Chanakeshva, Senior Product Manager at Palo Alto Networks. They're discussing the urgent need for organizations to prepare for a post-quantum world.

Starting point is 00:11:21 And the confabulous hallucinations of AI. Stick around. Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers. So I decided to try DeleteMe. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data

Starting point is 00:12:01 brokers. I finally have peace of mind knowing my data privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for DeleteMe. Now at a special discount for our listeners,

Starting point is 00:12:21 today get 20% off your DeleteMe plan when you go to joindeleteme.com slash n2k and use promo code n2k at checkout. The only way to get 20% off is to go to joindeleteme.com slash n2k and enter code n2k at checkout. That's joindeleteme.com slash and 2k code and 2k Are you frustrated with cyber risk scores backed by mysterious data zero context and cloudy reasoning? Typical cyber ratings are ineffective and the true risk story is begging to be told. It's time to cut the BS. BlackKite believes in seeing the full picture with more than a score. One where companies have complete clarity in their third party cyber risk using reliable quantitative data.

Starting point is 00:13:21 Make better decisions. Reduce your uncertainty. Trust BlackKite. On our latest threat vector segment, Dave Moulton speaks with Ritu Chanakeshva, Senior Product Manager at Palo Alto Networks. They're discussing the urgent need for organizations to prepare for a post-quantum world. Hi, I'm David Moulton, host of the Threat Vector Podcast, where we discuss pressing cybersecurity threats and resilience and uncover insights into the latest industry trends. If you care about encryption, sensitive data, or what the future of cybersecurity looks like, you should check out my recent episode of Threat Vector.

Starting point is 00:14:12 We're tackling quantum computing. Not just what it is, but why it matters now, even if quantum computers are still a few years or decades away. Why should everybody care about it? And why should everybody start doing something around this migration today? The bigger problem with cryptography is that painfully slow migration process. I'll talk with Richu Chhinakeshwar, a senior product manager here at Palo Alto Networks, who's leading efforts around post-quantum cryptography.

Starting point is 00:14:41 You won't want to miss this episode. Subscribe now. Ritu, welcome to Threat Vector. I am so excited to have you on the show today. Thank you, David. Thank you for having me. Ritu, I look around and I see classical computing, quote unquote classical computing everywhere, laptops, phones, the cars we drive, right?

Starting point is 00:15:04 Those sorts of things, all the way to, you know, giant server installations in cloud compute. But what I don't know is where does one go to see quantum computing happening? Quantum computers are not meant to be your general purpose computers. So you will not see them, not in the history of it, at least as far as I can tell today,

Starting point is 00:15:27 you will not see them as a daily use for a general purpose application. Instead, what quantum computers are is for a very niche set of computations, which are complex, which require quadratic speeds, which are mathematical algorithms, which have not been kind of force tested on the classical supercomputers.

Starting point is 00:15:57 And if they did try, they would take billions of years, if not millions, right? So that is the niche where quantum computers can start playing a big role. They are, of course, based on a completely different set of rules. They're based on quantum mechanics. Okay. And then if I go into the technicalities, it gets to a place where a quantum bit called the qubit almost can exist. A qubit? Yeah, a qubit, Q-U-B-I-T, a qubit almost can exist. A qubit? Yeah, a qubit. Q-U-B-I-T. A qubit can exist in multiple states at once. So if you look at classical computers, it's zero or one.

Starting point is 00:16:34 It has a binary state. And at any given point, it's either zero or one or a combination of it. But with qubits, they can be at all at the same time. Okay. That's a little hard for me to grasp. What is it about that quantum state, that qubit, that makes it such a powerful computer in a different way than a classical computer? That ability to be in all the states

Starting point is 00:17:01 has to be part of it, right? Yeah, yeah. So the ability to exist in all the states has to be part of it, right? Yeah, yeah. So the ability to exist either as zero, one, or a combination of it all at the same time is a property called superposition, which means that if you have multiple different algorithms or that you, or let's say you have different states in which you want to test out an algorithm to arrive at different kinds of output to then envision a certain output being

Starting point is 00:17:35 the actual result. You can run all of those different computations at the same time. So your requirement now to run these different computations serially now becomes something that you can do parallely and you can do that on a set of qubits. So the speed at which you can arrive at different outputs is significantly reduced, right? So that's one. Second is, of course, today you require a lot more qubits,

Starting point is 00:18:09 and the mapping of a logical qubit to the underlying physical qubit has been the bigger conversation, and then error bits added to that, and so on. But once we get to a state where the overall errors can be reduced, and Google has taken a good step ahead from the last update that we heard in December 24, you will see that there are going to be less error bits required and just enough qubits to actually arrive at multiple outputs out of which one of it is going to be the right result that you're looking for. So it's more of a probabilistic solution

Starting point is 00:18:49 that quantum computers help arrive at versus something that's more deterministic or linear that classical computers focus on. So to set the stage we've got these computers that are very niche, as you put it. They're not shipping in my next smart refrigerator. Although I've seen a quantum computer at an event and they told me that most of the stuff I was seeing was actually refrigerant and ways of keeping it extraordinarily cold. Maybe we'll talk about that later. They have the ability to do something phenomenal, is to collapse time on mathematical problem

Starting point is 00:19:29 solving and that could lead to the data that we encrypt with today's best cryptographic standards no longer standing up to this type of computing. And so we need these new algorithms. And you talked about them a little bit there a second ago. Who's making the algorithms and how do we test them? And how do we know that they work if these computers aren't widespread and we have great Q&A on a concept that's being tested by another algorithm or another concept. So it is important to note that a lot of these newer algorithms

Starting point is 00:20:09 that we are going to adopt as a quantum resistant or a post quantum cryptographic algorithm is only here to be proven to be so. If there's one thing I'm taking away from this discussion with Richu, it's this. Quantum computing may not be an immediate crisis, but waiting to prepare could be a huge mistake. Check out the episode wherever you listen to podcasts. Subscribe now. Be sure to check out the Threat Vector podcast wherever you get your favorite podcasts. Is your AppSec program actually reducing risk?

Starting point is 00:21:15 Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise. High impact threats slip through and surface in production, costing 10 times more to fix. Aux Security helps you focus on the 5% of issues

Starting point is 00:21:40 that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the application security benchmark from Oxsecurity. And finally, imagine AI as that friend who, when unsure, confidently fills in the blanks with plausible-sounding fiction. Traditionally, we've termed these AI missteps hallucinations, implying sensory delusions. However, as highlighted by the publication Integrative Psych, a more fitting label is Confabulations, fabricated stories constructed to mask gaps in knowledge.

Starting point is 00:22:35 This distinction matters because, unlike humans who might see or hear things that aren't there, AI doesn't perceive, it predicts. When faced with ambiguous prompts or incomplete data, AI doesn't experience a psychedelic trip, it simply stitches together its best guess, sometimes resulting in convincing but entirely fictional outputs. Recognizing these errors as confabulations can guide us toward refining AI training methods, ensuring our digital companions are less prone to creative storytelling when they should simply admit, I don't know. And that's the CyberWire.

Starting point is 00:23:32 For links to all of today's stories, check out our daily briefing at the cyberwire.com. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire at n2k.com. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes.

Starting point is 00:24:02 We're mixed by Trey Hester with original Music and sound designed by Elliot Peltzman. Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Cyber threats are evolving every second and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted by businesses worldwide.

Starting point is 00:25:02 ThreatLocker is a full suite of solutions designed to give you total control, stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit ThreatLocker.com today to see how a default deny approach can keep your company safe and compliant.

CyberWire Daily - Hackers beware, fines are in the air.

There aren't comments yet for this episode. Click on any sentence in the transcript to leave a comment.