Google Acquires Wiz, CISA must reinstate terminated employees, Commerce Department bans DeepSeek - Cybersecurity Headlines

Summary5 min read

Cyber Security Headlines - Episode Summary

Podcast Information:

Title: Cyber Security Headlines
Host: CISO Series (Sarah Lane)
Description: Daily stories from the world of information security. To delve into any daily story, head to CISOseries.com.
Episode: Google Acquires Wiz, CISA Must Reinstate Terminated Employees, Commerce Department Bans DeepSeek
Release Date: March 19, 2025

1. U.S. Government's Termination of CISA Employees and Reinstatement Efforts

The episode opens with a significant legal development affecting the Cybersecurity and Infrastructure Security Agency (CISA). Last week, a U.S. district judge ruled that the U.S. administration had unlawfully terminated over 130 probationary employees across various government agencies, including those within the Department of Homeland Security overseeing CISA.

Sarah Lane highlights the current state of affairs:

“CISA posted a message on its website claiming it lacks complete contact information for all affected, asking former staffers to reach out to verify eligibility for reinstatement” (00:00).

The reinstatement process promises full pay and benefits for rehired employees who are currently on administrative leave, signaling a corrective measure by the administration in response to the court ruling.

2. Google's Strategic Acquisition of Wiz

In a groundbreaking move within the cybersecurity sector, Alphabet's Google Cloud has acquired the Israeli-founded cloud-based cybersecurity firm, Wiz, for a staggering $32 billion. This acquisition more than doubles Google's previous major purchase of Motorola Mobility for $12.5 billion in 2012.

Sarah Lane provides details on the financials and strategic implications:

“Wiz was valued at $16 billion back in 2024 while preparing for an IPO” (00:00).

The deal includes a $3.2 billion termination fee ensuring Wiz can operate independently if the acquisition faces significant delays or falls through. This acquisition underscores Google Cloud's commitment to bolstering its cybersecurity offerings and expanding its market dominance.

3. Commerce Department Bans Chinese AI Model DeepSeek

The U.S. Commerce Department has taken decisive action against the Chinese artificial intelligence model, DeepSeek, imposing a ban on its use across all government-furnished equipment. The decision stems from heightened security concerns regarding potential data breaches and espionage.

Sarah Lane reports:

“Staffers were informed of the ban via email, which instructed them not to download or view or access any applications, desktop apps or websites related to Deepseek” (00:00).

This move reflects the ongoing tensions and scrutiny surrounding Chinese technology companies operating within U.S. government infrastructures, aiming to safeguard sensitive information from foreign threats.

4. Reintroduction of the Cybersecurity for Rural Water Systems Act of 2025

Addressing vulnerabilities in critical infrastructure, U.S. lawmakers have reintroduced the Cybersecurity for Rural Water Systems Act of 2025. The bill aims to protect small water utilities from cyber threats by expanding the Circuit Writer program.

Sarah Lane elaborates:

“Only 20% of US water systems currently have adequate cyber protection, highlighting the bill's importance” (00:00).

If passed, the legislation would allocate funding for cybersecurity experts to provide training, technical assistance, and reporting capabilities to rural water systems serving populations of 10,000 or fewer. This initiative is crucial for enhancing the resilience of essential public services against escalating cyber threats.

5. Microsoft Discovers Stelachi RAT Malware

Microsoft has uncovered a sophisticated remote access Trojan (RAT) named Stelachi, designed for stealth, persistence, and data theft. Discovered in November of the previous year, Stelachi Rat employs advanced evasion techniques such as API obfuscation and watchdog threats.

Sarah Lane summarizes Microsoft's findings:

“Stelachi Rat steals credentials, cryptocurrency, wallet data and system information using advanced evasion techniques” (00:00).

The malware communicates with a command-and-control (C2) server through obfuscated domains, monitors Remote Desktop Protocol (RDP) sessions, and can execute various malicious commands, including credential theft and system manipulation. Currently, Microsoft has not linked Stelachi Rat to any specific threat actor or geographic location, indicating a potentially widespread risk.

6. Policy Violation by Former Department Official Marco Elez

A former official from the Department of Government Efficiency (DGE), Marco Elez, has been implicated in violating U.S. Treasury policies by emailing an unencrypted database containing personal information to administrative officials without prior approval.

Sarah Lane reports from court documents:

“Marco Elez violated U.S. treasury policy by emailing an unencrypted database with personal information to administration officials without prior approval” (00:00).

This incident is part of a broader lawsuit initiated by New York's Attorney General and others, challenging DGE's access to the Treasury's payment systems. Although investigations confirmed that Elez had read-only access and did not alter the payment systems, the breach underscores the critical importance of adhering to secure communication protocols within government agencies.

7. Cybersecurity Risks During NCAA's March Madness Tournament

The excitement surrounding the NCAA's March Madness tournament brings with it significant cybersecurity risks. Experts warn of potential losses exceeding $18.3 billion due to cyber attacks and decreased productivity from office betting pools.

Sarah Lane discusses the nature of these threats:

“Attackers are targeting users with phishing campaigns mimicking tournament brackets and betting promotions to steal credentials and financial data” (00:00).

Threat actors are also spoofing betting platforms to siphon funds and account details, leveraging the increased mobile device usage during the tournament to exploit vulnerabilities. Recommendations to mitigate these risks include implementing modern email and mobile security solutions, real-time threat detection, and comprehensive user awareness training.

8. Exploitation of SSRF Vulnerability in ChatGPT's PictureProxy

A notable surge in cyber attacks has been linked to the exploitation of a Server Side Request Forgery (SSRF) vulnerability in ChatGPT's PictureProxy PHP file. This vulnerability is being actively targeted towards U.S. financial and government organizations.

Sarah Lane highlights the severity:

“With more than 10,000 attack attempts recorded in a single week and 35% of targeted companies left vulnerable due to misconfigured intrusion prevention systems or web application firewalls” (00:00).

The attacks have not been limited to the U.S., with financial and healthcare firms in Germany, Thailand, Indonesia, Colombia, and the UK also being targeted. The report emphasizes that attackers are exploiting often-overlooked medium-severity vulnerabilities, posing significant risks to affected organizations.

9. Critical Vulnerability in AMI's BMC Firmware

A critical vulnerability has been identified in AMI's Baseboard Management Controller (BMC) firmware, which could allow remote attacks on millions of devices globally, including those manufactured by HPE, Asus, ASRock, and Lenovo.

Sarah Lane details the implications:

“The flaw impacts the Redfish management interface and lets attackers bypass authentication, then remotely control targeted machines, install malware, tamper with firmware, and even cause physical damage by altering voltage settings” (00:00).

Eclipsium reports over 1,000 exposed instances of this vulnerability online, with the potential for broader exposure through local and network-based attacks. While AMI has released patches, the onus remains on original equipment manufacturers (OEMs) to distribute these updates to their customers promptly to mitigate the risk.

Conclusion

This episode of Cyber Security Headlines delivers a comprehensive overview of the latest developments in the cybersecurity landscape, from significant corporate acquisitions and government policy changes to emerging threats and critical vulnerabilities. Host Sarah Lane effectively synthesizes complex information, providing actionable insights and emphasizing the importance of proactive security measures across various sectors.

For a deeper dive into each of these stories, listeners are encouraged to visit CISOseries.com.

Loading summary

Transcript1 lines

[00:00]
Sarah Lane
From the CISO series it's Cybersecurity Headlines these are the cybersecurity headlines for Wednesday, March 19, 2025. I'm Sarah Lane. Last week, a U.S. district judge ruled that the U.S. administration unlawfully fired over 130 probationary employees from various government agencies, including the Department of Homeland Security, which oversees the Cybersecurity and Infrastructure Security Agency, or cisa. But CISA posted a message on its website claiming it lacks complete contact information for all affected, asking former staffers to reach out to verify eligibility for reinstatement. Rehired employees are said to receive full pay and benefits while still on administrative leave. Alphabet's Google Cloud has acquired cloud based cybersecurity Firm Wiz for $32 billion. Wiz was founded in Israel and was valued at $16 billion back in 2024 while preparing for an IPO. This more than doubles Alphabet's acquisition of Motorola Mobility for $12.5 billion back in 2012. The Financial Times sources say that Wiz and Alphabet have agreed to a $3.2 billion termination fee, which lets Wiz run like an independent company if the deal falls through or is significantly delayed. Reuters first reported that the U.S. commerce Department has banned the Chinese artificial intelligence model Deep Seq on all government furnished equipment, citing security concerns. Staffers were informed of the ban via email, which instructed them not to download or view or access any applications, desktop apps or websites related to Deepseek. US Lawmakers have reintroduced the Cybersecurity for Rural Water Systems act of 2025 to protect small water utilities from cyber threats by expanding the Circuit Writer program. First introduced back in 2023, the bill, if passed, would authorize funding for cybersecurity experts to help rural water systems with populations of 10,000 or fewer residents, improving their defenses through training, technical assistance and reporting. Those in favor of the legislation say only 20% of US water systems currently have adequate cyber protection, highlighting the bill's importance. Thank you to our episode sponsor, Delete Me Data brokers bypass online safety measures to sell your name, your address and Social Security numbers to scammers. Deleteme scours the web to find and remove your private information before it gets into the wrong hands by scanning for exposed information and completing opt outs and removals. With over 100 million personal listings removed, Deleteme is your trusted privacy solution for online safety. Get 20% off your delete me plan when you go to joindeleteme.com CISO and use the promo code CISO at checkout. The only way to get 20% is to go to JoinDeleteMe.com CISO and enter code CISO. The CISO series just launched a new podcast, Security you should know. We've got more details at the end of this episode. In November of last year, Microsoft discovered Stelachi Rat, a sophisticated remote access Trojan, or rat, designed for stealth, persistence and data theft. In an analysis Microsoft published this week, Stalachi Rat steals credentials, cryptocurrency, wallet data and system information using advanced evasion techniques like API obfuscation and watchdog threats for persistence. The malware communicates with a C2 server using obfuscated domains, monitors RDP sessions, and can execute various commands, including credential theft and system manipulation. Microsoft has not linked the malware to a specific threat actor or geolocation. A former Department of Government efficiency, or doge aid, Marco Elez violated U.S. treasury policy by emailing an unencrypted database with personal information to administration officials without prior approval. This is according to a court document filed Friday, March 14. The incident is part of a broader lawsuit by New York's attorney general and others challenging Doge's access to the Treasury's payment systems. Iles resigned back in February and an investigation confirmed he had read only access to payment systems but did not alter them. Security experts warn that this year's NCAA's March Madness tournament could result in more than $18.3 billion in losses due to cyber attacks and reduced productivity from office betting pools, with attackers targeting users with phishing campaigns mimicking tournament brackets and betting promotions in an effort to steal credentials and and financial data. Experts recommend modern email and mobile security, real time threat detection and user awareness training to mitigate risks. But betting platforms are also being spoofed to steal funds and account details. The increase in mobile use during the tournament often increases vulnerability. Threat actors are exploiting a server side request forgery or SSRF vulnerability in ChatGPT's PictureProxy PHP file to target US financial and government organizations. With more than 10,000 attack attempts recorded in a single week and 35% of targeted companies left vulnerable due to misconfigured intrusion prevention systems or web application firewalls. Financial and healthcare firms in Germany, Thailand, Indonesia, Colombia and the UK have also been targeted. The report warns that attackers exploit often overlooked medium severity vulnerabilities. A critical vulnerability in AMI's baseboard management controller or BMC firmware could allow remote attacks on millions of devices worldwide, including those made by HPE, Asus, ASRock and Lenovo. The flaw impacts the Redfish management interface and lets attackers bypass authentication, then remotely control targeted machines, install malware, tamper with firmware, and even cause physical damage by altering voltage settings. Eclipsium identified over 1000 exposed instances of the vulnerability online, with potential for greater exposure through local and network based attacks. AMI has released patches, but OEMs have to distribute them to their customers. We are thrilled to announce the launch of our brand new show, Security youy Should Know. Each episode features one security vendor answering questions from two of our security expert panelists. It's a 15 minute show to give you the answers that you need about a specific vendor solution. We have already published five episodes across a variety of product categories, so check it out wherever you get your podcasts or over@cisoseries.com Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines. I'm Sarah Lane reporting for the CISO series and we'll talk to you next time. It.