Cybersecurity Headlines: Week in Review Summary

Hosted by CISO Series, Episode Released on May 2, 2025

The latest episode of Cybersecurity Headlines, hosted by Rich from the CISO Series, delves into a series of critical cybersecurity developments from the past week. Joined by returning guest DJ Schlien, Head of Security at Boats Group, the discussion spans significant incidents, emerging threats, and regulatory measures shaping the information security landscape.

1. Cybersecurity Firm CEO Charged with Malware Installation

Overview: The episode opens with a shocking revelation about Jeffrey Bowie, CEO of the cybersecurity firm Veritico, who has been charged with violating Oklahoma's Computer Crimes Act. Bowie is accused of installing malware on the systems of St. Anthony Hospital in Oklahoma City on August 6, 2024.

Key Details:

• Criminal Actions: The malware was designed to capture screenshots every 20 minutes and transmit them to an external IP address. Importantly, officials confirmed that no patient data was accessed during the breach.
• Arrest Circumstances: Bowie was apprehended in April after security footage captured him attempting to access multiple offices within the hospital.

Discussion: DJ Schlien expresses disbelief and concern over the incident, emphasizing the severe breach of trust it represents within the cybersecurity profession.

Notable Quotes:

• DJ Schlien [03:00]: “There are always going to be some bad apples in any profession, but this makes it harder for customers, for users to trust the people in charge of their data.”
• Rich [05:04]: "Telling stories about family members to get access and stuff like that goes into the creep factor."

Insights: Both hosts highlight the multifaceted security lapses, including physical security and vendor vetting processes. They stress the importance of robust security protocols to prevent such insider threats and maintain trust in cybersecurity firms.

2. Cloudflare Experiences Surge in DDoS Attacks

Overview: Cloudflare's Q1 DDoS report reveals a dramatic increase in distributed denial-of-service (DDoS) attacks, with the company mitigating 20.5 million attacks in just one quarter, compared to 21.3 million in the entirety of 2024.

Key Details:

• Attack Types: The surge is primarily due to network layer attacks, specifically using Connectionless Lightweight Directory Access Protocol (CLDAP) and Encapsulating Security Payload (ESP) floods.
• Bandwidth Volume: Over 700 attacks involved at least 1 terabit of bandwidth per second.

Discussion: DJ Schlien underscores the evolving nature of DDoS attack vectors and the necessity for continuous learning and adaptation within cybersecurity defenses.

Notable Quotes:

• DJ Schlien [07:15]: “The CLDAP vulnerability was an amplification attack... these things are just massive amounts of volume coming in.”
• Rich [09:10]: "It’s getting pretty nasty out there."

Insights: The conversation highlights the critical need for advanced DDoS protection measures and the role of managed security services in mitigating increasingly sophisticated attacks. Both hosts draw analogies to emphasize the importance of proactive defenses, likening inadequate protection to "leaving a screen door open in the middle of a hot summer day."

3. FBI Seeks Public Assistance with Salt Typhoon Threat Actor

Overview: The FBI has issued a public service announcement soliciting information on Salt Typhoon, a China-linked threat actor previously involved in targeting US telecommunications companies since November.

Key Details:

• Reward Offer: The U.S. Department of State's Reward for Justice program is offering up to $10 million for actionable intelligence on any foreign state-linked threat actor targeting US critical infrastructure.
• Campaign Scope: While Salt Typhoon remains a primary focus, the reward is not limited to this group alone.

Discussion: DJ Schlien debates the efficacy and potential risks of such broad public appeals, including the possibility of disinformation and false leads.

Notable Quotes:

• DJ Schlien [11:27]: “From the FBI perspective, I think bringing the conversation mainstream, it's a good thing.”
• Rich [12:37]: “We only have a very narrow window into a lot of this surreptitious work that's going on between these two nation state actors.”

Insights: The hosts consider the balance between leveraging public assistance for intelligence gathering and the dangers of inundating law enforcement with unreliable information. They acknowledge the sophistication of nation-state operations, emphasizing the complexity of combating such threats.

4. US House Passes Bill to Study Router National Security Risks

Overview: The U.S. House of Representatives has passed the Routers Act, mandating the Department of Commerce to evaluate the national security risks posed by routers and modems manufactured by foreign adversaries, particularly China.

Key Details:

• Legislative Intent: The bill builds on previous efforts to remove untrusted telecommunications equipment following cybersecurity threats.
• Industry Impact: Emphasizes the need for stringent security measures in consumer devices that often serve as primary attack vectors due to poor configuration and outdated firmware.

Discussion: DJ Schlien appreciates the comparison of routers to everyday devices like vacuum cleaners, highlighting their ubiquitous presence and potential vulnerabilities.

Notable Quotes:

• Rich [15:10]: “Talking about devices that we use at home, that's any device, like an IoT device.”
• DJ Schlien [18:55]: “How do we regulate consumer trust, you know, or how do we build consumer trust and do regulations address that?”

Insights: The discussion underscores the challenges in securing consumer-grade hardware, advocating for comprehensive oversight and standardized security practices. The hosts explore the broader implications of the Act, including supply chain transparency and the necessity for ongoing firmware updates to prevent exploitation.

5. Maryland Man Pleads Guilty to Outsourcing US Government Work to a Foreign National

Overview: A naturalized U.S. citizen from Vietnam has pleaded guilty to outsourcing government work to China. The individual secured a position as a Full Stack Web Developer with a U.S. government software contractor and illicitly facilitated remote access to his workstation from China between March and July 2023.

Key Details:

• Criminal History: Admitted to similar frauds targeting at least 13 U.S. companies between 2021 and 2024.
• Potential Sentencing: Faces up to 20 years in prison, with sentencing scheduled for August.

Discussion: DJ Schlien expresses frustration over recurring insider threats, emphasizing the need for rigorous background checks and enhanced vetting processes in remote hiring practices.

Notable Quotes:

• DJ Schlien [21:05]: “How would I protect against this? Well, definitely background checks, lots of vetting, meet people in person.”
• Rich [23:48]: “It's not just one company, you know, not to shame any. Like this clearly is a much wider problem of trust when it comes to remote employees.”

Insights: The hosts discuss the broader implications for remote work security, highlighting the importance of robust insider threat programs and vigilant monitoring to prevent similar incidents. They stress the evolving nature of work environments and the corresponding need for adaptable security measures.

6. Potential Denial of Service Vulnerability via Windows NetPub Folder

Overview: Following a Patch Tuesday update, Microsoft introduced an empty folder in the Windows NetPub directory intended to fix an elevation of privilege vulnerability. However, cybersecurity expert Kevin Beaumont discovered that this update inadvertently creates a denial of service (DoS) vulnerability by allowing non-admin users to halt future Windows security updates.

Key Details:

• Vulnerability Impact: Non-privileged users can disrupt the Windows servicing stack, preventing essential security updates and impairing endpoint detection measures.
• Severity: Classified as a medium vulnerability, posing significant risks to IT organizations managing large fleets of machines.

Discussion: DJ Schlien expresses significant concern over the oversight, critiquing the persistence of outdated practices like hosting websites on Windows machines and the ease with which unprivileged users can exploit such vulnerabilities.

Notable Quotes:

• DJ Schlien [25:39]: “If I'm looking at this and saying okay, what's the risk here? Well, can I push my people away from Windows machines...”
• Rich [27:37]: “A non-privileged user to be able to do that is. It ain't great.”

Insights: The conversation highlights the critical need for meticulous quality assurance in software updates and the potential repercussions of seemingly minor oversights. The hosts advocate for minimizing attack surfaces and ensuring that systems remain resilient against both privileged and unprivileged threats.

Final Thoughts

The episode concludes with acknowledgments of listener contributions and a brief mention of upcoming shows, including a focus on Gen AI compliance and a weekend review. Hosts Rich and DJ Schlien emphasize the importance of continuous vigilance and adaptive security practices in an ever-evolving threat landscape.

Notable Quotes:

• DJ Schlien [28:33]: “I think all those stories were thumbs up ones. Definitely must reads.”
• Rich [29:07]: “DJ Shaleen, head of security over at Boats Group, thank you so so much for being here.”

Key Takeaway: This week's headlines underscore the multifaceted challenges in cybersecurity, from insider threats and sophisticated DDoS attacks to regulatory efforts and software vulnerabilities. The episode serves as a crucial reminder of the dynamic nature of cybersecurity threats and the necessity for robust, adaptive defenses.

For more detailed analyses and daily updates, visit cisoseries.com.