A

From the CISO series, it's cybersecurity headlines. Citrix RCE flaw under active exploitation, steganography revived in AI injection attack and the US DoD is using software maintained by Russians. These are some of the stories that my colleagues and I have selected from this past week's cybersecurity headlines. And now we're looking forward to some insight, some opinion and some expertise from our returning guest, John Attil Johnson, CEO and founder over at nemertease. Jonna, thank you so much. Making your triumphant third appearance on the show. It's been over a year since we've had you on. Thank you so much. Of course, to celebrate, we have to honor you with the three stars of glory that we give to all of our three time guests. So, Jon, thank you so much for being here. I gotta ask, how was your week in cybersecurity?

B

Call it my week in cyber insecurity. Like what didn't go wrong? The three pillars that I'm always paying attention to are ot, AI and cloud and there have been lovely vulnerabilities in all of those and exploits in all of those. So basically, another day, another week. That's how it is.

A

Hey, it keeps us with something to talk about each and every day. So I'm not grateful for it, but I recognize that our podcast still has ample supply. Sure, why not? There we go.

B

We also have our silver lining.

A

Before we run into the news, have to thank our sponsor for today. Profit, Security, Investigate and respond to alerts 10 times faster. Now remember, if you're listening to the show as a podcast, you can join us next week and our loyal band of vocal experts in our chat room join us live. It's each and every Friday at 3:30pm Eastern. Just go to YouTube and look for the CISO series channel. You can find the live stream there or go to the events page@cisoseries.com you can find all the information there. It is a fun time. If you're here with us right now, get in on that chat. D.C. johnson's already enjoying my fantastic Aldi sweatshirt. We have Michael Vinding in there. We have David Spark, the big boss man and of course one of our regulars, ccl. So you can join that merry band and glorify in whatever supermarket swag I happen to be wearing next week. And if you can't do any of that, send us an email feedbackso series.com we would love to to hear from you. But real quick, before we jump into the news, I have to let you know that these opinions are in fact, Jana's not necessarily those of anyone else, just her opinions and they're glorious and I can't wait to get to them. With that being said, we've got about 20 minutes. Let's jump into the news first up here, Citrix RCE flaw Under active exploitation, Citrix disclosed a major vulnerability for NetScaler, ADC and Gateway devices that allows for remote code execution. The Shadow Server foundation reports that there are over 28,000 vulnerable devices online with about 35% located in. In the US that was the largest country with devices online. Citrix released a patch for the flaw, although as of this recording, there's no indicators of compromise release. But hey, we got the patch. CISA and Citrix found evidence that these are already being exploited by malicious actors. And the flaw has already been added to the known exploited vulnerabilities catalog. And if that's news to you, federal agencies had until yesterday to patch it. So you're already too late. I apologize. If you're getting that news from here, you've messed up in some way. But John, clearly these are some serious numbers here. Very serious situation here. You chose this show story for the show specifically. What about it speaks to you? And I guess, is this a, you know, this isn't the first time we've seen a story like this.

B

This is the canonical vulnerability that gets exploited. It's sort of. Anyone listening to this is going yet another one. It's rce. It's got, you know, vulnerability. It's already being exploited. It's all, it's got all the components of something really bad and yet it's completely situation normal. And that's kind of why I liked it, because it's a great example of why our entire cybersecurity infrastructure is super rickety right now. The other point I would like to make, you mentioned that federal agencies have until August 28th to patch. I just wanted to pass along that Citrix didn't get around to releasing its upgrade containing the fix until August 26th. So there you go. And that's actually a huge piece of the problem. It's like, oh, sorry about that here, go fix it. And like everybody has to drop everything and go make a major change that they didn't budget time or energy for.

A

Yeah, that was the one thing that was notable to me is, yeah, usually these stories come out. It seemed like it was very. And again, all of these are very rush, rush anytime it's remote code execution and major network infrastructure, like huge deal. This one did seem particularly like, boom, boom. We need to patch this. No mitigations. You know, like usually we get, okay, if you can't patch right now, here's the mitigation to route around it or something like that and, and this and, or like here's a little bit more details or something like that. This seemed all seemed very hush hush. So I'm wondering if maybe who is exploiting this, is dictating the speed of desired response for this or who's actually.

B

Been exploited one way.

A

Oh, that too.

B

Yeah, that's pretty clear. I mean probably somebody raised high holy hell when they figured out what Citrix kind of hopped too. But nonetheless, I mean it's not Citrix in particular. You know, Cisco has another one that keeps. It's a perennial one that I won't go into because it's not actually a news item. But the great thing is they always say it's a feature, it's not a bug that you can get unauthorized access. And I'm like, that's actually a bug. I don't care what you call it. So it's sort of the idea that this is all situation normal, that pretty much every vendor has really, really egregiously awful vulnerabilities that just need. Everybody needs to just drop everything and deal with right now.

A

That's our world. No problem. By the way, see our episodes on Burnout for the CISO series podcast. I don't know why I brought that up. Next story up here. Next story here. When ND stands for New Download Attack, researchers at Checkpoint detailed a new campaign where threat actors deliver malware to American industrial and tech firms. Disguised as non disclosure agreements, the threat actors initially approach victims through their contact us forms posing as potential business partners and then going on to maintain communication for up to several weeks. So this isn't just a one and done situation. Eventually they'll ask the firm to sign an NDA, send over a zip archive, but it contains a custom malware called Mix shell. Threat actors set up fake websites using domains tied to real US businesses for added veracity, just in case it needed to pass one more spell check. I guess thinking of the business logic here, but Jonna, another variation of the old distraction crime. You know, NDA is just such a commonly accepted piece of documentation in any kind of organization. The very nature of an NDA maybe has an atmosphere of, I don't know, concern for privacy or security around it. Just kind of by its nature of the document. There are so many other official documents that could trap employees. You know, once, once we know NDAs. Okay, maybe double check those. You know, they could run this scheme with any number of here, you know, the classic, here's an invoice, that kind of thing. I'm curious. Oh yes, but has, but is anything new appeared on your radar that could help people stay wary of this trick? Is there anything you're looking out for?

B

Well, I would just kind of call this apt for business folks because it's, you know, it's literally what they do. They sort of get you on the hook and then they reel you in. Right. And the fix for this is fairly straightforward. You shouldn't be signing any documents with someone who randomly just completed a Contact Us the best. And I, believe me, I get probably five or six messages a day from people saying, oh, let's collaborate, I want to partner, I want to, blah, blah. And I'll tell you the simplest way to stop them cold, to say, sure, explain to me what you have in mind in writing. What, what's in it for me, and then maybe we can have a live conversation and then maybe we can move forward. Everybody always stops because they want to get to that first part where they can start pitching or whatever it is, or in this case, attacking. So you know, it this, I would say if you're in the habit of randomly clicking on documents that partners send you, that you might be at risk. But the solution is don't be in that habit.

A

Going back to our chat here, one people pointing out you can't spell AI or Aldi without AI. It's very true. But ccl, you know, I know CCL being a little snarky here, they have the emoji here, but who still uses Citrix? I mean still an enormous footprint out there. So yeah, it's certainly the old guard. But listen, there's a reason there was 28,000 devices sitting out there online for sure. But I love seeing everybody getting involved in the chat. Good stuff. Next up here, US DoD using software maintained by Russians. A new report from Hunted Labs found that the open source tool Fast Glob is solely maintained by a Yandex employee based in Russia. This helpful tool enables developers to perform actions on a group of files without requiring additional code. It's a highly useful tool. So useful in fact, the US Department of Defense utilizes it in at least 30 pre built software packages and just globally. It's used in approximately 5,000 other projects, resulting in about 70 million downloads per week. Very popular. It seems Hunted Labs researchers did find no malicious code in Fast Club. Right, so this is just an awareness piece here and they did contact DOD's Office of Chief Information Officer three weeks before publishing findings, just so everybody has some visibility there. And this kind of goes hand in hand with. Over the summer, DOD issued a memo directing staff to not procure any hardware or software subsequently to adversarial foreign influence. So I guess the question is, John, do you feel a piece of software created by a Yandex employee is okay for use with DoD? Or what kind of framework should we have knowing who the maintainers are before we're using, you know, open source software?

B

Well, I have sort of two responses. The first one is, seriously, this is the guy that was using Signal and inviting random journalists on his Signal chats? I mean, really, clearly this is not a big concern. It's like, hey, let's publish our top secret information with the editor in chief of the Atlantic. Why not? Okay, but moving on to the actual serious part of the question, my biggest worry on this is not that it's by Russian employees or Russian nationals in Russia, it's that it's employee singular. And that of course just brings to mind the good old XKCD cartoon with Jenga Tower and a project some random person in Russia has just been thanklessly maintaining since 2003. I mean, what if the guy goes on vacation? I mean, I guess Crimea is out, but I'm sure there's still some nice places to go on vacation in Russia. The point is that's more of a single point of failure risk, I would say, than simply knowing that the person is Russian and in Russia, obviously it's a terrible look for the DoD, but if they're absolutely certain that they've actually fire hardened it and they're confident that there are no vulnerabilities, I guess it is what it is.

A

Yeah, I mean, to the point of that classic XKCD cartoon, I would say yeah, any piece of software that has a single maintainer is just one, you know, one hack away. But, you know, and APT can target this guy working for Yandex just as well as they could a guy in Kansas or something like that literally go.

B

On vacation and not fix something.

A

Or, I mean we've, we've even seen this with maintainers handing off projects and getting in, you know, and then the new maintainer is not acting in the good faith that other developers, you know, are counting or just even in a consistent way, and that's causing either security or usability or any kind of issues. Max Tronic in our chat though, does, you know, he point he's, he's chanting S bombs. He's saying S bombs are gonna, are gonna solve all this. I mean, certainly that adds a visibility component to it. Right. But that has to be integrated into a whole. Like someone has to actually be reading the S bomb for it to do anything. Right, Right.

B

You have to be taking action on it. Like, I completely agree that SBoM will fix the visibility, but we, here's the case. We already know that this is something we shouldn't be doing. We're doing it. Okay, now what? And you know, D.C. johnson, which, by the way, I like your name quite a lot, is just saying, wonder what percentage of companies have complete S bombs. And that would be like zero. Yes, that is true. And it's also the, you know, it doesn't solve the problem here because knowing about it isn't fixing it. And so again, I think the big issue here is that it's a guy, not that it's a Russian guy in Russia, which is also a problem.

A

It's really a. It's a problem pyramid. It's Laszlo's hierarchy of problems.

B

Jenga Tower.

A

The bigger problem is that it's one guy and then it's a Russian guy and then it's a Russian. Fantastic. That's the kind of dread we love to leave our listeners with. We'll be back with more of that kind of content right after we thank our sponsor for today. Profit Security. Ever feel like your security team is stuck in a loop of alert fatigue and manual investigations? Meet Profit security. Their AgentIQ AI SoC platform automates the tedious stuff. Triaging, investigating and responding to alerts so your analysts can focus on real threats. Think 10 times faster response times and a smarter way to secure your business. Learn more @ProfitSecurity AI that's P R O P H E T Security AI. All right, we got AI kind of double duty here. So we'll be breaking down this anthropic threat intelligence report here. So Anthropic is warning about Vibe hacking. We've all heard of vibe coding. Now, I guess vibe hacking, this is just where we are in 2025. Their new threat intelligence reports warns about agentic AI systems being weaponized. They specifically profiled a threat actor using their CLAUDE code, which is, you know, their version of copilot for coding to run a data extortion operation to end that targeted at least 17 organizations across various verticals. Within a month, Anthropic's Claude chap out was used for everything from technical consultations to crafting psychologically targeted extortion demands, which I need to know how they Jailbroke that thing to do that because Claude is very quick to shut you down when you're trying to be creepy and weird. So some ingenious jailbreaking there on their part, I'm sure. But Jonna, just as organizations are struggling to get comfortable with allowing agentic AI to make some decisions about workflow, you know, along come the threat and turn it into a malicious bot, because that's what they do. This dynamic between good people using software versus bad people abusing it stretches back to, I don't know, as long as tools have existed. I'm thinking of the Proto man in 2001 with the club. I mean, that's about where it started. What's the solution?

B

Oh gosh, no. It was all the way back in the 90s. Please. Okay, I was there, you weren't. But I don't know that there's a solution. But I do think this is one of those things where effective authorization and authentication really can help a lot. And that's actually what's not happening here. You need to really be sure that your agentic AI is coming from who you say it's coming from and that it's carrying with it a set of permissions that are to be permitted that in fact match with the permissions that you wish to grant it. And I know, I've talked to some folks in large enterprises who are thinking about putting together a blockchain based solution for that so that you can see every change that's ever made to anything, every, every step that's taken. So you're able to, you know, in a way it's back to, to SBoM in a way because you're actually looking at everything that's ever happened. You're looking at who changed permissions, you're looking at who changed authentication if needed. Having all that discipline in place and having it automated is going to go a long way towards protecting against these kinds of attacks. But we're just in the infancy of that. I mean these things have not yet been built. They're being thought about well, and this.

A

Kind of gets, we're going to get this in the second half. The other finding in this report here, because it's really interesting, I think about it, I'm thinking about it in terms of the previous story we covered, right, about the NDA hack, right? Where it's one of the things that was novel about that is there's this protracted engagement, right? And the ability for things that used to just take humans a lot of time and investment. And it wasn't worth it is all of a sudden you can potentially hand these off, right? Like I think about it analogous to when malware as a service, or like ransomware as a service operators came online and that completely changed who could buy ransomware, basically, or who could once it.

B

Became its own economy.

A

Yeah, exactly. And I'm thinking that in a similar way. And let me get into this other half of this, because I'm curious on your thoughts on this as well. North Korean Remote Worker Scheme Boosted by Generative AI so in that same report, Anthropic also pointed out that North Korean remote workers are that we keep hearing about, are using Claude not just to write emails or something banal like that, but to create convincing professional backgrounds and technical portfolios, tailor resumes to specific job requirements, and even deliver actual technical work. The report also said that the most striking finding is the actor's complete dependency on AI to function in technical roles. So they didn't know, apparently seemed to be able to write code, debug programs, or even communicate professionally without Claude's assistance. It was just relying on it completely. Yet they successfully maintained employment at Fortune 500 companies, at least according to this public report, passing technical interviews and delivering work that satisfies their employers. I mean, one just a question in general of Fortune 500. What's the deal? But again, thinking of things that required human investment in time, suddenly that curve is completely flattened. How does that change how we think about security?

B

Well, I mean, I'm going to come back to what I said earlier, which is you're really not doing your authentication correctly if you're allowing that in. And of course, what you didn't say, but are clearly thinking, is that people are adding deep fake videos. So you think there's an actual human here. And to that I would just turn this around and say one of the I did a podcast recently with my colleague John Burke about the question of whether you should be buying AI or hiring it. Because in a lot of respects the person that was talking about SBoMS, hey, are you doing security clearance checks on your AI and are you doing them on your employees? You should be doing the same on the AI. You should really think about how you're treating any entity that you're allowing into your environment. That said, if you were able to go back using some sort of blockchain transaction logging, you'd actually know at what state this happened, and this happened and this happened, and be a lot harder to fake this stuff. Not impossible, but harder.

A

I like these kind of scenarios because this is a New technology, it's very easy to kind of feel overwhelmed. Right. These are new challenges. But John, I like that focus on the authentication part. Sure. Maybe we need something relatively novel like a blockchain to kind of verify that. Obviously blockchain is not a new technology. But I like that idea that, hey, we have this path forward that gives me the warm and fuzzies. I don't often get that on the show.

B

So there you go. Just doing my job here. But, you know, one, one other thing I would also weigh in is I find it hilarious that the Fortune 500 companies that are the ones that are vulnerable to this are also usually the same ones that are demanding return to the office, even when they don't have office space for their actual humans. So it's sort of like the question I keep asking these guys and they never come up with a good answer. Okay, so you've said that your people have to be crammed into offices, doing phone calls on laptops and cubicles because collaboration and, you know, and morale. Okay, cool. But you've also said that most of these people are going to lose their jobs to AI. I want to ask you, which office is AI working in?

A

They're gonna, they're gonna make a turn. They're gonna turn on a bunch of terminals and they'll have Claude talking to themselves and then they'll have that cross pollination they want.

B

That's basically it. They're sort of saying, oh, if you're remote, I, you know, I'm going to turn off all my usual concerns, all my usual management skills, and just like, you know, treat you as a black box. Well, don't do that. Anyway.

A

Yes. It's almost like sometimes employers don't act in good faith. That's, I hate to say it, it's very cynical.

B

Yeah, well, honestly, I would say employers of Fortune 500 companies, I'd say those of us in smaller companies tend to be like, ethical, which, you know, whenever I hear evil CEOs are doing XYZ PDQ, I'm like, yeah, burn them at the stake. Oh, wait, I'm a CEO.

A

But.

B

But it's, I mean, it's true. I actually just had one of my employees, spouses call me up and thank me for something and I'm like, okay. So I think in order to succeed in a Fortune 500 company, you really have to have a bit more than a trace of the sociopath.

A

It's the same thing. I always say that with professional athletes too. Right. It's like if you were normally adjusted you would just play at the Y and you'd be probably.

B

You'd be happy. Yeah, right.

A

All right. And our last story for today, steganography revived in AI injection attack security. Researchers at TrailOfBits have uncovered a new attack that hides malicious prompts inside everyday images. The method, called an image scaling attack, exploits the fact that most AI tools automatically shrink pictures before analyzing them at full size. The images look harmless. There's no script to execute there necessarily. But once downscaled, hidden instructions appear, telling the AI to leak data or execute commands. You know, it's an updated spin on the old steganography, which is just the, you know, hiding secrets in images. This goes well before computing and stuff like that. Look at Renaissance paintings. It's. They're. They're covered in them. It's disgusting. But it's engineered to exploit how AIs process images. The researchers warn this could be used for prompt injection attacks, which is. I mean, that is the most obvious use of. But I can imagine any kind of data poisoning potentially with this has some nasty implications. John, I have to admit, this is brilliant. And it shows how when you're a hammer, everything kind of looks like a nail. In a war of any type, guessing where an enemy might strike is always the weaker position. You can't fortify everything. I'm curious, have you noticed whether AI has helped speed up response to innovative attacks like this? Like, is it helping us keep pace with human creativity now?

B

It's the other way around. I mean, first of all, I think this is hilarious because it's kind of like AI bites back. As you pointed out, this is a very old attack. And the new twist is that it's AI. But it's also the case that you can really bollocks up an AI by adding random nonsense sentences at the ends of. At the ends of questions and things like that. And the big one I was reading was, like, you just put in, like, a nonsense observation about a cat. You can just break the entire model. So it's kind of funny that AI is fighting back that way. That said, I think we're in a fun, fundamentally asymmetric situation, because AI helps hackers way more than it protects people from being hacked, simply because just the sheer logic, what AI is great at is spewing a whole lot of stuff, some subset of which is actually useful and interesting. Well, that's kind of how most attacks actually work, which is spewing a lot of. Whatever it is, some subset of them have to work. But if you can spew really fast, Whatever that percentage is, you'll hit it much faster. Whereas if you're on the other side getting hit with stuff, it still takes you time and analytics and using whatever tools you're using to figure out which stuff is actually real and really a problem. And so there's a fundamental inequality where AI helps attackers more than it helps defenders. And, you know, we've known this. We've always been fighting, you know, the cybersecurity wars. Like I said at the beginning, you know, it's just my. My week in security is my week insecurity.

A

Right. I'm just.

B

And CCL and I really like each other because they just posted Autocorrect on steroids. Indeed, my friend. You nailed it.

A

I'm just disappointed that Trail of Bits did not name this the Mad magazine attack, because this reminds me of when you fold the picture over at the back of the Mad magazine and it takes the regular picture and makes it into something lewd, or it's usually something like, I don't know, someone's tongue sticking out or something like that. So Trail of Bits, Please be more juvenile in your coverage. But they always do amazing work, so I'm always happy we can profile something like that. I'm also happy when I see people enjoying my Aldi sweatshirt in the chat. Thanks to everybody that's in the chat. I saw Schmooze getting in there at the very end there. CCL, of course, one of our regulars, D.C. johnson, having a lot of fun. Max Tronic and everyone else, sorry if I didn't name your name there. Big boss man, David Spark, of course, helping make the show a ton of. Of fun. Thank you all so much. John, before we get out of here, was there any story that was a thumbs up or an eye roller for you this this week, either in the news, in our rundown or in the more general news?

B

Well, I think there's the one that we actually didn't include, which was South Korean telecom getting punished, you know, $97 million fine for failing to have adequate cybersecurity. And all I could think of was like, gosh, only in South Korea, because everywhere else they just get a pat on the back and a stock boost. I mean, you know, you had AT&T, Verizon and T Mobile get brought to their knees by Salt Typhoon. Or it was like just yesterday or actually a couple of weeks ago. AT&T is like, yeah, by the way, we got them off our network. So all the. All the data that was captured for the past five years, they're not doing it anymore. It's good.

A

Yeah. They only have five years worth of communication data. I mean, that can't be. That can't be very harmful, I'm sure. Very fun stuff. Thank you for leaving me on a note of dread there. John Attil Johnson, CEO and founder over at Nemarities. Thank you so much for being on there, for lending your expertise, for occasionally making me feel warm and fuzzy about the future of cybersecurity.

B

It's your sweatshirt.

A

It really is. Also, it is getting warm in the room, so I'm not gonna lie, it is actually physically very warm in here. But where can people find you on the cyberspace if they want to see what you're up to?

B

2 places at my company, nemertes.com, there's a contact Us form. Fill it out. We read it. And I'm also hanging around on LinkedIn and occasionally answer things.

A

Do not send an NDA malicious NDA though, to that Contact Us form. I just have to say proper NDAs if appropriate. Sure, why not? Thanks also to our sponsor for today, Profit Security. Investigate and respond to alerts 10 times faster. And thanks once again to our audience today. We can't get everything up on the screen, but we do deeply appreciate you being here. It makes my Friday so much fun and I try to never miss it. Don't forget you can send us feedback through email feedbackisoseries.com it's electronic mail. It's the future and it's how we will communicate in the year 2000. Please join us next week first for Super Cyber Friday, where the topic will be hacking AI in meetings. An hour of critical thinking about how to avoid liability while getting value from your recordings. That's going to start at 1pm Eastern and then come on back for another episode of the week interview starting at 3:30pm Eastern. To register to join us on YouTube and add your comments, just go to our events page CISO series.com or subscribe on YouTube and catch all of our great videos. We got demos, we got all sorts of cool stuff over there. Appreciate it if you do. In the meantime, you can still get your daily news fix every single day through cybersecurity headlines. Give us about six minutes, we'll get you all caught up. For myself, for our glorious producer Steve Pretens, for Jonna, for the big boss man David Spark, and for all of us here with the CISO series, here's wishing you and yours to have a super sparkly day. Cybersecurity headlines are available every weekday. Head to cisoseries.com for the full stories behind the headlines.