A blast from the breached past. - CyberWire Daily

Summary8 min read

Podcast Summary: CyberWire Daily – "A Blast from the Breached Past"

Release Date: June 20, 2025
Host: N2K Networks
Production: N2K's CyberWire Daily

1. Exposed Database of Stolen Credentials

Timestamp: [02:35]

The episode begins with a discussion about what was reported as a historic data breach. However, it turns out that no new breach occurred. Instead, a large database of previously stolen credentials was exposed online.

Ben Yellen explains, “The format matched what's commonly used by Infostealer malware. That malware quietly grabs passwords stored in browsers and apps, then ships them off to cybercriminals” ([03:13]). This compilation includes data from older breaches, malware logs, and credential stuffing attacks, indicating that while the exposure is significant, it involves already compromised information. Dave Bittner adds, “So no, the sky isn't falling again. But yes, you should still update your security hygiene” ([03:29]).

2. Aflac's Ransomware Attack

Timestamp: [03:39]

Aflac reported thwarting a ransomware attack initiated by a sophisticated cybercrime group on June 12. Although the ransomware did not disrupt operations, some sensitive personal and health data was stolen prior to containment.

Ben Yellen notes, “The ransomware didn't disrupt operations, the stolen files may include sensitive personal and health data from customers, employees, and agents” ([03:50]). Aflac suspects the use of social engineering tactics, possibly impersonating IT staff, linked to the group known as Scattered Spider, which has recently targeted insurance firms. They have responded by alerting the SEC, setting up a helpline, and offering identity protection to affected individuals.

This incident marks the second breach Aflac has faced in two years, the first involving 1.3 million customers in Japan in 2023.

3. Cloudflare's Largest DDoS Attack Thwarted

Timestamp: [04:40]

Cloudflare successfully mitigated what it claims to be the largest Distributed Denial of Service (DDoS) attack ever recorded, peaking at 7.3 terabits per second ([04:47]).

Ben Yellen elaborates, “The attack hit a hosting provider in mid-May and lasted just 45 seconds, but still delivered 37.4 terabytes of traffic” ([04:49]). The assault targeted nearly 22,000 destination ports per second on a single IP, with over 99% of traffic originating from UDP floods across 161 countries. The episode highlights the escalating threats to core Internet infrastructure.

4. Emerging Cyber Threats: Mocha Mannequin and Godfather Android Trojan

a. Mocha Mannequin

Timestamp: [05:22]

Red Canary discovered a new threat named Mocha Mannequin, which combines sophisticated social engineering with custom-built malware. It deceives users with fake instructions, such as CAPTCHA tests that prompt them to execute harmful PowerShell commands, resulting in the download and launch of a backdoor known as Node Init RAT.

Ben Yellen states, “Mocha Manikan hides its traffic using Cloudflare tunnels, making it harder to detect” ([05:45]). This RAT can collect data, execute commands, and potentially install ransomware, with links to Interlock Ransomware. Red Canary advises organizations to train users, monitor systems, and block suspicious network activities to defend against this deceptive threat.

b. Godfather Android Trojan

Timestamp: [06:25]

A new variant of the Godfather Android Trojan employs an advanced virtualization technique to hijack banking and cryptocurrency applications. According to Ximperium, Godfather establishes a sandbox environment on infected devices to run virtual copies of target apps, thereby evading detection.

Ben Yellen explains, “Godfather now sets up a sandbox on infected devices to run real copies of target apps, making it harder to detect” ([06:36]). Utilizing open-source tools like Xposed and VirtualApp, the Trojan gains full visibility and control over user interactions. Currently, it targets Turkish banks, altering APK and Android manifest files to avoid detection and exploiting Android's accessibility services to trick users into granting necessary permissions.

5. Sophisticated Spear Phishing Campaign Targets British Expert

Timestamp: [07:22]

Kier Giles, a British specialist in Russian information warfare, was targeted by an advanced spear phishing campaign. The attackers impersonated a U.S. Department of State official, sending convincing emails with fake documentation to elicit sensitive information.

Ben Yellen summarizes, “The attacker posed as a U.S. state Department official named Claudi S. Weber and invited Giles to a fake consultation” ([07:35]). The campaign, potentially linked to Russian state-sponsored actor APT 29, involved creating persistent access to Giles' Gmail through malicious app-specific passwords. Although Giles did not utilize the targeted account, the incident underscores the sophistication and patience of modern phishing tactics, possibly leveraging large language models to craft realistic interactions.

6. Judicial Ruling Dismisses CrowdStrike Lawsuit

Timestamp: [08:35]

A federal judge dismissed a lawsuit filed by airline passengers against CrowdStrike, alleging that a 2024 software update disrupted airline operations.

Ben Yellen clarifies, “The judge ruled that the claims were preempted by the Airline Deregulation Act (ADA), even though CrowdStrike isn't an airline” ([08:47]). The court determined that the disruptions, which affected ticketing, boarding, and scheduling, were inherently tied to airline services, thus falling under ADA protection. This ruling establishes a precedent safeguarding vendors integral to airline operations from similar lawsuits, emphasizing that the harm was related to service disruptions rather than direct personal injury.

7. Banana Squad's Malicious Open Source Repositories

Timestamp: [09:46]

Reversing Labs researchers uncovered Banana Squad's latest cyber threat, where the group disguises malicious code as legitimate open-source software. Over 60 fake GitHub repositories posing as Python hacking tools were discovered, embedding malware designed to steal sensitive data from Windows systems, browsers, and cryptocurrency wallets.

Dave Bittner highlights, “One tactic involves hiding harmful code in long invisible lines pushed off screen, making it hard for developers to detect” ([10:07]). Despite a 70% reduction in open-source malware in 2024, Banana Squad managed to release hundreds of malicious packages downloaded nearly 75,000 times before removal.

The group employs stealthier and more sophisticated methods, underscoring the rising risks from vulnerable code within popular open-source software packages.

8. DOJ Seizes Over $225 Million in Cryptocurrency Linked to Scams

Timestamp: [10:36]

The U.S. Department of Justice (DOJ) is pursuing the seizure of over $225 million in cryptocurrency connected to romance and investment scams originating from Vietnam and the Philippines.

Ben Yellen reports, “The funds, traced via blockchain analysis by the FBI and Secret Service, were laundered through hundreds of wallets and thousands of transactions” ([11:06]). The operation targeted over 430 victims across multiple U.S. states, who were defrauded through fake social media connections offering lucrative crypto investments. Victims were deceived into sending millions, only to be locked out of their accounts after being asked to pay counterfeit fees to withdraw funds.

This marks the largest crypto seizure in U.S. Secret Service history, reflecting enhanced law enforcement capabilities amid a global surge in crypto-related scams, which totaled $5.8 billion in losses last year.

9. Oversight Committee Requests Microsoft to Hand Over GitHub Logs on DOGE Misconduct

Timestamp: [12:12]

An oversight committee from the House of Representatives has requested Microsoft to provide GitHub logs related to alleged misconduct by the group DOGE (Department of Government Efficiency), previously associated with Elon Musk.

Steven Lynch, a representative from the University of Maryland Center for Health and Homeland Security, elucidates, “The whistleblower disclosure and public reporting allege that DOGE engineers accessed the National Labor Relations Board (NLRB) systems to delete records, install backdoors, and exfiltrate data” ([15:21]).

The request includes a complete clone of the GitHub repository titled "NX Gen B Door Extract" and a list of all private repositories accessed by DOGE team member Jordan Wick from January 1st to May 15th. However, due to the Democratic minority on the committee, the request lacks subpoena authority and may not compel Microsoft to comply. Lynch suggests the primary goal is to raise public awareness rather than enforce compliance legally.

10. ASR Jam: A Novel Defense Against AI-Powered Scam Calls

Timestamp: [22:49]

Researchers from Israel and India have developed ASR Jam, a tool designed to thwart AI-driven scam calls. ASR Jam employs EchoGuard, a sound-altering algorithm that subtly warps the user’s voice to confuse AI speech recognition systems without affecting human comprehension.

Ben Yellen describes it as, “Like mumbling in just the right frequency to fluster a robot but not your grandma” ([23:26]). This real-time, invisible defense effectively disrupts most AI models, including OpenAI's Whisper, making it difficult for scammer bots to process the conversation. The researchers term this method “pleasantly disruptive,” aiming to protect individuals from vishing scams that exploit AI's ability to mimic human interactions.

Interview Highlight: Steven Lynch on Microsoft's GitHub Logs Request

Timestamp: [14:52]

In an in-depth segment, Steven Lynch discusses the House Oversight Committee's request for Microsoft to provide GitHub logs related to DOGE's alleged misconduct. He explains the context of the whistleblower's claims, the specifics of the requested information, and the potential implications for data security and corporate oversight.

Lynch emphasizes the challenges in obtaining a legally binding response due to the committee's minority status, suggesting that the request is more about raising awareness than enforcing compliance. He also touches upon the broader issues of data security within government systems and the importance of transparency in addressing potential vulnerabilities.

Conclusion

The "A Blast from the Breached Past" episode of CyberWire Daily delves into a series of significant cybersecurity incidents and emerging threats. From exposed databases and sophisticated ransomware attacks to innovative defenses against AI-driven scams, the episode provides a comprehensive analysis of the current cybersecurity landscape. Additionally, it highlights ongoing governmental oversight and legal precedents that shape the industry's response to cyber threats.

For listeners seeking to stay informed on the latest in cybersecurity, this episode offers valuable insights and expert commentary on pressing issues affecting individuals, businesses, and governmental bodies alike.

Notable Quotes:

Ben Yellen ([03:13]): “The format matched what's commonly used by Infostealer malware. That malware quietly grabs passwords stored in browsers and apps, then ships them off to cybercriminals.”
Dave Bittner ([03:29]): “So no, the sky isn't falling again. But yes, you should still update your security hygiene.”
Ben Yellen ([06:36]): “Godfather now sets up a sandbox on infected devices to run real copies of target apps, making it harder to detect.”
Steven Lynch ([17:06]): “Right, because that obviously implies that there is a backdoor targeting NLRB's internal system.”

For more detailed information on today’s stories, visit The CyberWire.

Loading summary

Transcript160 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. And now a word from our sponsor.
[00:14]
Ben Yellen
Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization.
[00:22]
Dave Bittner
Traditional defenses can't keep up.
[00:24]
Ben Yellen
Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business.
[00:43]
Dave Bittner
Get your free corporate Darknet exposure report@spycloud.com.
[00:48]
Ben Yellen
Cyberwire and see what attackers already know. That's spycloud.com cyberwire.
[01:10]
Dave Bittner
An historic data breach that wasn't Aflac says it stopped a ransomware attack. Cloudflare thwarts a record breaking DDoS attack. Mocha mannequin combines clever social engineering with custom built malware. The Godfather Android Trojan uses a sophisticated virtualization technique to hijack banking and crypto apps. A British expert on Russian Russian information warfare is targeted in a sophisticated SPEAR phishing campaign. A federal judge dismisses a lawsuit against Crowdstrike filed by airline passengers. Banana Squad disguises malicious code as legitimate open Source software. The US Justice Department wants to seize over $225 million in cryptocurrency linked to romance and investment scams. Ben Yellen explains the recent oversight committee request for Microsoft to hand over GitHub logs related to alleged DOGE misconduct.
[02:01]
Ben Yellen
And this one weird audio trick leaves AI scam calls speechless.
[02:16]
Dave Bittner
It's Friday, June 20, 2025.
[02:19]
Ben Yellen
I'm Dave Bittner and this is your Cyberwire Intel Brief.
[02:33]
Dave Bittner
Thanks for joining us here today. It's great to have you with us.
[02:36]
Ben Yellen
Happy Friday.
[02:38]
Dave Bittner
News broke yesterday about a so called historic data breach.
[02:43]
Ben Yellen
Except it's not a breach at all.
[02:45]
Dave Bittner
What actually happened is that someone exposed.
[02:48]
Ben Yellen
A massive database of stolen credentials online.
[02:52]
Dave Bittner
But the catch is these credentials weren't freshly stolen.
[02:56]
Ben Yellen
They were scraped from older breaches, InfoStealer malware logs and credential stuffing attacks.
[03:03]
Dave Bittner
In other words, this is a giant compilation of already compromised data, some of it years old. Cybernews who found the exposed trove said.
[03:13]
Ben Yellen
The format matched what's commonly used by Infostealer malware. That malware quietly grabs passwords stored in browsers and apps, then ships them off to cybercriminals. These logs get traded or dumped on sites like Telegram all the time.
[03:29]
Dave Bittner
So no, the sky isn't falling again.
[03:33]
Ben Yellen
But yes, you should still update your security hygiene.
[03:39]
Dave Bittner
Aflac says it stopped a ransomware attack.
[03:42]
Ben Yellen
Launched by a sophisticated CyberCrime Group on.
[03:45]
Dave Bittner
June 12, though some data was stolen before the breach was contained.
[03:50]
Ben Yellen
While the ransomware didn't disrupt operations, the stolen files may include sensitive personal and health data from customers, employees and agents.
[04:00]
Dave Bittner
Aflac suspects the hackers used social engineering.
[04:03]
Ben Yellen
Possibly impersonating IT staff to access systems, a tactic linked to Scattered Spider, a group recently targeting insurance firms.
[04:13]
Dave Bittner
Google and cybersecurity experts warn this campaign.
[04:16]
Ben Yellen
Is ongoing and highly coordinated. Aflac has alerted the sec, set up a helpline and is offering identity protection. The company emphasized its ability to continue business as usual.
[04:29]
Dave Bittner
This is the second breach Aflac has.
[04:31]
Ben Yellen
Faced in two years following a 2023 incident involving 1.3 million customers in Japan.
[04:40]
Dave Bittner
Cloudflare recently stopped a massive DDoS attack that peaked at 7.3 terabits per second.
[04:47]
Ben Yellen
The largest it has ever seen.
[04:49]
Dave Bittner
The attack hit a hosting provider in.
[04:51]
Ben Yellen
Mid May and lasted just 45 seconds, but still delivered 37.4 terabytes of traffic. It targeted nearly 22,000 destination ports per second on a single IP. Over 99% of the traffic was from.
[05:06]
Dave Bittner
UDP floods, with smaller amounts from other attack types. The assault came from 122,000 IPs spread.
[05:15]
Ben Yellen
Across 161 countries, highlighting growing threats to core Internet infrastructure.
[05:23]
Dave Bittner
A new cyber threat called MOCA Mannequin has emerged, combining clever social engineering with custom built malware discovered by Red Canary back in January. It tricks users with fake instructions like.
[05:37]
Ben Yellen
Captcha tests that get them to copy and run harmful PowerShell commands. These commands download and launch a backdoor.
[05:45]
Dave Bittner
Named Node init rat and hidden in.
[05:48]
Ben Yellen
A zip file with a legitimate node. Exe. Once running Node init rat can collect data, execute commands and potentially install ransomware. While no ransomware has yet been linked directly, Red Canary sees a strong possibility, citing links to interlock ransomware. Mocha Manikin hides its traffic using cloudflare tunnels, making it harder to detect. Red Canary urges organizations to train users, monitor systems and block suspicious network activity. To guard against this evolving and deceptive threat.
[06:26]
Dave Bittner
A new version of the Godfather Android Trojan is using a sophisticated virtualization technique to hijack banking and crypto apps, according to Ximperium.
[06:37]
Ben Yellen
Based on the Anubis Trojan, Godfather now sets up a sandbox on infected devices.
[06:43]
Dave Bittner
To run real copies of target apps, making it harder to detect.
[06:47]
Ben Yellen
When users open their apps, they're redirected to virtualized versions controlled by the malware, which captures everything in real time.
[06:56]
Dave Bittner
Godfather uses open source tools like Xposed.
[06:59]
Ben Yellen
And Virtual App to pull this off, allowing attackers full visibility and control over user interactions.
[07:07]
Dave Bittner
It also alters APK and Android manifest.
[07:10]
Ben Yellen
Files to evade detection and uses Android's accessibility services to trick users into granting permissions. Currently, it's being used against Turkish banks.
[07:23]
Dave Bittner
Kier Giles, a British expert on Russian information warfare, was recently targeted in a sophisticated spear phishing campaign using advanced social engineering. The attacker posed as a U.S. state.
[07:36]
Ben Yellen
Department official named Claudi S. Weber and invited Giles to a fake consultation.
[07:42]
Dave Bittner
The ploy was convincing, complete with official.
[07:45]
Ben Yellen
Sounding emails and cc'd State Department addresses that didn't actually exist. Backed by a PDF that mimicked government documentation, the attacker asked Giles to generate an app specific password to access a secure platform. In reality, this would have granted them persistent access to his Gmail. Google and Citizen Lab investigated the attack and linked it with low confidence to Russian state sponsored actor Apt 29. Although Giles didn't use the targeted email account, he believes attackers may still manipulate stolen data as part of a broader disinformation effort. Researchers say the campaign was unusually patient and adaptive, likely using a large language model to craft replies.
[08:35]
Dave Bittner
A federal judge has dismissed a lawsuit against CrowdStrike filed by airline passengers over its 2024 software update that disrupted airline operations. The judge ruled that the claims were.
[08:48]
Ben Yellen
Preempted by the Airline Deregulation act, even though CrowdStrike isn't an airline.
[08:54]
Dave Bittner
The court found that the disruptions affecting.
[08:56]
Ben Yellen
Ticketing, boarding and scheduling were were directly tied to airline services, which the ADA protects from inconsistent state laws. Plaintiffs accused CrowdStrike of negligence, claiming it failed to test or warn about the update, which crashed critical systems and stranded travelers.
[09:16]
Dave Bittner
While the plaintiffs argued that CrowdStrike shouldn't.
[09:18]
Ben Yellen
Benefit from ADA preemption as a third party vendor. The court disagreed, emphasizing the company's central role in airline operations. Even claims of stress and physical injury were dismissed, as the court maintained the harm stemmed from service disruptions, not direct personal harm. The decision sets a precedent protecting vendors closely tied to airline operations from certain lawsuits.
[09:47]
Dave Bittner
Researchers at Reversing Labs have uncovered a new cyber threat led by Banana Squad.
[09:53]
Ben Yellen
A group known for disguising malicious code as legitimate open source software.
[09:58]
Dave Bittner
The group created over 60 fake repositories on GitHub, posing as Python hacking tools.
[10:04]
Ben Yellen
But secretly containing malware designed to steal.
[10:07]
Dave Bittner
Sensitive data from Windows systems targeting apps.
[10:11]
Ben Yellen
Browsers and even cryptocurrency wallets. One tactic involves hiding harmful code in long invisible lines pushed off screen, making it hard for developers to detect. Banana Squad previously released hundreds of malicious packages downloaded nearly 75,000 times before removal, despite a 70% drop in malware across open source platforms in 2024.
[10:37]
Dave Bittner
Threats are evolving.
[10:38]
Ben Yellen
Attackers now use stealthier, more sophisticated methods. Reports also show rising risks from secret leaks and vulnerable code in popular open source software packages. The U.S. justice Department is seeking to.
[10:55]
Dave Bittner
Seize over $225 million in cryptocurrency linked.
[10:59]
Ben Yellen
To romance and investment scams run from.
[11:02]
Dave Bittner
Vietnam and the Philippines. The funds, traced via blockchain analysis by.
[11:07]
Ben Yellen
The FBI and Secret Service, were laundered through hundreds of wallets and thousands of transactions. Over 430 victims across multiple US states.
[11:17]
Dave Bittner
Were defrauded, often through fake social media.
[11:20]
Ben Yellen
Connections offering crypto investments. Victims sent millions only to be locked out of their accounts after being asked.
[11:27]
Dave Bittner
For fake fees to withdraw funds.
[11:30]
Ben Yellen
The scheme linked to Vietnamese nationals operating.
[11:33]
Dave Bittner
In Philippine scam compounds used fake documents.
[11:37]
Ben Yellen
And centralized IP addresses.
[11:40]
Dave Bittner
Exchange OkX and blockchain firm Tether helped track the activity.
[11:46]
Ben Yellen
This marks the largest crypto seizure in U.S. secret Service history and highlights growing law enforcement capabilities in recovering stolen digital assets amid a broader surge in global crypto scams, which cost victims $5.8 billion last year.
[12:12]
Dave Bittner
Coming up after the break, Ben Yellen explains the recent oversight committee request for Microsoft to hand over GitHub logs related to alleged Doge misconduct.
[12:22]
Ben Yellen
And this one weird audio trick leaves AI scam calls speechless. Stick around.
[12:40]
Dave Bittner
Compliance regulations, third party risk.
[12:43]
Vanta Representative
And customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone.
[13:03]
Dave Bittner
But let's be clear.
[13:04]
Vanta Representative
There is a better way. Vanta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger. Yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started@vanta.com cyber.
[13:59]
Ben Yellen
And now a word from our sponsor, Cloud Range.
[14:02]
Dave Bittner
Cyber security isn't just a technology issue, it's a people challenge. While tools can detect threats, it's the.
[14:09]
Ben Yellen
Humans who decide how to respond. That's why Cloud Range uses IMMERSIVE simulation.
[14:14]
Dave Bittner
Based training to build real world instincts and confidence. This approach helps transform good security teams.
[14:20]
Ben Yellen
Into great ones ready to face today's evolving threats.
[14:24]
Dave Bittner
Discover how CloudRange is empowering defenders at www.cloudrange.com. and joining me once again is Ben Yellen. He is from the University of Maryland center for Health and Homeland Security and also my co host over on the Caveat podcast. Ben, welcome back.
[14:52]
Steven Lynch
Good to be with you again, Dave.
[14:54]
Dave Bittner
So I want to touch base on this report that came out of the House Committee on Oversight and Government Reform. This is from the Democrats side of.
[15:05]
Ben Yellen
The House and they dropped a press release here.
[15:08]
Dave Bittner
It's titled, following whistleblower reports, acting ranking.
[15:12]
Ben Yellen
Member lynch demands Microsoft hand over information.
[15:15]
Dave Bittner
On Doge's misconduct at nlrb. Can you unpack this for us, Ben?
[15:21]
Ben Yellen
What's going on here?
[15:22]
Steven Lynch
Sure. So we have this whistleblower disclosure and also some public reporting from npr. The acting ranking member of the committee is Representative Steven lynch of Massachusetts. The permanent ranking member unfortunately passed away recently and he has issued a demand for information from Microsoft alleging misconduct involving NLRB systems. So that's the National Labor Relations Board. This has to do with the group known as doge, Department of Government Efficiency.
[15:56]
Dave Bittner
Right? Elon Musk's gang.
[15:57]
Steven Lynch
Exactly. So Elon himself is now now gone from this effort. He's back to managing his own companies. But DOGE itself is still in existence. They have a bunch of young engineers on staff and a lot has come out both as to what they're currently doing and to what they've done since DOGE was set up in January. And the alleged misconduct here was accessing NLRB systems to delete records, install backdoors, and exfiltrate data, potentially including sensitive labor and corporate information. So the NLRB manages labor relations. They have high profile cases with big companies and organized labor. So SEIU, AFL, CIO. The evidence actually comes from GitHub, which is owned by Microsoft. And that's why the request for information has gone to Microsoft. So according to the whistleblower, one of the DOGE engineers is said to have posted a project entitled NX Gen B Door Extract, which I'm just going to go ahead and say was not the best idea for a title if you.
[17:04]
Dave Bittner
Don'T want to be stealthy. Yeah, yeah.
[17:07]
Steven Lynch
Way to make it look extremely suspicious. Right, because that obviously implies that there is a backdoor targeting NLRB's internal system. One potential impact of this is that this could be a conflict of interest for Elon Musk since his companies like Tesla And X potentially could be under NLRB scrutiny. They have been in the past. And of course Musk was the head of doge, and then we just don't know what information possibly was released or compromised. So this letter Requests from Microsoft Prior to June 30th a complete clone of the next gen b door extract GitHub repository, including the entire history clones of any repositories committed to by Jordan Wick, which I believe is the identified representative from the doge team from January 1st to May 15th of this year, and a list of all private GitHub repositories accessed from NLRB during that period. I'm not sure if Microsoft is going to be compelled to respond to this. A response is voluntary.
[18:21]
Dave Bittner
That was my next question. Was this is a request but not.
[18:25]
Ben Yellen
A demand, I suppose.
[18:26]
Steven Lynch
Right. You can't really issue demands when you're in the minority because you have to have a vote among the full committee to issue a legal subpoena. So unless they can conjure up a couple of Republican members to join them, the Democrats are a minority in the House, therefore a minority on this committee, and they don't have subpoena power, which means it's very likely that this is not going to be a legally binding request and Microsoft is free to ignore it, which they might. They might choose to volunteer this information. Or this just might be a way for Democratic members of the committee to raise awareness of this issue and draw more eyes on what they see as shoddy practices from the Department of Government efficiency in protecting data.
[19:12]
Dave Bittner
So the House Oversight Committee, they have investigatory authority, but not because it's the Democratic side, not subpoena authority, is that right?
[19:24]
Steven Lynch
That is correct. So the full committee does have subpoena authority, but you have to have a vote of the full committee.
[19:29]
Ben Yellen
I see.
[19:30]
Steven Lynch
And I'm guessing if Democratic members called for a vote on this, they would lose. I think there are some Republicans who have expressed problems here and there with the Department of Government Efficiency efforts, but not enough that they would put Elon Musk and potentially President Trump under the microscope. That through a legally binding subpoena.
[19:48]
Ben Yellen
I see.
[19:50]
Dave Bittner
So chances are that this might not go anywhere other than public awareness.
[19:56]
Steven Lynch
Exactly. I think the letter itself is the effort. It's designed to get into the news articles, maybe into some daily cybersecurity themed podcasts. It's to have a conversation about some of these shoddy practices. You and to raise awareness of both the whistleblower report and further public reporting done on this by news organizations. So I think that's the main purpose of this. Maybe they'll get lucky and there'll be bipartisan support for a binding subpoena. I doubt that that's the case.
[20:30]
Dave Bittner
Does it strike you as, I don't know, concerning disturbing that how matter of fact these sorts of things are that, you know, there could be massive data exfiltration from the NLRB and eh, you know, it's just par for the course these days.
[20:48]
Steven Lynch
Yeah, I think part of it is just we are on information overload and things start to blend together. I mean there have been a lot of allegations of shoddy data security practices coming out of Doge and unless you follow this stuff very closely like we do, it just kind of all gets lost in the shuffle. I think people have a general impression that there's some level of controversy here. Certainly they got into records of the Office of Personnel Management and there have been lawsuits. But it's just hard for any story to break through in this news environment where a million other things are happening. I guarantee you that the insults lobbed by Elon Musk and Donald Trump against one another will get 1 million times the eyeballs as a story about shoddy data practice. And that's just the way our news environment is.
[21:38]
Dave Bittner
Yeah.
[21:38]
Ben Yellen
All right.
[21:39]
Dave Bittner
Well, Ben Yellen is from the University of Maryland center for Health and Homeland Security. But more importantly than that, he is my co host on the Caveat podcast, which if you have not done so, you should absolutely check out.
[21:51]
Ben Yellen
Ben Yellen, thanks so much for joining us.
[21:53]
Steven Lynch
Thank you.
[22:09]
Dave Bittner
Did you know Active Directory is targeted in 9 out of 10 cyber attacks? Once attackers get in, they can take control of your entire network. That's why Semperis created Purple Knight, the free security assessment tool that scans your active directory for hundreds of vulnerabilities and shows you how to fix them. Join thousands of IT pros using Purple.
[22:30]
Ben Yellen
Knight to stay ahead of threats.
[22:32]
Dave Bittner
Download it now@sempris.com Purple Knight that's sempris.com.
[22:39]
Ben Yellen
Purple Knight.
[22:50]
Dave Bittner
And finally, in a world where AI powered scammers can sweet talk.
[22:54]
Ben Yellen
Their way into your bank account, researchers from Israel and India have decided it's.
[23:00]
Dave Bittner
Time to fight fire with weird noises. Their new tool, ASR Jam, is a crafty defense against vishing scams, those charming.
[23:10]
Ben Yellen
Robot calls pretending to be helpful strangers with urgent investment opportunities.
[23:16]
Dave Bittner
ASR Jam uses EchoGuard, a sound bending.
[23:20]
Ben Yellen
Algorithm that warps your voice just enough.
[23:23]
Dave Bittner
To confuse AI speech recognition while still.
[23:26]
Ben Yellen
Letting humans understand you. It's like mumbling in just the right.
[23:30]
Dave Bittner
Frequency to fluster a robot but not your grandma. The defense works in real time, invisibly, and unlike previous efforts, it's subtle, not.
[23:40]
Ben Yellen
The audio equivalent of nails on a chalkboard. Against most AI models, including OpenAI's Whisper, it's highly effective at scrambling scammer bots.
[23:50]
Dave Bittner
Mid chat, the researchers call it pleasantly disruptive. Let's hope scam artists hate it as much as we love the idea of.
[23:58]
Ben Yellen
Giving them a taste of their own digital medicine.
[24:20]
Dave Bittner
And that's the Cyberwire. For links to all of today's stories.
[24:23]
Ben Yellen
Check out our daily briefing@thecyberwire.com be sure.
[24:27]
Dave Bittner
To check out this weekend's Research Saturday and my conversation with Dustin Childs, head of threat awareness at Trend Micro's Zero Day initiative. The research we're discussing is titled the Potential Impact of overly permissive SaaS tokens on PC Manager supply chains. That's Research Saturday. Check it out. We'd love to hear from you.
[24:48]
Ben Yellen
We're conducting our annual audience survey to.
[24:50]
Dave Bittner
Learn more about our listeners.
[24:52]
Ben Yellen
We're collecting your insights until the end of August this year. There's a link in the show notes.
[24:57]
Dave Bittner
Please do check it out. N2K's senior producer is Alice Carruth.
[25:01]
Ben Yellen
Our Cyberwire producer is Liz Stokes.
[25:04]
Dave Bittner
We're mixed by Trey Hester with original.
[25:06]
Ben Yellen
Music and sound design by Elliot Peltzman.
[25:09]
Dave Bittner
Our executive producer is Jennifer Ivan. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week.
[25:37]
Steven Lynch
Foreign.
[25:44]
Dave Bittner
Dave here.
[25:45]
Ben Yellen
I've talked about Delete Me before and.
[25:47]
Dave Bittner
I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I.
[25:53]
Ben Yellen
Was when I signed up.
[25:55]
Dave Bittner
Delete Me keeps finding and removing my personal information from data broker sites, and.
[26:01]
Ben Yellen
They keep me updated with detailed reports so I know exactly what's been taken down.
[26:06]
Dave Bittner
I'm genuinely relieved. Knowing my privacy isn't something I have.
[26:10]
Ben Yellen
To worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind.
[26:17]
Dave Bittner
And it's not just for individuals. DeleteMe also offers solutions for businesses, helping companies protect their employees personal information and.
[26:26]
Ben Yellen
Reduce exposure to social engineering and phishing threats.
[26:30]
Dave Bittner
And right now, our listeners get a special deal 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.