A wolf in DOGE’s clothing? - CyberWire Daily

Summary

CyberWire Daily: "A Wolf in DOGE’s Clothing?" – Detailed Episode Summary

Release Date: February 4, 2025
Host: N2K Networks
Title: A Wolf in DOGE’s Clothing?
Source: CyberWire Daily Podcast

Introduction

In the February 4, 2025 episode of CyberWire Daily, hosted by Dave Bittner and Dave Moulton of N2K Networks, listeners are presented with a comprehensive overview of the latest cybersecurity threats, vulnerabilities, and industry developments. The episode delves into several pressing issues, ranging from unauthorized access to federal networks by private entities to emerging malware threats and significant data breaches. Additionally, the podcast features an insightful discussion on the vulnerabilities of new artificial intelligence models and concludes with an inspirational poetic segment.

Key Stories and Discussions

1. Unauthorized Access to Federal Networks by Doge

Timestamp: [00:02 - 02:31]

The episode opens with alarming news about Elon Musk's Department of Government Efficiency, humorously referred to as "Doge," which has been granted unchecked access to sensitive federal networks. Experts voice significant concerns over this move, highlighting potential security risks, including breaches by foreign adversaries.

Jason Kitka, a former U.S. Cyber Command official, warns:
“This could be the largest government security breach in history.”
(Timestamp: [07:45])

Doge's access encompasses critical systems such as the Office of Personnel Management (OPM), Treasury Department's payment systems, and even requests for access to Medicare and Medicaid financial systems. The lack of oversight allows Doge workers, who are often young and inexperienced, to potentially bypass cybersecurity controls, use unauthorized devices, and mishandle sensitive data. The report underscores the heightened risk of foreign adversaries, particularly from China, exploiting these vulnerabilities.

2. Senator Josh Hawley's AI Ban on China Raises Free Speech Concerns

Timestamp: [02:31 - 05:32]

Senator Josh Hawley has introduced the Decoupling America's Artificial Intelligence Capabilities from China Act, aiming to sever AI collaborations with China. The proposed legislation carries severe penalties, including up to 20 years in prison and a $1 million fine for actions such as importing or exporting Chinese-developed AI models like DeepSeek.

However, the bill faces criticism for potentially stifling scientific collaboration and infringing on free speech.

Kevin Bankston from the Center for Democracy and Technology expresses concerns:
“It could penalize AI researchers who publish openly.”
(Timestamp: [04:15])
The Electronic Frontier Foundation argues that the bill favors large tech monopolies over open AI research, possibly disrupting the burgeoning AI sector in the U.S.

Despite these concerns, the bill enjoys bipartisan support, indicating a strong likelihood of its advancement despite its far-reaching implications.

3. Apple’s Service Ticket Portal Vulnerabilities Expose User Data

Timestamp: [05:32 - 09:30]

A critical flaw in Apple’s Service Ticket Portal has been identified, exposing millions of users’ sensitive information. The vulnerability stems from insecure direct object references and privilege escalation bugs.

Researcher Virtuville discovered that by modifying a URL parameter, it was possible to access other users’ service tickets, including Mac serial numbers, IMEI numbers, and personal details. This method bypassed authentication mechanisms and allowed administrative access, potentially enabling attackers to alter repair appointments or access customer databases.

The absence of rate limiting exacerbated the issue, allowing for automated data harvesting. Apple responded by patching the vulnerability through its Bug Bounty program, enhancing authorization checks, and implementing rate limiting to prevent future exploitation.

4. North Korea’s Flexible Ferret Malware Targets macOS

Timestamp: [09:30 - 13:00]

Sentinel Labs has uncovered a new malware strain dubbed Flexible Ferret, attributed to North Korean cyber actors. This malware specifically targets macOS systems through deceptive job scams and fake Zoom applications.

Flexible Ferret employs a sophisticated dropper to install itself discreetly, masquerading as legitimate software updates or responding to GitHub bug reports. Initially signed with a valid Apple developer certificate, it circumvented Apple’s security checks until the certificate was revoked.

Notably, Flexible Ferret establishes persistence after system reboots and shares code similarities with Chrome update malware, though it has evolved to evade Apple’s XProtect security tool.

5. February 2025 Android Security Update Addresses 48 Vulnerabilities

Timestamp: [13:00 - 16:31]

The latest Android Security Update has patched 48 vulnerabilities, including a critical zero-day privilege escalation flaw in the Android kernel's USB video class driver. This vulnerability, actively exploited in the wild, allows local attackers to elevate privileges through low-complexity attacks, potentially leading to arbitrary code execution or system crashes.

Another significant flaw impacts Qualcomm’s WLAN component, enabling remote code execution via improper array index validation. These vulnerabilities permit attackers to modify memory, execute commands, or crash devices without user interaction.

Google has released two security patch levels, with Pixel devices receiving immediate updates. However, other manufacturers may experience delays in deploying these crucial fixes.

6. Grubhub Data Breach Exposes Customer and Driver Information

Timestamp: [16:31 - 24:02]

Grubhub has announced a data breach resulting from a compromised third-party contractor account. This breach exposed sensitive information, including customer names, emails, phone numbers, hashed passwords, and partial payment details. Notably, full payment card numbers, Social Security numbers, and bank details remained secure.

The incident underscores the growing risks associated with supply chain security, as attackers increasingly target third-party vendors to circumvent direct security controls. In response, Grubhub has revoked the compromised access, launched an internal investigation, and enhanced its defenses by rotating credentials, improving anomaly detection, and strengthening vendor risk management protocols.

7. Abandoned Cloud Infrastructure Poses Significant Security Risks

Timestamp: [16:31 - 24:02]

Research by Watchtower has revealed that numerous abandoned Amazon S3 buckets, previously utilized by governments, Fortune 500 companies, and cybersecurity firms, continue to receive sensitive data requests. Over four months, researchers gained control of 150 neglected AWS assets, which remained active and readable by organizations worldwide for software updates, system configurations, and critical infrastructure files.

Attackers could exploit these abandoned assets to launch supply chain attacks, distribute malware, or steal credentials. Examples include an abandoned CISA advisory S3 bucket and outdated SSL VPN configurations. Although AWS has sinkholed the compromised infrastructure, Watchtower warns that such vulnerabilities persist industry-wide, highlighting the critical need for proper cloud resource decommissioning to prevent these security threats.

8. Texas to Launch Its Own Cyber Command

Timestamp: [24:02 - 24:15]

Governor Greg Abbott of Texas has announced plans to establish the Texas Cyber Command, headquartered in San Antonio. This initiative aims to combat the escalating wave of cyberattacks targeting the state, including recent assaults on a city, hospital, and business sectors.

The Texas Cyber Command will focus on anticipating threats, coordinating incident responses, supporting post-attack investigations, and enhancing cybersecurity training and awareness. As Texas remains a significant economic and military hub, the formation of its own Cyber Command underscores the increasing importance of state-level cybersecurity defenses against threats from nation-state actors like China, Russia, and Iran.

9. Dell Power Protect Vulnerabilities Pose Critical Security Risks

Timestamp: [24:02 - 24:15]

Dell Technologies has identified multiple critical vulnerabilities within its PowerProtect product line, which includes data domain appliances and the PowerProtect Management Center. These flaws, with CVSS scores reaching up to 9.8, could facilitate privilege escalation, arbitrary code execution, and complete system compromise.

Key vulnerabilities encompass an arbitrary code execution flaw and another affecting Docker's MOBI project. These can enable remote attacks with minimal privileges. Dell advises organizations to promptly update their systems, implement network segmentation, and monitor for suspicious activities to mitigate these risks.

10. US Government Alters Head Start Database, Removing DEI References

Timestamp: [24:15 - 25:06]

A report from 404 Media highlights a deliberate shift within the Department of Health and Human Services (HHS) regarding the Head Start program database. Software engineers, managed by government contractor Ad Hoc LLC, have been systematically removing references to Diversity, Equity, and Inclusion (DEI) as part of a project dubbed Remove DEI. This initiative aligns with executive orders restricting mentions of race or gender within federal agencies.

The alterations involve removing the ability to search for or filter programs that support families affected by systemic discrimination. Thousands of government datasets have been either removed or subtly altered, undermining their original purposes without public awareness. This trend extends beyond Head Start, with over 2,000 datasets disappearing from Data.gov and federal scripts, including the removal of gender pronouns from employee emails.

Threat Vector Segment: Vulnerabilities of Deep Seek AI Model

Timestamp: [16:31 - 22:24]

In the Threat Vector segment, host David Moulton engages with Sam Rubin, Senior Vice President of Consulting and Threat Intelligence at Unit 42, and Kyle Wilhoit, Director of Threat Research, to discuss the security vulnerabilities associated with Deep Seek, a new large language model (LLM) developed in China.

Kyle Wilhoit emphasizes caution:
“Do not have inherent trust in LLMs that you have not trained or do not control the data itself.”
(Timestamp: [18:33])

The discussion highlights the risks of implementing AI models without thorough security evaluations, particularly concerning data integrity and potential manipulation of outputs. Dr. Cyan Leo Proctor adds that while Deep Seek offers cost-effective advantages, the safety and security of user data remain paramount concerns, especially for organizations dealing with sensitive information.

The conversation underscores the necessity for organizations to rigorously assess AI models' security implications before integrating them into production systems, advocating for a balanced approach between innovation and cybersecurity.

Moment of Inspiration: A Poetic Reflection on Space and Humanity

Timestamp: [24:19 - 26:58]

The episode concludes with an inspirational poem by Dr. Cyan Leo Proctor, an artist and futurist, reflecting on humanity's quest for exploration and the importance of maintaining our humanity amidst technological advancements. The poem, titled "A Jedi Space," metaphorically ties the elements of justice, equity, diversity, and inclusion to the universal forces that inspire change and progress.

Conclusion

The February 4, 2025 episode of CyberWire Daily offers a thorough examination of current cybersecurity challenges, from unauthorized federal network access to vulnerabilities in emerging AI technologies. By presenting expert insights and real-world examples, the podcast underscores the critical importance of robust security measures, vigilant oversight, and the careful integration of new technologies to safeguard sensitive data and national interests. The episode also highlights the ongoing struggle to balance technological advancement with ethical considerations, particularly in the realms of AI and data privacy.

Notable Quotes:

“This could be the largest government security breach in history.” – Jason Kitka, former U.S. Cyber Command official ([07:45])
“It could penalize AI researchers who publish openly.” – Kevin Bankston, Center for Democracy and Technology ([04:15])
“Do not have inherent trust in LLMs that you have not trained or do not control the data itself.” – Kyle Wilhoit, Director of Threat Research ([18:33])
“Is my information gonna be safe? And that is a big concern.” – Dr. Cyan Leo Proctor ([20:45])

This comprehensive summary captures the pivotal discussions and insights shared in the episode, providing listeners with a clear understanding of the current cybersecurity landscape and the emerging threats that define it.

Transcript

Dave Bittner (0:02)

You're listening to the Cyberwire network, powered by N2K.

Dave Moulton (0:12)

Hey everybody, Dave here. Have you ever wondered where your personal information is lurking online? Like many of you, I was concerned about my data being sold by data brokers, so I decided to try Deleteme. I have to say, DeleteMe is a game changer. Within days of signing up, they started removing my personal information from hundreds of data brokers. I finally have peace of mind knowing my data Privacy is protected. DeleteMe's team does all the work for you with detailed reports so you know exactly what's been done. Take control of your data and keep your private life private by signing up for Deleteme now at a special discount for our listeners today. Get 20% off your Delete Me plan when you go to JoinDeleteMe.com N2K and use promo code N2K at checkout. The only way to get 20% off is to go to JoinDeleteMe.comN2K and enter code N2K at checkout. That's JoinDeleteMe.com N2k code N2K DOGE's unchecked access to federal networks sparks major cybersecurity fears Senator Hawley's AI ban targets China and raises free speech concerns Apple Service Ticket portal vulnerabilities exposed millions of users data North Korea's Flexible Ferret malware targets macOS via job scams and fake Zoom apps February 2025 Android Security Update fixes 48 vulnerabilities, including an exploited zero day. A Grubhub data breach exposes customer and driver information Abandoned cloud infrastructure creates major security risks Texas is going to launch its own Cyber Command. Dell Power Protect vulnerabilities pose critical security risks on our Threat Vector segment, David Moulton and his guests look at the potential dangers of Deep Seek. The US Government is quietly altering the Head Start database and a moment of inspir inspiration from a space faring poet. It's Tuesday, February 4th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great to have you with us. Elon Musk's Department of Government Efficiency Doge has been given unprecedented access to sensitive federal networks, raising severe cybersecurity concerns. Experts warn that allowing Doge workers, many young and inexperienced, to plug personal computers into systems like the Office of Personnel Management and Treasury Department creates massive security risks, including potential breaches by foreign adversaries. Experts like Jason Kitka, former U.S. cyber Command official, say this could be the largest government security breach in history. Doge has unchecked access to OPM's background check and clearance records, Treasuries trillions in payments and systems at usaid. The New York Times also reports Musk aides requested access to Medicare and Medicaid financial systems. Security professionals highlight the lack of oversight. Doge workers may be bypassing cybersecurity controls, using unauthorized devices and storing sensitive data improperly. China and other foreign adversaries are likely watching for vulnerabilities. Experts emphasize that random individuals should not be granted access to federal networks, warning that Musk's actions may have long term security consequences. Senator Josh Hawley, Republican from Missouri, has introduced the Decoupling America's Artificial Intelligence Capabilities from China act, which would criminalize importing, exporting or collaborating on AI with China. The bill would impose up to 20 years in prison and a $1 million fine for knowingly downloading Chinese developed AI models such as Deepseek, which recently surged in popularity. Critics argue the bill stifles scientific collaboration and threatens free speech. Kevin Bankston from the center for Democracy and Technology warns it could penalize AI researchers who publish openly, while the Electronic Frontier foundation says it favors big tech monopolies over open AI research. The bill also bans US Companies from investing in Chinese AI and criminalizes research partnerships with Chinese entities, potentially disrupting AI development in the US Though seen as political posturing, bipartisan support for China related bans suggests legislation like this could gain traction despite its far reaching implications. A critical security flaw in Apple's service ticket portal exposed millions of users sensitive data due to a combination of insecure direct object reference and and privilege escalation vulnerabilities. Researcher Virtuville discovered the issue when submitting a repair ticket and found he could access other users service tickets, Mac serial numbers, IMEI numbers and personal details. By modifying a URL parameter, he bypassed authentication and gained admin access, potentially allowing attackers to alter repair appointments or access customer databases. The lack of rate limiting worsened the risk, enabling automated data harvesting. Apple patched the flaw after disclosure through its Bug Bounty program, reinforcing authorization checks and implementing rate limiting. A new North Korean macOS malware Flexible Ferret is spreading through fake zoom apps, job scams and GitHub bug reports. Linked to the Contagious interview campaign, it tricks job seekers and developers into installing it by disguising itself as legitimate software updates. Discovered by Sentinel Labs, the malware uses a dropper to install itself unnoticed, creates fake zoom apps and establishes persistence after system reboots. Initially signed with a valid Apple developer certificate. It bypassed security checks before Apple revoked it. Flexible Ferret shares code similarities with Chrome update malware but has evolved to evade Apple's XProtect security tool. The February 2025 Android Security Update patches 48 vulnerabilities, including a zero day privilege escalation flaw in the Android kernel's USB video class driver. Actively exploited in the wild, this flaw allows local attackers to elevate privileges through low complexity attacks, potentially leading to arbitrary code execution or system crashes. Another critical flaw affects Qualcomm's WLAN component, enabling remote code execution due to improper validation of array indexes. Attackers could modify memory, execute commands, or crash devices without user interaction. Google has released two security patch levels, with Pixel devices receiving immediate updates, while other manufacturers may take longer to deploy fixes. Grubhub has disclosed a data breach caused by a compromised third party contractor account exposing customer merchant and driver data. The breach linked to unauthorized access within a customer support provider's systems, prompted grubhub to revoke access and launch an investigation. Exposed data includes names, emails, phone numbers, hashed passwords and partial payment details. For some users, however, full payment card numbers, Social Security numbers and bank details were not accessed. The incident highlights supply chain security risks as attackers increasingly target third party vendors to bypass direct security controls, Grubhub says they've strengthened defenses. They're rotating credentials and enhancing anomaly detection and improving vendor risk management to prevent future breaches. An investigation by Watchtower revealed that abandoned Amazon S3 buckets once used by governments, Fortune 500 companies and cybersecurity firms still receive sensitive data requests, posing serious security risks. Over four months, researchers took control of 150 neglected AWS assets, which were still being pinged by organizations worldwide for software updates, system configurations and critical infrastructure files. Attackers could hijack these assets to launch supply chain attacks, distribute malware or steal credentials. Examples include an abandoned CISA advisory S3 bucket, which could have been misused to distribute malicious patches, and outdated SSL VPN configurations, allowing attackers to impersonate users. The research underscores systemic weaknesses in cloud security, emphasizing that abandoned cloud resources without proper decommissioning leaves organizations vulnerable. AWS has since sinkholed the compromised infrastructure, but Watchtower warns that these issues persist across the industry, making neglected cloud assets a growing cybersecurity threat. Texas governor Greg Abbott announced plans to establish the Texas Cyber Command to combat the growing wave of cyberattacks targeting the state, highlighting recent attacks on a city, hospital and business. Abbott warned of threats from China, Russia and Iran. Headquartered in San Antonio. The command will anticipate threats, coordinate incident response and support post attack investigations. It will also focus on cybersecurity training and awareness. Texas, a major economic and military hub, remains a lucrative target for cybercriminals and nation state actors. No official launch date has been set. Dell Technologies has disclosed multiple critical vulnerabilities affecting its PowerProtect product line, including data domain appliances and PowerProtect Management Center. These flaws, with CVSS scores up to 9.8, could enable privilege escalation, arbitrary code execution and system compromise. Key vulnerabilities include an arbitrary code execution flaw and another which impacts Docker's MOBI project. Exploits could allow remote attacks with minimal privileges. Dell urges organizations to update, implement network segmentation and monitor systems for suspicious activity. A story from 404 Media examines a quiet but deliberate shift where software engineers managing a government database for the Department of Health and Human Services Head Start program have been tasked with systematically removing references to diversity, equity and inclusion. The effort, part of a project called Remove dei, aligns with Trump's executive orders restricting any mention of race or gender in federal agencies. The Updates visible in GitHub commits reveal discussions among engineers on how best to eliminate forbidden words from the system. This includes removing the ability to search for or filter programs that support families affected by systemic discrimination. Though thousands of government data sets are disappearing from the Internet, even those that remain are being subtly altered, undermining their original purpose without public awareness. Head start, which spends $12 billion annually to help disadvantaged children prepare for school, has already faced uncertainty under Trump's spending freezes. Now its tracking systems are being stripped of key tools used to evaluate program effectiveness for marginalized communities. The coding changes were executed by Ad Hoc LLC, a government contractor paid $7.2 million to manage the database. Internal messages show engineers asking colleagues to scan for other forbidden words to delete. HHS declined to comment, citing a pause on public communications under the new administration. These database alterations are part of a larger Trend. With over 2,000 datasets disappearing from data.gov and federal scripts, actively removing gender pronouns from employee emails, the erasure of DEI language is happening quietly, but at a sweeping scale. Coming up after the break on our Threat Vector segment, David Moulton and his guests look at the potential dangers of deep seek and a moment of inspiration from a space faring poet. Stay with us. Foreign cyber threats are evolving every second, and staying ahead is more than just a challenge. It's a necessity. That's why we're thrilled to partner with ThreatLocker, the cybersecurity solution trusted by businesses worldwide. ThreatLocker is a full suite of solutions designed to give you total control stopping unauthorized applications, securing sensitive data, and ensuring your organization runs smoothly and securely. Visit threatlocker.com today to see how a default deny approach can keep your company safe and compliant. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs, we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. In this segment from the Threat Vector podcast, host David Moulton sits down with Sam Rubin, senior vice president of consulting and threat intelligence at unit 42, and Kyle Wilhoit, director of threat research, to explore the vulnerabilities of Deep seq, the new large language model from China. Foreign.

Summary

CyberWire Daily: "A Wolf in DOGE’s Clothing?" – Detailed Episode Summary

Release Date: February 4, 2025
Host: N2K Networks
Title: A Wolf in DOGE’s Clothing?
Source: CyberWire Daily Podcast

Introduction

Key Stories and Discussions

1. Unauthorized Access to Federal Networks by Doge

Timestamp: [00:02 - 02:31]

Jason Kitka, a former U.S. Cyber Command official, warns:
“This could be the largest government security breach in history.”
(Timestamp: [07:45])

2. Senator Josh Hawley's AI Ban on China Raises Free Speech Concerns

Timestamp: [02:31 - 05:32]

However, the bill faces criticism for potentially stifling scientific collaboration and infringing on free speech.

Kevin Bankston from the Center for Democracy and Technology expresses concerns:
“It could penalize AI researchers who publish openly.”
(Timestamp: [04:15])
The Electronic Frontier Foundation argues that the bill favors large tech monopolies over open AI research, possibly disrupting the burgeoning AI sector in the U.S.

Despite these concerns, the bill enjoys bipartisan support, indicating a strong likelihood of its advancement despite its far-reaching implications.

3. Apple’s Service Ticket Portal Vulnerabilities Expose User Data

Timestamp: [05:32 - 09:30]

Researcher Virtuville discovered that by modifying a URL parameter, it was possible to access other users’ service tickets, including Mac serial numbers, IMEI numbers, and personal details. This method bypassed authentication mechanisms and allowed administrative access, potentially enabling attackers to alter repair appointments or access customer databases.

4. North Korea’s Flexible Ferret Malware Targets macOS

Timestamp: [09:30 - 13:00]

Notably, Flexible Ferret establishes persistence after system reboots and shares code similarities with Chrome update malware, though it has evolved to evade Apple’s XProtect security tool.

5. February 2025 Android Security Update Addresses 48 Vulnerabilities

Timestamp: [13:00 - 16:31]

Google has released two security patch levels, with Pixel devices receiving immediate updates. However, other manufacturers may experience delays in deploying these crucial fixes.

6. Grubhub Data Breach Exposes Customer and Driver Information

Timestamp: [16:31 - 24:02]

7. Abandoned Cloud Infrastructure Poses Significant Security Risks

Timestamp: [16:31 - 24:02]

8. Texas to Launch Its Own Cyber Command

Timestamp: [24:02 - 24:15]

9. Dell Power Protect Vulnerabilities Pose Critical Security Risks

Timestamp: [24:02 - 24:15]

10. US Government Alters Head Start Database, Removing DEI References

Timestamp: [24:15 - 25:06]

Threat Vector Segment: Vulnerabilities of Deep Seek AI Model

Timestamp: [16:31 - 22:24]

Kyle Wilhoit emphasizes caution:
“Do not have inherent trust in LLMs that you have not trained or do not control the data itself.”
(Timestamp: [18:33])

Moment of Inspiration: A Poetic Reflection on Space and Humanity

Timestamp: [24:19 - 26:58]

Conclusion

Notable Quotes:

“This could be the largest government security breach in history.” – Jason Kitka, former U.S. Cyber Command official ([07:45])
“It could penalize AI researchers who publish openly.” – Kevin Bankston, Center for Democracy and Technology ([04:15])
“Do not have inherent trust in LLMs that you have not trained or do not control the data itself.” – Kyle Wilhoit, Director of Threat Research ([18:33])
“Is my information gonna be safe? And that is a big concern.” – Dr. Cyan Leo Proctor ([20:45])