CyberWire Daily: AI Ambitions Clash with Cyber Caution – Detailed Summary

Release Date: April 14, 2025
Host: Dave Bittner, N2K Networks

Introduction

In this episode of CyberWire Daily, hosted by Dave Bittner from N2K Networks, listeners are presented with the latest developments in the cybersecurity landscape. The episode, titled "AI Ambitions Clash with Cyber Caution," delves into significant federal cybersecurity leadership changes, new data protection initiatives by the Department of Justice (DOJ), emerging cybersecurity threats, and legal challenges within the adtech industry. Additionally, an in-depth interview with Tim Starks from Cyberscoop provides expert analysis on the implications of these developments.

Key News Highlights

1. Department of the Interior Leadership Shakeup

The U.S. Department of the Interior has removed key cybersecurity and technology officials amid internal disputes. Notably, CIO Darren Ash and CISO Stan Low were dismissed following conflicts with the Department of Government Efficiency (DGE). The contention arose from DGE's initiative, supported by high-profile figures like President Trump and Elon Musk, to implement artificial intelligence (AI) strategies aimed at reducing federal expenditures. Critics argue that these AI-driven measures bypass essential security protocols, prompting legal challenges and judicial restraining orders.

Notable Quote:
"The personnel shakeup... also includes Associate Solicitor Tony Irish, who disputes claims of being fired and is pursuing administrative recourse."
— Dave Bittner [02:01]

2. DOJ’s New Data Security Program

The DOJ has launched a comprehensive data security program targeting the prevention of foreign adversaries from accessing sensitive personal data of U.S. citizens. This initiative, effective from April 8 with a 90-day grace period for compliance, aims to block unauthorized data transfers involving health, biometric, financial, and other personal information through various channels, including brokerage and investment agreements.

Key Points:

• Targets countries such as China, Russia, and Iran.
• Violators face severe penalties, including up to 20 years in prison.
• Emphasizes the exploitation of bulk data using AI for espionage and manipulation.

3. Microsoft Addresses Active Directory Vulnerability

Microsoft has issued urgent updates to rectify a critical bug in Active Directory Group Policy that inaccurately displayed audit login policies. While this flaw does not compromise actual event logging, it poses confusion for administrators managing logon and logoff event auditing.

Key Points:

• Affects multiple Windows versions, primarily in enterprise environments.
• Related issues include potential Windows Server 2025 restarts and Office 2016 crashes.
• Users are advised to apply out-of-band updates promptly.

4. Fortigate Devices Targeted by Hackers

Cybercriminals are exploiting known vulnerabilities in Fortinet's Fortigate devices to install stealthy backdoors. These backdoors maintain unauthorized access even after patch installations by leveraging symbolic links to access configuration files via the SSL VPN interface discreetly.

Key Points:

• Only devices with SSL VPN enabled are susceptible.
• Fortinet has released updates and tools to detect and eliminate these backdoors.
• CEO Benjamin Harris highlighted the trend of designing backdoors that survive patches and resets.

Notable Quote:
"Attacks now design backdoors to survive patches and resets."
— Benjamin Harris, CEO of Watchtower [Timestamp not provided]

5. Surge in Dangling DNS Attacks

Researchers have identified a significant rise in dangling DNS attacks, where outdated or misconfigured DNS records are exploited to hijack subdomains. These attacks often target decommissioned cloud services or SaaS tools, allowing attackers to serve malicious content through legitimate domains.

Key Points:

• SentinelOne reported over 1,250 vulnerable subdomains in the past year.
• Example: 150 deleted AWS S3 buckets received over 8 million requests.
• Mitigation strategies include regular DNS audits, removal of stale records, and runtime security monitoring.

6. Legal Challenges Against a Major Ad Tech Firm

Two class action lawsuits in California accuse a prominent ad tech company, The Trade Desk, of covertly tracking users online without consent. The allegations focus on the company's Unified ID 2.0 and AdServe tools, which purportedly collect personal data including email addresses, IPs, and health information for profiling and real-time ad bidding.

Key Points:

• Plaintiffs argue The Trade Desk operates like a data broker without proper disclosure.
• One lawsuit claims UID 2.0 may violate California's wiretapping laws.
• The Trade Desk, valued at $25 billion, has yet to respond to the allegations.

7. Google Fixes Longstanding Chrome Privacy Flaw

Google is addressing a two-decade-old privacy vulnerability in Chrome that allowed websites to infer users' browsing history by detecting visited links through CSS selectors. The upcoming Chrome version 136 will implement triple key partitioning for visited links, ensuring that link visitation status is confined to the initiating site and context, thereby preventing cross-site history leaks.

Key Points:

• The change balances user experience by retaining link visitation functionality.
• Partial protections exist in other browsers, but full partitioning is unique to Chrome.
• The feature is experimental in versions 132-135 and will be default in version 136.

8. Evolution of the Tycoon2FA Phishing Platform

The Tycoon2FA platform, a phishing-as-a-service provider, has enhanced its capabilities to bypass multi-factor authentication (MFA) and evade detection. Updates include obfuscated JavaScript using invisible Unicode characters and replacing Cloudflare Turnstile with self-hosted CAPTCHA systems. Additionally, anti-debugging scripts now block browser automation tools, redirecting suspicious users to legitimate sites.

Key Points:

• Surge in phishing attacks utilizing malicious SVG files, with an 800% increase from April 2024 to March 2025.
• Recommendations include implementing phishing-resistant MFA and blocking SVG attachments at email gateways.

Notable Quote:
"Your AI might be freelancing for the bad guys."
— Dave Bittner [23:00]

In-Depth Interview: Tim Starks on Federal Cybersecurity Challenges

Guest: Tim Starks, Senior Reporter at Cyberscoop
Timestamp: Begins at [12:36]

1. Federal Cybersecurity Leadership Removals

Tim Starks discusses the recent dismissals of top cybersecurity officials within the Department of the Interior, highlighting a broader pattern of leadership turnover across federal agencies. This trend includes the recent removal of General Timothy Hogg, head of the NSA and U.S. Cyber Command.

Notable Quote:
"It is entirely disturbing that he essentially said something that the president didn't like four, how many years ago? Five years ago at this point."
— Tim Starks [15:56]

2. Retaliation Against Chris Krebs

Starks elaborates on the situation surrounding former CISA Director Chris Krebs, suggesting that his removal is a form of retaliation from the Trump administration following his affirmation of the 2020 election's integrity. This incident is part of a series of actions undermining cybersecurity leadership.

3. Impact of CISA Workforce Cuts

A significant focus is placed on the DOJ's plan to eliminate approximately 1,300 positions at the Cybersecurity and Infrastructure Security Agency (CISA), which represents about half of its workforce. Tim Starks emphasizes the detrimental effects this reduction could have on the nation's cybersecurity defenses.

Notable Quote:
"If we're going to cut half of the people, it's definitely going to affect the cyber work."
— Tim Starks [16:39]

4. Republican Perspectives and Criticism of CISA

Starks explains that some Republicans view CISA unfavorably, citing concerns over censorship, particularly targeting Republican voices. However, he notes that these criticisms are often based on minimal aspects of CISA's operations, such as disinformation efforts constituting less than 1% of the agency's budget.

Notable Quote:
"I think Brandon Wales testified before Congress... that it was less than 1% of CISA's budget."
— Tim Starks [19:34]

5. Senator Wyden's Hold on CISA Nomination

The discussion addresses Senator Ron Wyden's decision to place a hold on the confirmation of a new CISA leader, drawing parallels to his previous actions regarding Chris Krebs. Starks suggests that Wyden's hold is more symbolic, leveraging the nomination process to express broader concerns about the agency's direction rather than issues with the nominee himself.

Notable Quote:
"It's an opportunity for Senator Wyden to bring up a concern he's had and execute that concern using a nominee that is only vaguely related to what he's concerned about."
— Tim Starks [21:28]

Conclusion

The episode of CyberWire Daily provides a comprehensive overview of critical developments in the cybersecurity sector, emphasizing the tension between advancing AI technologies and maintaining robust cyber defenses. Through insightful news briefs and an expert interview with Tim Starks, listeners gain a nuanced understanding of the challenges facing federal cybersecurity leadership, emerging threats, and the evolving landscape of data protection and privacy. The episode underscores the importance of strategic leadership and proactive measures in safeguarding national and organizational security in an increasingly digital and AI-driven world.

For those seeking to stay informed on the latest in cybersecurity, CyberWire Daily continues to deliver timely and in-depth analysis essential for industry leaders and professionals.