CyberWire Daily - Pentagon hits fast-forward on software certs.
Episode Date: April 25, 2025The Defense Department is launching a new fast-track software approval process. A popular employee monitoring tool exposes over 21 million real-time screenshots. The U.S. opens a criminal antitrust in...vestigation into router maker TP-Link. A pair of health data breaches affect over six million people. South Korea’s SK Telecom confirms a cyberattack. A critical zero-day puts thousands of SAP applications at potential risk. Researchers raise concerns over AI agents performing unauthorized actions. “Policy Puppetry” can break the safety guardrails of all major generative AI models. New research tallies the high costs of data breaches. A preview of the RSAC Innovation Sandbox with Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley. Stocking hard drives full of human knowledge, just in case. Remember to leave us a 5-star rating and review in your favorite podcast app. Miss an episode? Sign-up for our daily intelligence roundup, Daily Briefing, and you’ll never miss a beat. And be sure to follow CyberWire Daily on LinkedIn CyberWire Guest Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology Investment Banking at Morgan Stanley, sit down with Dave to discuss the Innovation Sandbox Contest 2025. Selected Reading Acting Pentagon CIO Signing Off on New, Faster Cyber Rules for Contractors (airandspaceforces) Top employee monitoring app leaks 21 million screenshots on thousands of users (TechRadar) Router Maker TP-Link Faces US Criminal Antitrust Investigation (bloomberg) Yale New Haven Health Notifying 5.5 Million of March Hack (bankinfosecurity) Frederick Health data breach impacts nearly 1 million patients (BleepingComputer) Hackers access sensitive SIM card data at South Korea's largest telecoms company (bitdefender) SAP Zero-Day Possibly Exploited by Initial Access Broker (SecurityWeek) Chrome Extension Uses AI Engine to Act Without User Input (Infosecurity Magazine) All Major Gen-AI Models Vulnerable to 'Policy Puppetry' Prompt Injection Attack (SecurityWeek) US Data Breach Lawsuits Total $155M Amid Cybersecurity Failures (Infosecurity Magazine) Sales of Hard Drives for the End of the World Boom Under Trump (404media) Share your feedback. We want to ensure that you are getting the most out of the podcast. Please take a few minutes to share your thoughts with us by completing our brief listener survey as we continually work to improve the show. Want to hear your company in the show? You too can reach the most influential leaders and operators in the industry. Here’s our media kit. Contact us at cyberwire@n2k.com to request more info. The CyberWire is a production of N2K Networks, your source for strategic workforce intelligence. © N2K Networks, Inc. Learn more about your ad choices. Visit megaphone.fm/adchoices
Transcript
Discussion (0)
You're listening to the CyberWire Network, powered by N2K.
And now a word from our sponsor, Spy Cloud.
Identity is the new battleground, and attackers are exploiting stolen identities to infiltrate
your organization.
Traditional defenses can't keep up.
Spy Cloud's holistic identity threat protection helps security teams uncover and automatically
remediate hidden exposures across your users from breaches, malware, and phishing to neutralize
identity-based threats like account takeover, fraud, and ransomware.
Don't let invisible threats compromise your business. Get your free corporate dark net exposure report
at spycloud.com slash cyberwire
and see what attackers already know.
That's spycloud.com slash cyberwire. The Defense Department is launching a new fast-track software approval process.
A popular employee monitoring tool exposes over 21 million real-time screenshots.
The U.S. opens a criminal antitrust investigation into router maker TP-Link.
A pair of health data bre of SAP applications at potential risk.
Researchers raise concerns over AI agents performing unauthorized actions.
Policy puppetry can break the safety guardrails of all major generative AI models.
New research tallies the high costs of data breaches.
South Korea's SK Telecom confirms a cyber attack. A critical zero day puts thousands of SAP applications at potential risk. Authorized actions. Policy puppetry can break the safety guardrails of all major generative
AI models. New research tallies the high costs of data breaches. A preview of the RSAC Innovation
Sandbox with Cecilia Marinier, Vice President at RSAC, and David Chen, Head of Global Technology
Investment Banking at Morgan Stanley. And stocking hard drives full of human knowledge just in case.
It's Friday, April 25th, 2025. I'm Dave Bittner and this is your CyberWire Intel Briefing. Thanks for joining us here today.
Happy Friday.
It is great to have you with us.
The Pentagon is giving its software approval process
a serious makeover.
Acting CIO Katie Arrington announced a new system called Swift that will use AI to speed
up the months, or even years, it currently takes to certify software for Defense Department
networks.
Speaking at an industry event, Arrington didn't hold back. She called the old risk management framework and ATO process stupid and archaic and said
it's time for a change.
Under SWIFT, software vendors will upload security info and software bills of material
into the government's eMASS system.
AI tools will review the data automatically, aiming to issue a
provisional ATO much faster than a human could. Third-party certification will
also be required to make sure everything checks out.
Arrington said the official memo launching Swift is being signed now, with
industry feedback coming next. Her message was clear. I want the RMF eliminated.
A major privacy mess has hit work composer, a popular employee monitoring
tool. Cyber news researchers discovered that the company had exposed over 21
million real-time screenshots on the open internet through an unsecured
Amazon S3 bucket. These screenshots captured everything employees were doing – emails, passwords, sensitive
communications, even proprietary company data.
Work Composer, which tracks remote workers by logging hours and snapping a screenshot
every 20 seconds, boasts over 200,000 users.
While there's no evidence yet that hackers accessed the images,
the risk for identity theft, scams, and wire fraud is huge.
This leak highlights a bigger issue.
Too many companies still don't grasp the shared responsibility
model for cloud security.
Experts are again urging businesses to properly lock down
their databases or risk joining the growing list of high-profile breaches
The US is conducting a criminal antitrust investigation into TP link a California based router maker with Chinese ties
Prosecutors are looking at whether TP link used predatory pricing to dominate the U.S. market
and whether its growing presence poses national security risks.
The probe began under Biden and continues under President Trump.
Meanwhile, the Commerce Department is separately investigating TP-Link's China connections.
TP-Link denies wrongdoing but says it will cooperate if contacted.
No charges have been filed yet, and the investigations
could take years.
Two major healthcare data breaches are making headlines. Yale-New Haven Health is notifying
five and a half million people after a March cyberattack on a third-party vendor, Perry
Johnson & Associates. Stolen data includes names, medical records, and social security numbers.
Meanwhile, Frederick Health in Maryland reported a breach impacting nearly one million patients.
Hackers accessed sensitive data like addresses, birth dates, and insurance information after
infiltrating Frederick Health's network between December 2023 and January 2024.
Both breaches highlight the ongoing risk posed by third-party vendors and healthcare systems
reliance on interconnected networks.
Officials are urging affected individuals to stay alert for identity theft and fraud.
South Korea's SK Telecom, serving 34 million subscribers, confirmed a cyberattack on April
19 that exposed sensitive SIM card data.
The breach, timed late on a Saturday night, bypassed staffing gaps.
While no names or financial details leaked, stolen SIM info could enable SIM swap attacks. SK Telecom detected and contained the malware quickly,
but admitted millions may be at risk.
After some criticism over slow customer notifications,
the company apologized and pledged
to boost its security moving forward.
A critical zero-day vulnerability
is putting over 10,000 SAP applications at risk.
The flaw, scored a perfect 10 out of 10 on the CVSS scale, allows unauthenticated attackers
to upload malicious binaries through the Visual Composer Metadata Uploader in SAP Netweaver.
ReliaQuest discovered the bug after investigating breaches where even fully patched
systems were compromised. Attackers used malicious JSP web shells to gain full control of endpoints,
deploy payloads, and move laterally across networks. Tools like BruteRatel and Heaven's
Gate techniques were spotted during post-exploitation. Experts warn that the vulnerability could lead to espionage, sabotage, and fraud across
cloud and even on-prem environments.
SAP has issued a patch, but concerns remain given how easily the flaw could be exploited.
Organizations are urged to act quickly to secure exposed systems. AI agents are poised to make online tasks easier,
but new research shows the underlying infrastructure
could also create serious security risks.
Researchers at Extension Total found a suspicious
Chrome extension communicating with a local
model context protocol server without user permission or detection.
MCP developed by Anthropic enables AI agents to interact
with tools and resources in real time.
However, because MCP servers use open HTTP connections by default,
a malicious extension could access sensitive data or perform unauthorized actions.
Researchers built a proof of concept showing how a Chrome extension
could bypass browser sandboxing and manipulate local systems.
This discovery exposes a major new attack surface,
especially in environments where MCP servers link to services like Slack, WhatsApp, or local file systems.
Security teams are being warned to take this emerging threat seriously.
A new attack called policy puppetry can break the safety guardrails of all major generative
AI models, according to AI security firm Hidden Layer.
The technique tricks large language models into interpreting malicious prompts as policy files,
bypassing their built-in safeguards
against producing harmful content.
HiddenLayer successfully tested the attack on top models
from OpenAI, Anthropic, Google, Meta, and others.
By formatting prompts to look like XML, INI, or JSON files, attackers can override
system instructions and generate restricted outputs.
This discovery highlights a major vulnerability.
AI models can't reliably police themselves.
With universal jailbreaking now easier, researchers warn that more external security layers are
needed to defend against
misuse.
Policy puppetry shows that today's LLM training and alignment methods still have critical
gaps.
New research from Panacea shows U.S. companies paid out $155 million in data breach class
action settlements over just six months.
Analyzing lawsuits filed between August 2024 and February 2025, researchers found 43 new
filings and 73 settlements, averaging about $3 million each.
Healthcare, finance, and retail sectors were hit hardest.
Most lawsuits cited inadequate security, while
encryption failures and delayed notifications also played roles.
Panacea stresses that strong, demonstrable cybersecurity practices are now
critical for legal defense.
Coming up after the break, a preview of the RSAC Innovation Sandbox with Cecilia Marinier and David Chen, and stocking hard drives full of human knowledge, just in case.
Stay with us. What's the common denominator in security incidents?
Escalations and lateral movement.
When a privileged account is compromised, attackers can seize control of critical assets. With bad directory hygiene and years of technical debt, Identity attack paths are easy targets
for threat actors to exploit but hard for defenders to detect.
This poses risk in active directory, Entra ID and hybrid configurations.
Identity leaders are reducing such risks with attack path management.
You can learn how attack path management is connecting identity and security teams while
reducing risk with Bloodhound Enterprise, powered by SpectorOps.
Head to spectorops.io today to learn more.
SpectorOps – see your attack paths the way adversaries do.
Do you know the status of your compliance controls right now?
Like right now.
We know that real-time visibility is critical for security, but when it comes to our GRC
programs, we rely on point-in-time checks.
But get this, more than 8,000 companies like Atlassian and Quora have continuous visibility
into their controls with Vanta.
Here's the gist, Vanta brings automation to evidence collection across 30 frameworks
like SOC 2 and ISO 27001. They also centralize key workflows like policies, access reviews, and reporting, and helps you
get security questionnaires done five times faster with AI.
Now that's a new way to GRC.
Get $1,000 off Vanta when you go to vanta.com slash cyber.
That's vanta.com slash cyber that's vanta.com slash cyber for a thousand dollars off
as we are coming up on the rsac conference, that means one of my favorite events of the
year.
It is the Innovation Sandbox Contest.
And joining me to discuss that are Cecilia Marignier, Vice President at RSAC, and David
Chen, Head of Global Technology Investment Banking at Morgan Stanley.
Cecilia, Dave, thanks so much for taking the time for us today.
Yeah, thanks for having us. We're super excited to be here.
Well, Cecilia, let me start with you. It was brought to my attention that this is the 20th anniversary of the Innovation Sandbox.
Boy, does time fly.
I know, and I've been here for 10 of these. So it is really exciting for us that we have been demonstrating year on year how to identify
and celebrate and to amplify innovation in cybersecurity.
It's so necessary.
So it's such an exciting milestone for us.
And yes, it is our 20th anniversary.
Well, for folks who may not be familiar with the innovation sandbox, can you describe it
for us?
Absolutely.
The innovation sandbox is a contest
that runs about an hour and a half,
like once we get really going.
And the idea is to have identified 10
really forward thinking companies
that can get up on stage.
We make this a contest to make it really exciting
by forcing the contestants, the entrepreneurs,
to actually pitch in front of a slate of very important
judges for three minutes.
They only have three minutes, Dave.
And so what they have to do is to get their entire story out, tell you who the product
is aimed at, why they're different from somebody else, that they're ready to go to market,
that they have the leadership team in place and they've had the market validation.
That all has to happen in three minutes.
If they don't make it happen in three minutes, there's this really ugly buzzer
that comes on and nobody wants that.
It's horrible.
But after those three minutes, we let our judges like Dave actually ask questions
to the entrepreneurs and that's for another three minutes.
And we're a lot looser there.
We let them go to at least three minutes and five seconds.
Well, Dave, you are one of the judges this year.
What made you decide that you wanted to take part in this?
I mean, it was an incredible honor
when Cecilia and the team at RSA reached out.
I mean, this is the grand stage of cybersecurity.
It's the biggest event in the world.
And it's a huge event in the world and, you know, it's a
huge branded event that any company, whether it's your big large publicly
traded company or you're some of the most innovative private companies, this
is the place to be. It's ground zero for multiple decades and then within the
RSA conference, you know, I've just been watching from afar
the last several years at how big the innovation sandbox has become.
When you look at some of the winners that have come out of the sandbox,
they've become unbelievable stars in the cybersecurity industry and have created a lot of value.
And so it is an absolute honor to be a part and to be a lot of value. And so it is a absolute honor to be a part
and to be a judge this year.
Well, looking through the list of the finalists here,
it is quite a list and a broad spectrum of offerings.
Do we wanna talk about some of the companies
that have caught our eye here?
I suppose, is it fair to even single any of them out?
Well, I'm gonna tap in here because I don't want Dave to single any of them out.
They're all awesome because they're super.
It's super important. We have a level playing field.
Everybody comes into this with no no winners or losers.
But maybe, Dave, you can kind of share some ideas about some of the themes that you saw on the in the top 10.
Yeah, I mean, certainly the landscape for new innovation just really continues to proliferate. I mean,
I think it's overall underscored by we have a recent IT survey and we do this every quarter
and we ask CIOs, you know, where are you spending? And for the fourth quarter of last year and
then for the first quarter of this year, cybersecurity for the first quarter this year cybersecurity was number one even actually above AI believe it or not. And
so I think that combined with the escalating cyber threats gave just makes
this an incredibly vibrant you know vibrant sector. I mean in terms of the
submissions maybe maybe a few themes I'd say I'd say like three main themes. One would be securing the use of AI.
It's a wild west out there and it reminds me of spaces in cybersecurity like the CASB
back in the day where you had the first onset of SaaS applications being used with corporates
about 15 years ago. And it was
really difficult for large companies to really know
what applications were actually being used across
the infrastructure. So the same thing is happening
in AI with LOM and Authentic Applications. First of
all, like, how do I even visualize what applications
am I actually running? Then who can access them?
And then do I have the right data controls around them?
So that's the first theme.
I think second would be, believe it or not, the industry has been really focused on software.
But I think embedded systems and hardware remain a critical source of vulnerability
that hackers can exploit.
So certainly as we move to a more hybrid working environment,
as we deploy next-gen machines in warehouses on the shop
floor, for example.
And then the most exciting thing for me
is as we enter this whole new era of humanoid robots,
automated drone warfare, it's like a completely new world.
And we really don't have the right technology today to secure these systems. So that's where a lot of the innovation is
that we have seen in the sandbox.
And then the last one would just be automating the stock. You know, we continue to have a
massive millions of labor shortage in cybersecurity. Yeah, the threat environment continues to
escalate. So whether you're an analyst in a proprietary stock at a big company,
like a Fortune 500 company, or you work for an MSS provider, and
you're watching out for the networks of customers of small businesses,
you need tools that give you a workbench that can automate a lot of your
processes so you can do more with less, you can kind of minimize that time to resolution,
and then you can be more proactive
about things like threat hunting.
You know, Cecilia, one of my favorite things
about the Innovation Sandbox is that
not only is the event itself exciting,
and as you describe, you know,
you've got three minutes to get up there to make your pitch,
but it's also a great opportunity to see what is trending and to kind of have your
finger on the pulse in this distilled way to see what people are out there selling,
what people are out there buying and even how they're going about doing that.
What the messaging is that they're using.
Yeah, absolutely.
I think this is a place,
when you think about where we've come,
we had a record number of submissions this year.
We really made Dave work hard.
We got him in here early,
and the first year out of the gate
had him work harder than most.
And just to bring it down,
it's so impressive how many companies are out there
really working on these challenging problems.
And when having this event adjudicated by experts like Dave, like Neelu Howe,
like Chris Young, like Dory Doerr, like Nazrin Razze, like Paul Kotcher, these are people who
understand the industry and have their finger on the pulse. So when they're looking at these
companies and they start to distill them down to these 10,
it's really something to watch
because they have worked hard to get here.
The entrepreneurs work hard to build these solutions,
they work hard to put their submissions in,
and then the judges work hard to identify
where we're going in the future.
So it's definitely worth the time
to just see what's the hottest thing coming out.
Well, the contest kicks off at the Moscone Center on Monday, April 28th. It's at 930
a.m. and the winners will be announced later that same day. So get in line early. It's
a popular event and one that you don't want to miss.
Cecilia Marigny is vice president at RSAC
and David Chen is head of global technology
and investment banking at Morgan Stanley.
Cecilia, Dave, thanks so much for joining us today.
Thank you so much.
Thank you, Dave. Bad actors don't break in, they log in.
Attackers use stolen credentials in nearly 9 out of 10 data breaches, and once inside,
they're after one thing, your data.
Varonis' AI-powered data security platform secures your data at scale.
Across LAS, SAS, and hybrid cloud environments, join thousands of organizations who trust
Varonis to keep their data safe.
Get a free data risk assessment at Varonis.com. And finally, in cybersecurity we always stress the importance of reliable backups, keeping
your critical data safe, offline, and ready for anything from ransomware attacks to hardware
failures.
But what if your backup plan wasn't just for your business, but for civilization itself.
That's the thinking behind the booming sales of prepper disks.
Hard drives stuffed with survival manuals, offline copies of Wikipedia, old movies, and
more.
Under Trump's presidency, a growing number of Americans aren't just backing up their
files, they're backing up the world.
Apparently some Americans aren't just stocking canned beans, they're hoarding data, just
in case society pulls a 404 error.
Vendors say demand for offline knowledge spiked after rising fears about Internet censorship,
civil unrest, and, you know, general apocalypse vibes, these discs promise a digital Noah's Ark,
everything you'd need to reboot civilization,
or at least win a heated trivia night in the wasteland.
So, while some folks buy gold or ammo,
others are investing in terabytes of PDFs,
1980s sci-fi, and sourdough bread recipes.
Because, if civilization collapses, we still gotta eat and binge watch. And that's the CyberWire.
For links to all of today's stories, check out our daily briefing at the cyberwire.com.
I will be on site in San Francisco for RSAC 2025. If we cross paths, please stop and say hello.
It's always nice to meet you. We'll see you there. Be sure to check out this weekend's
Research Saturday and my conversation with Crystal Morin, cybersecurity strategist from Sysdig.
The research is titled, UNC 5174's Evolution in China's O cyber warfare from Snowlight to V-Shell.
That's Research Saturday, do check it out.
We'd love to know what you think of this podcast.
Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly
changing world of cybersecurity.
If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey and the show notes or send an email to cyberwire at n2k.com.
N2K's senior producer is Alice Carruth.
Our Cyberwire producer is Liz Stokes.
We're mixed by Trey Hester with original music and sound design by Elliot Kelsman.
Our executive producer is Jennifer Iben.
Peter Kilpey is our publisher and I'm Dave Bittner.
Thanks for listening, we'll see you back here next week.
And now, a message from Black Cloak. Did you know the easiest way for cybercriminals to bypass your company's defenses is by targeting
your executives and their families at home?
Black Cloak's award-winning digital executive protection platform secures their
personal devices, home networks, and connected lives. Because when executives are compromised
at home, your company is at risk. In fact, over one-third of new members discover they've
already been breached. Protect your executives and their families 24-7, 365, with Black Cloak.
Learn more at blackcloak.io.