Week in Review: Disabling Microsoft Defender, corrupted power inverters, bipartisan training bill

Summary

Podcast Summary: Cyber Security Headlines - Week in Review

Title: Cyber Security Headlines
Host/Author: CISO Series
Episode: Week in Review: Disabling Microsoft Defender, Corrupted Power Inverters, Bipartisan Training Bill
Release Date: May 23, 2025

Introduction

In this episode of Cyber Security Headlines, hosted by Rich from the CISO Series, the discussion centers around the most pressing cybersecurity incidents and developments of the week. The episode features insightful commentary from George Finney, CISO at the University of Texas System, marking his third appearance on the show. Together, they delve into topics ranging from software vulnerabilities and infrastructure threats to legislative efforts in cyber workforce training.

1. DefendNot Tool Disables Microsoft Defender

Overview:
The episode kicks off with a discussion on a newly identified tool named "DefendNot," created by a developer with the handle es3n1n. This tool exploits an undocumented Windows Security Center API to disable Microsoft Defender by registering a fake antivirus, even in the absence of a legitimate antivirus program. This vulnerability allows malicious actors to bypass Microsoft's built-in security measures.

Key Points & Insights:

Rich's Introduction: Rich introduces the DefendNot tool and explains its mechanism, highlighting the use of a fake antivirus to deactivate Microsoft Defender.
“...Defend not is a tool built by a developer who goes by the handle es3n1n. Catchy there. It can apparently disable Microsoft Defender on Windows devices...” [00:00]
George Finney's Perspective: George comments that such vulnerabilities are not surprising, noting the persistent challenges anti-malware solutions face against sophisticated bypass techniques.
“There are a number of different Microsoft or anti malware scan interface, AMZ bypass techniques that are in place... we know we can't rely on the software providers out there to secure systems, even Microsoft.” [03:25]
Zero Trust Emphasis: George emphasizes the necessity of a Zero Trust framework to mitigate such vulnerabilities, advocating for comprehensive security measures that account for operating system intricacies and potential blind spots.
“...zero trust is the only way to really work in this kind of environment.” [07:06]

2. Chinese-Made Power Inverters with Rogue Devices

Overview:
Security experts have uncovered malicious modifications in Chinese-made power inverters used in U.S. and European solar farms. These inverters contain hidden kill switches and undocumented cellular radios that could allow remote disabling of the power grid, posing significant national security risks.

Key Points & Insights:

Rich's Analysis: Rich draws parallels to previous telecom security issues, underscoring the challenges smaller utilities face in identifying and mitigating such threats.
“This... reminds me of that where the struggle for this is, is individuals that might have these... bought them probably because they were the most cost efficient solution... don’t have visibility into this.” [05:10]
George's Commentary: George acknowledges the recurring nature of such threats and the difficulty organizations face in thoroughly vetting hardware components. He praises government efforts to bring manufacturing back domestic but remains concerned about long-term implications.
“...these kinds of stories that we've got to keep up with to know what's out there... we need to rely on our government... every time I hear one of these stories, it's a little depressing...” [05:10]
Risk Assessment Challenges: The discussion highlights the complexity CISOs encounter in evaluating and mitigating risks associated with pre-installed infrastructure vulnerabilities.
“What does that risk worth to my organization to mitigate that? Like, those are the questions for those that already have these installed that I think are kind of the tough ones to resolve.” [06:16]

3. Bipartisan Bill for Federal Cyber Workforce Training

Overview:
Representatives Pat Fallon and Marcy Kaptur introduced the Federal Cyber Workforce Training Act, aiming to establish a centralized training center for federal cyber workforce development. The bill focuses on setting cybersecurity standards for new federal employees and providing specialized training for HR officials to enhance recruitment processes.

Key Points & Insights:

Rich's Introduction: Rich outlines the components of the bill, emphasizing its bipartisan nature and the critical role of HR in the cybersecurity supply chain.
“...this is a very classic CISO question, right? What's the risk of this?... What does that risk do?” [07:55]
George's Input: George shares his experience working with HR departments to integrate cybersecurity practices, stressing the importance of early intervention in the hiring process to prevent threats like deepfake-based attacks.
“...we’ve got to start even earlier in the process, not just doing background checks or reference checks like we're used to.” [09:10]
Human Element in Security: The conversation underscores the necessity of incorporating cybersecurity awareness into all facets of an organization, particularly within HR functions, to bolster overall security posture.
“People are the most important part of zero trust.” [09:38]

4. Vulnerability Exploitation Probability Metric by NIST and CISA

Overview:
NIST and CISA have introduced the Likely Exploited Vulnerabilities (LEV) metric, designed to predict the probability of vulnerability exploitation using mathematical models. This metric aims to enhance patching prioritization by identifying threats that may otherwise be overlooked.

Key Points & Insights:

Rich's Explanation: Rich describes the LEV metric and its role in complementing existing frameworks like KEV and EPSS, highlighting its potential to provide more actionable intelligence for cybersecurity teams.
“...LEV's real world impact. Seems to be a positive development.” [12:47]
George's Analysis: George views the LEV metric as a positive step towards contextualizing CVEs, enabling organizations to prioritize vulnerabilities based on their specific risk profiles and critical assets.
“...context is really, really important... I think this sounds to be like an interesting improvement overall.” [12:56]
Operational Impact: The integration of LEV into security practices could streamline vulnerability management processes, allowing CISOs to focus resources on the most pressing threats.
“We do tend to have challenges with, with understanding CVEs and applying them.” [12:58]

5. Opexus Security Lapse Involving Twin Brothers

Overview:
A significant security breach occurred within federal agencies using Opexus's digital tools, involving twin brothers who previously engaged in fraudulent activities. The insiders illicitly accessed and deleted over 30 databases, including sensitive information from the IRS and General Services Administration.

Key Points & Insights:

Rich's Summary: Rich details the breach, including the insider threat specifics and the failure of HR protocols to prevent re-hiring individuals with a history of cybercrimes.
“...inside threat attack from two employees improperly access sensitive documents and deleted over 30 databases...” [14:03]
George's Reaction: George expresses surprise and frustration over the recurrence of hiring individuals with previous security violations, emphasizing the ongoing challenges in personnel vetting and access management.
“...they were hired again by a federal contractor just a couple of years later. I mean, the damage that they did is horrible.” [15:43]
Systemic Failures: The incident highlights the critical need for robust HR screenings, continuous monitoring, and stringent access controls to prevent similar breaches.
“There is a lot of work that's left to be done... this just highlights, you know, that ongoing issue.” [16:16]
Listener Engagement: A listener named CPU UK commented on the incident, expressing concerns over the inadequate background checks and organizational controls that allowed the breach to occur.
“I want to see the report coming out. Like I do want to see what this came out... the background check failed and there are other control...” [16:51]

6. SK Telecom Malware Breach

Overview:
South Korea's SK Telecom disclosed a malware breach that persisted for nearly three years, impacting 27 million customer accounts. The breach compromised sensitive SIM data, including authentication keys and contact information, increasing the risk of SIM swapping attacks.

Key Points & Insights:

Rich's Overview: Rich outlines the breach's scale, noting the variety and number of malware types involved and the potential for widespread data exploitation.
“...25 malware types on 23 servers seems like a lot of malware types.” [18:36]
George's Contextualization: George explains that telecom companies are prime targets due to their role in managing critical authentication mechanisms like two-factor authentication (2FA). He underscores the inevitability of such breaches given the high-value targets telecoms represent.
“If you're a telecom company, you are a target because every one of our personal devices... are used for two factor.” [19:38]
Industry-Wide Implications: The breach serves as a stark reminder of the vulnerabilities inherent in telecom infrastructures and the necessity for enhanced security measures to protect sensitive customer data.
“Every one of the US telecom companies has been breached. So in a way, you know, this just isn't surprising.” [18:36]

Additional Insights: AI Developments

Overview:
Towards the end of the episode, George shares a positive note on recent advancements in artificial intelligence, specifically referencing Claude 4. He views these developments with optimism, appreciating the potential benefits despite the accompanying hype and concerns.

Key Points & Insights:

George's Thumbs Up:
“...Claude 4, you know, I mean I know we're on a, we're on the AI hype roller coaster... I give it a thumbs up.” [21:06]
Rich's Agreement:
“...always interesting to see those advances. We saw a ton of stuff from Google as well this week, Microsoft to just everybody getting all of their, their cool AI stuff out there.” [21:34]
Future Engagements: Both hosts express excitement about future AI integrations and the ongoing evolution of cybersecurity in tandem with AI advancements.

Conclusion

The episode of Cyber Security Headlines offers a comprehensive review of significant cybersecurity events and trends from the past week. From software vulnerabilities and infrastructure threats to legislative efforts in workforce training, the discussions provide valuable insights for cybersecurity professionals and enthusiasts alike. George Finney's expert commentary underscores the complexity of modern cybersecurity challenges and the imperative for robust, adaptive security frameworks like Zero Trust. The episode concludes on an optimistic note with developments in artificial intelligence, highlighting the dynamic and ever-evolving landscape of cybersecurity.

Notable Quotes:

“Zero trust is the only way to really work in this kind of environment.” — George Finney [07:06]
“People are the most important part of zero trust.” — George Finney [09:38]
“Every one of the US telecom companies has been breached. So in a way, you know, this just isn't surprising.” — George Finney [18:36]
“I give it a thumbs up.” — George Finney [21:06]

For Further Information:
To explore the full stories behind the headlines discussed in this episode, visit CISOseries.com.

Summary

Podcast Summary: Cyber Security Headlines - Week in Review

Introduction

1. DefendNot Tool Disables Microsoft Defender

Key Points & Insights:

Rich's Introduction: Rich introduces the DefendNot tool and explains its mechanism, highlighting the use of a fake antivirus to deactivate Microsoft Defender.
“...Defend not is a tool built by a developer who goes by the handle es3n1n. Catchy there. It can apparently disable Microsoft Defender on Windows devices...” [00:00]
George Finney's Perspective: George comments that such vulnerabilities are not surprising, noting the persistent challenges anti-malware solutions face against sophisticated bypass techniques.
“There are a number of different Microsoft or anti malware scan interface, AMZ bypass techniques that are in place... we know we can't rely on the software providers out there to secure systems, even Microsoft.” [03:25]
Zero Trust Emphasis: George emphasizes the necessity of a Zero Trust framework to mitigate such vulnerabilities, advocating for comprehensive security measures that account for operating system intricacies and potential blind spots.
“...zero trust is the only way to really work in this kind of environment.” [07:06]

2. Chinese-Made Power Inverters with Rogue Devices

Key Points & Insights:

Rich's Analysis: Rich draws parallels to previous telecom security issues, underscoring the challenges smaller utilities face in identifying and mitigating such threats.
“This... reminds me of that where the struggle for this is, is individuals that might have these... bought them probably because they were the most cost efficient solution... don’t have visibility into this.” [05:10]
George's Commentary: George acknowledges the recurring nature of such threats and the difficulty organizations face in thoroughly vetting hardware components. He praises government efforts to bring manufacturing back domestic but remains concerned about long-term implications.
“...these kinds of stories that we've got to keep up with to know what's out there... we need to rely on our government... every time I hear one of these stories, it's a little depressing...” [05:10]
Risk Assessment Challenges: The discussion highlights the complexity CISOs encounter in evaluating and mitigating risks associated with pre-installed infrastructure vulnerabilities.
“What does that risk worth to my organization to mitigate that? Like, those are the questions for those that already have these installed that I think are kind of the tough ones to resolve.” [06:16]

3. Bipartisan Bill for Federal Cyber Workforce Training

Key Points & Insights:

Rich's Introduction: Rich outlines the components of the bill, emphasizing its bipartisan nature and the critical role of HR in the cybersecurity supply chain.
“...this is a very classic CISO question, right? What's the risk of this?... What does that risk do?” [07:55]
George's Input: George shares his experience working with HR departments to integrate cybersecurity practices, stressing the importance of early intervention in the hiring process to prevent threats like deepfake-based attacks.
“...we’ve got to start even earlier in the process, not just doing background checks or reference checks like we're used to.” [09:10]
Human Element in Security: The conversation underscores the necessity of incorporating cybersecurity awareness into all facets of an organization, particularly within HR functions, to bolster overall security posture.
“People are the most important part of zero trust.” [09:38]

4. Vulnerability Exploitation Probability Metric by NIST and CISA

Key Points & Insights:

Rich's Explanation: Rich describes the LEV metric and its role in complementing existing frameworks like KEV and EPSS, highlighting its potential to provide more actionable intelligence for cybersecurity teams.
“...LEV's real world impact. Seems to be a positive development.” [12:47]
George's Analysis: George views the LEV metric as a positive step towards contextualizing CVEs, enabling organizations to prioritize vulnerabilities based on their specific risk profiles and critical assets.
“...context is really, really important... I think this sounds to be like an interesting improvement overall.” [12:56]
Operational Impact: The integration of LEV into security practices could streamline vulnerability management processes, allowing CISOs to focus resources on the most pressing threats.
“We do tend to have challenges with, with understanding CVEs and applying them.” [12:58]

5. Opexus Security Lapse Involving Twin Brothers

Key Points & Insights:

Rich's Summary: Rich details the breach, including the insider threat specifics and the failure of HR protocols to prevent re-hiring individuals with a history of cybercrimes.
“...inside threat attack from two employees improperly access sensitive documents and deleted over 30 databases...” [14:03]
George's Reaction: George expresses surprise and frustration over the recurrence of hiring individuals with previous security violations, emphasizing the ongoing challenges in personnel vetting and access management.
“...they were hired again by a federal contractor just a couple of years later. I mean, the damage that they did is horrible.” [15:43]
Systemic Failures: The incident highlights the critical need for robust HR screenings, continuous monitoring, and stringent access controls to prevent similar breaches.
“There is a lot of work that's left to be done... this just highlights, you know, that ongoing issue.” [16:16]
Listener Engagement: A listener named CPU UK commented on the incident, expressing concerns over the inadequate background checks and organizational controls that allowed the breach to occur.
“I want to see the report coming out. Like I do want to see what this came out... the background check failed and there are other control...” [16:51]

6. SK Telecom Malware Breach

Key Points & Insights:

Rich's Overview: Rich outlines the breach's scale, noting the variety and number of malware types involved and the potential for widespread data exploitation.
“...25 malware types on 23 servers seems like a lot of malware types.” [18:36]
George's Contextualization: George explains that telecom companies are prime targets due to their role in managing critical authentication mechanisms like two-factor authentication (2FA). He underscores the inevitability of such breaches given the high-value targets telecoms represent.
“If you're a telecom company, you are a target because every one of our personal devices... are used for two factor.” [19:38]
Industry-Wide Implications: The breach serves as a stark reminder of the vulnerabilities inherent in telecom infrastructures and the necessity for enhanced security measures to protect sensitive customer data.
“Every one of the US telecom companies has been breached. So in a way, you know, this just isn't surprising.” [18:36]

Additional Insights: AI Developments

Key Points & Insights:

George's Thumbs Up:
“...Claude 4, you know, I mean I know we're on a, we're on the AI hype roller coaster... I give it a thumbs up.” [21:06]
Rich's Agreement:
“...always interesting to see those advances. We saw a ton of stuff from Google as well this week, Microsoft to just everybody getting all of their, their cool AI stuff out there.” [21:34]
Future Engagements: Both hosts express excitement about future AI integrations and the ongoing evolution of cybersecurity in tandem with AI advancements.

Conclusion

Notable Quotes:

“Zero trust is the only way to really work in this kind of environment.” — George Finney [07:06]
“People are the most important part of zero trust.” — George Finney [09:38]
“Every one of the US telecom companies has been breached. So in a way, you know, this just isn't surprising.” — George Finney [18:36]
“I give it a thumbs up.” — George Finney [21:06]

For Further Information:
To explore the full stories behind the headlines discussed in this episode, visit CISOseries.com.

wavePod

Get Free Podcast Summaries in Your Inbox

Pick Your Shows

Subscribe Free

Get Instant Summaries

Summary

Introduction

1. DefendNot Tool Disables Microsoft Defender

2. Chinese-Made Power Inverters with Rogue Devices

3. Bipartisan Bill for Federal Cyber Workforce Training

4. Vulnerability Exploitation Probability Metric by NIST and CISA

5. Opexus Security Lapse Involving Twin Brothers

6. SK Telecom Malware Breach

Additional Insights: AI Developments

Conclusion

Summary

Introduction

1. DefendNot Tool Disables Microsoft Defender

2. Chinese-Made Power Inverters with Rogue Devices

3. Bipartisan Bill for Federal Cyber Workforce Training

4. Vulnerability Exploitation Probability Metric by NIST and CISA

5. Opexus Security Lapse Involving Twin Brothers

6. SK Telecom Malware Breach

Additional Insights: AI Developments

Conclusion