Loading summary
Dave Bittner
You're listening to the Cyberwire network, powered by N2K.
Maria Varmazes
And now a word from our sponsor.
Dave Bittner
Spy Cloud Identity is the new battleground and attackers are exploiting stolen identities to infiltrate your organization.
Maria Varmazes
Traditional defenses can't keep up.
Dave Bittner
Spy Cloud's holistic identity threat protection helps security teams uncover and automatically remediate hidden exposures across your users from breaches, malware and phishing to neutralize identity based threats like account takeover, fraud and ransomware. Don't let invisible threats compromise your business.
Maria Varmazes
Get your free corporate Darknet exposure report@spycloud.com.
Dave Bittner
Cyberwire and see what attackers already know. That's spycloud.com cyberwire.
Maria Varmazes
International law enforcement takes down a Darknet drug marketplace the Washington Post is investigating a cyber attack targeting several journalists email accounts Anubis Ransomware adds destructive capabilities the Gray Alpha Threat Group uses fake browser update pages to deliver advanced malware. Researchers uncover a stealthy malware campaign that hides a malicious payload in a jpeg image. Tenable patches 3 high severity vulnerabilities in NESSUS Agent attackers can disable secure boot on many Windows devices by exploiting a firmware flaw. Lawmakers introduce a bipartisan bill to strengthen coordination between CISA and hhs. Harry Coker reflects on his tenure as National Cyber Director. Maria Varmazes checks in with Brandon Karp on agentic AI and When online chatbots overshare, it's no laughing meta It's Monday, June 16th, 2025. I'm Dave Bittner and this is your Cyberwire Intel Brief. Thanks for joining us here today.
Dave Bittner
It's great to have you with us.
Maria Varmazes
Law enforcement from six countries have shut down the notorious Archetype Market, a darknet drug Marketplace active since 2020. The site hosted over 3,200 vendors and.
Dave Bittner
17,000 listings, trafficking a wide range of drugs and amassing more than 612,000 users. Transactions totaled 250 million euros in Monero as part of Operation Deep Sentinel, led by German police with Europol and Eurojust.
Maria Varmazes
Dutch authorities dismantled the platform's infrastructure.
Dave Bittner
A 30 year old German suspect believed to be the site's admin, was arrested.
Maria Varmazes
In Spain, authorities also detained a moderator.
Dave Bittner
And six top vendors. In Germany and Sweden, officers seize digital devices, drugs and 7.8 million euros in assets.
Maria Varmazes
This follows May's Operation Raptor, which targeted.
Dave Bittner
Dark web dealers globally, resulting in 270 arrests, 2 tons of drugs, 184 million euros in assets and 180 firearms seized.
Maria Varmazes
The Washington Post is investigating a cyber.
Dave Bittner
Attack that targeted email accounts of several journalists, including those covering national security Security.
Maria Varmazes
And China discovered Thursday.
Dave Bittner
The breach prompted a company wide password reset on Friday. While no other systems or customer data were impacted, the attack is suspected to involve a foreign government. The Wall Street Journal first reported the incident, noting Microsoft accounts were compromised.
Maria Varmazes
This follows a similar 2022 breach at News Corp.
Dave Bittner
Which also targeted journalists, data and communications.
Maria Varmazes
Anubis ransomware, active since late 2024, is a growing threat due to its destructive capabilities.
Dave Bittner
Initially known for data extortion without encryption, Anubis now encrypts files and includes a wiper module that permanently deletes them, making recovery impossible. Trend Micro reports that it operates under a ransomware as a service model and shares code with Sphinx Ransomware. Promoted on cybercrime forums by Supersonic and Anubis Media, it targets sectors like construction.
Maria Varmazes
Healthcare and engineering in Australia, Canada, Peru.
Dave Bittner
And the US Anubis gains access via.
Maria Varmazes
Spear phishing, escalates privileges, disables defenses and uses ECIES encryption.
Dave Bittner
Victims receive a ransom note threatening to leak stolen data. Its use of file wiping sets it apart, adding urgency and pressure on victims. Seven organizations are currently listed on its Tor based leak site. Researchers at Recorded Future have uncovered a.
Maria Varmazes
Stealthy campaign by the Gray Alpha Threat Group using fake browser update pages to.
Dave Bittner
Deliver advanced malware, including a new PowerShell loader named PowerNet.
Maria Varmazes
Active since April 2024.
Dave Bittner
This campaign marks a shift in GrayAlpha's.
Maria Varmazes
Tactics, combining fake updates, malicious 7 zip sites and the tag 124 traffic system.
Dave Bittner
Victims ultimately receive Net Support Rat, a remote access Trojan granting full system control.
Maria Varmazes
GrayAlpha's infrastructure mimics trusted brands like Google Meet and SAP Concurrent using JavaScript based.
Dave Bittner
Profiling to tailor attacks.
Maria Varmazes
Their infrastructure is hosted through bulletproof providers.
Dave Bittner
Notably Stark Industries Solutions. Analysts link GrayAlpha to Fin7, a well known cybercrime group.
Maria Varmazes
The campaign's continued activity into 2025 and.
Dave Bittner
Use of enhanced loaders like PowerNet and MaskBat show a technically advanced and persistent threat targeting multiple industries globally.
Maria Varmazes
Internet StormCenter researchers uncovered a stealthy malware campaign that hides a malicious payload in a JPEG image using steganography and a.
Dave Bittner
Modified base64 encoding technique. The malware is embedded after the image's end of image marker, making it invisible to standard file viewers and many security.
Maria Varmazes
Tools hosted at a suspicious domain.
Dave Bittner
The image looks normal but contains a. Net DLL payload. To avoid detection, the attackers substituted the symbol for a in the base64 encoding. Specialized tools like JPEGDump Py and ByteStats Py revealed the anomaly when decoded, the payload matched known malware linked to a documented threat campaign.
Maria Varmazes
This method highlights a growing risk as.
Dave Bittner
Media files commonly shared with little scrutiny can now be exploited for malware delivery, data theft, or establishing command and control channels.
Maria Varmazes
Tenable has patched three high severity vulnerabilities in NESSUS agent affecting Windows hosts.
Dave Bittner
These flaws allow non admin users to escalate privileges, execute code, or overwrite or delete system files with system privileges. CVSS scores range from 7.8 to 8.8. While there's no evidence of active exploitation, Tenable advises immediate updates. The vulnerabilities are pending full analysis by the National Vulnerability Database.
Maria Varmazes
Researchers at Binarle uncovered a vulnerability that.
Dave Bittner
Allows attackers to disable secure boot on many Windows devices by exploiting a flaw in UEFI firmware. The flaw, found in a module by.
Maria Varmazes
A rugged display vendor, allows arbitrary memory.
Dave Bittner
Writes stored in non volatile ram.
Maria Varmazes
This could let attackers overwrite secure boot.
Dave Bittner
Variables without detection even though the OS still appears protected. While the exploit requires admin and physical access, the risk is significant due to UEFI's preos role. Some UEFI distributions are immune, but most systems remain vulnerable. The flaw has likely circulated since October 2022. Microsoft has patched the issue and revoked certificates for 14 affected modules in its June 2025 patch.
Maria Varmazes
Tuesday update Lawmakers have introduced the bipartisan Healthcare Cybersecurity act to strengthen coordination between the Cybersecurity and Infrastructure Security Agency and the Department of Health and Human Services.
Dave Bittner
The bill, led by Representatives Brian Fitzpatrick.
Maria Varmazes
A Republican from Pennsylvania, and Jason Crow, Democrat from Colorado, would create a formal.
Dave Bittner
Liaison to improve threat sharing, communication and.
Maria Varmazes
Incident response for the healthcare sector. It also mandates cybersecurity training for hospital.
Dave Bittner
Staff and directs both agencies to study sector specific vulnerabilities, particularly in small and rural hospitals. A report to Congress would identify high risk medical devices and recommend actions to protect electronic health records and healthcare delivery.
Maria Varmazes
Critics argue the bill may overemphasize training.
Dave Bittner
Over structural issues like underfunding. Still, it responds to a rise in hospital cyberattacks that have disrupted care and leaked sensitive patient data.
Maria Varmazes
In an interview with the record, Harry Coker Jr. Former National Cyber director, and emphasized a collaborative and apolitical approach.
Dave Bittner
During his tenure in the Biden administration, he prioritized implementing the National Cybersecurity Strategy and its Actionable Implementation Plan, advocating for.
Maria Varmazes
Role clarity among federal cyber agencies and.
Dave Bittner
Building trust across the interagency. Coker celebrated progress on eliminating unnecessary degree requirements for cyber roles and spotlighting long standing Internet vulnerabilities such as weaknesses in the border Gateway protocol.
Maria Varmazes
He highlighted the need to improve support.
Dave Bittner
For state, local, tribal and territorial governments under constant cyber assault. And he urged a better balance between.
Maria Varmazes
Political appointees and career professionals in his.
Dave Bittner
Former office on regulatory harmonization, Coker called for mutual recognition of compliance across sectors and and tailoring based on core cybersecurity standards. His advice to his successor? Prioritize cyber clarify roles and build strong.
Maria Varmazes
Interagency collaboration to ensure national security and economic prosperity remain tightly interwoven. Coming up after the break, Maria Vermazes checks in with Brandon Karp on agentic AI and when online chatbots overshare, it's.
Dave Bittner
No laughing Meta.
Brandon Karp
Compliance regulations, third party risk, and customer security demands are all growing and changing fast. Is your manual GRC program actually slowing you down? If you've ever found yourself drowning in spreadsheets, chasing down screenshots or wrangling manual processes just to keep your GRC program on track, you're not alone. But let's be clear. There is a better way. Vanta's trust management platform takes the headache out of governance, risk and compliance. It automates the essentials from internal and third party risk to consumer trust, making your security posture stronger. Yes, even helping to drive revenue. And this isn't just nice to have. According to a recent analysis from IDC, teams using Vanta saw a 129% boost in productivity. That's not a typo, that's real impact. So if you're ready to trade in chaos for clarity, check out Vanta and bring some serious efficiency to your GRC game. Vanta GRC how much easier trust can be? Get started at vanta.com cyber.
Maria Varmazes
Maria Vermazes.
Dave Bittner
Is host of the T Minus Daily Space podcast right here on the N2K CyberWire network.
Maria Varmazes
She recently checked in with commentator Brandon Karpf to discuss agentic AI.
Dave Bittner
Here's their conversation.
Unnamed Guest
I wanted to get your thoughts on agentic AI and you had a whole bunch of thoughts. So tell me a bit about your thinking about what we're doing here, because this is sort of metagaming, but I want to hear it.
Yeah, and I think this is valuable to the audience because I'm showing up in their feeds about once a month. And ostensibly to talk about the intersection of cybersecurity and space, A pattern has emerged where we tend to have a conversation around here's an opportunity. The first conversation we had was on accelerating the pathways for delivering software to the DoD and to space Force. That was the first conversation. That's an opportunity. Our most recent conversation last month was around implementing DevSecOps and integrating GRC with DevSecOps, especially for the space industry and how challenging that could be, but also what that opens up. And it was a very practical recommendation for space technology companies to think about how they implement that. And so I think bouncing between here's an interesting challenge, industry challenge or industry opportunity, and then here's a practical thing that you can do at your organization. And we'll keep bouncing between those two types of topics every single month.
So today is going to be a setting the scene, describing the situation and getting some of your take, but we'll save the solutions for next time. All right, so the agentic AI was sort of the lead into this because I had been noticing at all the conferences I've been to that that is the phrase everybody's using. But of course it can mean a lot of different things. And also how you implement it within the space realm can be very different depending on what you're trying to do. And you had some specific thoughts about agentic AI and network architecture as it relates to space? Walk me through this.
Sure. So obviously agentic and anything AI is way overhyped. And in general, I think that the large companies themselves are overhyped, but the actual implementations and uses of the technology I actually think is underhyped. The other thing that is underhyped right now is the security implications of actually applying agentic technologies. And of course, agentic technologies are really just allowing a computer and a model to run workloads and do things autonomously by themselves for you for a specific purpose. It's the dream. It's the dream, right? We all just sit back, do nothing, and AI makes all the money that we need. And although we're probably pretty far away from that future, we're not far away from a future where organizations and individuals start chaining these systems together to talk to each other at machine speeds. And I think the industry has talked a lot about the security implications of AI in general. They have not talked about the higher level security implications of what happens when we start chaining these tools together and chaining these models together in an agentic system and opening up APIs and other standards of communication between AI to AI systems. And that opens up a whole new can of worms that I don't think anyone in this world is prepared for.
Right. Because usually when that conversation starts going places, people start going, okay, well we're doomed.
Or they go, yeah, well, we just put our normal security framework on and data loss prevention and everything's fine, and encryption and firewalls and just like what we've been doing for the last 30 years, because that's been going so well.
Super great. It's been going super well.
Dave Bittner
Yeah.
Unnamed Guest
There's definitely not an industry about how well it's going to be. So where is that middle path?
Yeah, well, and I think to get to that middle path, we actually need to talk about what the risk is. And then I will relate it to the space industry, I promise. This is related to the space industry.
Maria Varmazes
We'll get there.
Unnamed Guest
We'll get there, friends.
We will get there. So bear with me. But the threat here isn't actually the content of those communications, Right. Typically when we talk about data security and information security, we're talking about the actual content. Your Social Security number, your bank transaction data, your private personal data, your interactions with family and friends and messages. Actually, the real risk here is the metadata of those communications. And I'll explain why. So, as agentic AI and as these models are starting to accelerate, we're starting to standardize how they talk to each other. So Anthropic released a standard in the fall called MCP Model Context Protocol that is essentially a dynamic wrapper around the API interfaces of models and other systems that models would want to interact with that creates a standard of communication, essentially a protocol that allows those models and other models to talk to each other. It's a middleman, right? It's a middleman.
Interoperability, right?
Exactly. It's the Tower of Babel handing messages back and forth. But what that's done is it's created a standard that a lot of folks, I mean, we're talking about most of the large organizations in the world who have their own models and their own systems that want to chain to create agentic workflows. It's now a standard of how they talk to each other. And how they talk to each other is releasing a tremendous amount of information in the form of metadata, and it's not actually the details of the communication. And, and so it's now totally reasonable to say that an adversary who's looking at network traffic and looking at data flow from an organization out into the dirty Internet could see the specific traffic going from your model, your agentic model, to all of the other agentic models and micro models and systems and microservices that that model is reaching out to at machine speed. And when we talk about machine speed, we're talking about extraordinary amounts of data every second, going from your organization's model or agentic system to thousands of other systems and services on the dirty Internet and opening up what databases are being accessed, what services are being accessed, when the timing, the frequency of those things, potentially even who as an organization or an individual is using those systems. And when you start thinking about all of that metadata, it creates a very clear picture. And, and the clear picture it's creating is what you are doing, what your strategy is, what your agentic system is trying to achieve on your behalf, what your intent is. So the adversaries no longer need to decrypt your data to figure out what you're doing and why you're doing it. They just need to capture the traffic, which is actually a pretty trivial activity. And so that opens up a whole new set of vulnerabilities that the world is not prepared for as we implement the Model Context Protocol and implement agentic workflows within our organizations, that even if you secure all the data, the content is secure, but the context of your communication, the metadata is not secure, and the metadata becomes the message.
That's interesting. So content versus context is a great framework. The devil's advocate would say, and I don't know if I believe this, but I'm thinking it is. Okay, but how much can you really glean from context?
It really, it really, really, really is enough, and it's even enough today in a lot of, in a lot of use cases prior to the implementation of AI systems. I'll give you a couple anecdotes. There's a research group out of UC San Diego called the Caida C A I D A research group. They do a lot of Internet measurement activities, which essentially is the academia word for signals intelligence. And a couple years ago they published a paper where they were. Just by doing network analysis, just by looking at metadata of publicly available Internet traffic, they were able to identify the physical, physical locations of Comcast's most critical network exchange points and fiber points around the United States. And from that you can actually determine the couple nodes that you need to knock offline with. Like a car accident running into a telephone pole that would drop Comcast off of the Internet entirely. That was using just metadata.
Dave Bittner
Wow.
Unnamed Guest
Another great example is this fall Ben Gurion University released a proof of concept hack where they did a side channel attack just measuring packets going from an individual user on ChatGPT and ChatGPT's servers. And just by collecting that data, the packets themselves were encrypted, but just because how they knew how ChatGPT tokenizes data. And again, Model Context Protocol provides a standard for how data is transmitted between AI models. So very similar, but just knowing how OpenAI tokenizes data, Ben Gurion University was able at a greater than 50% accuracy determine the topic of the communications between a person and ChatGPT and at a greater than 20% accuracy, get perfect word replication of the prompts and the responses from OpenAI.
Oh dang.
The issue is there and you can get a lot of information about metadata. So now let's think about 10 years in the future. You've got a company that is thinking about doing M and A in your space and it's identifying M and A targets and it's finding the exact organization that you're trying to acquire and why. It's developing the strategy, it's sending data to a pricing model, a very specific kind of micro model. Think about microservices, but a micro model, it's that micro model's only job is to develop a pricing model to acquire this one opportunity. There's another market analysis model that's doing your go to market once you acquire. There's another model that is out there who is whole purpose is how you integrate a company into your organization. Your agent is doing all of this analysis in real time, figuring out the IP trade secret issues, etc. An individual who's looking at your agent doing all of those transactions could actually figure out ahead of time what your strategy is, who your acquisition target is, what your proprietary technology is, what your go to market strategy will be. Right. Just based on the frequency of those things and can tell that you're about to make a move. And imagine if you're a public company that is now information that can move a stock price.
Okay, so this is so, all right, I'm going to ask the obnoxious question.
Yeah.
How does this relate to space?
Yeah, yeah. So of course, and we'll tease this and we'll dive into this more. I, you know, I think the only two viable markets in the space industry in terms of the space segment are telecommunications and Earth Observation. That might change in the future, but to me that's the only two viable markets today for the space segment. So set aside Earth observation first for a moment. But talk about the telecommunications segment, right? And the fact that communication architectures have been up there for decades now and it's only increasing now. We're getting the direct to cell capabilities, ASD, Space Mobile and SpaceX. Everyone's kind of moving in this direction of massively increasing the Internet backbone capability of the space segment and actually the efficiency of transmitting packets from ground to space and using the space segment as a, as part of The Internet backbone and the Internet exchange points for the large scale autonomous systems. I think that the fact that there's such a barrier to entry, to actually getting those essentially routers and servers and processes running on low earth orbit or medium earth orbit satellites, there's a huge barrier to entry that makes it much more difficult for an adversary to get a measurement capability in a space segment, but also how the space segment functions. From a telecommunications perspective, those are essentially relays. They're a little more sophisticated than a Internet based router in a large data center at an Internet exchange point where you've got fiber lines coming in. By adopting, we don't have time today to go into the details, but next time we talk, we should go into the details about how I think you can do this. But actually adopting a space segment component of your backbone of your wide area network. So instead of going directly from your network to the dirty Internet, you go from your network to a space segment and you essentially relay your communications into the space segment and then out into the dirty Internet provides a layer of obfuscation for your metadata, where it could potentially hide the true source and destination, the true frequency and velocity and activity of your data, and the real metadata of what's happening inside your wide area network for your organization. And so, by relaying and essentially proxying your data first through a space segment before going terrestrial into the Internet backbone, I think could actually provide one layer of protection against these types of network analysis attacks and reconnaissance attacks.
Okay, so we have to put a pin in that, because we do have to conclude, but I'm just thinking, okay, how would that work? And why? So the how and the why of that will definitely be next time.
Maria Varmazes
Be sure to check out T minus wherever you get your favorite podcasts. And finally, imagine asking a chatbot a.
Dave Bittner
Private question only to find out you accidentally shared it with the world. That's the awkward reality unfolding on Meta's new AI app, where users are unknowingly posting their chats publicly.
Maria Varmazes
The app includes a share button that brings up a post preview.
Dave Bittner
But many people seem unaware they're broadcasting everything from innocent queries to very personal matters. One user asked about skin irritation. Another wanted help writing a letter for someone facing legal trouble, full names included. And yes, someone asked about the science of smelly farts. The app doesn't clearly explain what's being shared or with whom, especially if it's linked to a public Instagram account.
Maria Varmazes
It's a surprising misstep from one of.
Dave Bittner
The world's biggest tech companies. While the app only has 6.5 million downloads so far. It's already gaining attention for all the wrong reasons. Let this be a Read the fine print before you click Share.
Maria Varmazes
And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com don't forget to check out the Grumpy Old Geeks podcast where I contribute to a regular segment on Jason and Brian's show. Every week.
Dave Bittner
You can find Grumpy Old Geeks where all the fine podcasts are listed.
Maria Varmazes
We'd love to hear from you. We're conducting our annual audience survey to learn more about our listeners.
Dave Bittner
We're collecting your insights through the end of the summer.
Maria Varmazes
There is a link in the show notes. Please take a moment and check it out. N2K's senior producer is Alice Carruth.
Dave Bittner
Our Cyberwire producer is Liz Stokes.
Maria Varmazes
We're mixed by Trey Hester with original.
Dave Bittner
Music and sound design by Elliot Peltzman.
Maria Varmazes
Our executive producer is Jennifer Iban. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening.
Dave Bittner
We'll see you back here tomorrow.
Maria Varmazes
Hey everybody, Dave here.
Dave Bittner
I've talked about Delete Me before and.
Maria Varmazes
I'm still using it because it still works. It's been a few months now, and I'm just as impressed today as I was when I signed up. Delete Me keeps finding and removing my personal information from data broker sites, and.
Dave Bittner
They keep me updated with detailed reports so I know exactly what's been taken down.
Maria Varmazes
I'm genuinely relieved. Knowing my privacy isn't something I have to worry about every day.
Dave Bittner
The Delete Me team handles everything. It's the set it and forget it peace of mind. And it's not just for individuals.
Maria Varmazes
Deleteme also offers solutions for businesses, helping companies protect their employees personal information and.
Dave Bittner
Reduce exposure to social engineering and phishing threats.
Maria Varmazes
And right now, our listeners get a special 20% off your DeleteMe plan. Just go to JoinDeleteMe.com N2K and use.
Dave Bittner
Promo code N2K at checkout. That's JoinDeleteMe.com N2k code N2K.
Release Date: June 16, 2025
Host: N2K Networks
In today’s episode of CyberWire Daily, hosted by Dave Bittner and Maria Varmazes, listeners are brought up to speed with significant developments in the cybersecurity landscape. This episode covers the shutdown of a major darknet drug marketplace, sophisticated cyber attacks targeting journalists, the evolution of Anubis ransomware, advanced malware campaigns, critical vulnerability patches, and legislative efforts aimed at strengthening healthcare cybersecurity. Additionally, the episode delves into the emerging challenges posed by agentic AI, featuring an in-depth discussion with commentator Brandon Karp.
Law enforcement agencies from six countries have successfully dismantled the notorious Archetype Market, a darknet drug marketplace that had been active since 2020. This operation, part of Operation Deep Sentinel, was led by German police in collaboration with Europol and Eurojust. As Maria Varmazes reports at [02:35], "Law enforcement from six countries have shut down the notorious Archetype Market, a darknet drug Marketplace active since 2020."
Key Highlights:
The Washington Post is investigating a sophisticated cyber attack that targeted the email accounts of several journalists, including those covering national security. As highlighted by Maria Varmazes at [03:45], "The Washington Post is investigating a cyber attack that targeted email accounts of several journalists, including those covering national security Security."
Details of the Incident:
Anubis ransomware, active since late 2024, has expanded its threat profile by incorporating destructive capabilities. As Maria Varmazes explains at [04:22], "Anubis ransomware, active since late 2024, is a growing threat due to its destructive capabilities."
Evolution of Anubis Ransomware:
Researchers at Recorded Future have uncovered a stealthy malware campaign orchestrated by the Gray Alpha Threat Group. Maria Varmazes details this at [05:30], "Researchers at Recorded Future have uncovered a stealthy campaign by the Gray Alpha Threat Group using fake browser update pages to deliver advanced malware."
Key Components of the Campaign:
In another significant development, Internet StormCenter researchers have identified a malware campaign that conceals malicious payloads within JPEG images using steganography and modified base64 encoding techniques. As Dave Bittner explains at [06:46], "The malware is embedded after the image's end of image marker, making it invisible to standard file viewers and many security tools."
Technical Insights:
Tenable has addressed three high-severity vulnerabilities in its NESSUS agent affecting Windows hosts. Maria Varmazes highlights this at [07:40], "These flaws allow non-admin users to escalate privileges, execute code, or overwrite or delete system files with system privileges."
Vulnerability Details:
Researchers at Binarle have discovered a critical vulnerability that allows attackers to disable secure boot on numerous Windows devices by exploiting a flaw in UEFI firmware. Maria Varmazes discusses this at [08:14], "The flaw, found in a module by a rugged display vendor, allows arbitrary memory writes stored in non-volatile RAM, letting attackers overwrite secure boot variables without detection."
Vulnerability Insights:
Lawmakers have introduced the bipartisan Healthcare Cybersecurity Act aimed at enhancing coordination between the Cybersecurity and Infrastructure Security Agency (CISA) and the Department of Health and Human Services (HHS). As Maria Varmazes notes at [09:24], "The bill would create a formal liaison to improve threat sharing, communication, and incident response for the healthcare sector."
Act Highlights:
In an insightful interview, Harry Coker Jr., former National Cyber Director, reflects on his tenure and the importance of interagency collaboration. Maria Varmazes introduces this segment at [10:17], "Harry Coker emphasizes a collaborative and apolitical approach during his tenure in the Biden administration."
Key Reflections:
In a forward-looking discussion, Maria Varmazes engages with commentator Brandon Karp to explore the concept of agentic AI and its burgeoning security implications. At [13:40], Brandon Karp states, "Agentic technologies are just allowing a computer and a model to run workloads and do things autonomously by themselves for you for a specific purpose."
Discussion Highlights:
A recent misstep by Meta’s new AI application has raised privacy concerns as users inadvertently share private information publicly. Dave Bittner highlights this issue at [27:12], "Imagine asking a chatbot a private question only to find out you accidentally shared it with the world."
Incident Details:
Today's episode of CyberWire Daily provides a comprehensive overview of pressing cybersecurity issues, from the successful takedown of darknet marketplaces to the evolving threats posed by ransomware and advanced malware campaigns. The discussion on agentic AI with Brandon Karp offers a glimpse into the future challenges that organizations may face as AI systems become more autonomous and interconnected. Additionally, the legislative efforts to secure the healthcare sector and reflections from former National Cyber Director Harry Coker underscore the multifaceted nature of modern cybersecurity. As always, staying informed and proactive is essential in navigating this rapidly evolving landscape.
For more detailed insights and updates on these stories, listeners are encouraged to visit The CyberWire. Stay tuned for more episodes, and don’t forget to participate in our annual audience survey to help us serve you better.