A leadership shift. - CyberWire Daily

Summary7 min read

CyberWire Daily: "A Leadership Shift" - April 4, 2025

Introduction

In the April 4, 2025, episode of CyberWire Daily hosted by N2K Networks, listeners are presented with a comprehensive overview of the latest developments in the cybersecurity landscape. The episode, titled "A Leadership Shift," delves into significant organizational changes within national security agencies, legislative efforts to combat cybercrime, emerging threats, and insights from industry leaders. A highlight of the episode is an in-depth interview with Dave DeWalt, founder and CEO of Night Dragon, who shares valuable perspectives on cybersecurity trends and the evolving role of Chief Information Security Officers (CISOs).

Top News Highlights

Leadership Changes in National Security Agencies
- Dismissal of Air Force General Timothy Hogg: President Donald Trump has terminated the role of Air Force General Timothy Hogg as director of the National Security Agency (NSA) and commander of U.S. Cyber Command. This move comes amid escalating cyber threats, including the recent SALT Typhoon cyberattack attributed to China.
- Reassignment of Wendy Noble: Wendy Noble, the civilian deputy of Cyber Command, has been reassigned within the Pentagon. Army Lt. Gen. William Hartman has stepped in as the acting leader of both organizations. The specific reasons behind these changes remain undisclosed.
- Political Repercussions: Far-right activist Laura Loomer claims responsibility for the dismissals, alleging disloyalty among officials. Senator Mark Warner has criticized the decision, expressing concerns over its potential impact on national security.
- Investigation into Defense Secretary Pete Hegseth: The Pentagon's acting inspector general has initiated an investigation into Defense Secretary Pete Hegseth for using the encrypted app Signal to discuss sensitive government matters. This follows an incident where journalist Jeffrey Goldberg was inadvertently added to a Signal group that included top officials discussing an upcoming airstrike in Yemen. Senators Jack Reed and Roger Wicker have voiced concerns about possible mishandling of classified information, a concern dismissed by President Trump.
Legislative Efforts Against Cybercrime
- Combating Money Laundering in Cybercrime Act: Senators Catherine Cortez Masto and Chuck Grassley have reintroduced legislation aimed at expanding the U.S. Secret Service's authority to investigate digital asset crimes. The bill seeks to update existing laws to better equip the agency to tackle modern cybercriminal tactics, including those used by North Korean hackers laundering over $1 billion in stolen cryptocurrency.
- Support and Rationale: Cortez Masto emphasizes the necessity for law enforcement to evolve alongside criminal tactics, while Grassley underscores the importance of proactive measures to disrupt laundering schemes linked to ransomware, terrorism, and rogue nations.
Emerging Cyber Threats and Vulnerabilities
- Apache Parquet Java Library Vulnerability: A critical remote code execution vulnerability has been identified in the Apache Parquet Java library, impacting all versions up to 1.15.0 with a CVSS score of 10.0. Discovered by Amazon's KE Lee, the flaw allows attackers to execute arbitrary code via malicious parquet files without any user interaction or authentication. This vulnerability poses significant risks to data platforms like Hadoop, Spark, and Flink, as well as cloud services utilized by major companies such as Netflix, Uber, and LinkedIn. The Apache Software Foundation urges immediate upgrades and enhanced monitoring to mitigate potential exploits.
- State Bar of Texas Ransomware Breach: Over 2,700 individuals are being notified about a ransomware-related data breach that occurred between January 28 and February 9. The breach resulted in the theft of sensitive information, including Social Security numbers and financial data. The Inc. Ransomware gang has taken responsibility, and affected individuals are being offered up to two years of free identity and credit monitoring.
- New Android Spyware Threat: A newly identified Android spyware application employs a password-protected uninstallation method, complicating removal efforts for victims. Typically installed by individuals with physical access to the device, the spyware gains device admin privileges and monitors texts, photos, location, and more. Security experts caution that this is indicative of a growing market for malicious stalkerware disguised as legitimate monitoring tools.
- Chinese Threat Group Exploiting Avanti Vulnerability: The state-backed Chinese threat actor group UNC5221 is actively exploiting a critical vulnerability in Ivanti Connect Secure, allowing remote code execution via buffer overflow. Since mid-March 2025, the group has deployed sophisticated malware families like Trailblaze and Brushfire, targeting global government and critical infrastructure sectors. Immediate patching is recommended by Mandiant and Ivanti to thwart these advanced persistent threats.

Interview with Dave DeWalt, Founder and CEO of Night Dragon

A significant portion of the episode features a conversation with Dave DeWalt, who provides deep insights into the current and future state of cybersecurity based on Night Dragon's latest report.

Overview of Night Dragon's Report
- Comprehensive Analysis: Dave DeWalt emphasizes that this is Night Dragon's third annual report, deemed the most comprehensive to date, offering a detailed outlook for 2025 based on input from over 100 members of their advisory council across various critical infrastructure sectors globally.
- Notable Quote: "NightDragon... this report each year is pretty instrumental... giving you a sense of 2024 and the outlook for 2025." [14:01]
Cybersecurity Budget Trends
- Increased Budgets: Over 50% of CISOs anticipate an increase in cybersecurity budgets for 2025. Factors driving this rise include the expanding threat environment, technological advancements, and geopolitical tensions.
- AI's Dual Role: Artificial Intelligence (AI) is highlighted as a double-edged sword—facilitating both offensive and defensive cyber operations. On the offensive side, AI automates malware and exploitation processes, while defensively, AI enables the scaling of Security Operations Centers (SOCs) through autonomous and agentic capabilities.
- Supply Chain Security: The report underscores the critical importance of third-party and extended supply chain risk management. The July 2024 CrowdStrike outage exemplifies how supply chain vulnerabilities can have far-reaching impacts, affecting not just direct customers but hundreds of thousands of indirect ones.
- Identity and Cloud Security: Persistent challenges in identity management and cloud security are noted, particularly regarding spear-phishing, credential harvesting, and the need for robust multi-factor authentication and anomaly detection.
- Notable Quote: "AI is now a tool that can be used to automate malware and exploitation... AI and third-party risk management... identity detection and response is important." [17:02]
Evolution of the CISO Role
- Strategic Positioning: The role of the CISO is transitioning from a purely technical position to a strategic one, akin to a chief risk officer with both business and technical acumen.
- Integration Across Domains: CISOs are now responsible for safeguarding not only digital architectures but also integrating cyber strategies across physical environments, supply chains, AI integrations, and industrial networks.
- Shareholder Value: Emphasizing the direct impact of cybersecurity on shareholder value, DeWalt highlights that breaches and threats significantly influence company valuations and investor confidence.
- Notable Quote: "The chief security officer is becoming a part of that [shareholder value]." [21:53]
Key Takeaways and Optimism for the Future
- Collaborative Efforts: DeWalt stresses the importance of public-private partnerships and community collaboration in effectively addressing cybersecurity threats.
- Optimism Through AI: Despite the challenges, there is optimism that AI-driven autonomous defense systems will revolutionize defensive architectures, potentially outpacing offensive capabilities.
- Notable Quote: "I see a great equalizer coming... AI enablement autonomy... a much better defense architecture than we've ever seen before." [23:52]

Concluding Insights

The episode concludes with actionable advice for listeners:

Application Security (AppSec): Emphasizes the need for effective AppSec programs that reduce real risk by focusing on critical threats rather than being inundated with alerts.
Tax Season Phishing Campaigns: Alerts listeners to an uptick in phishing attempts disguised as IRS communications, urging caution when dealing with tax-related digital interactions.
Community Engagement: Encourages feedback and participation in ongoing research and discussions to stay ahead in the cybersecurity field.

Final Thoughts

"A Leadership Shift" provides a thorough examination of the dynamic cybersecurity environment as of April 2025. With high-level organizational changes, legislative actions, emerging threats, and expert analysis from industry leaders like Dave DeWalt, the episode serves as a vital resource for cybersecurity professionals and stakeholders seeking to navigate and mitigate the complexities of modern cyber threats.

Listeners are encouraged to explore the detailed Night Dragon report for a more in-depth understanding of the trends shaping the future of cybersecurity.

Notable Quotes Overview

"AI is now a tool that can be used to automate malware and exploitation." – Dave DeWalt [17:02]
"The chief security officer is becoming a part of that [shareholder value]." – Dave DeWalt [21:53]
"I see a great equalizer coming... AI enablement autonomy." – Dave DeWalt [23:52]

Recommendations for Cybersecurity Professionals

Stay Informed: Regularly review comprehensive reports and briefings to stay abreast of evolving threats and best practices.
Invest in AI and Automation: Leverage AI-driven tools to enhance defensive capabilities and manage the expanding attack surface.
Strengthen Supply Chain Security: Implement robust third-party risk management strategies to mitigate supply chain vulnerabilities.
Elevate the CISO Role: Advocate for the strategic integration of cybersecurity leadership within organizational structures to enhance risk management and shareholder confidence.

For more detailed information and access to the Night Dragon report, visit the CyberWire Daily website or contact N2K Networks.

Loading summary

Transcript13 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire Network, powered by N2K Looking for a career where innovation meets impact? Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguard jobs.com President Trump fires the head of NSA and Cyber Command. The Health Sector Coordinating Council asks the White House to abandon Biden era security updates Senators introduce bipartisan legislation to help fight money laundering. A critical vulnerability has been discovered in the Apache Parquet Java library. The State Bar of Texas reports a ransomware related data breach. New Android spyware uses a password protected uninstallation method. A Chinese state backed threat group exploits a critical Avanti vulnerability for remote code execution. Our guest today is Dave DeWalt, founder and CEO of Night Dragon, with the latest trends and outlook from cyber leaders and malware masquerades as the taxman It's Friday, April 4, 2025. I'm Dave Buettner and this is your Cyberwire Intel Brief. Thanks for joining us and happy Friday. It's great to have you with us. Late yesterday, President Donald Trump dismissed Air Force General Timothy Hogg from his role as director of the National Security Agency and commander of U.S. cyber. Commander Hogg's civilian deputy Wendy Noble, was reassigned within the Pentagon. Army Lt. Gen. William Hartman has assumed leadership of both organizations in an acting capacity. The specific reasons for these changes remain unclear, however. Far right activist Laura Loomer, who recently met with President Trump, claimed credit for the dismissals, alleging disloyalty among officials. Senator Mark Warner criticized the move, questioning its impact on national security amid escalating cyber threats such as the recent SALT typhoon cyberattack attributed to China. This development follows other significant shifts within the national security apparatus, including the February firing of Air Force General C.Q. brown Jr. As chairman of the Joint Chiefs of Staff. Meanwhile, the Pentagon's acting inspector general has launched an investigation into Defense Secretary Pete Hegseth for using the encrypted app Signal to discuss sensitive government matters. The probe follows a report that journalist Jeffrey Goldberg was accidentally added to a signal group where top officials, including Hegseth, discussed an upcoming airstrike in Yemen. Senators Jack Reed and Roger Wicker raised concerns about possible mishandling of classified information. The IG aims to assess compliance with communication, classification and records policies. President Trump has dismissed concerns. The Health Sector Coordinating Council is urging the Trump administration to abandon proposed HIPAA security rule updates introduced in the final days of the Biden administration. Instead, HSCC advocates for a one year collaborative effort between the government and healthcare sector leaders to develop more practical, cost effective cybersecurity standards. Greg Garcia, HSCC's cybersecurity executive director, emphasized that the sector supports stronger cybersecurity but criticized the proposed rules as overly vague or stringent, making compliance difficult. Garcia pointed to successful past collaborations like the 2014 NIST Cybersecurity Framework as a model. The proposal aims to improve cybersecurity outcomes and patient safety through clear, consensus based standards. HSCC submitted its alternative plan to the White House and hhs, suggesting regulators avoid creating burdensome rules in isolation and instead work with industry experts to design flexible, impactful cybersecurity controls that can be widely adopted across the healthcare sector. Senators Catherine Cortez Mosto and Chuck Grassley have reintroduced the Combating Money Laundering in Cybercrime act, aiming to expand the U.S. secret Services Authority to investigate digital asset crimes. Current laws limit the agency's reach, especially regarding unlicensed money transmitting businesses, entities often used in laundering cybercrime profits. The bill would update these laws to help the Secret Service pursue modern cybercriminal tactics, including structuring transactions to evade detection. The legislation comes amid growing concern over North Korean hackers laundering over $1 billion in stolen crypto. While earlier versions of the bill stalled in Congress, lawmakers argue this update is critical as digital financial crimes outpace enforcement. Cortes Masto emphasized the need for law enforcement to evolve with criminal tactics, while Grassley highlighted the importance of proactive measures to disrupt laundering schemes tied to ransomware, terrorism and rogue nations. A critical remote code execution vulnerability has been discovered in the Apache Parquet Java library, affecting all versions through 1.15.0 with a maximum CVSS score of 10.0. The flaw stems from insecure deserialization in the Parquet Avro module and allows attackers to execute arbitrary code via malicious parquet files, no user interaction or authentication needed. The issue impacts data platforms like Hadoop, Spark and Flink, as well as cloud environments used by companies like Netflix, Uber and LinkedIn. If exploited, it could lead to system control, data theft or service disruption. Discovered by Amazon's KE Lee, the vulnerability has not yet been exploited publicly. The Apache Software foundation urges immediate upgrades and enhanced validation and monitoring. Given its severity, organizations must act swiftly to protect their big data infrastructure. The State Bar of Texas is notifying over 2,700 individuals about a ransomware related data breach that occurred between January 28 and February 9 of this year. Discovered on February 12, the attack led to the theft of sensitive files containing Social Security numbers, financial data, medical records and government issued ID details. While no fraudulent use has been reported, affected individuals are being offered up to two years of free identity and credit monitoring. The Inc. Ransomware gang has claimed responsibility for the attack. A new Android spyware app has emerged that uses a password protected uninstallation method, making it harder for victims to remove. Once installed, typically by someone with physical access, the app hides its icon, gains device admin privileges, and uses Android's overlay feature to display a password prompt if removal is attempted. The spyware monitors texts, photos, location and more, researchers at TechCrunch found. It can be bypassed by booting the phone into safe mode, which disables third party apps, allowing users to revoke admin access and uninstall it. Security experts warn this is part of a growing market for stalkerware, often disguised as parental or employee monitoring tools. Users are advised to enable Google Play, protect, check for unauthorized admin apps and use trusted antivirus tools. Unusual phone behavior may signal infection Chinese state backed threat actor UNC5221 is actively exploiting a critical Avanti vulnerability, which allows remote code execution via buffer overflow. Initially seen as a low risk issue, the flaw has since been weaponized in attacks targeting multiple versions of Ivanti Connect Secure. Mandiant researchers observed the group deploying two new malware families, Trailblaze and Brushfire, both memory resident and designed for stealth. UNC 5221 also deployed advanced spawn malware variants to disable logging, extract encrypted kernel images and maintain persistence. Active exploitation has been ongoing since mid March 2025. Mandiant and Avante urge immediate patching. The group's targeting of edge devices is part of a broader Chinese espionage strategy, with operations extending across global government and critical infrastructure sectors. Experts warn of growing sophistication and intensity in China. Linked Cyber campaigns Coming up after the break, my conversation with Dave DeWalt, founder and CEO of Night Dragon. We're discussing the latest trends and outlook from cyber leaders and malware masquerades as the taxman. Stick around Foreign Dave here have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try delete me. I have to say, delete me is a game changer. Within days of signing up they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data privacy is protected. Deleteme's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your delete me plan when you go to JoinDeleteMe.com N2K and use private promo code N2K at checkout. The only way to get 20 off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K are you frustrated with cyber risk scores backed by mysterious data, zero context and cloudy reasoning? Typical cyber ratings are ineffective and the true risk story is begging to be told. It's time to cut the bs. Black Kite believes in seeing the full picture with more than a score. One where companies have complete clarity in their third party cyber risk using reliable quantitative data. Make better decisions, reduce your uncertainty. Trust Black Kite. Dave DeWalt is founder and CEO of Night Dragon. I recently caught up with him for insights on their latest report on trends and outlooks from cyber leaders.
[13:12]
Dave DeWalt
NightDragon, as you probably know, is an investment advisory firm. We focus in on what I call the security tech space growth stage primarily and we look at all aspects of spending and trends and threats that are happening in that space. And as a result we have a very large access and influence to chief security officers around the world. And this report each year is pretty instrumental to, you know, obviously not just what's happening from a budget point of view with this particular report, but also trends and outlooks that really shape the industry. So this is our third annual one and this one's probably the most comprehensive of all because it really gives you a sense of 2024 and the outlook for 2025.
[14:01]
Dave Bittner
I think it's noteworthy, as I was reading through the report, the level of access that you had here. I mean these are high level folks that you got to contribute to this anonymous survey.
[14:13]
Dave DeWalt
Yeah, it really is. It's 100 plus member advisory council. Even more, it's got representation from nearly every critical infrastructure vertical and nearly every major geography. So we're able to see not just trends from a particular segment of the market but you know, a pretty comprehensive view across many markets. So very, very depth oriented but also breadth oriented as well.
[14:39]
Dave Bittner
Well, let's dig into the report here. I mean, looking at budget trends, the report indicates that over 50% of CISOs expect their cybersecurity budgets to increase in 2025. What factors are driving this anticipated rise in spending?
[14:55]
Dave DeWalt
Yeah, it's a combination of events and confluences. I've talked about this for nearly 20 years, so I apologize if it's a similar kind of analogy, But I call it the perfect cyber stor. Continue to see the threat environment increase dramatically. And that comes from a variety of things that are going on in the industry. Probably most notable is the technology inertia that we continue to benefit from. New devices, new phones, you know, new ways to Access the Internet, IoT industrial situations, which is incredible to watch. The, you know, AI kind of tailwinds and things happening there as well. But that creates vulnerabilities, and it creates an expanded attack surface, and that attack surface gets exploited. And we do not have, in this community that we live in of technology and what I call security by design, which is really hardening of platforms before the release to the consumers and corporations and governments, which creates a plethora of vulnerabilities that enables a plethora of attackers to exploit those vulnerabilities. And we continue to see that cyberstorm grow. The number of threat actors, the number of attacks, the number of breaches, the number of really payments for ransomware, almost every category of threat increased year over year. You add to that the geopolitical tensions that we all are living with. And we've created this. This environment that really has chief security officers, chief information security officers guarded as it does the boardroom, as it does the leadership of nearly every company. And so here we have, you know, budgets that are pretty consistent with that threat environment and this, you know, kind of unsafe environment that we live in. So, you know, that's what's driving it.
[16:54]
Dave Bittner
What specific areas or types of technologies do you see CISOs planning to prioritize with these budgets?
[17:02]
Dave DeWalt
Yeah, there's a number of things that are kind of new areas of exploits that we really have seen, and we've seen a number of new areas of technology inertia that are essentially areas that they need to protect and create better visibility to. You know, the obvious big trend there is AI. AI, AI. It's hard not to say it three times is almost worthy of saying three times. But, you know, it's a game changer. And our report really showed that, you know, it's a game changer from the attacker's perspective, because we're seeing AI is now a tool that can be used to automate malware and exploitation. Access to vulnerabilities have never been easier for the attackers to do. To assemble exploit kits against those vulnerabilities has never been easier for them to do. You know, you're a chat GPT question away from learning about just about anything you want to know in this security space, but also on the defensive side now we're starting to see autonomy driven from magentic AI that's providing ways to scale the SOC and the security operations center, that's very positive. I mean, if there was ever an era in my career where you have a game changing defensive opportunity where if you might have 5, 10, 20 or 100 people in your SoC, you can multiply them by millions, literally millions, using agentic capabilities, automation capabilities that really enable the defender to also be as cutting edge as the offense can be. So this asymmetric environment we've always lived in, where the offense was always a little ahead of the deep bounce AI is an interesting promise for the future. Other areas that are really concerning that we're seeing short up, where budget increases have clearly have happened, is supply chains. You know, it's, you know, you say supply chains, but you, you really mean not just third party risk management, tprm, but really fourth and fifth chains of suppliers as well. Because what we've learned in the last couple years, supply chain attacks have a massive ripple effect. You know, we all saw this with CrowdStrikes outage on July 18, 2024, where 30,000 or so customers were affected directly, but 674,000 companies were affected, you know, indirectly and causing billions of dollars of damage. Even though crowdstrike spend might not have been high on many Fortune 500 lists of suppliers, it became a critical juncture. So you start to how do you manage third party risk better? How do you monitor it? How do you detect anomalies in it? Could be a physical event, a cyber event, it could be just about anything affecting it. So a lot of chief security officer types are now learning that they got to monitor that much like they monitor their endpoint or their network or their cloud. Because if you don't monitor it, there could be a breach in that which could affect a breach for you. So, you know, AI and third party risk management and then an area that continues to be really an environment that we've always had to watch cloud and identity security. This area continues to be a problem because we see the emanation of spear phishing and credential harvesting and usage of darknet to gain access to These credentials as something that continues to exist. So how do we better manage multifactor authentications? The ability to look for anomalous behaviors, east, west traffic, movement by the attackers, privileged access controls. This is an area that's got to evolve better. And CISOs are looking at this because they know identity detection and response and a life cycle around protecting identities is important and made even bigger because at one point it was the identity of humans in your network, then it was the identity of humans and devices in your network, and now it's the identity of humans, devices and RPAs or robotic processes made possible through agents and agentic AI, multiplying it into a much bigger problem of not just access to systems, but authorization of these types of devices to these systems and types of agents as well. So those are a couple of the really big ones. Just to summarize, you know, the report.
[21:38]
Dave Bittner
Mentions that the role of the CISO is becoming more strategic. Can we touch on that? How have we seen a shift in things like organizational priorities relative to CISOs out there?
[21:53]
Dave DeWalt
Yeah, we're seeing some really, I think, overdue evolution of the CISO's role. And the reason for it is I've always called it future fusion. For many years, the fusion of these tangential markets in the cyber looked obvious to me as somebody been around for a couple decades watching this. The fusion of cyber and physical, the fusion of cyber and supply chain, the fusion of cyber and AI, the fusion of cyber and industrial networks, the fusion of cyber and other domains like space and communications. And now the CISO's role is beginning to become bigger and bigger and more and more important because you're not just trying to protect your digital architecture. You got to protect the external environment that you might have, the internal environment that you might have. You got to protect that physical environment which is now digitized, that supply chain that we've talked about. And more and more, this role in the company has almost evolved to a chief risk officer that's highly technical. We still call it a chief security officer type. But the business acumen, technical acumen, the capabilities of understanding threats and risks from all aspects of the business is really the. The role it's becoming. And you know, like I said at the beginning, it's long overdue because this role is incredibly important to the shareholder value of companies, because we've seen the ramifications when there is a breach or when there is a threat that it really creates shareholder risk. And shareholder risk is something that every board member and management and CEO have to pay attention to because Their number one thing is care of shareholders value. And now the chief security officer is becoming a part of that.
[23:47]
Dave Bittner
What are the take homes for you? What are the things that you hope people reading the report come away with?
[23:53]
Dave DeWalt
Yeah, I think there's, you know, a couple things. Number one, you know, we have to keep our guard up, so to speak. Obviously this is a incredibly difficult threat environment that obviously hasn't changed and is growing and continues to be large in terms of risk. But I'd also say it takes a village. We walk away with this where public private partnerships, Private private partnerships. Public public partnerships. It takes a village. As we say, it's a team sport in cyber and a team sport to solve. And we need the communities to come together more and more. And with some of the changes the administration has had going into 2025 and beyond is going to become even more important for the community to work together to solve threats, respond threats and really, you know, solve some of these problems. But the last thing I'd leave you with on that is optimism because for the first time, as I mentioned earlier in the podcast, I see a great equalizer coming and I would really encourage our Chief Information Security officer community to look at AI enablement autonomy. I know they are, but wow, watching the use cases that we're starting to see, watching the young companies that are emerging in this world is fascinating and the multiplicity of scale that they're creating is something we haven't seen in a long, long time. And this is, you know, something that, you know, we look forward to and hopefully in the next one year we start to see real rollout and productions of these system that creates a much better defense architecture than we've ever seen before.
[25:33]
Dave Bittner
That's Dave DeWalt from Night Dragon. We'll have a link to the report in the show. Notes. Is your AppSec program actually reducing risk? Developers and AppSec teams drown in critical alerts, yet 95% of fixes don't reduce real risk. Why? Traditional tools use generic prioritization and lack the ability to filter real threats from noise. High impact threats slip through and surface in production, costing 10 times more to fix. AUX Security helps you focus on the 5% of issues that truly matter before they reach the cloud. Find out what risks deserve your attention in 2025. Download the application security benchmark from AUX Security. And finally, ah, tax season. The most wonderful time of the year for cybercriminals. As April 15 looms, Microsoft reports a swarm of phishing campaigns dressed up in IRS garb, all hoping to trick you out of your data and into downloading malware. These scammers are going full Hollywood with QR codes, fake DoConnect pages, and PDF files claiming unusual IRS activity. Once clicked, you might get a bonus gift like Blackrodectus remcos or Brute Rittell C4 malware that's anything but deductible. One charming crew, Storm0249 sent thousands of fake IRS notices designed to land malware on victims devices. Another campaign handed out malicious QR codes like candy. And for the truly social, some attackers even made small talk before zipping over Goo Loader or Ahkbot. The message is if it's tax themed and digital, treat it with suspicion. Because this year the only thing scarier than doing your taxes might be the phishing emails about them. Plus, the way things are going in Washington, there may not be anyone left working at the IRS by the time tax day comes around. Interesting times, my friends, interesting times. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's Research Saturday and my conversation with Zach Edwards from Silent Push. The research is titled New Lazarus Group Infrastructure Acquires Sensitive intel related to 1.4 billion dollar Bybit hack and Past Attacks. That's Research Saturday. Check it out. We'd love to know what you think of this podcast. Your feedback ensures we deliver the insight insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. Foreign cyber threats are evolving every second, and staying ahead is more than just a challenge, it's a necessity. That's why we're thrilled to partner with Threat Locker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant.