CyberWire Daily Summary: "All Systems Not Go"

Release Date: May 30, 2025

Hosted by: Dave Bittner
Guest: Matt Covington, VP of Product at Black Cloak

1. Introduction

In the May 30, 2025 episode of CyberWire Daily, host Dave Bittner presents a comprehensive overview of the latest developments in cybersecurity. The episode, titled "All Systems Not Go," delves into significant incidents, regulatory changes, emerging threats, and expert insights, providing listeners with a thorough briefing on the current cybersecurity landscape.

2. Key Cybersecurity Incidents

a. SentinelOne Global Service Outage

On Thursday preceding the episode, cybersecurity firm SentinelOne experienced a worldwide service disruption affecting its extension (ext), a detection and response platform. The outage lasted approximately six hours, impacting nearly 13,000 customers by hindering access to the cloud-based console and delaying threat data reporting. While customer endpoints remained safeguarded, managed detection and response (MDR) services were temporarily offline. SentinelOne attributed the outage to an internal automation error, ruling out a cyberattack. Despite the severity, experts praised the company's effective response in restoring services promptly.

b. Major DDoS Attack on Russian Internet Provider ASVT

A significant DDoS attack targeted the Russian Internet provider ASVT, rendering tens of thousands of users in Moscow and surrounding areas offline for several days. The assault, which began on Tuesday and persisted into Friday, disrupted ASVT's website, mobile app, and customer services. Residents faced challenges such as remote work limitations, impaired card payment systems, and inoperative intercoms. ASVT accused the Ukrainian IT Army of orchestrating the attack, although the group has not officially claimed responsibility. This incident aligns with a rising trend of politically motivated cyberattacks on Russian telecoms, with over 30% of DDoS attacks in Russia in 2023 targeting the telecommunications sector.

c. US Banking Sector Challenges SEC Cybersecurity Disclosure Rules

US banking institutions, spearheaded by the American Bankers Association, are urging the Securities and Exchange Commission (SEC) to repeal its cybersecurity incident disclosure mandate. The Cybersecurity Risk Management rule, effective since July 2023, requires swift breach disclosures, which banks argue disrupt confidential protocols crucial for protecting critical infrastructure. Citing the recent Coinbase breach, where attackers impersonated support staff to steal assets, industry groups emphasize the need for robust cybersecurity measures without compromising operational integrity.

d. Australia Mandates Reporting of Ransomware Payments

Australia has become the first nation to enforce a law requiring organizations earning over AUD 3 million annually, or those in critical infrastructure, to report any ransomware payments to the Australian Signals Directorate within 72 hours. Non-compliance may result in civil penalties. This legislation aims to enhance transparency around ransomware incidents, which are significantly underreported. Initial enforcement will target severe violations, with stricter measures anticipated in 2025. The move mirrors similar proposals in the UK and follows a surge in major cyberattacks across Australia.

e. New "Browser in the Middle" Attack Targets Safari Users

Researchers from SquareX have identified a novel attack method termed "browser in the middle," exploiting vulnerabilities in Safari's full-screen API. This technique facilitates stealthy phishing by inducing users into full-screen mode without clear visual indicators, allowing attackers to disguise malicious sites as legitimate login pages. Utilizing novnc, attackers embed remote sessions within the victim's browser to harvest credentials undetected. Apple has acknowledged the issue but maintains that Safari's behavior is intentional. Experts recommend leveraging native browser security tools, as network-based defenses may be circumvented.

f. Florida Health System Settles Data Breach Concerns

BayCare Health System in Florida has agreed to pay over $800,000 to resolve a federal HIPAA investigation stemming from a 2018 insider breach. The breach involved unauthorized access to both printed and electronic medical records of a patient at St. Joseph's Hospital in Tampa. The incident was traced back to credentials of a former non-clinical staff member. The U.S. Department of Health and Human Services highlighted multiple HIPAA violations, including inadequate access controls and insufficient system activity monitoring. This case underscores the persistent threat of insider breaches and the critical need for continuous data access oversight.

g. UTG Q015 Malware Campaign Targets Government Web Servers

A new malware campaign, identified as UTG Q015, is actively targeting government web servers across various regions. Detected earlier this month, the malware employs techniques such as brute force, credential stuffing, and SQL injection to infiltrate defense and municipal systems. With polymorphic code and process hollowing, UTG Q015 evades detection while embedding itself into legitimate software. The malware ensures persistence through registry alterations and scheduled tasks, facilitating prolonged access and data exfiltration. Agencies report backdoors and service disruptions, highlighting the campaign's severity.

h. CISA Issues Five Urgent Advisories on ICS Vulnerabilities

The Cybersecurity and Infrastructure Security Agency (CISA) has released five urgent advisories addressing critical vulnerabilities in Industrial Control Systems (ICS) used across sectors like healthcare, construction, maritime safety, and infrastructure. The affected systems include:

• Siemens CIPAASS Access Control Platforms
• Consilium CS5000 Fire Panels
• Instantel Micromate Environmental Monitors
• Satoshi Medical Imaging Software

These flaws range from firmware tampering and hard-coded passwords to missing authentication and memory corruption, posing high risks of remote exploitation and system compromise. CISA assigns CVSS scores between 8.2 to 9.3, indicating severe vulnerabilities. While patches have been released for Siemens and Santasoft, Consilium recommends hardware upgrades. CISA advises immediate implementation of vendor mitigations, network segmentation, VPN usage for remote access, and maintaining up-to-date asset inventories.

3. Expert Insight: Digital Executive Protection with Matt Covington

In the latter part of the episode, Dave Bittner engages in a detailed conversation with Matt Covington, VP of Product at Black Cloak. The discussion centers around advanced impersonation techniques, such as deepfakes, and the critical role of digital executive protection.

a. The Rise of Agentic AI in Cybersecurity

Matt Covington notes, “[14:42] ...everyone's talking about AI, obviously, agentic AI more specifically. And so the buzz here is the buzz everywhere.” He highlights the increasing integration of AI in enhancing cybersecurity measures, particularly in automating data collection and opt-out processes to minimize digital footprints.

b. Black Cloak’s Approach to Reducing Digital Footprints

Black Cloak focuses on minimizing digital footprints for its members by removing personal data from broker sites and securing information across family devices. Covington explains, “[15:32] ...our value proposition for our members is we will help you to reduce your digital footprint to be as small as possible.” This involves leveraging AI agents to efficiently process and remove sensitive information, thereby reducing the risk of targeted attacks.

c. Balancing Security and Privacy for Executives and Families

Covington emphasizes the delicate balance between protecting executives and their families without infringing on personal privacy. “[18:39] ...executives... are part of the corporate attack surface... we can extend security protections to the home.” Black Cloak acts as an intermediary, managing security issues discreetly without exposing personal details to corporate IT teams.

d. Addressing Reputational Risks and Expanding Secure Perimeters

The conversation underscores the intertwining of personal and corporate reputations. Covington states, “[20:29] ...actions of the individual can in some cases reflect negatively on the brand...” Black Cloak extends security measures beyond organizational boundaries to encompass personal data, thereby safeguarding both individual and corporate reputations.

e. Implementing User-Friendly Security Solutions

To mitigate risks without inducing fear, Black Cloak adopts a user-centric approach. Covington shares, “[23:52] ...we're perfectly happy to do a crawl walk run with our members... it's always that pivot to action.” The company provides clear, actionable solutions alongside risk assessments, ensuring that members feel supported rather than overwhelmed by security measures.

4. Centralization of Digital Data and Privacy Concerns

The episode concludes with a discussion on the federal expansion of data-sharing initiatives propelled by President Trump's executive order in March. The integration efforts involve Palantir, a data analytics firm collaborating with multiple federal agencies such as DHS, HHS, and the IRS, to consolidate vast amounts of personal data. While the objective is to enhance efficiency and eliminate information silos, privacy advocates express concerns over oversight, transparency, and the risks associated with centralizing sensitive information. Critics argue that the consolidation could erode public trust and expose individuals to unintended consequences, even prompting discomfort among some Palantir employees regarding the company's government collaborations.

5. Conclusion

The "All Systems Not Go" episode of CyberWire Daily effectively highlights critical cybersecurity incidents, regulatory shifts, and emerging threats shaping the industry's landscape. Through expert insights from Matt Covington, listeners gain a nuanced understanding of digital executive protection and the broader implications of data security in both personal and organizational contexts. As cyber threats continue to evolve, the episode underscores the importance of adaptive strategies and robust protections to safeguard against increasingly sophisticated attacks.

Notable Quotes:

• Matt Covington [14:42]: “Everyone's talking about AI, obviously, agentic AI more specifically. And so the buzz here is the buzz everywhere.”
• Matt Covington [15:32]: “Our value proposition for our members is we will help you to reduce your digital footprint to be as small as possible.”
• Matt Covington [23:52]: “We're perfectly happy to do a crawl walk run with our members... it's always that pivot to action.”

For more detailed insights and the full episode transcript, visit CyberWire Daily.