Cybersecurity Updates: CEO Legal Troubles, Global Cyber Rules, Microsoft Fix Issues, and AI at B-Side SF - Cybersecurity Today

Summary6 min read

Cybersecurity Updates: CEO Legal Troubles, Global Cyber Rules, Microsoft Fix Issues, and AI at B-Side SF

Podcast: Cybersecurity Today
Host: Jim Love (Sitting in for David Shipley)
Release Date: April 28, 2025

1. CEO Legal Troubles: Malware Incident at St. Anthony's Hospital

In a startling revelation, Jeffrey Bowie, CEO of cybersecurity firm Veradico, has been charged under Oklahoma's Computer Crimes Act for attempting to compromise the cybersecurity of St. Anthony's Hospital in Oklahoma City. According to Security Affairs reported on April 28, 2025, Bowie faces two counts related to infecting employee computers with malware.

Incident Details:

Timestamp [00:00]: David Shipley outlines that on August 6, security footage captured Bowie navigating the corridors of St. Anthony's Hospital. He was seen accessing locked offices and introducing malware via a USB thumb drive.
The malicious software was designed to "snap a screenshot every 20 minutes and send images to an outside server".
When confronted by staff, Bowie reportedly claimed, “I have a relative in surgery and needed to check something.”
Fortunately, the hospital's robust security measures swiftly neutralized the threat, ensuring no patient data was compromised.
Bowie was apprehended two weeks later, on April 14, following the issuance of an arrest warrant.

Implications: The incident underscores the critical importance of physical security in safeguarding sensitive information and IT systems within healthcare institutions. As St. Anthony's Hospital is a major medical center offering a wide range of services, this breach highlights vulnerabilities that even high-security environments can face.

2. Global Cyber Rules: CISOs Call for Harmonization

A coalition of Chief Information Security Officers (CISOs) from 45 leading companies—including tech giants, global banks, and hospital networks—has taken a unified stance urging World Governments to harmonize cyber regulations. Addressing this collective concern, David Shipley elaborates on their joint appeal to the G7 and the Organization for Economic Cooperation and Development (OECD).

Key Requests:

Single Playbook: Establish a unified set of cybersecurity regulations to replace the existing patchwork of rules across different regions and jurisdictions.
Alignment and Consistent Enforcement: Ensure that current cybersecurity standards are uniformly enforced worldwide.
Public-Private Collaboration: Foster closer cooperation between the private sector and governments in developing future regulatory frameworks, with businesses involved early in the process.
Faster Intelligence Sharing: Enhance the speed and efficiency of sharing intelligence between governments and private entities, breaking down bureaucratic barriers to keep pace with cyber threats.
Inclusion of Business Voices: Ensure that business representatives are consistently involved in discussions and decision-making processes related to cybersecurity policies.

Notable Quote:

David Shipley [04:30]: “We’re asking world leaders to sync up cybersecurity regulations instead of letting everyone go their own way, creating confusing, sometimes conflicting and different requirements.”

Context and Challenges: The timing coincides with the upcoming G7 meeting in Canada, where numerous new regulations have emerged globally, affecting companies with international operations. However, geopolitical tensions, especially concerning trade, may pose significant hurdles to achieving the desired regulatory cohesion.

3. Microsoft’s Inetpub Folder Fix: A Double-Edged Sword

Recent updates from Microsoft aimed at mitigating security vulnerabilities have introduced complications of their own. Initially, Microsoft created the inetpub folder as part of a workaround for CVE-2025-21204, an exploitable elevation of privileges flaw in Windows Process Activation.

Technical Breakdown:

Timestamp [15:45]: The inetpub folder was a temporary measure to block a specific type of symlink attack.
Cybersecurity Researcher Kevin Beaumont discovered that attackers could exploit this folder using the mklink command to tie inetpub to a system executable. This manipulation could disrupt Windows Updates by causing it to detect the mklink, thereby breaking the update process.

Implications: This vulnerability allows attackers, even without administrative rights, to interfere with security updates, potentially leaving systems exposed to further threats. The inetpub folder, originally part of Microsoft’s Internet Information Services (IIS) Web Server Software, now requires its own fix to prevent exploitation.

Notable Quote:

David Shipley [12:10]: “Deleting or messing with that inetpub folder can cause all kinds of problems, including preventing further security updates.”

4. AI at BSIDE San Francisco: Innovations and Threats

The BSIDE San Francisco conference showcased a plethora of discussions on artificial intelligence (AI) and its intersection with cybersecurity. From weaponizing large language models to detect deepfakes, the event highlighted both the potentials and perils of AI advancements.

Highlights:

Dylan A. Ray’s Presentation:
- Topic: AI Apocalypse: Weaponizing Large Language Models
- Insights: Ray provided an in-depth analysis of how generative AI can be manipulated to create sophisticated malware. He praised the research paper “Refusal in large language models is mediated by a single direction”, which elucidates how AI models manage response refusals using directional mapping.
- Notable Quote [25:50]: “When a model refuses to give an answer due to safety guardrails, that's often done in a single direction. In this map, the researchers found that that direction can be discovered and removed, unlocking previously blocked content.”
- Availability: The talk is expected to be accessible on BSIDE’s YouTube channel soon, with additional resources linked in the show notes.
AI Village Demo:
- Focus: Demonstration of deepfake video and audio technologies operating on six-year-old hardware.
- Technologies Discussed: Heartbeat analysis techniques for detecting deepfakes by identifying imperceptible physiological signals in videos.
- Limitations: Unfortunately, this particular demonstration was not recorded.
Electronic Frontier Foundation’s Presentation:
- Title: “Tracking the World's Dumbest Cyber Mercenaries”
- Presenters: Eva Galprin and Cooper Quinton
- Content: An engaging and humorous exploration of EFF’s investigation into the cyber mercenary group Dark Caracal.
- Notable Quote [38:20]: “Tracking the world's dumbest cyber mercenaries isn't just funny—it reveals significant insights into how low-skill actors can impact global cybersecurity.”
- Availability: A recording is hoped to be released, with additional information available in the show notes.

Implications: These presentations underscore the dual-edged nature of AI in cybersecurity—it serves as both a powerful tool for defense and a potential avenue for sophisticated cyber attacks.

5. RSA Conference Kickoff: Anticipated Developments and Trends

The week also marks the beginning of the RSA Conference, the world's largest cybersecurity vendor event held in San Francisco. Attendees can expect a flurry of press releases unveiling the latest security solutions and technologies.

Highlights to Watch:

Vendor Innovations: Companies are set to showcase advancements in areas such as Agentic AI, which has already become a buzzword among industry professionals.
Live Updates: David Shipley promises to provide real-time highlights from both sessions and vendor booths via LinkedIn and direct connections with co-host Jim Love.
Networking Opportunities: Listeners attending the RSA Conference are encouraged to connect with David and Jim for in-depth discussions and insights.

Notable Quote:

David Shipley [50:35]: “For those who enjoy a good buzzword bingo game, make sure you add Agentic AI to your card.”

Engagement: Listeners are invited to engage with the hosts on LinkedIn or reach out via email for personalized interactions during the conference.

Conclusion

This episode of Cybersecurity Today delves into a spectrum of critical issues facing the cybersecurity landscape in 2025. From high-profile legal cases and global regulatory challenges to the intricate dance between AI advancements and security vulnerabilities, host David Shipley provides a comprehensive overview of the current state and future directions of cybersecurity. The discussions emphasize the necessity for unified global standards, the continuous evolution of threat mitigation strategies, and the pivotal role of AI in shaping both defensive and offensive cyber capabilities. As the RSA Conference unfolds, listeners can look forward to further insights and updates on emerging cybersecurity trends and technologies.

Resources Mentioned:

Refer to the show notes for links to Dylan A. Ray’s research paper, EFF’s work on Dark Caracal, and additional resources from BSIDE San Francisco.

Loading summary

Transcript1 lines

[00:00]
David Shipley
A cybersecurity CEO is charged with attempting to infect a hospital with malware. Global CISOs band together to urge world governments to harmonize cyber rules. Microsoft Mystery folder fix might need a fix of its own and lots of AI talks at BSIDE San Francisco with also RSA kicking off this week. This is Cybersecurity Today and I'm your host David Shipley. Security affairs reported Saturday that Jeffrey Bowie, CEO of the cybersecurity firm Veradico, is facing two counts of violating Oklahoma's Computer Crimes act for allegedly infecting employee computers at the Oklahoma City St. Anthony Hospital. So what happened? According to police, back on August 6, security cameras allegedly caught Bowie roaming the halls of Oklahoma City's St. Anthony's Hospital after trying a few locked offices. He reportedly found staff computers slipped in a thumb drive and planted malware that snapped a screenshot every 20 minutes and sent images to an outside server. When staff asked what he was doing, Bowie allegedly said he had a relative in surgery and quote, needed to check something, end quote. Hospital it later discovered the malicious software and thankfully no patient data was exposed. The hospital says its security measures contained the threat immediately and it worked with law enforcement from day one. Two weeks ago, on April 14, police picked up Bowie with an arrest Warrant. For context, St. Anthony's is a 773 bed medical center in Oklahoma City's Midtown, offering everything from heart surgery to behavioral health, and this story highlights how important physical security remains when it comes to protecting information and systems. It'll be interesting to see what comes out of this case regarding what happened and what the motivations were of the accused. Chief information security officers from 45 powerhouse companies like big tech titans, global banks, hospital networks, you name it, have fired off a joint letter to the G7 and the Organization for Economic Cooperation and Development, or OECD. What are they asking for? They're asking to stop drowning in a patchwork of cyber rules from different regions, jurisdictions at the national and sometimes sub national level. They're urging world leaders to use these forums to sync up cybersecurity regulations instead of letting everyone go their own way, creating confusing, sometimes conflicting and different requirements. Four big things they're asking for single playbook and alignment and consistent enforcement of rules that already exist, working together between the private sector and the public sector on what's to come next in the regulatory framework. They want to be brought in earlier when new standards are being contemplated. They're looking for faster intelligence sharing between governments and the private sector and breaking down bureaucratic walls so that data can move at machine speed and certainly at the speed of attackers, and they want to make sure business gets at the table and stays at the table. Now why all this matters is that this list cuts across almost every sector and signals growing fatigue with regulatory spaghetti across the world. And the timing is key. The G7 is set to meet in Canada this year, and numerous regulations have popped up both in North America, in Europe, the UK and Australia that are starting to affect companies that operate globally. Now, if IT regulators listen, we could see a more cohesive approach that improves protection. However, given the geopolitical context we're now in, particularly with respect to the trade situation, cooperation may not be high on the agenda. Remember the story earlier this month about Microsoft creating a mystery folder in Windows called inetpub that look to be part of a security patch? Well, it turns out this particular cure may also have problems of its own. As we noted when we first covered this a few weeks ago, deleting or messing with that inetpub folder that was created by the Windows system can cause all kinds of problems, including preventing further security updates. The creation of this folder, which was originally a part of Microsoft's Internet Information Systems, or ISS Web Server Software, was a mitigation for CVE2025, 21, 204, an exploitable elevation of privileges flaw with Windows Process Activation. It was a workaround for the flaw instead of patching the code as it would block a particular kind of symlink attack path. Now cybersecurity researcher and for those paying attention, regular pain in Redmond's side. Kevin Beaumont, who famously highlighted all the privacy and security flaws in Microsoft's AI recall tool, shared a workaround recently that attackers could use that could also affect that inetpub folder. In Beaumont's example, attackers running as a standard user, no administrative rights required, could use another symlink approach called mklink to tie inetpub to a particular system executable. When Windows Updates tries to run again, it will check that inetpub folder hits the Mk link and then breaks. There are lots of great talks on AI this year and its implications for cybersecurity at Bside San Francisco. Particularly enjoyed the let's talk about the AI Apocalypse by Dylan A. Ray, who gave a great primer on weaponizing large language models to create malware, and props to A Ray for both an incredibly creative style in the presentation and for the quality academic references. The talk was recorded and hopefully will be available on B side's YouTube channel in the coming weeks or months. During his talk, a Ray highlighted a fantastic research paper titled quote Refusal in large language models is mediated by a single direction, end quote that explains how generative AI large language models map relationships between words in an almost three dimensional spatial map and how they use directional mapping to help generate their results. When a model refuses to give an answer due to safety guardrails, that's often done in a single direction. In this map, the researchers found that that direction can be discovered and removed, unlocking previously blocked content. That paper is available on archive.org and a link to it will be available in the Show Notes. Also, the AI Village demo at Bside San Francisco of deepfake video and audio technology running on six year old hardware was fascinating. I learned quite a bit about the interesting ways companies are trying to use to detect deepfake videos, including heartbeat analysis of the video by looking at things that are imperceptible to the human eye but possible to measure by computers. Unfortunately, this talk was not recorded. Perhaps one of the funniest but also deeply insightful talks I've seen in years came from the fantastic folks at the Electronic Frontier foundation titled quote Tracking the world's dumbest Cyber mercenaries, end quote. The presentation by Eva Galprin and Cooper Quinton dove into the years long investigation EFF did on the cyber mercenaries Dark Caracal as this took place on B side's main stage. Fingers crossed that the recording will also be available as well, and it is well worth the watch. A link to EFF's interesting 2023 work on dark Caracal is included in the Show Notes and is also worth a read. Finally, rsa, the world's largest cybersecurity vendor conference kicks off this week in San Francisco. Expect lots of press releases from vendors highlighting their latest wares. And for those of you that enjoy a good buzzword bingo game, make sure you add Agentic AI to your card. I'll be sharing highlights from sessions and from the vendor booths on LinkedIn and with Jim if you're at RSA and you'd like to connect, drop drop me a note on LinkedIn or at david.shipley@boseronsecurity.com I've been your host David Shipley, sitting in for Jim Love, who will be back on Wednesday. Thanks for listening.

Cybersecurity Updates: CEO Legal Troubles, Global Cyber Rules, Microsoft Fix Issues, and AI at B-Side SF

Podcast: Cybersecurity Today
Host: Jim Love (Sitting in for David Shipley)
Release Date: April 28, 2025

1. CEO Legal Troubles: Malware Incident at St. Anthony's Hospital

Incident Details:

Timestamp [00:00]: David Shipley outlines that on August 6, security footage captured Bowie navigating the corridors of St. Anthony's Hospital. He was seen accessing locked offices and introducing malware via a USB thumb drive.
The malicious software was designed to "snap a screenshot every 20 minutes and send images to an outside server".
When confronted by staff, Bowie reportedly claimed, “I have a relative in surgery and needed to check something.”
Fortunately, the hospital's robust security measures swiftly neutralized the threat, ensuring no patient data was compromised.
Bowie was apprehended two weeks later, on April 14, following the issuance of an arrest warrant.

2. Global Cyber Rules: CISOs Call for Harmonization

Key Requests:

Single Playbook: Establish a unified set of cybersecurity regulations to replace the existing patchwork of rules across different regions and jurisdictions.
Alignment and Consistent Enforcement: Ensure that current cybersecurity standards are uniformly enforced worldwide.
Public-Private Collaboration: Foster closer cooperation between the private sector and governments in developing future regulatory frameworks, with businesses involved early in the process.
Faster Intelligence Sharing: Enhance the speed and efficiency of sharing intelligence between governments and private entities, breaking down bureaucratic barriers to keep pace with cyber threats.
Inclusion of Business Voices: Ensure that business representatives are consistently involved in discussions and decision-making processes related to cybersecurity policies.

Notable Quote:

David Shipley [04:30]: “We’re asking world leaders to sync up cybersecurity regulations instead of letting everyone go their own way, creating confusing, sometimes conflicting and different requirements.”

3. Microsoft’s Inetpub Folder Fix: A Double-Edged Sword

Technical Breakdown:

Timestamp [15:45]: The inetpub folder was a temporary measure to block a specific type of symlink attack.
Cybersecurity Researcher Kevin Beaumont discovered that attackers could exploit this folder using the mklink command to tie inetpub to a system executable. This manipulation could disrupt Windows Updates by causing it to detect the mklink, thereby breaking the update process.

Notable Quote:

David Shipley [12:10]: “Deleting or messing with that inetpub folder can cause all kinds of problems, including preventing further security updates.”

4. AI at BSIDE San Francisco: Innovations and Threats

Highlights:

Dylan A. Ray’s Presentation:
- Topic: AI Apocalypse: Weaponizing Large Language Models
- Insights: Ray provided an in-depth analysis of how generative AI can be manipulated to create sophisticated malware. He praised the research paper “Refusal in large language models is mediated by a single direction”, which elucidates how AI models manage response refusals using directional mapping.
- Notable Quote [25:50]: “When a model refuses to give an answer due to safety guardrails, that's often done in a single direction. In this map, the researchers found that that direction can be discovered and removed, unlocking previously blocked content.”
- Availability: The talk is expected to be accessible on BSIDE’s YouTube channel soon, with additional resources linked in the show notes.
AI Village Demo:
- Focus: Demonstration of deepfake video and audio technologies operating on six-year-old hardware.
- Technologies Discussed: Heartbeat analysis techniques for detecting deepfakes by identifying imperceptible physiological signals in videos.
- Limitations: Unfortunately, this particular demonstration was not recorded.
Electronic Frontier Foundation’s Presentation:
- Title: “Tracking the World's Dumbest Cyber Mercenaries”
- Presenters: Eva Galprin and Cooper Quinton
- Content: An engaging and humorous exploration of EFF’s investigation into the cyber mercenary group Dark Caracal.
- Notable Quote [38:20]: “Tracking the world's dumbest cyber mercenaries isn't just funny—it reveals significant insights into how low-skill actors can impact global cybersecurity.”
- Availability: A recording is hoped to be released, with additional information available in the show notes.

Implications: These presentations underscore the dual-edged nature of AI in cybersecurity—it serves as both a powerful tool for defense and a potential avenue for sophisticated cyber attacks.

5. RSA Conference Kickoff: Anticipated Developments and Trends

Highlights to Watch:

Vendor Innovations: Companies are set to showcase advancements in areas such as Agentic AI, which has already become a buzzword among industry professionals.
Live Updates: David Shipley promises to provide real-time highlights from both sessions and vendor booths via LinkedIn and direct connections with co-host Jim Love.
Networking Opportunities: Listeners attending the RSA Conference are encouraged to connect with David and Jim for in-depth discussions and insights.

Notable Quote:

David Shipley [50:35]: “For those who enjoy a good buzzword bingo game, make sure you add Agentic AI to your card.”

Engagement: Listeners are invited to engage with the hosts on LinkedIn or reach out via email for personalized interactions during the conference.

Conclusion

Resources Mentioned:

Refer to the show notes for links to Dylan A. Ray’s research paper, EFF’s work on Dark Caracal, and additional resources from BSIDE San Francisco.