CyberWire Daily: "A Wolf in DOGE’s Clothing?" – Detailed Episode Summary

Release Date: February 4, 2025
Host: N2K Networks
Title: A Wolf in DOGE’s Clothing?
Source: CyberWire Daily Podcast

Introduction

In the February 4, 2025 episode of CyberWire Daily, hosted by Dave Bittner and Dave Moulton of N2K Networks, listeners are presented with a comprehensive overview of the latest cybersecurity threats, vulnerabilities, and industry developments. The episode delves into several pressing issues, ranging from unauthorized access to federal networks by private entities to emerging malware threats and significant data breaches. Additionally, the podcast features an insightful discussion on the vulnerabilities of new artificial intelligence models and concludes with an inspirational poetic segment.

Key Stories and Discussions

1. Unauthorized Access to Federal Networks by Doge

Timestamp: [00:02 - 02:31]

The episode opens with alarming news about Elon Musk's Department of Government Efficiency, humorously referred to as "Doge," which has been granted unchecked access to sensitive federal networks. Experts voice significant concerns over this move, highlighting potential security risks, including breaches by foreign adversaries.

• Jason Kitka, a former U.S. Cyber Command official, warns:
  “This could be the largest government security breach in history.”
  (Timestamp: [07:45])

Doge's access encompasses critical systems such as the Office of Personnel Management (OPM), Treasury Department's payment systems, and even requests for access to Medicare and Medicaid financial systems. The lack of oversight allows Doge workers, who are often young and inexperienced, to potentially bypass cybersecurity controls, use unauthorized devices, and mishandle sensitive data. The report underscores the heightened risk of foreign adversaries, particularly from China, exploiting these vulnerabilities.

2. Senator Josh Hawley's AI Ban on China Raises Free Speech Concerns

Timestamp: [02:31 - 05:32]

Senator Josh Hawley has introduced the Decoupling America's Artificial Intelligence Capabilities from China Act, aiming to sever AI collaborations with China. The proposed legislation carries severe penalties, including up to 20 years in prison and a $1 million fine for actions such as importing or exporting Chinese-developed AI models like DeepSeek.

However, the bill faces criticism for potentially stifling scientific collaboration and infringing on free speech.

• Kevin Bankston from the Center for Democracy and Technology expresses concerns:
  “It could penalize AI researchers who publish openly.”
  (Timestamp: [04:15])

• The Electronic Frontier Foundation argues that the bill favors large tech monopolies over open AI research, possibly disrupting the burgeoning AI sector in the U.S.

Despite these concerns, the bill enjoys bipartisan support, indicating a strong likelihood of its advancement despite its far-reaching implications.

3. Apple’s Service Ticket Portal Vulnerabilities Expose User Data

Timestamp: [05:32 - 09:30]

A critical flaw in Apple’s Service Ticket Portal has been identified, exposing millions of users’ sensitive information. The vulnerability stems from insecure direct object references and privilege escalation bugs.

• Researcher Virtuville discovered that by modifying a URL parameter, it was possible to access other users’ service tickets, including Mac serial numbers, IMEI numbers, and personal details. This method bypassed authentication mechanisms and allowed administrative access, potentially enabling attackers to alter repair appointments or access customer databases.

The absence of rate limiting exacerbated the issue, allowing for automated data harvesting. Apple responded by patching the vulnerability through its Bug Bounty program, enhancing authorization checks, and implementing rate limiting to prevent future exploitation.

4. North Korea’s Flexible Ferret Malware Targets macOS

Timestamp: [09:30 - 13:00]

Sentinel Labs has uncovered a new malware strain dubbed Flexible Ferret, attributed to North Korean cyber actors. This malware specifically targets macOS systems through deceptive job scams and fake Zoom applications.

Flexible Ferret employs a sophisticated dropper to install itself discreetly, masquerading as legitimate software updates or responding to GitHub bug reports. Initially signed with a valid Apple developer certificate, it circumvented Apple’s security checks until the certificate was revoked.

Notably, Flexible Ferret establishes persistence after system reboots and shares code similarities with Chrome update malware, though it has evolved to evade Apple’s XProtect security tool.

5. February 2025 Android Security Update Addresses 48 Vulnerabilities

Timestamp: [13:00 - 16:31]

The latest Android Security Update has patched 48 vulnerabilities, including a critical zero-day privilege escalation flaw in the Android kernel's USB video class driver. This vulnerability, actively exploited in the wild, allows local attackers to elevate privileges through low-complexity attacks, potentially leading to arbitrary code execution or system crashes.

Another significant flaw impacts Qualcomm’s WLAN component, enabling remote code execution via improper array index validation. These vulnerabilities permit attackers to modify memory, execute commands, or crash devices without user interaction.

Google has released two security patch levels, with Pixel devices receiving immediate updates. However, other manufacturers may experience delays in deploying these crucial fixes.

6. Grubhub Data Breach Exposes Customer and Driver Information

Timestamp: [16:31 - 24:02]

Grubhub has announced a data breach resulting from a compromised third-party contractor account. This breach exposed sensitive information, including customer names, emails, phone numbers, hashed passwords, and partial payment details. Notably, full payment card numbers, Social Security numbers, and bank details remained secure.

The incident underscores the growing risks associated with supply chain security, as attackers increasingly target third-party vendors to circumvent direct security controls. In response, Grubhub has revoked the compromised access, launched an internal investigation, and enhanced its defenses by rotating credentials, improving anomaly detection, and strengthening vendor risk management protocols.

7. Abandoned Cloud Infrastructure Poses Significant Security Risks

Timestamp: [16:31 - 24:02]

Research by Watchtower has revealed that numerous abandoned Amazon S3 buckets, previously utilized by governments, Fortune 500 companies, and cybersecurity firms, continue to receive sensitive data requests. Over four months, researchers gained control of 150 neglected AWS assets, which remained active and readable by organizations worldwide for software updates, system configurations, and critical infrastructure files.

Attackers could exploit these abandoned assets to launch supply chain attacks, distribute malware, or steal credentials. Examples include an abandoned CISA advisory S3 bucket and outdated SSL VPN configurations. Although AWS has sinkholed the compromised infrastructure, Watchtower warns that such vulnerabilities persist industry-wide, highlighting the critical need for proper cloud resource decommissioning to prevent these security threats.

8. Texas to Launch Its Own Cyber Command

Timestamp: [24:02 - 24:15]

Governor Greg Abbott of Texas has announced plans to establish the Texas Cyber Command, headquartered in San Antonio. This initiative aims to combat the escalating wave of cyberattacks targeting the state, including recent assaults on a city, hospital, and business sectors.

The Texas Cyber Command will focus on anticipating threats, coordinating incident responses, supporting post-attack investigations, and enhancing cybersecurity training and awareness. As Texas remains a significant economic and military hub, the formation of its own Cyber Command underscores the increasing importance of state-level cybersecurity defenses against threats from nation-state actors like China, Russia, and Iran.

9. Dell Power Protect Vulnerabilities Pose Critical Security Risks

Timestamp: [24:02 - 24:15]

Dell Technologies has identified multiple critical vulnerabilities within its PowerProtect product line, which includes data domain appliances and the PowerProtect Management Center. These flaws, with CVSS scores reaching up to 9.8, could facilitate privilege escalation, arbitrary code execution, and complete system compromise.

Key vulnerabilities encompass an arbitrary code execution flaw and another affecting Docker's MOBI project. These can enable remote attacks with minimal privileges. Dell advises organizations to promptly update their systems, implement network segmentation, and monitor for suspicious activities to mitigate these risks.

10. US Government Alters Head Start Database, Removing DEI References

Timestamp: [24:15 - 25:06]

A report from 404 Media highlights a deliberate shift within the Department of Health and Human Services (HHS) regarding the Head Start program database. Software engineers, managed by government contractor Ad Hoc LLC, have been systematically removing references to Diversity, Equity, and Inclusion (DEI) as part of a project dubbed Remove DEI. This initiative aligns with executive orders restricting mentions of race or gender within federal agencies.

The alterations involve removing the ability to search for or filter programs that support families affected by systemic discrimination. Thousands of government datasets have been either removed or subtly altered, undermining their original purposes without public awareness. This trend extends beyond Head Start, with over 2,000 datasets disappearing from Data.gov and federal scripts, including the removal of gender pronouns from employee emails.

Threat Vector Segment: Vulnerabilities of Deep Seek AI Model

Timestamp: [16:31 - 22:24]

In the Threat Vector segment, host David Moulton engages with Sam Rubin, Senior Vice President of Consulting and Threat Intelligence at Unit 42, and Kyle Wilhoit, Director of Threat Research, to discuss the security vulnerabilities associated with Deep Seek, a new large language model (LLM) developed in China.

• Kyle Wilhoit emphasizes caution:
  “Do not have inherent trust in LLMs that you have not trained or do not control the data itself.”
  (Timestamp: [18:33])

The discussion highlights the risks of implementing AI models without thorough security evaluations, particularly concerning data integrity and potential manipulation of outputs. Dr. Cyan Leo Proctor adds that while Deep Seek offers cost-effective advantages, the safety and security of user data remain paramount concerns, especially for organizations dealing with sensitive information.

The conversation underscores the necessity for organizations to rigorously assess AI models' security implications before integrating them into production systems, advocating for a balanced approach between innovation and cybersecurity.

Moment of Inspiration: A Poetic Reflection on Space and Humanity

Timestamp: [24:19 - 26:58]

The episode concludes with an inspirational poem by Dr. Cyan Leo Proctor, an artist and futurist, reflecting on humanity's quest for exploration and the importance of maintaining our humanity amidst technological advancements. The poem, titled "A Jedi Space," metaphorically ties the elements of justice, equity, diversity, and inclusion to the universal forces that inspire change and progress.

Conclusion

The February 4, 2025 episode of CyberWire Daily offers a thorough examination of current cybersecurity challenges, from unauthorized federal network access to vulnerabilities in emerging AI technologies. By presenting expert insights and real-world examples, the podcast underscores the critical importance of robust security measures, vigilant oversight, and the careful integration of new technologies to safeguard sensitive data and national interests. The episode also highlights the ongoing struggle to balance technological advancement with ethical considerations, particularly in the realms of AI and data privacy.

Notable Quotes:

• “This could be the largest government security breach in history.” – Jason Kitka, former U.S. Cyber Command official ([07:45])

• “It could penalize AI researchers who publish openly.” – Kevin Bankston, Center for Democracy and Technology ([04:15])

• “Do not have inherent trust in LLMs that you have not trained or do not control the data itself.” – Kyle Wilhoit, Director of Threat Research ([18:33])

• “Is my information gonna be safe? And that is a big concern.” – Dr. Cyan Leo Proctor ([20:45])

This comprehensive summary captures the pivotal discussions and insights shared in the episode, providing listeners with a clear understanding of the current cybersecurity landscape and the emerging threats that define it.