CyberWire Daily Podcast Summary: "CISA Keeps Watch on Russia" | March 4, 2025

Hosted by N2K Networks

Introduction

In the March 4, 2025 episode of CyberWire Daily, hosted by Maria Varmazes, the focus centers on the ongoing cybersecurity landscape with a particular emphasis on the Cybersecurity and Infrastructure Security Agency’s (CISA) vigilance over Russian cyber threats. The episode delves into recent security vulnerabilities, notable cyberattacks, and previews upcoming segments that highlight expert insights and industry developments.

CISA’s Continued Monitoring of Russian Cyber Threats

The episode opens with a significant update from the U.S. Department of Homeland Security (DHS) concerning CISA’s stance on Russian cyber threats. Contrary to recent media reports, CISA reaffirms its commitment to monitoring and mitigating cyber threats originating from Russia.

Tricia McLaughlin, Assistant Secretary for Public Affairs at DHS, clarifies:

“CISA remains committed to addressing all cyber threats to US critical infrastructure, including from Russia. There has been no change in our posture or priority on this front.” [02:45]

This clarification comes in response to a The Guardian report alleging that CISA was redirected to prioritize Chinese threats, excluding Russia. McLaughlin refutes these claims, emphasizing that such a memo was never issued.

Furthermore, the episode touches upon unverified reports from Bloomberg about Defense Secretary Pete Heggestad ordering Cyber Command to halt offensive operations against Russia amid negotiations over the Ukraine war. Kim Zetter from Zero Day is mentioned for providing a comprehensive analysis that dispels these rumors, maintaining that no official stand-down order has been given.

Vulnerabilities and Patches: Broadcom and Google Respond

Broadcom and Google have been proactive in addressing critical security vulnerabilities:

• Broadcom issued patches for three actively exploited zero-day vulnerabilities affecting VMware products. These vulnerabilities could enable a virtual machine to escape into the Hypervisor, allowing attackers with compromised guest OS access to escalate privileges.

• Google released security updates for 43 vulnerabilities in Android, including two active zero days. Notably, one high-severity flaw in the Linux kernel's human interface device driver (CVE-2000, 24,503.02) was exploited by Serbian authorities using an exploit chain developed by Cellebrite.

Maria Varmazes highlights:

“CISA strongly recommends that all organizations, regardless of sector, prioritize the remediation of these vulnerabilities to mitigate potential exploitation risks.” [07:15]

The episode underscores the urgency for organizations to apply these patches promptly to safeguard their networks against potential exploits.

CISA Flags Critical Vulnerabilities

In addition to vendor patches, CISA has updated its catalog of known exploited vulnerabilities with several critical flaws:

• WhatsApp Gold: A critical path traversal vulnerability allowing unauthenticated remote code execution.
• Cisco Small Business RV Series Routers: A medium-severity command injection vulnerability, for which Cisco will not release a fix.
• Hitachi Ventera Pentaho BA Server: Two vulnerabilities involving special element injection and authorization bypass.
• Microsoft Windows win32k: An improper resource shutdown flaw enabling arbitrary code execution.

Federal agencies are mandated to address these vulnerabilities by March 24, 2025. CISA emphasizes the importance of prioritizing these fixes to protect organizational infrastructure.

Ransomware Attacks and Data Breaches

The episode reports on several notable cyber incidents:

1. Palau’s Health Ministry Ransomware Attack:

   On February 17, Palau’s Ministry of Health and Human Services (MHHS) suffered a ransomware attack attributed to the Chilin ransomware gang. Data exfiltration occurred, but MHHS indicates no significant impact on individual Palauans’ security.

   MHHS Statement:

   “The attack was a heinous crime by greedy cybercriminals that has put our ability to provide critical medical care and life-saving emergency services at risk.” [10:05]

   A Defend Forward team from US Cyber Command is assisting in the investigation.

2. Exposed Databases via Lost and Found Software:

   Cybersecurity researcher Jeremiah Fowler uncovered 14 unprotected databases containing approximately 820,750 sensitive records from Lost and Found software used by airports across North America and Europe. The breach exposed detailed information on lost items and personally identifiable information (PII), increasing risks of identity theft and fraud.

   Maria Varmazes notes:

   “This incident underscores the critical need for robust data protection measures in handling sensitive customer information.” [09:20]

3. Lee Enterprises Ransomware Attack:

   US newspaper publisher Lee Enterprises continues to grapple with the aftermath of a ransomware attack on February 3. The Qilin ransomware gang claimed responsibility, disrupting distribution, billing, and vendor payments. Freelancers and contractors have yet to receive payments since the attack.

   TechCrunch Report:

   “Attackers encrypted critical applications and exfiltrated certain files.” [10:45]

Upcoming Segments and Expert Insights

Threat Vector Segment Previews:

Maria Varmazes previews upcoming segments featuring expert discussions:

1. IoT Cybersecurity with Holly Hennessy:

   On March 6, Holly Hennessy, Principal Analyst for IoT Cybersecurity at Omdia, will discuss how attackers exploit vulnerabilities in connected environments and strategies for risk mitigation.

   Holly Hennessy states:

   “We’ll discuss how attackers exploit vulnerabilities in connected environments and the best approaches for risk mitigation.” [17:00]

2. International Women’s Day Special:

   Scheduled for March 13, the podcast will feature conversations with pioneering women from Palo Alto Networks, highlighting their journeys, challenges, and leadership insights in the cybersecurity field.

   Holly Hennessy shares:

   “They will share their journeys into cybersecurity, discuss the challenges they faced, and offer insights on leadership, innovation, and mentorship.” [20:03]

Featured Guests:

• Christy Fredricks, Chief Partnerships Officer at Palo Alto Networks, discusses her transition into cybersecurity driven by a mission to safeguard the digital way of life.

• Tanya Shastri, Senior Vice President of Product Management at Palo Alto Networks, elaborates on her journey from telecommunications to data analytics and security.

• Salma Manchanda and Stephanie Regan from Unit 42 share their inspirations and experiences in the cybersecurity realm, emphasizing the importance of continuous learning and impact-driven work.

Emerging Threats: Deepfake Technology

Towards the episode's conclusion, a critical discussion emerges on the rise of deepfake technology:

Maria Varmazes warns:

“Deepfake attacks in video calls surged by a staggering 300%. Cybercriminals are using AI to impersonate people in real time, bypassing facial recognition systems and tricking even the savviest professionals.” [26:10]

The podcast highlights the sophistication of deepfake attacks, which now extend beyond elite hackers to crime-as-a-service markets, making identity spoofing and scams more accessible and prevalent. Traditional verification methods are becoming obsolete, necessitating multi-layered defenses and advanced detection tools.

Advice for Organizations:

“Companies need to implement multi-layered defenses, deploy advanced deepfake detection tools, and most importantly, train employees to spot these sophisticated scams.” [26:10]

Conclusion

The March 4, 2025 episode of CyberWire Daily provides a comprehensive overview of the current cybersecurity threats, with a particular focus on CISA’s unwavering attention to Russian cyber activities. It underscores the importance of timely patching of vulnerabilities, highlights significant cyberattacks, and previews insightful discussions on IoT cybersecurity and the contributions of women in the field. Additionally, the episode raises awareness about the burgeoning threat of deepfake technology, urging organizations to adopt robust verification and defensive measures.

For those seeking to stay informed and ahead in the rapidly evolving cybersecurity landscape, this episode offers valuable insights and actionable information.

Notable Quotes:

• “CISA remains committed to addressing all cyber threats to US critical infrastructure, including from Russia.” — Tricia McLaughlin [02:45]

• “This incident underscores the critical need for robust data protection measures in handling sensitive customer information.” — Maria Varmazes [09:20]

• “Deepfake attacks in video calls surged by a staggering 300%.” — Maria Varmazes [26:10]

Stay Informed: To keep up with the latest in cybersecurity news and analysis, subscribe to CyberWire Daily and never miss an episode.