Beware of BADBOX. - CyberWire Daily | Wave AI Podcast Notes

Summary10 min read

CyberWire Daily Summary: Episode "Beware of BADBOX" (June 6, 2025)

Hosted by N2K Networks, CyberWire Daily delivers the latest in cybersecurity news and expert analysis. In this episode titled "Beware of BADBOX," released on June 6, 2025, hosts Dave Bittner and guest Ian Bramson, Global Head of Industrial Cybersecurity at Black and Veatch, delve into significant security threats, critical vulnerabilities, and strategies to bridge the cyber attack readiness gap.

Key News Highlights

DOJ Seizes Over $7 Million Linked to North Korean IT Workers

The U.S. Department of Justice (DOJ) has taken decisive action by filing a civil forfeiture complaint to seize more than $7.7 million in cryptocurrency connected to North Korean IT operatives. These workers, primarily based in China and Russia, illicitly gained remote employment using stolen identities, funneling their earnings to finance North Korea's weapons programs while evading U.S. sanctions.

Dave Bittner highlights:

"These workers, often based in China and Russia, secretly funneled earnings to fund North Korea's weapons program, skirting US sanctions." (02:08)

The scheme was allegedly led by Sim Hyun Seop, a foreign trade bank representative, and Kim Sang Man, head of Cheong, a Ministry of Defense-linked firm. Their laundering tactics included chain hopping, token swapping, and purchasing NFTs. This seizure is part of the broader DPRK Revgen Domestic Enabler Initiative, targeting North Korea's global revenue streams and their U.S. collaborators, with the FBI and DOJ spearheading the investigations.

FBI Alerts on Bad Box 2.0 Malware Targeting IoT Devices

The FBI has issued warnings about Bad Box 2.0, a sophisticated malware campaign that has compromised over one million consumer Internet of Things (IoT) devices globally. Predominantly found on low-cost Android-based TVs, tablets, and projectors manufactured in China, Bad Box 2.0 covertly transforms these devices into residential proxies for cybercriminal activities.

Bittner reports:

"Bad Box 2.0 turns these gadgets into residential proxies for cybercriminals." (04:15)

The malware infiltrates devices either preloaded or installed during setup via malicious applications or firmware updates. Once compromised, these gadgets facilitate ad fraud, credential stuffing, and the masking of illicit traffic. Despite previous efforts to disrupt the botnet, its network continues to expand, with the highest number of infections in Brazil, the U.S., Mexico, and Argentina. The FBI advises consumers to:

Avoid unofficial app stores.
Monitor home network traffic.
Keep devices updated.
Disconnect any suspected compromised devices.

Major Security Flaw Discovered in Chrome Extensions

Researchers have identified a critical vulnerability in Chrome extensions that affects over 15 million users. The flaw arises from developers hardcoding sensitive credentials, such as API keys, authentication tokens, and cloud access secrets directly into their JavaScript code. Given that Chrome extension code is publicly accessible, attackers can easily extract these credentials, posing significant security risks.

Bittner explains:

"Exposed secrets include Google Analytics, Azure, speech APIs and even AWS keys." (06:40)

The repercussions range from corrupted analytics data to exorbitant cloud costs and exposure of broader infrastructure. Symantec's findings pointed out that multiple high-profile extensions, including those from Avast and Equatio, suffer from this issue. The primary cause is the prioritization of convenience over secure coding practices. Potential exploitation avenues include spamming devices, hijacking cloud resources, or leveraging the compromised credentials to gain elevated permissions within connected systems.

Iranian Hackers (Bladed Feline) Targeting Government Officials

ESET has uncovered activities by Bladed Feline, an Iranian-linked hacker group conducting extensive cyber espionage targeting Kurdish and Iraqi government officials. Operating since at least 2017, Bladed Feline initially compromised the Kurdistan Regional Government before expanding its reach to Iraq's central government and a telecom provider in Uzbekistan.

Bittner summarizes:

"Bladed Feline has operated since at least 2017, initially breaching the Kurdistan Regional Government and later expanding to Iraq's central government and even a telecom provider in Uzbekistan." (08:30)

The group employs custom malware variants such as Xamaron, Whisper, and PrimeCache to spy on systems, exfiltrate data, and maintain persistent remote access. Likely entry points include exploited server vulnerabilities and web shells. This campaign supports Iran's geopolitical objectives by monitoring Western ties within the Kurdistan Regional Government and countering U.S. influence in Iraq. Bladed Feline's modus operandi mirrors that of Oil Rig, known for targeting critical sectors and executing supply chain attacks.

Critical Vulnerabilities Patched by Hitachi, Acronis, and Cisco

Hitachi Energy:
Hitachi Energy addressed two critical vulnerabilities in its Relion 670, 650 series, and SAM 600 IO devices—integral components in power grid protection and control. These flaws could enable remote attackers to trigger memory corruption, potentially destabilizing the power grid. Although no public exploitation has been reported, Hitachi Energy recommends immediate upgrades to secure revisions to mitigate risks.

Acronis Cyber Protect:
Acronis has alerted users to multiple critical vulnerabilities, including three with the highest CVSS score of 10.0. These flaws permit attackers to bypass authentication, access sensitive data, and escalate privileges. Updates have been available for over a month, but Acronis advises users to update immediately. If immediate updating isn't feasible, they recommend restricting network access and monitoring systems for suspicious activities.

Cisco:
Cisco has patched 12 vulnerabilities across its product suite, notably a critical flaw in the cloud deployment of the Identity Service Engine. This vulnerability affects AWS, Azure, and Oracle Cloud ISE instances where shared credentials are improperly generated, allowing unauthorized access to sensitive data or modification of configurations. With no available workarounds and public proof-of-concept code, Cisco urges users to apply updates immediately. Additionally, two high-severity SSH flaws in the IMC and Nexis Dashboard fabric controller could enable unauthorized access or man-in-the-middle attacks, alongside nine medium-severity bugs across various communication and management tools.

Bittner emphasizes:

"Cisco strongly urges users to apply updates immediately." (11:50)

International CSAM Takedown: 20 Suspects Arrested

An extensive international law enforcement operation, spearheaded by Interpol and Europol, has led to the arrest of 20 individuals involved in producing and distributing Child Sexual Abuse Material (CSAM). Following an investigation initiated by Spanish authorities in late 2024, Operation Vibora has identified 88 suspects globally. The operation saw arrests across the Americas, Europe, Asia, and Oceania, including professionals such as teachers and healthcare workers in Spain and Latin America.

Dave Bittner reports:

"Operation Vibora identified 88 suspects globally." (12:30)

This operation builds on prior global efforts like Operation Stream, which dismantled the dark website Kidflix, and other initiatives targeting AI-generated CSAM. Collectively, these operations have led to the identification of hundreds of suspects and the seizure of thousands of devices, demonstrating a robust commitment to combating online child exploitation.

Roundcube Webmail Exploit "Email Armageddon"

A critical post-authentication remote code execution (RCE) vulnerability in Roundcube Webmail, dubbed "Email Armageddon," has resurfaced despite being patched on June 1. Hackers swiftly reverse-engineered the fix and are now selling a functional exploit online. The flaw, present for over a decade, involves unsanitized session variables leading to PHP object injection.

Bittner warns:

"Despite requiring login access, attackers claim credentials can be extracted from logs, brute forced or obtained via CSRF." (14:45)

With over 1.2 million instances of Roundcube Webmail deployed across hosting providers and various sectors, the attack surface is extensive. Security researchers, acknowledging the vulnerability's severity with a CVSS score of 9.9 and active exploitation in the wild, urge immediate patching to mitigate potential breaches.

In-Depth Interview: Ian Bramson on Bridging the Cyber Attack Readiness Gap

Dave Bittner:

"Our guest today is Ian Bramson, global head of industrial cybersecurity at Black and Veatch, exploring how organizations can close the cyber attack readiness gap and ChatGPT logs are caught in a legal tug of war." (02:02)

Current State of Cybersecurity in Industry

Ian Bramson describes the cybersecurity landscape as one in flux, marked by the convergence of increased cyber-attacks, evolving regulatory environments, and rapid digitalization.

"We're at a change point right now where you're seeing a convergence of a lot of different factors, from increased attacks to different type of regulatory environments, to lots of digitalization." (13:19)

This convergence results in varied levels of cybersecurity maturity across companies, with those recognizing the threat early moving ahead, while others lag behind.

Compliance vs. Security

Bramson emphasizes the distinction between compliance and security. While compliance focuses on meeting regulatory standards, security aims at safeguarding against threats beyond mere regulatory requirements.

"There's a difference between being compliant and being secure. Meaning I've got clients who are very focused on being compliant, and they are, but there's still lots of gaps in there." (14:37)

He points out that regulations often lag behind emerging threats, necessitating a proactive security approach rather than a checkbox-driven compliance mindset.

Elements of Successful Cybersecurity Programs

Bramson identifies two primary elements that successful organizations share:

Executive Commitment:
Strong support and understanding of industrial cybersecurity from the board of directors are crucial.

"They have commitment from the board of directors and an understanding and appreciation of what industrial cybersecurity is. Meaning it's not just about data, it's about safety and it's about uptime." (15:39)
Foundational Cyber Hygiene:
Effective asset inventory, vulnerability management, and robust monitoring and response systems form the backbone of a solid cybersecurity program.

"Do I know what I need to protect? That's asset inventory and asset management. Do I know where my holes are? That's vulnerability management and patch management." (15:39)

Securing Executive Buy-In

Translating technical cybersecurity concepts into risk management language that resonates with executives is essential for securing their support.

"Senior executives, boards of directors, they speak the language of risk. They understand consequence, they understand the idea of probability and impact." (17:06)

Creating a risk register and aligning cybersecurity initiatives with strategic business goals helps in effectively communicating the importance and urgency of cybersecurity investments.

Addressing Budget Constraints in Public Utilities

When dealing with budget-constrained sectors like water utilities, Bramson suggests:

Exploring Grants and Funding:
Investigate available financial assistance to support cybersecurity initiatives.
Integrating Cybersecurity into Capital Expenditures:
Incorporate cybersecurity measures during the planning stages of new projects or major modifications to reduce costs and enhance security from the outset.

"Build it in earlier, you can do things a lot cheaper, meaning and a lot better." (18:29)

Advice for Overwhelmed Security Professionals

Bramson advises security personnel to simplify the complex landscape by focusing on fundamental cybersecurity practices.

"Start breaking it down into those simple steps or clear steps, shall we say? And start working through those." (19:46)

By addressing basic questions on asset protection, vulnerability management, and system monitoring, organizations can build a strong cybersecurity foundation without feeling overwhelmed.

Black and Veatch’s Role in Enhancing Cybersecurity

Black and Veatch offers comprehensive support throughout the cybersecurity lifecycle, from initial consulting and implementation to ongoing management. Their approach ensures that clients can navigate the complexities of industrial cybersecurity effectively.

"We offer everything from consulting... to the actual implementation... and help me operate it." (21:11)

OpenAI Under Legal Scrutiny: ChatGPT Logs Preservation Order

In a controversial legal battle, OpenAI is contesting a federal court order mandating the preservation of all ChatGPT interactions, including deleted messages, temporary chats, and API-based business communications. This lawsuit, spearheaded by the New York Times and other plaintiffs over copyright concerns, posits that users are deleting conversations to obscure their digital activities.

Bittner outlines:

"The judge agreed and ordered OpenAI to preserve all logs." (22:00)

OpenAI argues that the order violates logical processes, privacy policies, and potentially international laws, emphasizing that the company did not destroy data but instead honored user deletion requests. The preservation order compels OpenAI to retain all chat data, including sensitive and personal information, placing the company in a precarious position between legal obligations and privacy commitments.

This situation has prompted users to scrutinize their chat histories meticulously and consider alternatives like Gemini, reflecting the broader implications for data privacy and legal compliance in AI-driven platforms.

Closing Remarks

Dave Bittner concludes the episode by directing listeners to additional resources, such as the annual audience survey and the upcoming Research Saturday featuring Michael Gorlick from Morphisec. He also acknowledges the production team, ensuring listeners are informed about the behind-the-scenes efforts that make CyberWire Daily possible.

For further details on today's stories and to participate in the survey, listeners are encouraged to visit [daily briefing@thecyberwire.com](mailto:daily briefing@thecyberwire.com).

Notable Quotes:

Ian Bramson on Industry Flux:
"We're at a change point right now where you're seeing a convergence of a lot of different factors..." (13:19)
On Compliance vs. Security:
"There's a difference between being compliant and being secure..." (14:37)
Executive Commitment:
"They have commitment from the board of directors and an understanding and appreciation of what industrial cybersecurity is." (15:39)
Risk Management Language:
"Senior executives, boards of directors, they speak the language of risk..." (17:06)
Simplifying Security Measures:
"Start breaking it down into those simple steps or clear steps..." (19:46)

Conclusion

This episode of CyberWire Daily provides a comprehensive overview of pressing cybersecurity issues, from large-scale fraud and malware threats to vulnerabilities in widely used software. The in-depth interview with Ian Bramson offers valuable insights into building robust cybersecurity frameworks within organizations, emphasizing the importance of executive support and foundational security practices. Additionally, the legal tussle involving OpenAI underscores the ongoing tensions between technological advancements and data privacy laws. For cybersecurity professionals and enthusiasts alike, "Beware of BADBOX" serves as an essential briefing on the current and evolving landscape of cyber threats and defenses.

Loading summary

Transcript17 lines

[00:02]
Dave Bittner
You're listening to the Cyberwire network, powered by N2K. And now a word from our sponsor. Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization. Traditional defenses can't keep up. Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business. Get your free corporate Darknet exposure report@spycloud.com cyberwire and see what attackers already know. That's spycloud.com cyberwire the DOJ files to seize over $7 million linked to illegal North Korean IT workers the FBI warns of bad box malware targeting IoT devices. Researchers uncover a major security flaw in Chrome extensions. ESET uncovers Iranian hackers targeting Kurdish and Iraqi government officials. Hitachi, Acronis and Cisco patch critical vulnerabilities. 20 suspects are arrested in a major international CSAM takedown. Hackers exploit a critical flaw in roundcube webmail. Our guest today is Ian Bramson, global head of industrial cybersecurity at Black and Veatch, exploring how organizations can close the cyber attack readiness gap and chatgpt logs are caught in a legal tug of war.
[02:02]
Ian Bramson
Foreign.
[02:09]
Dave Bittner
It's Friday, June 6, 2025. I'm Dave Bittner and this is your Cyberwire Intel Briefing. Thanks for joining us here today and happy Friday. Great as always to have you with us. The U.S. department of justice has filed a civil forfeiture complaint to seize over $7.7 million in cryptocurrency linked to North Korean IT workers who use stolen identities to gain illegal remote employment. These workers, often based in China and Russia, secretly funneled earnings to fund North Korea's weapons program, skirting US Sanct. The scheme was allegedly orchestrated with Sim Hyun Seop, a foreign trade bank rep, and Kim Sang man, head of Cheong, a Ministry of Defense linked firm. The IT workers laundered funds through tactics like chain hopping, token swapping and buying NFTs. The action is part of a broader crackdown DPRK Revgen domestic enabler initiative targeting North Korea's global revenue networks and their US enablers. The FBI and DOJ are leading the investigations. The FBI is warning about Bad Box 2.0, a malware campaign that's infected over 1 million consumer IoT devices worldwide, found mostly on low cost Android based TVs, tablets and projectors often made in China. Bad Box 2.0 turns these gadgets into residential proxies for cybercriminals. The malware comes preloaded or is installed during setup via malicious apps or firmware updates. Once infected, devices can be used for ad fraud, credential stuffing and masking criminal traffic. Despite earlier disruptions, the botnet continues to grow. Most infections are in Brazil, the U.S. mexico and Argentina. The FBI urges consumers to avoid unofficial app stores, monitor home network traffic, keep devices updated, and disconnect any suspected compromised devices to halt the malware's activity. Researchers have uncovered a major security flaw in Chrome extensions affecting over 15 million users. The issue centers around developers hard coding sensitive credentials directly in their JavaScript code, things like API keys, authentication tokens and cloud access secrets. Since Chrome extension code is public, these credentials are easily accessible to attackers. Exposed secrets include Google Analytics, Azure, speech APIs and even AWS keys. The risks range from corrupting analytics data to incurring massive cloud costs or exposing broader infrastructure. Symantec found the problem across multiple high profile extensions, including those from Avast and Equatio. This points to a widespread issue in extension development. Convenience often overrides secure coding practices. Attackers could exploit these keys to spam devices, hijack cloud resources, or even pivot into connected systems with elevated permissions. Iran Linked hackers identified as Bladed Feline have been conducting a years long cyber espionage campaign targeting Kurdish and Iraqi government officials, according to eset. Believed to be a subgroup of Iran's oil rig, Bladed Feline has operated since at least 2017, initially breaching the Kurdistan Regional Government and later expanding to Iraq's central government and even a telecom provider in Uzbekistan. The group uses custom malware like Xamaron, Whisper and primecache to spy on systems, exfiltrate data and maintain remote access. Entry points likely include exploited server vulnerabilities and web shells. Researchers say the campaign likely supports Iran's geopolitical goals by monitoring the KRG's Western ties and countering US influence in Iraq. Oil Rig has a history of targeting critical sectors and using compromised networks for supply chain attacks. Hitachi Energy has patched two critical vulnerabilities in its Relion 670, 650 series and SAM 600 IO devices, which are widely used in power grid protection and control. The flaws could allow remote attackers to trigger memory corruption, risking grid stability. Hitachi Energy has released targeted updates and recommends users upgrade to secure revisions. No public exploitation has been reported, but mitigation steps are advised for older systems. Acronis Cyber Protect users are urged to update immediately due to multiple critical vulnerabilities including three with the highest CVSS score of 10.0. These flaws allow attackers to bypass authentication, access sensitive data and escalate privileges. Updates have been available for a month if updating isn't possible right away, restrict network access and monitor systems for suspicious activity. Cisco has patched 12 vulnerabilities across its products, including a critical flaw in cloud deployment of Identity Service engine. This bug affects aws, Azure and Oracle Cloud ISE instances where shared credentials are improperly generated, allowing attackers to access sensitive data or modify configurations. No workarounds exist and proof of concept code is public. Cisco also addressed two high severity SSH flaws in its IMC and Nexis Dashboard fabric controller, which could allow unauthorized access or man in the middle attacks. Additionally, nine medium severity bugs were patched across various Cisco communication and management tools. Two have public proof of concept code, though no active exploitation is reported. Cisco strongly urges users to apply updates immediately. An international law enforcement operation has led to the arrest of 20 suspects involved in producing and distributing child sexual abuse material. Launched after Spanish police uncovered messaging groups sharing CSAM in late 2024, Operation Vibora identified 88 suspects globally. Interpol and Europol coordinated efforts across the Americas, Europe, Asia and Oceania. Spain arrested seven individuals, including a teacher and healthcare worker. Ten more were arrested in Latin America, including three in El Salvador and a teacher in Panama. Additional arrests occurred in Europe and the US. This operation follows earlier global actions against CSAM platforms, including Operation Stream, which dismantled the dark website Kidflix, and another that targeted AI generated csam. These efforts have collectively identified hundreds of suspects and seized thousands of devices. Cybersecurity company fears off reports that hackers are now exploiting a critical post authentication remote code execution flaw in roundcube webmail. The bug, present for over a decade, was patched on June 1, but attackers quickly reverse engineered the fix and began selling a working exploit online. Dubbed email Armageddon. The flaw stems from unsanitized session variables leading to PHP object injection. Despite requiring login access, attackers claim credentials can be extracted from logs, brute forced or obtained via csrf. Roundcube is widely used by hosting providers and organizations across government, education and tech sectors. With over 1.2 million instances online, the attack surface is significant. Security researchers urge immediate Patching Given the vulnerability's severity, CVSS score of 9.9 and the ACT of exploitation in the wild. Coming up after the break, my conversation with Ian Bramson, global head of industrial cybersecurity at Black and Veatch. We're exploring how organizations can close the cyber Attack readiness gap and chatgpt logs are caught in a legal tug of war. Stay with us. Compliance regulations, third party risk and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots, or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear. There is a better way. Banta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger. Yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started at vanta.com cyber Ian Bramson is global head of industrial Cybersecurity at Black and Veatch. I recently spoke with him about how organizations can close the cyber attack readiness gap.
[13:19]
Ian Bramson
The state of things is, I would say, in flux. And what I mean by that is we're at a change point right now where you're seeing a convergence of a lot of different factors, from increased attacks to different type of regulatory environments, to lots of digitalization, lots of things pushing people in different ways. And so what you get as a result of that is a lot of different activity depending on what specific companies are doing. Meaning I've been asked, hey, is there a sector that's going better or worse or faster? And I'm saying it's companies. The companies that clue in are moving more quickly on it while others are not. So it's sort of this emerging primordial soup of stuff where you have all this activity happening and it's just all worked out in different ways. So it's inconsistent when you think about.
[14:24]
Dave Bittner
The haves and the have nots out there. And as you say it's company based. I mean, how much of that or say how does that interact with the regulatory regime that these organizations have to operate under?
[14:38]
Ian Bramson
Well, when we look at industrial cybersecurity, we look at it both from the lens of compliance, so that regulatory environment, and we look at it from being secure and we see absolutely that there's a difference between being compliant and being secure. Meaning I've got clients who are very focused on being compliant, and they are, but there's still lots of gaps in there. And I've got other clients who are much more focused on security, and they'll check the box on compliance, but they are doing what they need to do. So again, it's in that arena that it's all emerging attack surfaces and everything are changing quickly. Regulations are usually struggling to keep up. And so the focus really needs to be on security more than just compliance.
[15:31]
Dave Bittner
And for the organizations out there who are seeing success, what are the common elements that they share?
[15:39]
Ian Bramson
Common elements that companies that are really making progress? Here are a few. One is they have commitment from the board of directors and an understanding and appreciation of what industrial cybersecurity is. Meaning it's not just about data, it's about safety and it's about uptime. Bad guys are trying to blow stuff up and they're trying to shut stuff down. And if they fully appreciate that, then they're dedicated to doing something about it. The second part of that is that the companies that are really into this understand how to answer some of the basic questions. Things like, do I know what I need to protect? That's asset inventory and asset management. Do I know where my holes are? That's vulnerability management and patch management. Can I see someone in my system? Can I get them out? That's monitoring and response. So they ask those basic questions to set those foundations, and they understand that setting that strong foundation is what's important. And that's the most common parts of that. Having that executive commitment and then answering the blocking and tackling types of questions that you have to have out there to set their strong foundation.
[16:52]
Dave Bittner
And in terms of getting that executive commitment, in your experience, what's been the effective mode of messaging to get them to understand the problem and to buy into the solution?
[17:06]
Ian Bramson
Yeah, you know, senior executives, boards of directors, they speak the language of risk. They understand consequence, they understand the idea of probability and impact. And you need to translate all those technical terms into that type of concept. This is risk management. This is about how your operations run. So it's about, again, safety and uptime risks. But you need to break it down into that. And once you can put it into that risk language and the risk concept, build a risk register, understand how it relates to their strategic goals. That type of language and that type of presentation, that gets you a lot farther than talking about bits and bytes about what's happening. We often will say, you know, build that risk register prioritize your risks and then bang on that risk register until money comes out. When I go to the Singer executives.
[18:11]
Dave Bittner
That'S a great way to put it. What about public utilities? I was thinking specifically of water utilities, who. I'm sure we have some folks listening who are thinking this all sounds great, but I don't have a penny to spare in my organization. How do I set priorities?
[18:29]
Ian Bramson
Yeah, and that is one of the major issues that we're coming across, particularly in water but in the cross of different utilities is the motivation is there. Right. They understand it, they get it, they're getting attacked. But it's the what do I do now, what's next and how do I afford that? So there's no one silver bullet or clear answer. But there are things you can do. You can look into grants and funding options, you can look at what that means to your rate cases and you can also look about building it in earlier. When you're doing either new projects or major modifications. Capex type things, cyber is usually left off the table. If you can bring it in earlier, you can do things a lot cheaper, meaning and a lot better. Right. Build it in is better than bolting it on. Well, if you get it, move that starting point into that, that greenfield build or that major modification. That's a great way that you can manage the costs on this while also increasing your security posture.
[19:33]
Dave Bittner
What are your recommendations for the security person who knows they want to spend more time and attention with this, but maybe feels a little overwhelmed by the size of the project in front of them?
[19:47]
Ian Bramson
Well, I can appreciate that because there is certainly a lot to do and there's a lot at risk. But when you approach it, when things get complex, I like to simplify. Right. When you're looking at this, we're not looking at the whiz bang, next gen fantastic stuff. You're looking at the basics, the foundation. So ask yourself those core questions, kind of the ones I brought up earlier, the ones of companies being successful, things like, do I know what I need to protect asset inventory? Do I know where my holes are? Do I know who my suppliers and supply chains are and do I have a good hold of what's coming in, how to protect that? Can I see someone in my system, can I get them out? Basically translate all the different types of technologies and technology vendors back down to the basics of what you need to do to cover of what you need to protect and prioritize that. And it's not. It sounds simple, but it's not easy. Right. You do still have to have a lot of questions in it, but the best advice I can give is start breaking it down into those simple steps or clear steps, shall we say? And start working through those.
[21:03]
Dave Bittner
What sort of work are you doing to help close this gap? What's the types of things that you're offering with the folks that you work with?
[21:11]
Ian Bramson
Sure, we, we, we offer a variety. We know that our, our clients, this is a lifetime life cycle approach, meaning we call it cyber Asset lifecycle management or calm, which is always a good thing for cyber. But we look at this from the very beginning, meaning when you're building it into greenfield or major modification, when you're building that utility, that site, that power station, that water treatment center, what do you need to build in? But then as you're running it, what do you need to do there? How do you also deal with the rest of what you have? So we offer everything from consulting, meaning what do I do next? Where do I go now? I just got the rose pinned on me. What now? To the actual implementation, meaning help me build this from the ground up, both on a site level and technology level and, and all the way through to the programmatic level and help me operate it, you know, because clients, our clients have this journey that they're going through to, from the what now? To help me build it, to help me run it. And we're there throughout that process and throughout all their new builds and their existing operations. It's a big challenge with a lot of facets to it. But we find that our clients really do need a partner who has been there, who knows how to build this stuff, knows how everything fits together, and can see them through that journey.
[22:41]
Dave Bittner
That's Ian Bramson from Black and veatch. And finally, OpenAI is squaring off with a federal judge over a sweeping court order that in essence forces it to save everything. Every deleted ChatGPT message, every temporary chat, even the API based confessions of businesses panicking about quarterly earnings. Why? Because the New York Times and others suing OpenAI over copyright concerns suspect that users are deleting chats to cover their digital tracks. The judge agreed and ordered OpenAI to preserve all logs. OpenAI now somewhere between concerned and hair on fire, argues this defies logic, privacy policy, and possibly several international laws. They say we didn't destroy data, we just honored users decisions. Now they're being told to keep everything, even your wedding vow drafts and that ill fated budget spreadsheet. Caught between litigation and privacy commitments, OpenAI wants the order tossed. Until then, users everywhere are side, eyeing their chat history and perhaps even considering a fling with Gemini. And that's the Cyberwire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners. We're collecting your insights through the end of this summer. There is a link in the show Notes. Please do check it out. Be sure to check out this weekend's Research Saturday and my conversation with Michael Gorlick from morphisec. We're discussing their research. New Noodlefile Stealer distributes via fake AI video generation platforms. That's Research Saturday. Check it out. N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer producer is Jennifer Ibin. Peter Kilpe is our publisher. And I'm Dave Bittner. Thanks for listening. We'll see you back here next week. Foreign hey everybody, Dave here. I've talked about Delete Me before and I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites, and they keep me updated with detailed reports so I know exactly what's been taken down. I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day. The Deleteme team handles everything. It's the set it and forget it piece of mind. And it's not just for individuals. DeleteMe also offers solutions for businesses, helping companies protect their employees personal information and reduce exposure to social engineering and phishing threats. And right now, our listeners get a special deal, 20% off your delete me plan. Just go to JoinDeleteMe.com N2K and use promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.