Cyber Security Headlines - Episode Summary

Podcast Information:

• Title: Cyber Security Headlines
• Host: CISO Series (Sarah Lane)
• Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
• Episode: Google Acquires Wiz, CISA Must Reinstate Terminated Employees, Commerce Department Bans DeepSeek
• Release Date: March 19, 2025

1. U.S. Government's Termination of CISA Employees and Reinstatement Efforts

The episode opens with a significant legal development affecting the Cybersecurity and Infrastructure Security Agency (CISA). Last week, a U.S. district judge ruled that the U.S. administration had unlawfully terminated over 130 probationary employees across various government agencies, including those within the Department of Homeland Security overseeing CISA.

Sarah Lane highlights the current state of affairs:

“CISA posted a message on its website claiming it lacks complete contact information for all affected, asking former staffers to reach out to verify eligibility for reinstatement” (00:00).

The reinstatement process promises full pay and benefits for rehired employees who are currently on administrative leave, signaling a corrective measure by the administration in response to the court ruling.

2. Google's Strategic Acquisition of Wiz

In a groundbreaking move within the cybersecurity sector, Alphabet's Google Cloud has acquired the Israeli-founded cloud-based cybersecurity firm, Wiz, for a staggering $32 billion. This acquisition more than doubles Google's previous major purchase of Motorola Mobility for $12.5 billion in 2012.

Sarah Lane provides details on the financials and strategic implications:

“Wiz was valued at $16 billion back in 2024 while preparing for an IPO” (00:00).

The deal includes a $3.2 billion termination fee ensuring Wiz can operate independently if the acquisition faces significant delays or falls through. This acquisition underscores Google Cloud's commitment to bolstering its cybersecurity offerings and expanding its market dominance.

3. Commerce Department Bans Chinese AI Model DeepSeek

The U.S. Commerce Department has taken decisive action against the Chinese artificial intelligence model, DeepSeek, imposing a ban on its use across all government-furnished equipment. The decision stems from heightened security concerns regarding potential data breaches and espionage.

Sarah Lane reports:

“Staffers were informed of the ban via email, which instructed them not to download or view or access any applications, desktop apps or websites related to Deepseek” (00:00).

This move reflects the ongoing tensions and scrutiny surrounding Chinese technology companies operating within U.S. government infrastructures, aiming to safeguard sensitive information from foreign threats.

4. Reintroduction of the Cybersecurity for Rural Water Systems Act of 2025

Addressing vulnerabilities in critical infrastructure, U.S. lawmakers have reintroduced the Cybersecurity for Rural Water Systems Act of 2025. The bill aims to protect small water utilities from cyber threats by expanding the Circuit Writer program.

Sarah Lane elaborates:

“Only 20% of US water systems currently have adequate cyber protection, highlighting the bill's importance” (00:00).

If passed, the legislation would allocate funding for cybersecurity experts to provide training, technical assistance, and reporting capabilities to rural water systems serving populations of 10,000 or fewer. This initiative is crucial for enhancing the resilience of essential public services against escalating cyber threats.

5. Microsoft Discovers Stelachi RAT Malware

Microsoft has uncovered a sophisticated remote access Trojan (RAT) named Stelachi, designed for stealth, persistence, and data theft. Discovered in November of the previous year, Stelachi Rat employs advanced evasion techniques such as API obfuscation and watchdog threats.

Sarah Lane summarizes Microsoft's findings:

“Stelachi Rat steals credentials, cryptocurrency, wallet data and system information using advanced evasion techniques” (00:00).

The malware communicates with a command-and-control (C2) server through obfuscated domains, monitors Remote Desktop Protocol (RDP) sessions, and can execute various malicious commands, including credential theft and system manipulation. Currently, Microsoft has not linked Stelachi Rat to any specific threat actor or geographic location, indicating a potentially widespread risk.

6. Policy Violation by Former Department Official Marco Elez

A former official from the Department of Government Efficiency (DGE), Marco Elez, has been implicated in violating U.S. Treasury policies by emailing an unencrypted database containing personal information to administrative officials without prior approval.

Sarah Lane reports from court documents:

“Marco Elez violated U.S. treasury policy by emailing an unencrypted database with personal information to administration officials without prior approval” (00:00).

This incident is part of a broader lawsuit initiated by New York's Attorney General and others, challenging DGE's access to the Treasury's payment systems. Although investigations confirmed that Elez had read-only access and did not alter the payment systems, the breach underscores the critical importance of adhering to secure communication protocols within government agencies.

7. Cybersecurity Risks During NCAA's March Madness Tournament

The excitement surrounding the NCAA's March Madness tournament brings with it significant cybersecurity risks. Experts warn of potential losses exceeding $18.3 billion due to cyber attacks and decreased productivity from office betting pools.

Sarah Lane discusses the nature of these threats:

“Attackers are targeting users with phishing campaigns mimicking tournament brackets and betting promotions to steal credentials and financial data” (00:00).

Threat actors are also spoofing betting platforms to siphon funds and account details, leveraging the increased mobile device usage during the tournament to exploit vulnerabilities. Recommendations to mitigate these risks include implementing modern email and mobile security solutions, real-time threat detection, and comprehensive user awareness training.

8. Exploitation of SSRF Vulnerability in ChatGPT's PictureProxy

A notable surge in cyber attacks has been linked to the exploitation of a Server Side Request Forgery (SSRF) vulnerability in ChatGPT's PictureProxy PHP file. This vulnerability is being actively targeted towards U.S. financial and government organizations.

Sarah Lane highlights the severity:

“With more than 10,000 attack attempts recorded in a single week and 35% of targeted companies left vulnerable due to misconfigured intrusion prevention systems or web application firewalls” (00:00).

The attacks have not been limited to the U.S., with financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK also being targeted. The report emphasizes that attackers are exploiting often-overlooked medium-severity vulnerabilities, posing significant risks to affected organizations.

9. Critical Vulnerability in AMI's BMC Firmware

A critical vulnerability has been identified in AMI's Baseboard Management Controller (BMC) firmware, which could allow remote attacks on millions of devices globally, including those manufactured by HPE, Asus, ASRock, and Lenovo.

Sarah Lane details the implications:

“The flaw impacts the Redfish management interface and lets attackers bypass authentication, then remotely control targeted machines, install malware, tamper with firmware, and even cause physical damage by altering voltage settings” (00:00).

Eclipsium reports over 1,000 exposed instances of this vulnerability online, with the potential for broader exposure through local and network-based attacks. While AMI has released patches, the onus remains on original equipment manufacturers (OEMs) to distribute these updates to their customers promptly to mitigate the risk.

Conclusion

This episode of Cyber Security Headlines delivers a comprehensive overview of the latest developments in the cybersecurity landscape, from significant corporate acquisitions and government policy changes to emerging threats and critical vulnerabilities. Host Sarah Lane effectively synthesizes complex information, providing actionable insights and emphasizing the importance of proactive security measures across various sectors.

For a deeper dive into each of these stories, listeners are encouraged to visit CISOseries.com.