CyberWire Daily - Less CISA, more private sector power?
Episode Date: April 30, 2025DHS Secretary Kristi Noem justifies budget cuts in her RSAC keynote. The EFF pens an open letter to Trump backing Chris Krebs. Scattered Spider is credited with the Marks & Spencer cyberattack. Resear...chers discover a critical flaw in Apple’s AirPlay protocol. The latest CISA advisories. On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. What do you call an AI chatbot that finished at the bottom of its class in med school? Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn. CyberWire Guest On our Industry Voices segment, we are joined by Neil Gad, Chief Product and Technology Officer at RealVNC, who is discussing a security-first approach in remote access software development. Kevin on the Street Joining us this week from RSAC 2025, we have our partner Kevin Magee, Global Director of Cybersecurity Startups at Microsoft for Startups. Stay tuned to the CyberWire Daily podcast for “Kevin on the Street” updates on all things RSAC 2025 from Kevin all week. Today Kevin is joined by Ryan Lasmaili Co-Founder and CEO of Vaultree and Stan Golubchik CEO and co-founder of Contraforce, here are their conversations. You can also catch Kevin on our Microsoft for Startups Spotlight, brought to you by N2K CyberWire and Microsoft, where we shine a light on innovation, ambition, and the tech trailblazers building the future right from the startup trenches. Kevin and Dave talk with startup veteran and Cygenta co-founder FC about making the leap from hacker to entrepreneur, then speak with three Microsoft for Startups members: Matthew Chiodi of Cerby, Travis Howerton of RegScale, and Karl Mattson of Endor Labs. Whether you are building your own startup or just love a good innovation story, https://explore.thecyberwire.com/microsoft-for-startups. Selected Reading DHS Secretary Noem: CISA needs to get back to ‘core mission’ (CyberScoop) Noem calls for reauthorization of cyberthreat information sharing law during RSA keynote (The Record) Cyber experts, Democrats urge Trump administration not to break up cyber coordination in State reorg (CyberScoop) Infosec pros rally against Trump's attack on Chris Krebs (The Register) Scattered Spider Suspected in Major M&S Cyberattack (Hackread) AirPlay Zero-Click RCE Vulnerability Enables Remote Device Takeover via Wi-Fi (Cyber Security News) CISA Adds One Known Exploited Vulnerability to Catalog (CISA) CISA Releases Three Industrial Control Systems Advisories (CISA) Instagram's AI Chatbots Lie About Being Licensed Therapists (404 Media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network powered by N2K.
And now a word from our sponsor, BlackKite.
If third-party risk is keeping you up at night, you're not alone.
It's a constant battle.
BlackKite's third-party cyber risk platform is built on real-world threat intelligence,
straight from their research team's ongoing breach analysis, dark web monitoring, and
attacker tactics.
That means you get a hacker's eye view of your supply chain to proactively spot risks.
And speaking of research, they just dropped their 2025 third-party breach report, breaking
down last year's biggest trends
and what's coming next.
Grab the report now at www.blackkite.com. The Secretary of the Department of Homeland Security justifies budget cuts in her RSAC
keynote.
The EFF pens an open letter to Trump backing Chris Krebs.
Scattered Spider is credited with the Marks and Spencer cyber attack.
Researchers discover a critical flaw in Apple's AirPlay
protocol. We've got the latest advisories from CISA. On our industry voices segment,
we're joined by Neil Gad, Chief Product and Technology Officer at RealVNC, discussing
a security-first approach in remote access software development. And what do you call
an AI chatbot that finished at the bottom of its class in med school?
It's Wednesday, April 30th, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing.
Thanks for joining us here today. Once again, we are coming to you from San Francisco. The
RSAC 2025 conference is in full swing, and Tuesday's agenda was packed with 13 keynotes
and 82 track sessions. There's no shortage of insights, innovation, and inspiration. From the high-stakes RSAC Launchpad pitches to the Powerhouse cryptographers panel, the
spotlight was on AI, quantum threats, and the evolving cybersecurity landscape.
DHS Secretary Kristi Noem laid out America's cyber defense priorities, while Ron Howard
and Bryce Dallas Howard brought a Hollywood lens to tech storytelling.
And speaking of stories, panels on narrative-driven cybersecurity strategies reminded us that the way we talk about cyber risk matters just as much as how we defend against it.
AI safety and trust took center stage too, with leaders from Google, Microsoft, and beyond debating how to secure
our AI future.
In a keynote presentation, DHS Secretary Kristi Noem called on Congress to reauthorize the
Cybersecurity Information Sharing Act, a 2015 law set to expire in September.
The bill promotes data sharing between companies and the government to combat
cyber threats, offering liability protection in return.
Gnome linked the reauthorization to broader Trump administration plans to reduce CISA's
size and funding, shifting cybersecurity responsibility more toward the private sector. She defended
cuts to disinformation programs and funding for
key state-level cyber groups, arguing they streamline efforts and return money
to taxpayers. While addressing criticism, Noem assured attendees that CISA will
remain central to U.S. cyber defense. She emphasized faster state-federal
communication and announced plans to revive the Critical
Infrastructure Partnership Advisory Council.
Gnome said DHS must act more quickly and decisively, stressing cybersecurity as a core national
security mission.
Shifting gears, Kevin McGee is Global Director of Cybersecurity Startups at Microsoft, but this week at RSAC
he is doing double duty for us as Intern Kevin, our person on the show floor, grabbing insights
from friends and passersby.
In today's Dispatch, Kevin gives us insights from Ryan Lesmaley, co-founder and CEO of Vault Tree,
and Stan Galubcik, CEO and co-founder of Contraforce.
My name is Ryan Lesmaely.
I'm the chief strategy officer for Vault Tree,
an Irish cryptography tech company. Awesome, so tell me about the unique solution you have.
some big changes in the next six to eight months.
So that's also on the horizon and the team is growing at a tremendous pace.
What are you looking to accomplish at RSA?
Learning opportunities, make connections, what's your game plan?
A little bit of everything. just you on stage in a chair chatting.
I thought, I don't know about this.
Tell me quickly about the trajectory of the company
and just how fast you're growing in your space.
The problem that we are solving hasn't been solved actually extract value out of the data,
myself and Dave potentially. So a lot is going to happen.
Any big themes or any sessions or anything
you're looking forward to seeing at RSA?
I'm not too sure yet.
There's just so much.
I'm signed up and Dave as well to everything.
So we'll see.
Great.
Well, it's day one still, so there's plenty to take in.
Thanks. So, we provide a security service delivery platform, providing multi-tenant automation
for Microsoft security applications.
That's awesome, and you're here at RSA.
What are your goals?
What are you looking to see?
Yeah, goals are we're talking to some customers and partners.
We're going to be essentially showcasing our agentic AI
and really hoping to see what's going on in the cloud.
So, we're going to be talking to some of our customers
and partners about how we're talking to some customers and partners.
We're going to be essentially showcasing our
Enjantic AI and really hoping to see a lot of
good reception off of that.
Now I see a pin that says you're a finalist for award.
Tell me about that.
Yeah, so last year we won a security eyes fee
of the year with Microsoft.
We're a finalist again this year.
Hopefully we can get back to back, but we'll see.
Excellent.
What do you think the theme of the show is going to be? What are you
seeing so far? What's going to be the big takeaway?
Yeah I think the theme is agents, agents and agents. So I think we'll see more of
that in real-life application and utilization.
Awesome. Thanks a lot.
We will have more from intern Kevin later in the week.
The Electronic Frontier Foundation and dozens of cybersecurity leaders are urging President
Trump to end his investigation into former CISA chief Chris Krebs, calling it political
retaliation.
An open letter accuses Trump of targeting Krebs and his most recent employer, Sentinel-1,
for rejecting election fraud claims in 2020.
The signers argue this undermines trust in cybersecurity professionals and threatens
their ability to report truthfully.
They demand the investigation be dropped and Krebs' security clearance restored, warning
such actions endanger the entire cybersecurity
community.
Following on an earlier report, more details have emerged about the cyberattack on Marks
and Spencer, now linked to the Scattered Spider group.
Investigators believe the hackers infiltrated M&S systems back in February, gaining access
to sensitive internal documents and culminating
in the April 24 deployment of the DragonForce ransomware on M&S's virtual machines.
The fallout has been severe, contactless payments and online services remain partially offline,
click and collect is still down, and customers continue to face delays and product shortages across UK stores.
Online orders are paused entirely and gift card transactions remain disrupted.
Financial losses are mounting with an estimated £650 million hit to the company valuation
and daily revenue losses of £3.5 million, M&S has yet to announce a full recovery
timeline.
A critical flaw dubbed Airborne in Apple's AirPlay protocol exposes over 2 billion Apple
devices and millions more third-party products to remote code execution attacks without user
interaction.
Discovered by Oligo Security, the vulnerabilities affect Macs, iPhones,
CarPlay vehicles, and smart devices on the same Wi-Fi network.
The flaws exploit how AirPlay processes property list data, enabling
zero-click attacks, memory corruption, and lateral movement across networks.
Notably, third-party speakers and over 800 CarPlay-enabled car models are also at risk.
Apple has patched the vulnerabilities in recent updates, but many third-party devices may
remain unprotected due to slow firmware rollouts. Oligo urges users to update devices, disable AirPlay if unused, and restrict network access.
While no active exploits have been reported, the threat underscores serious risks in widely
integrated protocols and the ongoing challenge of securing long-lived IoT ecosystems.
CISA has released three new advisories focused on industrial control systems.
First up, vulnerabilities in Rockwell Automation's Thin Manager could allow attackers to exploit
memory handling and default permission issues.
Delta Electronics' ISPsoft is also under scrutiny, facing stack-based buffer flow overflows and out-of-bounds write flaws,
serious risks for automation environments. Meanwhile, Lantronics' export devices received
an update to a previous advisory, although full details remain limited.
CISA also added a new entry to the known exploited vulnerabilities catalog. It's an actively exploited flaw in SAP NetWeaver that allows unrestricted file uploads,
opening the door to potential remote takeovers. The message from CISA is
clear. Patch now, especially in ICS environments.
Coming up after the break, my conversation with Neil Gad from RealVNC discussing a security first approach in remote access software development.
And what do you call an AI chatbot that finished at the bottom of its class in med school?
Stick around.
Let's be real. Navigating security compliance can feel like assembling IKEA furniture without the instructions. You know you need it, but it takes forever and you're never quite sure if you've done
it right.
That's where Vanta comes in.
Vanta is a trust management platform that automates up to 90% of the work for frameworks
like SOC 2, ISO 27001, and HIPAA, getting you audit-ready in weeks, not months.
Whether you're a founder, an engineer, or managing IT and security for the first time,
Vanta helps you prove your security posture without taking over your life.
More than 10,000 companies, including names like Atlassian and Quora,
trust Vanta to monitor compliance, streamline risk,
and speed up security reviews by up to five times.
And the ROI?
A recent IDC report found Vanta saves businesses over half a million dollars a year and pays
for itself in just three months.
For a limited time, you can get $1,000 off Vanta at vanta.com slash cyber.
That's v-a-n-t-a.com slash cyber.
Secure access is crucial for U.S. public sector missions.
Ensuring that only authorized users can access
certain systems, networks, or data.
Are your defenses ready?
Cisco's Security Service Edge delivers comprehensive protection for your network and users.
Experience the power of zero trust and secure your workforce wherever they are.
Elevate your security strategy by visiting Ciscoisco.com slash go.sse
that's c-i-s-c-o.com slash g-o slash s-s-e
Neil Gad is Chief Product and Technology Officer at RealVNC, and in today's sponsored industry voices segment, we discuss a security-first approach in remote access software development.
So I have 20 years experience as a tech leader, senior executive, and business strategist. I've been with RealVNC
since 2023. Prior to RealVNC, I had a consulting career with Boston Consulting Group. I have a
background in manufacturing, in pharmaceutical manufacturing in particular, and steel manufacturing. So basically I have been what is now client side and so these
kinds of manufacturing companies are now the customers of
RealVNC. So I've come full circle. So I was brought in to
bring a customer perspective of working in these kind of
industries to then bring that into how we think about our
product.
Well, let's talk about remote access development
and bringing a security first approach to that.
I mean, for folks who aren't familiar with it,
how do you describe that?
Security has to be in the DNA of how you think about the product.
We have the highest security standards in the industry.
We have to have a bulletproof product that our customers know and trust. And so when we think about product development, we have
an amazing security and QA team here. I consult with the team, they advise me on
how to think about the product from the ground up. And so it's really like in the
underlying architecture and build of the product,
it that the security is built into the DNA. So in terms of how the encryption work, permissions, how customers think and use the product, we think about how external hackers
would try and attack the product. And we kind of think about all of this from the ground up before
we do any build whatsoever. So this kind of has to be in the way that of think about all of this from the ground up before we do any build whatsoever.
So this kind of has to be in the way that you think about approaching a feature, a new product
and we are really, really proud that this is ingrained in how we work. We make sure that we
think about this from customer perspective, from the threats that are facing our customers, and we really base this at the heart of all of our product development.
Well, as you say, I mean, this is a ground-up effort,
and is it fair to say that not all organizations approach development in this way?
I think that is true.
I think that it's really hard to put yourself in the position where you're saying, well,
how could this go wrong or be attacked or think like a hacker is a cliche.
But you kind of have to think about it from that perspective before you think about the
user journey of the normal user, you kind of have to think about the malicious user
that's going to attack it and penetrate the product.
So if you think about this first, I think it's really, really hard to do that.
Because what you really want is to create value
for your customers by making the user
journey as easy as possible, which we do.
We're really proud to say that we do think this way.
But you first have to get over the security
way of thinking before you can unlock then, OK,
now within this framework, within these boundary
conditions, how do we actually create a user journey that makes sense?
And I'm really proud.
At RealVNC, we have customers that
have been with us for 25 years.
How they use the product is now ingrained
into their working behaviors and patterns.
And so we've kind of delivered something
that they can use subconsciously and really, really easily.
And it's over the hurdle of the security
that's built in from the ground up.
Well, take us through how you go about
balancing usability and security.
It strikes me that there's kind of a natural tension
between those two things.
Yeah, yeah, absolutely there is.
Like I said, I think it's about working with security professionals first and understanding
the boundary conditions to work within.
For example, we just released a new product.
It's called version 8.
It has some features that we're really proud of.
There's a feature called Code Connect, which is a way of allowing people from outside your
organization one-time access
to help manage a device. So you could be a manufacturing company, you have OEM
equipment, you want a technician from that OEM to come and help manage your
machine. This feature that we built allows you to do that in a controlled and
time-limited way. So when we were building this, it was really,
really important that we worked with our security team first
before we went and built it and designed it.
So our security team gave us a framework within which to work.
And so we're pleased that then what came out the other side
is something that we think is industry-leading in terms
of the security stance of this feature.
So I think we can say that it's the most secure version
of this feature that exists in the remote access space.
And we can do that because we first
spent a lot of time working with our security professionals who
helped us understand how this could fail.
And this was built in from the ground up.
And so it's really, really then really rewarding when you're
able to produce something that is an elegant feature,
but actually you started off by having these challenging
conditions that were set.
So that's the way we go about it.
It's a really difficult balance to strike because what you want
to do is make the thing easier and have less friction. The way of doing that at RealVNC is that we try and create the friction at the first step and then
we try and reduce the friction through the user journey without compromising on security. So I
think that that's like a really powerful approach that we have here and hopefully our customers see
that and hopefully it means that we can say that
we are the most secure of the remote access platforms that are out there.
Help me understand what sort of things are customers looking for in remote
access solutions? In the day-to-day experience that you have with them, what
are they asking for? Yeah, security is usually the number one question. And I've described a lot how we're
able to reassure our customers that we have what I would like
to think is bulletproof security.
Then it comes down to ease of use
for an increasingly complex number of use cases.
So to give you some examples, in the last few months,
I've had conversations with customers who use remote access on submarines, in space, on MRI scanners in hospitals, in classrooms
of students, factory floors. So there are many, many use cases. The way we create value
for customers is by understanding those use cases. So I described a bit about my background.
I come from a world where I've sat on these factory floors and I understand how the technology is being used in those
environments. So the value that remote access creates is to keep these environments ticking
with as little effort as possible and in as controlled a way as possible. So the way we stay
relevant in terms of our remote access product is by really, really getting in the minds of customers and understanding how we can make it so that our product helps them achieve their goals in these ever increasingly complex environments where you have distributed assets, You have converged IT and OT assets across many sites.
There is cost pressure on managing more devices at scale with fewer human resources, leveraging
AI and in a more complex world where there are an ever increasing number of cybersecurity
threats. So being able to say that we offer a high security product that's easy to use, that works online as well as offline, we have a hugely popular offline on premise product that customers use, which again, gives another layer of reassurance. So there are many, many ways in which we think that we're really close to our customers in that sense.
which we think that we're really close to our customers in that sense. What's your advice to someone who's shopping around for these sorts of things?
What sort of questions should they be asking the vendors?
Some of the questions I get asked are, how do we operate in a zero trust world
where you're assuming that you have malicious actors out there
and threat vectors that you want to manage and operate
at kind of base level, no trust.
So this is like probably the most common question I think that companies particularly operating
in an OT environment should be asking is how you can give assurance that actually you have
granular permissions, time-bound permissions,
time-bound access.
These are the kind of questions that are going to help provide assurance to organizations
that their technology is safe.
The next most common question that I would be asking is how the product can help operate at scale.
So as I said, you have an ever increasing number of connected devices in more complex environments.
And so being able to efficiently manage, navigate through an organization
and then perform the action that you need to at scale quickly with limited friction and
in a way that allows you to get your factory back up and running in quick time or helps you
reboot something that's in space, as I said, or on a submarine or a wind farm or a solar farm.
These are the kind of things that when we demo our product and we're having
this conversation with our customers, this is what they're asking and what they want
to understand. And that's what creates value for them. And that's why I love real VNC.
It really speaks to that notion that cybersecurity should be a business enabler.
Yeah, absolutely. I think it's increasingly becoming a core part of a business that operates
any kind of technology footprint. That's evidenced in the scale of investment in this area and
the scale of proliferation of different technologies. It's really complex. There are so many different
pieces of technology that you need to think about and buy as an organization.
Increasingly, we see that the CISO role
is really, really highly converged at a
very senior level with other parts of an organization.
And so we end up having conversations with our customers
that are CISO-led.
That's really, really heavily intertwined
with how technology operations are run.
So it is a very complex and scary world out there.
And I think that organizations are really good
at reacting to that.
And then they're very demanding of software vendors like us
and making sure that we can help them
be supported on that journey.
That's Neil Gad, Chief Product and Technology Officer
at RealVNC.
Cyber threats are evolving every second, and staying ahead is more than just a challenge,
it's a necessity.
That's why we're thrilled to partner with ThreatLocker, a cybersecurity solution trusted
by businesses worldwide.
ThreatLocker is a full suite of solutions designed to give you total control, stopping
unauthorized applications, securing sensitive data, and ensuring
your organization runs smoothly and securely. Visit threatlocker.com today to
see how a default deny approach can keep your company safe and compliant.
And finally, in the latest episode of What Could Possibly Go Wrong, our Hippocratic Oath Desk tells us that Instagram's new AI studio is letting folks spin up custom chatbot personas,
and some are posing as licensed therapists.
What's worse, these bots are tossing around fake credentials like candy, handing out mental
health advice with all the confidence of a TED Talk and none of the training.
One even flexed a bogus license number.
Of course, it's not real, and neither is the claimed degree.
Meta says these bots are clearly labeled, but let's be honest, between memes and cat
videos, who's reading disclaimers?
Experts are warning this could lead to serious harm, because while a chatbot might say, I
understand, it doesn't actually understand, it's just really good at faking empathy.
So friendly reminder, when life gets messy, don't turn to a bot with a pretend diploma.
Call someone with a pulse and a real license on the wall. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights
that keep you a step ahead
in the rapidly changing world of cybersecurity.
If you like our show, please share a rating and review
in your favorite podcast app.
Please also fill out the survey in the show notes
or send an email to cyberwire at n2k.com.
N2K's senior producer is Alice Carruth.
Our CyberWire producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive
producer is Jennifer Iben. Peter Kilpey is our publisher. And I'm Dave Bittner. Thanks
for listening. We'll see you back here tomorrow. Music And now a word from our sponsor, Spy Cloud.
Identity is the new battleground, and attackers are exploiting stolen identities to infiltrate
your organization.
Traditional defenses can't keep up.
Spy Cloud's holistic identity threat protection helps security teams uncover and automatically
remediate hidden exposures across your users from breaches, malware, and phishing to neutralize
identity-based threats like account takeover, fraud, and ransomware.
Don't let invisible threats compromise your business. Get your free corporate darknet exposure report at spycloud.com slash cyberwire
and see what attackers already know.
That's spycloud.com slash cyberwire.