All systems not go. - CyberWire Daily

Summary7 min read

CyberWire Daily Summary: "All Systems Not Go"

Release Date: May 30, 2025

Hosted by: Dave Bittner
Guest: Matt Covington, VP of Product at Black Cloak

1. Introduction

In the May 30, 2025 episode of CyberWire Daily, host Dave Bittner presents a comprehensive overview of the latest developments in cybersecurity. The episode, titled "All Systems Not Go," delves into significant incidents, regulatory changes, emerging threats, and expert insights, providing listeners with a thorough briefing on the current cybersecurity landscape.

2. Key Cybersecurity Incidents

a. SentinelOne Global Service Outage

On Thursday preceding the episode, cybersecurity firm SentinelOne experienced a worldwide service disruption affecting its extension (ext), a detection and response platform. The outage lasted approximately six hours, impacting nearly 13,000 customers by hindering access to the cloud-based console and delaying threat data reporting. While customer endpoints remained safeguarded, managed detection and response (MDR) services were temporarily offline. SentinelOne attributed the outage to an internal automation error, ruling out a cyberattack. Despite the severity, experts praised the company's effective response in restoring services promptly.

b. Major DDoS Attack on Russian Internet Provider ASVT

A significant DDoS attack targeted the Russian Internet provider ASVT, rendering tens of thousands of users in Moscow and surrounding areas offline for several days. The assault, which began on Tuesday and persisted into Friday, disrupted ASVT's website, mobile app, and customer services. Residents faced challenges such as remote work limitations, impaired card payment systems, and inoperative intercoms. ASVT accused the Ukrainian IT Army of orchestrating the attack, although the group has not officially claimed responsibility. This incident aligns with a rising trend of politically motivated cyberattacks on Russian telecoms, with over 30% of DDoS attacks in Russia in 2023 targeting the telecommunications sector.

c. US Banking Sector Challenges SEC Cybersecurity Disclosure Rules

US banking institutions, spearheaded by the American Bankers Association, are urging the Securities and Exchange Commission (SEC) to repeal its cybersecurity incident disclosure mandate. The Cybersecurity Risk Management rule, effective since July 2023, requires swift breach disclosures, which banks argue disrupt confidential protocols crucial for protecting critical infrastructure. Citing the recent Coinbase breach, where attackers impersonated support staff to steal assets, industry groups emphasize the need for robust cybersecurity measures without compromising operational integrity.

d. Australia Mandates Reporting of Ransomware Payments

Australia has become the first nation to enforce a law requiring organizations earning over AUD 3 million annually, or those in critical infrastructure, to report any ransomware payments to the Australian Signals Directorate within 72 hours. Non-compliance may result in civil penalties. This legislation aims to enhance transparency around ransomware incidents, which are significantly underreported. Initial enforcement will target severe violations, with stricter measures anticipated in 2025. The move mirrors similar proposals in the UK and follows a surge in major cyberattacks across Australia.

e. New "Browser in the Middle" Attack Targets Safari Users

Researchers from SquareX have identified a novel attack method termed "browser in the middle," exploiting vulnerabilities in Safari's full-screen API. This technique facilitates stealthy phishing by inducing users into full-screen mode without clear visual indicators, allowing attackers to disguise malicious sites as legitimate login pages. Utilizing novnc, attackers embed remote sessions within the victim's browser to harvest credentials undetected. Apple has acknowledged the issue but maintains that Safari's behavior is intentional. Experts recommend leveraging native browser security tools, as network-based defenses may be circumvented.

f. Florida Health System Settles Data Breach Concerns

BayCare Health System in Florida has agreed to pay over $800,000 to resolve a federal HIPAA investigation stemming from a 2018 insider breach. The breach involved unauthorized access to both printed and electronic medical records of a patient at St. Joseph's Hospital in Tampa. The incident was traced back to credentials of a former non-clinical staff member. The U.S. Department of Health and Human Services highlighted multiple HIPAA violations, including inadequate access controls and insufficient system activity monitoring. This case underscores the persistent threat of insider breaches and the critical need for continuous data access oversight.

g. UTG Q015 Malware Campaign Targets Government Web Servers

A new malware campaign, identified as UTG Q015, is actively targeting government web servers across various regions. Detected earlier this month, the malware employs techniques such as brute force, credential stuffing, and SQL injection to infiltrate defense and municipal systems. With polymorphic code and process hollowing, UTG Q015 evades detection while embedding itself into legitimate software. The malware ensures persistence through registry alterations and scheduled tasks, facilitating prolonged access and data exfiltration. Agencies report backdoors and service disruptions, highlighting the campaign's severity.

h. CISA Issues Five Urgent Advisories on ICS Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has released five urgent advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) used across sectors like healthcare, construction, maritime safety, and infrastructure. The affected systems include:

Siemens CIPAASS Access Control Platforms
Consilium CS5000 Fire Panels
Instantel Micromate Environmental Monitors
Satoshi Medical Imaging Software

These flaws range from firmware tampering and hard-coded passwords to missing authentication and memory corruption, posing high risks of remote exploitation and system compromise. CISA assigns CVSS scores between 8.2 to 9.3, indicating severe vulnerabilities. While patches have been released for Siemens and Santasoft, Consilium recommends hardware upgrades. CISA advises immediate implementation of vendor mitigations, network segmentation, VPN usage for remote access, and maintaining up-to-date asset inventories.

3. Expert Insight: Digital Executive Protection with Matt Covington

In the latter part of the episode, Dave Bittner engages in a detailed conversation with Matt Covington, VP of Product at Black Cloak. The discussion centers around advanced impersonation techniques, such as deepfakes, and the critical role of digital executive protection.

a. The Rise of Agentic AI in Cybersecurity

Matt Covington notes, “[14:42] ...everyone's talking about AI, obviously, agentic AI more specifically. And so the buzz here is the buzz everywhere.” He highlights the increasing integration of AI in enhancing cybersecurity measures, particularly in automating data collection and opt-out processes to minimize digital footprints.

b. Black Cloak’s Approach to Reducing Digital Footprints

Black Cloak focuses on minimizing digital footprints for its members by removing personal data from broker sites and securing information across family devices. Covington explains, “[15:32] ...our value proposition for our members is we will help you to reduce your digital footprint to be as small as possible.” This involves leveraging AI agents to efficiently process and remove sensitive information, thereby reducing the risk of targeted attacks.

c. Balancing Security and Privacy for Executives and Families

Covington emphasizes the delicate balance between protecting executives and their families without infringing on personal privacy. “[18:39] ...executives... are part of the corporate attack surface... we can extend security protections to the home.” Black Cloak acts as an intermediary, managing security issues discreetly without exposing personal details to corporate IT teams.

d. Addressing Reputational Risks and Expanding Secure Perimeters

The conversation underscores the intertwining of personal and corporate reputations. Covington states, “[20:29] ...actions of the individual can in some cases reflect negatively on the brand...” Black Cloak extends security measures beyond organizational boundaries to encompass personal data, thereby safeguarding both individual and corporate reputations.

e. Implementing User-Friendly Security Solutions

To mitigate risks without inducing fear, Black Cloak adopts a user-centric approach. Covington shares, “[23:52] ...we're perfectly happy to do a crawl walk run with our members... it's always that pivot to action.” The company provides clear, actionable solutions alongside risk assessments, ensuring that members feel supported rather than overwhelmed by security measures.

4. Centralization of Digital Data and Privacy Concerns

The episode concludes with a discussion on the federal expansion of data-sharing initiatives propelled by President Trump's executive order in March. The integration efforts involve Palantir, a data analytics firm collaborating with multiple federal agencies such as DHS, HHS, and the IRS, to consolidate vast amounts of personal data. While the objective is to enhance efficiency and eliminate information silos, privacy advocates express concerns over oversight, transparency, and the risks associated with centralizing sensitive information. Critics argue that the consolidation could erode public trust and expose individuals to unintended consequences, even prompting discomfort among some Palantir employees regarding the company's government collaborations.

5. Conclusion

The "All Systems Not Go" episode of CyberWire Daily effectively highlights critical cybersecurity incidents, regulatory shifts, and emerging threats shaping the industry's landscape. Through expert insights from Matt Covington, listeners gain a nuanced understanding of digital executive protection and the broader implications of data security in both personal and organizational contexts. As cyber threats continue to evolve, the episode underscores the importance of adaptive strategies and robust protections to safeguard against increasingly sophisticated attacks.

Notable Quotes:

Matt Covington [14:42]: “Everyone's talking about AI, obviously, agentic AI more specifically. And so the buzz here is the buzz everywhere.”
Matt Covington [15:32]: “Our value proposition for our members is we will help you to reduce your digital footprint to be as small as possible.”
Matt Covington [23:52]: “We're perfectly happy to do a crawl walk run with our members... it's always that pivot to action.”

For more detailed insights and the full episode transcript, visit CyberWire Daily.

Loading summary

Transcript17 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. Hey everybody, Dave here. I've talked about Deleteme before and I'm still using it because it still works. It's been a few months now and I'm just as impressed today as I was when I signed up. Deleteme keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals. Delete Me also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now our listeners get a special 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K foreign suffers a global service outage a major DDoS attack hits a Russian Internet provider US banking groups urge the SEC to scrap cybersecurity disclosure rules. Australia mandates reporting of ransomware payments. Researchers uncover a new browser in the middle attack targeting Safari users. A Florida health System pays over $800,000 to settle INS breach concerns CISA issues five urgent ICS advisories Our guest is Matt Covington, VP of Product at Black Cloak, discussing the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. And the Feds are putting all our Digital data in one basket. It's Friday, May 30, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Happy Friday and thanks for joining us here today. Cybersecurity firm Sentinel 1 experienced a global service outage on Thursday that disrupted its ext, a detection and response platform affecting security monitoring and updates for nearly 13,000 customers. The issue lasted about six hours, with administrators reporting problems accessing the cloud based console. Although customer endpoints remained protected, managed detection and response services were offline and threat data reporting was delayed. SentinelOne attributed the outage to an internal automation error, not a cyber attack. Most of the company's services, including Endpoint and Cloud Security, were listed as unavailable. Some admins speculated AWS or DNS issues, but evidence didn't support this. The outage interrupted Star rule based custom detections and impacted clients dependent on real time updates Sentinel One classified the incidents as SeV0, the highest severity level, and later restored service. Experts viewed the response as effective despite temporary loss of visibility and MDR functions. A major DDoS attack hit Russian Internet provider ASVT this week, knocking tens of thousands offline in Moscow and nearby areas for several days. The disruption began Tuesday and lasted Into Friday, affecting ASVT's website, mobile app and customer services. Many residents couldn't work remotely, use card payments or access buildings due to downed intercoms. ASVT blamed the Ukrainian IT army, though the group hasn't claimed responsibility. The incident follows a similar March attack on Lovett, another provider accused of monopolistic practices and now under investigation. Russia's federal anti monopoly service is also probing asvt. The broader trend reflects rising cyberattacks on Russian telecoms, often politically motivated. In 2023, over 30% of DDoS attacks in Russia targeted telecoms. Previous attacks have included data theft and infrastructure damage by groups like the Ukrainian Cyber alliance and Silent Crow. It's unclear if ASVT's enterprise or government clients were affected. US banking groups are urging the securities and Exchange Commission to scrap its cybersecurity incident disclosure rules, arguing they clash with confidential protocols meant to protect critical infrastructure. Led by the American Bankers association, five major industry groups say the SEC's Cybersecurity Risk Management rule, requiring rapid disclosure of breaches hinders law enforcement, creates confusion and disrupts incident response. They argue the rule, in effect since July 2023, has been flawed and difficult to implement. A recent breach at Coinbase underscores the danger, with attackers impersonating support staff to steal user assets. This incident amplifies fears across the financial sector about centralized data risks as crypto adoption expands. Banking and crypto sectors alike now stress the need for better cybersecurity guardrails without compromising critical operations. Australia has become the first country to mandate reporting of ransomware payments. Starting Friday. Organizations earning over $3 million Australian annually or in critical infrastructure must report any payments made to cybercriminals within 72 hours to the Australian Signals Directorate. Non compliance could lead to civil penalties. The law aims to improve visibility into ransomware attacks, which are largely underreported, with only one in five victims currently coming forward. Initially, enforcement will focus on severe violations, but stricter oversight is planned for 2025. This move follows a wave of major cyber attacks in Australia and echoes similar proposals in the uk. Critics argue that while the law may help profile attackers, it won't stop ransomware. Researchers from squarex have uncovered a new browser in the middle attack targeting Safari users by exploiting flaws in the browser's full screen API. This technique, revealed through the Year of Browser Bugs project, enables stealthy phishing by tricking users into entering full screen mode without warning. Unlike Chrome or Firefox, Safari lacks clear visual indicators when full screen mode is triggered, making it easier for attackers to disguise malicious sites as legitimate login pages. Using novnc, attackers can embed a remote session inside the victim's browser to stealing credentials undetected. Traditional endpoint detection and response tools can't see browser activity, making this attack hard to detect. Apple has acknowledged the issue but considers Safari's behavior intentional, not a bug. Experts urge enterprises to use browser native security tools as network based defenses can be bypassed. BayCare Health System in Florida has agreed to pay $800,000 and implement a corrective plan to settle a federal HIPAA investigation over a 2018 insider breach. The incident, reported by a patient at St. Joseph's Hospital in Tampa, involved unauthorized access to her printed and electronic medical records. The patient said she was later contacted by someone with photos and video of her records. Federal investigators traced the access to credentials belonging to a former non clinical staffer at a medical practice connected to BayCare. The U.S. department of Health and Human Services found multiple HIPAA violations, including inadequate access controls and failure to monitor system activity. Although BayCare admitted no wrongdoing, the case highlights the risk of insider threats and the need for continuous monitoring and auditing of access to patient data. Experts emphasize that software alone isn't enough Effective compliance requires ongoing oversight. A new malware campaign, UTG Q015, is targeting government Web servers across multiple regions, posing a threat to national infrastructure. First detected earlier this month, it uses brute force, credential stuffing and SQL injection to breach defense and municipal systems. The malware employs polymorphic code to evade detection and embeds itself via process hollowing, replacing legitimate software with malicious code. It maintains persistence through registry tweaks and scheduled tasks, enabling long term access and data theft. Agencies report backdoors and service disruptions. CISA issued five urgent advisories addressing severe vulnerabilities in critical industrial control systems used across sectors like health care, construction, maritime safety and infrastructure. Affected systems include Siemens CIPAASS access control platforms, Consilium CS5000 fire panels, Instantel micromate environmental monitors, and Santasoft medical imaging software. The flaws, ranging from firmware tampering and hard coded passwords to missing authentication and memory corruption, pose high risks of remote exploitation and system compromise. CVSS scores for these vulnerabilities range from 8.2 to 9.3, highlighting their severity. While Siemens and Santasoft have issued patches, Consilium urges hardware upgrades. CISA advises organizations to immediately apply vendor mitigations, implement network segmentation, use VPNs for remote access, and maintain up to date asset inventories. Coming up after the break, my conversation with Matt Covington from Black Cloak. We're discussing the emergence of advanced impersonation techniques like deep fakes, and the Feds are putting all our digital data in one basket. Stay with us. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic Identity Threat Protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing. To neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire compliance regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear. There is a better way. Vanta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger. Yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started at vanta.com cyber Matt Covington is VP of Product at Blackcloak. I recently caught up with him at the RSAC conference. In today's sponsored Industry Voices segment, we discuss the emergence of advanced impersonation techniques like deepfakes and the importance of digital executive protection. So Matt, here we are at RSAC 2025. Before we dig into some of the specific topics, what's your take on this year's show and any sense for the general buzz around the show floor.
[14:42]
Matt Covington
Yeah, absolutely. So for me it's felt like a high school reunion, bumping into so old colleagues, getting to see what everyone's up to. And so it's, it's always an incredible pleasure to be here for that reason. Just build your networks, reconnect with people. Everyone's talking about AI, obviously, agentic AI more specifically. And so the buzz here is the buzz everywhere. But it seems like there are a lot of folks about, everyone's really interested. You know, the, the exhibit floor seemed like it was heaving anytime you went down there. We have had some excellent meetings here with partners, with prospects and with customers. So no, overall, it's been a great week.
[15:21]
Dave Bittner
Well, I mean, let's touch on the hot topic, which as you mentioned is AI and more specifically agentic AI. Does that cross paths at all with the work you and your colleagues at Blackcloak do?
[15:33]
Matt Covington
Yeah, it's really interesting. So I think one of the things that we do. So I'll sort of get into a little bit of one of our core use cases. And so fundamentally our value proposition for our members is we will help you to reduce your digital footprint to be as small as possible. Given it will never be zero. There will always be some trace. We can remove data from data broker sites, you know, images of your house from the street view on Google Maps. And so we do a lot of work around this. And obviously in doing that work, we're interacting with web content all the time. And so having an AI agent that's able to understand the context of the kind of page it's looking at and to reason around the page to say, yes, I understand that this is an input field for first name, last name, location, and this is an opt out button which can be the same thing as a removal button. And so I think for us there's a lot of promise in the idea that we can be much more efficient in how we are collecting data from these pages, how we're submitting opt out requests on a member's behalf. And so yes, in short, I think there's definitely an application here for the work that we're engaged in and it's quite exciting to see how far and how fast things are traveling.
[16:47]
Dave Bittner
Well, I mean, speaking to the types of services and products that you all provide, in conversations with folks coming to the conference from all over the world, I have spoken to multiple international travelers who've said that there is increased scrutiny at the borders and we're kind of in this place right now, now Where I think people are figuring out how far things are going to go and how much is this a new reality or a transitional thing, but that plays into the types of things that you are all are helping with as well?
[17:22]
Matt Covington
Yeah, I think so. I mean, one of the services we provide, again, you know, there are lots of things you can do with automation. There are many things you can't. And so one of the concierge services we provide is just advice on how to safely configure social media. And a lot of times we'll give briefings to families about safe use of social media, what's appropriate to do and what it isn't appropriate to do. And so again, that sense of how I should be using social media in a safe way would inherently, I think make it much less of a risk if you were in one of those scenarios where suddenly you have somebody looking over your device. In other cases, as I said, when we have folks traveling overseas, a lot of times the best recommendation is take a burner phone, right? Take a phone, do what you need to do, install the apps you need. When you come back, you can wipe it.
[18:11]
Dave Bittner
That's a really interesting insight, I think, about the family, right, Because I imagine, you know, a teenage child, you know, mom is a high powered executive somewhere, the kids didn't sign up for this. You know, maybe the spouse knew what they were getting into. But so there's kind of a nurturing aspect to it as well as part of that bubble you try to put around the whole family 100%.
[18:40]
Matt Covington
And I think that is the hardest thing, I think, for a lot of executives is to have to acknowledge that you are part of the brand, right? If you're a top executive at a financial services organization, particularly if you're public, particularly if you are a figure of noteworthy figure who is in the news, you know, that that does make you part of the corporate attack surface. And so a lot of times when we're talking to grizzled, you know, CISOs will talk in those terms and say, you know, you can't just think about attack surface in terms of IP ranges, right? You have to think about the people and their families as well. And so I think really the founding principle of Black cloak was to be able to, it's almost have your cake and eat it too, right? Because we are able to extend security protections to the home. We have a range of privacy and security features for the executive, for their spouse, for adult children, teenagers living in the home. But by the same token, it is not automatic that that Information gets shared back. And so let's say, for example, that an executive's information gets breached for a site they're a member of and they don't necessarily want their CISO to know all of their social activities, all of their hobbies. And so through Blackcloak, they're able to come directly to us as that sort of trusted intermediary to work on those issues without having to necessarily have all of the details of their home life, their children's home life, their spouse's home life, common knowledge for the IT team in the office. And so in some respects, our SOC team acts as an extension of the ciso. So when there's an issue with a family device, they can call us rather than calling the ciso and we'll take care of that in a discrete way without necessarily again, having to pass all of that data back up the chain to the company.
[20:30]
Dave Bittner
Interesting. I never really thought about reputational protection flowing to the company itself.
[20:38]
Matt Covington
Yes, it's really interesting. Right. Again, there's that two way street. I mean, obviously for as I said, the individual is part of the brand, but also actions of the individual can in some cases reflect negatively on the brand as well. So there's a really, the dynamic between the personal and the business. It is not a clean line, as much as we would like to believe that it is. It's a gray area. And the reality is that we may write a policy that says we will respect privacy, we will separate these things. An attacker doesn't care. Right. And in fact, if I'm looking at targeting an individual, right. Am I going to try and target a corporate resource that is probably going to be very well defended with enterprise grade security, or am I going to try and sneak in the back door? Right. I'm going to find, I can go to a data broker site and I'm going to find an email address or a phone number or a social media account and I can target my attack that way. And so again, that's sort of the role the black cloak plays, is expanding that secure perimeter outside the four walls of the organization.
[21:38]
Dave Bittner
The other thing that strikes me is it's in a similar way, perhaps at a different scale to how we think of the cyber realm. Crosses into the physical world with things like CRIT infrastructure, with keeping the lights on and the trains running and the airplanes flying and that sort of thing. But the work that you all do also crosses over into the physical world. Protection of people beyond just their zeros and ones.
[22:09]
Matt Covington
Yeah, that's absolutely the case. And so for example, one of the things we'll typically do, every member gets an individual one on one zoom onboarding call. And we cover things like, you know, property addresses being online. Right. And again, that information from a data broker could end up being very dangerous, Right. If you have, you know, the street address and then potentially there's a Zillow home listing from a couple of years ago that has the property pictures of all the rooms. It's very important that, you know, we take action to get those things removed because there definitely is that sense that the cyber always is a leading indicator in some respects of what's going to happen in the physical world. I mean, in past lives I've worked with security companies who are very much about this, like looking at social media as early indicators for, you know, it starts as an online campaign group of people who are unhappy about, you know, the policy of a given organization. And the next thing you know they're picketing outside the CEO's house or outside their kids school for the school run to try and generate embarrassment. And so again, I think what it comes down to is that what we're able to do, again, no such thing as perfection in this world, but you want to take every effort you can just to remove as much information as you can. And so again, there's always that don't be the fish, right? You don't want to be the easy person to target or attack and you hope that attacker gets frustrated and moves on to an easier target.
[23:38]
Dave Bittner
How do you dial in an appropriate amount of respect for the risks without unnecessarily injecting paranoia or fear into the people that you're working with?
[23:53]
Matt Covington
That's a great question and it's definitely a journey, right? And I think we like to say that we're perfectly happy to do a crawl walk run with our members. And so the initial call we'll get some of the basic protections in place, but maybe we won't go to the PC or the Mac and install software there. And so it's definitely that sort of very kind of gentle approach. And so we do, when we first have the onboarding call, we will give the member an indication of what's out there, but it's always in the context of what the good news is. We're busy taking care of this for you. And so for example, we'll have representative data to say, look, you know, these email addresses have been in data breaches. We know those data breaches have Social Security numbers. So we might consider as the next thing you can schedule A concierge call and we'll walk you through credit freeze and locks, for example. And so it's always trying to frame the risk in the context of the action. And so it's always that pivot to action. Right. We want all of the information we're putting in front of our members to feel like the solution or the remediation is wrapped into the messaging. It's not the scare tactic of a wall of red alerts with no indication what I'm supposed to do about them. And in fact, in a lot of cases, one of the things we'll do is we actually, you know, so on a home PC we have an enterprise grade EDR solution running on those and if we detect malware, it actually signals back to the SoC. And so they will then proactively reach out and say, hey, just so you know, we've seen this, this is what we're going to do about it. Rather than again having a siren go off and red lights flashing on the PC, which again, could be legitimately terrifying for somebody who isn't well versed in security. And that's one of the, for me joining Blackcloak, joined about a year ago, it is, that's the nuance. Right. We sell to ciso, but our responsibility is ultimately to the member themselves. And it's not a technical audience. You can't use technical language when you talk to them. And Chris Pearson has a great philosophy which is, you know, anytime you put a new feature or a new screen, would mum be able to understand it? Right. Could it, could you show it to your mum? Could she understand what we're saying and what we're recommending to do. And that's never a bad philosophy to have in what we're trying to do.
[26:08]
Dave Bittner
Yeah. And coming back to the fact that here we are at RSAC and really a one stop shop for a big high level picture of everything going on in cybersecurity. How do you define your place in the community, in the ecosystem? What is the spot that you all fill?
[26:26]
Matt Covington
Yeah, that's a really great question. And so I think what we're doing is we're putting together maybe a little sub slot. Right. And so in talking about Digital Executive Protection, which is how we describe ourselves, obviously one element of that is just simply sales and marketing motion for our products. We also recently put together a document called the Digital Executive Protection Framework, which is really trying to kind of break out all of the different categories and all of the different elements under those categories in almost a NIST like framework just so, again, you can hand it over. And again, not all of these things are necessarily things that Black Cloak protects about, but it's trying to take a holistic community center view of what we believe this space should be. We think it's very important. We're very passionate about digital executive protection as a space and as a category. And so it's sort of an opportunity to go out and talk about this. And that's our little segment. And so again, we're not really we sell to the enterprise, but again, it's really about that relationship with the member, the end user that is so incredibly important for what we do.
[27:36]
Dave Bittner
That's Matt Covington, VP of product at Black Cloak. And finally, the federal quiet expansion of data sharing efforts enabled by President Trump's March executive order has sparked growing concerns among privacy advocates, technologists and civil liberties groups. Central to the initiative is Palantir, a data analytics firm now working across multiple federal agencies, including dhs, HHS and the irs, to integrate vast stores of personal data. While the stated goal is to improve efficiency and break down information silos, the move raises serious questions about oversight, transparency and the potential risks of centralizing sensitive information. Palantir's foundry platform can consolidate and analyze complex datasets, making it possible to create detailed profiles of individuals using data originally collected for other purposes. Critics worry this level of integration, if not carefully governed, could erode public trust and expose citizens to unintended consequences. Even some Palantir employees have voiced discomfort with the direction of the company's government work, highlighting the need for ongoing scrutiny and clear limits on how personal data is used. Maybe the real efficiency was the friends personal information we consolidated along the way. Just a thought. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com be sure to check out this weekend's research Saturday and my conversation with John Hammond, principal security researcher at Huntress. We're discussing their research critical gladonet Center Stack and Trio Fox Vulnerability Exploited in the Wild. That's research Saturday. Check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliott Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher, and I'm Dave Bittner. Thanks for listening. We'll see you back here next week. And now a word from our sponsor, Threat Locker. Keeping your system secure shouldn't mean constantly reacting to threats Threat Locker helps you take a different approach by giving you full control over what software can run in your environment. If it's not approved, it doesn't run. Simple as that. It's a way to stop ransomware and other attacks before they start without adding extra complexity to your day. See how ThreatLocker can help you lock down your environment at www.threatlocker.com.