Cybersecurity Updates: CEO Legal Troubles, Global Cyber Rules, Microsoft Fix Issues, and AI at B-Side SF

Cybersecurity Today

Published: Mon Apr 28 2025

In this episode of 'Cybersecurity Today', host David Shipley covers multiple key stories: Veritaco CEO Jeffrey Bowie is charged with attempting to infect a hospital with malware. Global Chief Information Security Officers (CISOs) call on world...

Summary

Cybersecurity Updates: CEO Legal Troubles, Global Cyber Rules, Microsoft Fix Issues, and AI at B-Side SF

Podcast: Cybersecurity Today
Host: Jim Love (Sitting in for David Shipley)
Release Date: April 28, 2025

1. CEO Legal Troubles: Malware Incident at St. Anthony's Hospital

In a startling revelation, Jeffrey Bowie, CEO of cybersecurity firm Veradico, has been charged under Oklahoma's Computer Crimes Act for attempting to compromise the cybersecurity of St. Anthony's Hospital in Oklahoma City. According to Security Affairs reported on April 28, 2025, Bowie faces two counts related to infecting employee computers with malware.

Incident Details:

Timestamp [00:00]: David Shipley outlines that on August 6, security footage captured Bowie navigating the corridors of St. Anthony's Hospital. He was seen accessing locked offices and introducing malware via a USB thumb drive.
The malicious software was designed to "snap a screenshot every 20 minutes and send images to an outside server".
When confronted by staff, Bowie reportedly claimed, “I have a relative in surgery and needed to check something.”
Fortunately, the hospital's robust security measures swiftly neutralized the threat, ensuring no patient data was compromised.
Bowie was apprehended two weeks later, on April 14, following the issuance of an arrest warrant.

Implications: The incident underscores the critical importance of physical security in safeguarding sensitive information and IT systems within healthcare institutions. As St. Anthony's Hospital is a major medical center offering a wide range of services, this breach highlights vulnerabilities that even high-security environments can face.

2. Global Cyber Rules: CISOs Call for Harmonization

A coalition of Chief Information Security Officers (CISOs) from 45 leading companies—including tech giants, global banks, and hospital networks—has taken a unified stance urging World Governments to harmonize cyber regulations. Addressing this collective concern, David Shipley elaborates on their joint appeal to the G7 and the Organization for Economic Cooperation and Development (OECD).

Key Requests:

Single Playbook: Establish a unified set of cybersecurity regulations to replace the existing patchwork of rules across different regions and jurisdictions.
Alignment and Consistent Enforcement: Ensure that current cybersecurity standards are uniformly enforced worldwide.
Public-Private Collaboration: Foster closer cooperation between the private sector and governments in developing future regulatory frameworks, with businesses involved early in the process.
Faster Intelligence Sharing: Enhance the speed and efficiency of sharing intelligence between governments and private entities, breaking down bureaucratic barriers to keep pace with cyber threats.
Inclusion of Business Voices: Ensure that business representatives are consistently involved in discussions and decision-making processes related to cybersecurity policies.

Notable Quote:

David Shipley [04:30]: “We’re asking world leaders to sync up cybersecurity regulations instead of letting everyone go their own way, creating confusing, sometimes conflicting and different requirements.”

Context and Challenges: The timing coincides with the upcoming G7 meeting in Canada, where numerous new regulations have emerged globally, affecting companies with international operations. However, geopolitical tensions, especially concerning trade, may pose significant hurdles to achieving the desired regulatory cohesion.

3. Microsoft’s Inetpub Folder Fix: A Double-Edged Sword

Recent updates from Microsoft aimed at mitigating security vulnerabilities have introduced complications of their own. Initially, Microsoft created the inetpub folder as part of a workaround for CVE-2025-21204, an exploitable elevation of privileges flaw in Windows Process Activation.

Technical Breakdown:

Timestamp [15:45]: The inetpub folder was a temporary measure to block a specific type of symlink attack.
Cybersecurity Researcher Kevin Beaumont discovered that attackers could exploit this folder using the mklink command to tie inetpub to a system executable. This manipulation could disrupt Windows Updates by causing it to detect the mklink, thereby breaking the update process.

Implications: This vulnerability allows attackers, even without administrative rights, to interfere with security updates, potentially leaving systems exposed to further threats. The inetpub folder, originally part of Microsoft’s Internet Information Services (IIS) Web Server Software, now requires its own fix to prevent exploitation.

Notable Quote:

David Shipley [12:10]: “Deleting or messing with that inetpub folder can cause all kinds of problems, including preventing further security updates.”

4. AI at BSIDE San Francisco: Innovations and Threats

The BSIDE San Francisco conference showcased a plethora of discussions on artificial intelligence (AI) and its intersection with cybersecurity. From weaponizing large language models to detect deepfakes, the event highlighted both the potentials and perils of AI advancements.

Highlights:

Dylan A. Ray’s Presentation:
- Topic: AI Apocalypse: Weaponizing Large Language Models
- Insights: Ray provided an in-depth analysis of how generative AI can be manipulated to create sophisticated malware. He praised the research paper “Refusal in large language models is mediated by a single direction”, which elucidates how AI models manage response refusals using directional mapping.
- Notable Quote [25:50]: “When a model refuses to give an answer due to safety guardrails, that's often done in a single direction. In this map, the researchers found that that direction can be discovered and removed, unlocking previously blocked content.”
- Availability: The talk is expected to be accessible on BSIDE’s YouTube channel soon, with additional resources linked in the show notes.
AI Village Demo:
- Focus: Demonstration of deepfake video and audio technologies operating on six-year-old hardware.
- Technologies Discussed: Heartbeat analysis techniques for detecting deepfakes by identifying imperceptible physiological signals in videos.
- Limitations: Unfortunately, this particular demonstration was not recorded.
Electronic Frontier Foundation’s Presentation:
- Title: “Tracking the World's Dumbest Cyber Mercenaries”
- Presenters: Eva Galprin and Cooper Quinton
- Content: An engaging and humorous exploration of EFF’s investigation into the cyber mercenary group Dark Caracal.
- Notable Quote [38:20]: “Tracking the world's dumbest cyber mercenaries isn't just funny—it reveals significant insights into how low-skill actors can impact global cybersecurity.”
- Availability: A recording is hoped to be released, with additional information available in the show notes.

Implications: These presentations underscore the dual-edged nature of AI in cybersecurity—it serves as both a powerful tool for defense and a potential avenue for sophisticated cyber attacks.

5. RSA Conference Kickoff: Anticipated Developments and Trends

The week also marks the beginning of the RSA Conference, the world's largest cybersecurity vendor event held in San Francisco. Attendees can expect a flurry of press releases unveiling the latest security solutions and technologies.

Highlights to Watch:

Vendor Innovations: Companies are set to showcase advancements in areas such as Agentic AI, which has already become a buzzword among industry professionals.
Live Updates: David Shipley promises to provide real-time highlights from both sessions and vendor booths via LinkedIn and direct connections with co-host Jim Love.
Networking Opportunities: Listeners attending the RSA Conference are encouraged to connect with David and Jim for in-depth discussions and insights.

Notable Quote:

David Shipley [50:35]: “For those who enjoy a good buzzword bingo game, make sure you add Agentic AI to your card.”

Engagement: Listeners are invited to engage with the hosts on LinkedIn or reach out via email for personalized interactions during the conference.

Conclusion

This episode of Cybersecurity Today delves into a spectrum of critical issues facing the cybersecurity landscape in 2025. From high-profile legal cases and global regulatory challenges to the intricate dance between AI advancements and security vulnerabilities, host David Shipley provides a comprehensive overview of the current state and future directions of cybersecurity. The discussions emphasize the necessity for unified global standards, the continuous evolution of threat mitigation strategies, and the pivotal role of AI in shaping both defensive and offensive cyber capabilities. As the RSA Conference unfolds, listeners can look forward to further insights and updates on emerging cybersecurity trends and technologies.

Resources Mentioned:

Refer to the show notes for links to Dylan A. Ray’s research paper, EFF’s work on Dark Caracal, and additional resources from BSIDE San Francisco.

Summary

Cybersecurity Updates: CEO Legal Troubles, Global Cyber Rules, Microsoft Fix Issues, and AI at B-Side SF

Podcast: Cybersecurity Today
Host: Jim Love (Sitting in for David Shipley)
Release Date: April 28, 2025

1. CEO Legal Troubles: Malware Incident at St. Anthony's Hospital

Incident Details:

Timestamp [00:00]: David Shipley outlines that on August 6, security footage captured Bowie navigating the corridors of St. Anthony's Hospital. He was seen accessing locked offices and introducing malware via a USB thumb drive.
The malicious software was designed to "snap a screenshot every 20 minutes and send images to an outside server".
When confronted by staff, Bowie reportedly claimed, “I have a relative in surgery and needed to check something.”
Fortunately, the hospital's robust security measures swiftly neutralized the threat, ensuring no patient data was compromised.
Bowie was apprehended two weeks later, on April 14, following the issuance of an arrest warrant.

2. Global Cyber Rules: CISOs Call for Harmonization

Key Requests:

Single Playbook: Establish a unified set of cybersecurity regulations to replace the existing patchwork of rules across different regions and jurisdictions.
Alignment and Consistent Enforcement: Ensure that current cybersecurity standards are uniformly enforced worldwide.
Public-Private Collaboration: Foster closer cooperation between the private sector and governments in developing future regulatory frameworks, with businesses involved early in the process.
Faster Intelligence Sharing: Enhance the speed and efficiency of sharing intelligence between governments and private entities, breaking down bureaucratic barriers to keep pace with cyber threats.
Inclusion of Business Voices: Ensure that business representatives are consistently involved in discussions and decision-making processes related to cybersecurity policies.

Notable Quote:

David Shipley [04:30]: “We’re asking world leaders to sync up cybersecurity regulations instead of letting everyone go their own way, creating confusing, sometimes conflicting and different requirements.”

3. Microsoft’s Inetpub Folder Fix: A Double-Edged Sword

Technical Breakdown:

Timestamp [15:45]: The inetpub folder was a temporary measure to block a specific type of symlink attack.
Cybersecurity Researcher Kevin Beaumont discovered that attackers could exploit this folder using the mklink command to tie inetpub to a system executable. This manipulation could disrupt Windows Updates by causing it to detect the mklink, thereby breaking the update process.

Notable Quote:

David Shipley [12:10]: “Deleting or messing with that inetpub folder can cause all kinds of problems, including preventing further security updates.”

4. AI at BSIDE San Francisco: Innovations and Threats

Highlights:

Dylan A. Ray’s Presentation:
- Topic: AI Apocalypse: Weaponizing Large Language Models
- Insights: Ray provided an in-depth analysis of how generative AI can be manipulated to create sophisticated malware. He praised the research paper “Refusal in large language models is mediated by a single direction”, which elucidates how AI models manage response refusals using directional mapping.
- Notable Quote [25:50]: “When a model refuses to give an answer due to safety guardrails, that's often done in a single direction. In this map, the researchers found that that direction can be discovered and removed, unlocking previously blocked content.”
- Availability: The talk is expected to be accessible on BSIDE’s YouTube channel soon, with additional resources linked in the show notes.
AI Village Demo:
- Focus: Demonstration of deepfake video and audio technologies operating on six-year-old hardware.
- Technologies Discussed: Heartbeat analysis techniques for detecting deepfakes by identifying imperceptible physiological signals in videos.
- Limitations: Unfortunately, this particular demonstration was not recorded.
Electronic Frontier Foundation’s Presentation:
- Title: “Tracking the World's Dumbest Cyber Mercenaries”
- Presenters: Eva Galprin and Cooper Quinton
- Content: An engaging and humorous exploration of EFF’s investigation into the cyber mercenary group Dark Caracal.
- Notable Quote [38:20]: “Tracking the world's dumbest cyber mercenaries isn't just funny—it reveals significant insights into how low-skill actors can impact global cybersecurity.”
- Availability: A recording is hoped to be released, with additional information available in the show notes.

Implications: These presentations underscore the dual-edged nature of AI in cybersecurity—it serves as both a powerful tool for defense and a potential avenue for sophisticated cyber attacks.

5. RSA Conference Kickoff: Anticipated Developments and Trends

Highlights to Watch:

Vendor Innovations: Companies are set to showcase advancements in areas such as Agentic AI, which has already become a buzzword among industry professionals.
Live Updates: David Shipley promises to provide real-time highlights from both sessions and vendor booths via LinkedIn and direct connections with co-host Jim Love.
Networking Opportunities: Listeners attending the RSA Conference are encouraged to connect with David and Jim for in-depth discussions and insights.

Notable Quote:

David Shipley [50:35]: “For those who enjoy a good buzzword bingo game, make sure you add Agentic AI to your card.”

Engagement: Listeners are invited to engage with the hosts on LinkedIn or reach out via email for personalized interactions during the conference.

Conclusion

Resources Mentioned:

Refer to the show notes for links to Dylan A. Ray’s research paper, EFF’s work on Dark Caracal, and additional resources from BSIDE San Francisco.