CyberWire Daily Episode Summary: "CVE Program Gets Last-Minute Lifeline"

Release Date: April 16, 2025

In this comprehensive episode of CyberWire Daily, host Dave Bittner navigates through a multitude of pressing cybersecurity issues, including critical funding extensions, whistleblower allegations, legislative actions, significant cyberattacks, emerging malware threats, and updates on software vulnerabilities. Additionally, the episode features an insightful segment on the EC Council Certified Ethical Hacker (CEH) exam, providing valuable guidance for aspiring cybersecurity professionals.

1. CVE Program Receives Urgent Funding Extension

The episode begins with an in-depth discussion about the Common Vulnerabilities and Exposures (CVE) program, a pivotal resource managed by the Mitre Corporation and funded by the US Government. The CVE program catalogues known cybersecurity vulnerabilities, assigning each a unique ID to standardize communication among security professionals globally.

Key Points:

• Funding Extension: The Cybersecurity and Infrastructure Security Agency (CISA) has extended funding for the CVE program by 11 months, narrowly averting a critical lapse ([Transcript Time: Not Specified]).
• Implications of Funding Gap: Mitre Corporation had announced plans to lay off 442 employees in McLean, Virginia, due to the cancellation of Department of Energy contracts, highlighting the program's financial fragility.
• Formation of CVE Foundation: In response to potential instability, CVE board members have established the CVE Foundation, a nonprofit aimed at ensuring the program's long-term viability and independence from governmental funding.
• Strategic Importance: The CVE program is essential for threat intelligence, patch management, and security automation, serving as the backbone for tools like the National Vulnerability Database.

Quote:

"Think of it as a Dewey Decimal system of cybersecurity flaws in a critical development for global cybersecurity."
— Dave Bittner ([Transcript Time: Unspecified])

2. Whistleblower Alleges Security Breach at NLRB

A significant revelation comes from federal cybersecurity specialist Daniel Baroulis, who has filed a whistleblower complaint alleging a security breach at the National Labor Relations Board (NLRB). Baroulis accuses the Department of Government Efficiency (DOGE) of facilitating unauthorized data access.

Key Points:

• Allegations: Baroulis claims that DOGE disabled security protocols, including multi-factor authentication and internal alerts, enabling a data breach that resulted in over 10 gigabytes of sensitive information being exfiltrated.
• Evidence: He provided screenshots showing unusual data spikes and cited foreign login attempts, including from a Russian IP using DOGE-created credentials.
• Government Response: The White House has countered, stating that DOGE has been transparent in its operations.
• Public Statement: Baroulis appeared on CNN to elaborate on his findings.

Notable Quote with Timestamp:

“[06:11] Daniel Baroulis: So I spent a lot of time in the private sector and you start to see these indicators of compromise sometimes and they, they kind of raise red flags. And so when you start seeing those, you put together the puzzle and more likely than not, that's how you flush out a breach. And I saw those same indicators in my agency and started raising the flag.”

3. Texas Establishes Its Own Cyber Command

Amid federal shifts in cybersecurity responsibilities, Texas is taking proactive measures by establishing its own state-level Cyber Command.

Key Points:

• Legislation Passed: The Texas House has approved legislation to create the Texas Cyber Command, backed by $135 million over two years.
• Operational Focus: The command will focus on cyber threat response, forensics, and training, operating through the University of Texas system at UT San Antonio.
• Governor Abbott’s Statement: Governor Greg Abbott has labeled the creation of the Cyber Command as an "emergency priority" in response to increasing cyberattacks targeting Texas infrastructure.

4. Dark Storm Team Disrupts Breach Forum with DDoS Attack

The Breach Forum, a well-known hacker marketplace, has faced another disruption following a Distributed Denial of Service (DDoS) attack by the pro-Palestinian hacktivist group Dark Storm Team.

Key Points:

• Attack Attribution: Dark Storm Team claimed responsibility for the takedown, citing Operation Soyclips—a long-term plan to infiltrate and disrupt hacker forums.
• Impact: The attack resulted in the temporary shutdown of the Breach Forum, stoking rumors about the possible arrest of Intel Broker, a figure associated with major past cyberattacks.
• Group Motives: Dark Storm promotes itself as a cybercrime-as-a-service group with both political and commercial objectives, targeting NATO nations and high-profile platforms like Elon Musk's X Twitter.

5. American Oversight Sues Federal Government Over Signal Gate

American Oversight, a watchdog group, has initiated a lawsuit against the federal government, alleging the misuse of Signal—an encrypted messaging platform—to evade transparency laws during military operations in Yemen.

Key Points:

• Allegations: The lawsuit claims that agencies like the CIA failed to preserve communications, violating the Federal Records Act by using disappearing messages.
• High-Level Involvement: Figures implicated include Secretary of Defense Pete Hegseth and Vice President J.D. Vance.
• Government’s Stance: The Justice Department argues there is no enforceable public right to challenge the deletion of such records.
• Future Plans: American Oversight intends to broaden the lawsuit to address systemic issues related to the use of Signal by national security officials, threatening democratic accountability and legal compliance.

6. SEC Reveals 2016 Cyberattack Exploiting EDGAR System

SEC Chairman John Clayton disclosed a significant cybersecurity incident from 2016, where attackers exploited vulnerabilities in the SEC's EDGAR system.

Key Points:

• Nature of the Breach: Attackers infiltrated the EDGAR system, which houses financial records of public companies, potentially enabling illicit stock trading through fake filings designed to manipulate markets.
• Additional Lapses: The breach highlighted other security shortcomings, such as unsecured emails and missing laptops.
• Response: Clayton affirmed that no personal data was compromised and pledged to enhance the SEC's cybersecurity measures to prevent future incidents.

7. Resolver Rat: A New Remote Access Trojan Threat

The cybersecurity community is now facing a new threat: Resolver Rat, a remote access trojan (RAT) targeting the healthcare and pharmaceutical sectors.

Key Points:

• Discovery: Identified by Morphisec, Resolver Rat spreads through phishing emails disguised as legal or copyright violation notices, with content tailored to regional languages.
• Technical Sophistication: The malware operates entirely in memory using .NET obfuscation techniques to avoid detection, secures persistence via registry and system folders, and exfiltrates large files in small chunks to blend with legitimate traffic.
• Global Reach: Instances of Resolver Rat have been detected in multiple languages, indicating its widespread targeting capability.

8. Microsoft Addresses Windows 11 Update-Induced Blue Screen Crashes

Users of Windows 11 are experiencing secure kernel errors leading to blue screen crashes following recent updates.

Key Points:

• Issue Source: Updates released in March and April have been identified as the cause of these crashes on devices running version 24H2.
• Mitigation Measures: Microsoft is employing Known Issue Rollback to automatically revert problematic updates on home and unmanaged business PCs within 24 hours. For enterprise systems, IT administrators must manually deploy a group policy fix.
• Additional Updates: Concurrently, Microsoft has issued emergency updates to address other critical Windows issues, including domain controller outages.

9. CERT BYTE: Preparing for the EC Council Certified Ethical Hacker Exam

In the CERT BYTE segment, host Chris Hare teams up with Troy McMillan to dissect a practice question for the EC Council Certified Ethical Hacker (CEH) exam, offering valuable insights for candidates.

Discussion Highlights:

• Practice Question: “What kind of computer-based social engineering technique attempts to redirect web traffic to malicious versions of websites through DNS poisoning?”
  Options:
  A) Farming
  B) Spear Phishing
  C) Whaling
  D) Spimming

• Analysis: Troy successfully identifies "Farming" as the correct answer through a process of elimination, distinguishing it from other social engineering techniques like Spear Phishing and Whaling.

Notable Exchange:

“[15:54] Chris Hare: That is correct. So your technique worked there. Farming is the act of redirecting web traffic to malicious versions of websites...”
— Dave Bittner

Additional Insights:

• Emphasis on mastering tools like Nmap for the CEH exam.
• Discussion on the career benefits of obtaining the CEH certification, including job advancements and entrepreneurial opportunities.

10. 4chan Suffers Major Breach by Soyjak Party Group

The online forum 4chan was recently taken offline following a significant breach attributed to the Soyjak Party, a hacktivist group.

Key Points:

• Operation Soyclips: The group claimed to have infiltrated and compromised 4chan's systems for over a year, exploiting outdated PHP setups from 2016.
• Data Leaked: Breached data includes admin panels, staff emails, and backend access details, with fragments of the site's code appearing on platforms like Kiwi Farms.
• Aftermath: 4chan's administrators are engaged in damage control, but the incident highlights vulnerabilities associated with maintaining outdated software infrastructure.

Conclusion

Today's episode of CyberWire Daily offers a thorough exploration of critical cybersecurity developments, from the lifeline funding extension for the CVE program to alarming whistleblower allegations and state-level cybersecurity initiatives. The discussion on emerging threats like Resolver Rat and significant breaches underscores the ever-evolving landscape of cyber threats. Additionally, practical advice for aspiring ethical hackers through the CEH exam segment provides actionable insights for career advancement in the field. As cyber threats continue to mount, such detailed briefings are invaluable for professionals striving to stay ahead in the dynamic world of cybersecurity.

For more detailed information and to access related links, listeners are encouraged to visit the CyberWire Daily website and refer to the show notes provided with the episode.