DOGE-eat-DOGE world.

Summary

CyberWire Daily: "DOGE-eat-DOGE World" – Detailed Summary

Podcast Information:

Title: CyberWire Daily
Host/Author: N2K Networks
Episode Title: DOGE-eat-DOGE World
Release Date: February 7, 2025

Overview: In this episode of CyberWire Daily, host Dave Bittner navigates through a series of pressing cybersecurity issues, ranging from the controversial use of AI by Doge in government auditing to critical vulnerabilities in popular applications. The episode also features an in-depth interview with John Anthony Smith, Founder and Chief Security Officer at Phoenix24, who emphasizes the paramount importance of robust backup systems in cybersecurity strategies. Additionally, the UK's newly launched Cyber Monitoring Centre is introduced, aiming to categorize and manage cyber incidents effectively.

1. Major Cybersecurity Headlines

a. Doge's AI-Driven Government Auditing

Overview: Doge, led by Elon Musk’s Department of Government Efficiency, is utilizing AI to scrutinize financial data within the US Education Department. This initiative extends to other departments, aiming to optimize government spending.
Details:
- AI Utilization: Analyzing grants, internal financial records, and personally identifiable information using Microsoft’s Azure cloud services.
- Objectives: Cut costs, eliminate inefficiencies, and potentially dissolve the department.
- Impact: Significant workforce reductions, including placing 100 Education Department employees on administrative leave due to diversity training participation.
- Concerns: Privacy violations, data breaches, lack of oversight, and potential misuse of sensitive data.
- Legal Actions: A federal judge has temporarily restricted Doge’s access to treasury payment systems following a lawsuit by advocacy groups.
Notable Quote:
- "Privacy experts worry about the unchecked power DOGE has gained, the potential for misuse of personal data, and the broader implications of AI-driven government restructuring." [02:25]

b. UK Demands Access to Encrypted iCloud Accounts

Overview: The British government has issued a secret legal demand to Apple for access to encrypted iCloud accounts under the Investigatory Powers Act Technical Capability Notice (TCN).
Details:
- Legal Basis: While reporting the existence of a TCN is legal, disclosing its specifics is prohibited.
- Implications: Potential creation of a backdoor for authorities to access global iCloud data.
- Apple’s Stance: Introduced optional end-to-end encryption for iCloud in 2022 despite law enforcement concerns.
- Ongoing Debate: Similar to debates surrounding Meta's end-to-end encrypted messaging.
Notable Quote:
- "Apple introduced optional end-to-end encryption for iCloud in 2022, despite law enforcement concerns about crime prevention." [02:32]

c. Critical Vulnerabilities in Deep Seek iOS App

Overview: Security firm NowSecure has identified severe vulnerabilities in the Deep Seek iOS app, urging enterprises and governments to ban its usage.
Details:
- Risks Identified: Unencrypted data transmission, weak encryption, insecure data storage, extensive data collection, and transmission to China.
- Impact: High potential for surveillance data breaches and compliance violations under PRC laws.
- Recommendation: Immediate removal of Deep Seek, adoption of secure AI alternatives, and continuous monitoring of mobile applications.
Notable Quote:
- "Under PRC laws, these issues pose significant threats, including surveillance data breaches and compliance violations." [02:32]

d. Microsoft Edge Enhances Security with AI Scareware Blocker

Overview: The latest version of Microsoft Edge introduces an AI-powered scareware blocker aimed at detecting and preventing tech support scams in real-time.
Details:
- Functionality: Utilizes computer vision to analyze webpage content without sending data to the cloud.
- Advantages: More effective than Defender SmartScreen in blocking scams by assessing webpage content directly.

e. Phishing Campaign Targeting Facebook Users

Overview: A sophisticated phishing campaign is compromising Facebook accounts by sending fake copyright infringement notices.
Details:
- Scope: Targeted over 12,000 email addresses, mainly affecting enterprises in the EU, US, and Australia.
- Methodology: Utilizes Salesforce’s email service to mimic legitimate communications, referencing companies like Universal Music Group.
- Risks: Victims directed to counterfeit Facebook support pages, leading to credential theft and account hijacking.
Notable Quote:
- "Attackers use Salesforce's email service to make phishing emails appear legitimate." [02:32]

f. Malicious Machine Learning Models on Hugging Face

Overview: Researchers at Reversing Labs have uncovered malicious machine learning models on Hugging Face that exploit vulnerabilities in Python’s Pickle serialization format.
Details:
- Threat: Embedded payloads capable of executing arbitrary code.
- Impact: Exploitation through seemingly legitimate models, posing severe security risks.
- Response: Hugging Face is enhancing its security measures, and developers are urged to avoid unverified models and consider safer serialization alternatives.
Notable Quote:
- "These models contain embedded payloads capable of executing arbitrary code, posing serious security risks." [02:32]

g. Gravy Analytics Faces Fourth Data Breach Lawsuit

Overview: Gravy Analytics, now part of Unicast, is embroiled in a fourth lawsuit alleging a massive data breach exposing 17 terabytes of personal data.
Details:
- Data Exposed: Precise locations of millions of smartphones from apps like Tinder, Grindr, Candy Crush, and VPN services.
- Affected Regions: Users in the US, Europe, and Russia.
- Legal Allegations: Negligence, breach of contract, and unfair competition.
- Regulatory Actions: The FTC has banned Gravy from selling sensitive location data.

h. CISA Warns of Critical Microsoft Outlook Vulnerability

Overview: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited Microsoft Outlook vulnerability known as Moniker Link.
Details:
- Vulnerability Type: Remote code execution flaw allowing attackers to bypass Office Protected View.
- Impact: Enables malicious Office files to open in editing mode, leading to NTLM credential theft, remote code execution, and full system compromise.
- Affected Products: Multiple Microsoft Office applications.
- Action Required: Federal agencies must patch by February 27th as per CISA’s known exploited vulnerabilities catalog.

2. In-Depth Interview: Importance of Backups with John Anthony Smith

Guest Profile:

Name: John Anthony Smith
Title: Founder and Chief Security Officer at Phoenix24

Key Discussion Points:

a. The Critical Role of Backups in Cybersecurity

Insight: John Anthony Smith emphasizes that backups are not just a standard security measure but potentially the most crucial control against modern cyber threats.
Quote:
- "What we see threat actors commonly doing is having an increasing willingness to not only target backups but also target production systems both for mass encryption and mass deletion." [13:38]

b. Current State of Cyber Resiliency and Recovery Strategies

Observation: Many organizations overestimate the effectiveness of their backup and recovery mechanisms.
Statistics: According to Smith, "80 to 92% of the time, the recovery capabilities that organizations believe will allow them to timely recover simply do not survive." [15:06]
Issues Identified:
- Poor orchestration of backup systems.
- Inadequate alignment with breach contexts.
- Dependence on flawed vendor guidelines for backup strategies.

c. Lessons from High-Profile Breaches

Takeaway #1: Ensure absolute confidence in recovery capabilities beyond relying solely on backup tooling manufacturers.
- "You need experts in recovery to advise on the survivability of your backup and recovery facility, period." [18:42]
Takeaway #2: Organizations must be prepared for mass recovery scenarios and rigorously test their recovery processes.
- "You should have absolute confidence in that technical rehydration time through rigorous and regular testing." [18:57]

d. Risk Assessment and Investment in Recovery vs. Resistance

Argument: There is a disproportionate focus on preventing breaches rather than ensuring effective recovery post-breach.
Quote:
- "Cyber resiliency essentially can be summed up with two pillars, resistance to a breach or prevention, as many call it, and recovery. He said essentially all organizations are over investing in resistance and largely ignoring recovery." [25:20]
Recommendation: Shift investment towards assured recovery mechanisms to complement existing preventive measures.

e. Solutions and Partnerships

Strategy: Orchestration of backup and recovery systems requires expertise and alignment with real breach contexts, which organizations often lack internally.
Solution Offered by Phoenix24: Providing expert guidance to orchestrate backup controls that are survivable and ensure timely recovery.
- "We work breach, we have breach context. Therefore we know how to orchestrate recovery in a survivable and timely recoverable fashion." [21:45]

f. Industry-Wide Preparedness

Finding: Across all industries and organization sizes, preparedness for mass recovery is glaringly inadequate.
Quote:
- "It seems to be all industries, all scales, all revenue sizes. Largely, largely every industry is getting this wrong." [23:20]

3. UK Launches Cyber Monitoring Centre (CMC)

Overview: The UK has introduced the Cyber Monitoring Centre, a pioneering system designed to classify cyber incidents similarly to how meteorological events are categorized.

Details:

Leadership: Former NCSC Chief Kieran Martin spearheads the CMC.
Functionality: Ranks cyber incidents from Category 1 (minor) to Category 5 (catastrophic), based on financial losses and the number of affected organizations.
Test Runs:
- Synovus NHS Fiasco: Rated as Category 2.
- CrowdStrike’s Self-Inflicted Chaos: Rated as Category 3.
Purpose: Initially for cyber insurers, with aspirations to inform policymakers, businesses, and the UK government.
Skepticism: Critics question the long-term efficacy, but proponents argue its necessity.
Notable Quote:
- "If this was easy, somebody would have done it already." – Kieran Martin [Timestamp not specified]

4. Additional Highlights and Upcoming Content

Research Saturday Preview: An upcoming study titled "Cleopatra's Shadow," featuring a mass exploitation campaign deploying a Java backdoor through zero-day exploitation of Clio MFT software, to be discussed with Mark Manglikmot from Arctic Wolf.
Listener Engagement: The podcast encourages feedback and ratings to enhance future content delivery.

Conclusion

This episode of CyberWire Daily delves into the multifaceted challenges of modern cybersecurity, highlighting the aggressive tactics of AI-driven entities like Doge, the ongoing battle over data privacy with encrypted services, and the ever-present threat of sophisticated phishing and malware campaigns. The conversation with John Anthony Smith underscores a critical gap in organizational preparedness for cyber incidents, advocating for a balanced investment in both preventive measures and robust recovery strategies. The UK's initiative with the Cyber Monitoring Centre represents a strategic move towards better classification and management of cyber threats, indicating a maturing approach to national cybersecurity governance.

Key Takeaways:

AI in Government Auditing: While aiming for efficiency, Doge’s AI applications raise significant privacy and oversight concerns.
Encryption and Law Enforcement: The tension between data privacy and law enforcement access continues to evolve, with governments pushing for backdoors despite resistance from tech giants.
Application Vulnerabilities: Continuous vigilance is essential as even widely-used applications like Deep Seek can harbor critical security flaws.
Phishing and ML Threats: Attackers are leveraging sophisticated methods to exploit both human and machine vulnerabilities.
Data Breaches: The recurring lawsuits against data brokers like Gravy Analytics highlight the persistent issues in data security and privacy compliance.
Backup Strategies: Effective backup and recovery systems are indispensable, yet most organizations are inadequately prepared to handle advanced cyber threats.
National Cyber Strategies: Initiatives like the UK's Cyber Monitoring Centre signify proactive steps towards comprehensive cyber incident management.

For a comprehensive understanding of these topics, listeners are encouraged to engage with the full episode and explore the detailed discussions and expert insights provided by CyberWire Daily.

Summary

CyberWire Daily: "DOGE-eat-DOGE World" – Detailed Summary

Podcast Information:

Title: CyberWire Daily
Host/Author: N2K Networks
Episode Title: DOGE-eat-DOGE World
Release Date: February 7, 2025

1. Major Cybersecurity Headlines

a. Doge's AI-Driven Government Auditing

Overview: Doge, led by Elon Musk’s Department of Government Efficiency, is utilizing AI to scrutinize financial data within the US Education Department. This initiative extends to other departments, aiming to optimize government spending.
Details:
- AI Utilization: Analyzing grants, internal financial records, and personally identifiable information using Microsoft’s Azure cloud services.
- Objectives: Cut costs, eliminate inefficiencies, and potentially dissolve the department.
- Impact: Significant workforce reductions, including placing 100 Education Department employees on administrative leave due to diversity training participation.
- Concerns: Privacy violations, data breaches, lack of oversight, and potential misuse of sensitive data.
- Legal Actions: A federal judge has temporarily restricted Doge’s access to treasury payment systems following a lawsuit by advocacy groups.
Notable Quote:
- "Privacy experts worry about the unchecked power DOGE has gained, the potential for misuse of personal data, and the broader implications of AI-driven government restructuring." [02:25]

b. UK Demands Access to Encrypted iCloud Accounts

Overview: The British government has issued a secret legal demand to Apple for access to encrypted iCloud accounts under the Investigatory Powers Act Technical Capability Notice (TCN).
Details:
- Legal Basis: While reporting the existence of a TCN is legal, disclosing its specifics is prohibited.
- Implications: Potential creation of a backdoor for authorities to access global iCloud data.
- Apple’s Stance: Introduced optional end-to-end encryption for iCloud in 2022 despite law enforcement concerns.
- Ongoing Debate: Similar to debates surrounding Meta's end-to-end encrypted messaging.
Notable Quote:
- "Apple introduced optional end-to-end encryption for iCloud in 2022, despite law enforcement concerns about crime prevention." [02:32]

c. Critical Vulnerabilities in Deep Seek iOS App

Overview: Security firm NowSecure has identified severe vulnerabilities in the Deep Seek iOS app, urging enterprises and governments to ban its usage.
Details:
- Risks Identified: Unencrypted data transmission, weak encryption, insecure data storage, extensive data collection, and transmission to China.
- Impact: High potential for surveillance data breaches and compliance violations under PRC laws.
- Recommendation: Immediate removal of Deep Seek, adoption of secure AI alternatives, and continuous monitoring of mobile applications.
Notable Quote:
- "Under PRC laws, these issues pose significant threats, including surveillance data breaches and compliance violations." [02:32]

d. Microsoft Edge Enhances Security with AI Scareware Blocker

Overview: The latest version of Microsoft Edge introduces an AI-powered scareware blocker aimed at detecting and preventing tech support scams in real-time.
Details:
- Functionality: Utilizes computer vision to analyze webpage content without sending data to the cloud.
- Advantages: More effective than Defender SmartScreen in blocking scams by assessing webpage content directly.

e. Phishing Campaign Targeting Facebook Users

Overview: A sophisticated phishing campaign is compromising Facebook accounts by sending fake copyright infringement notices.
Details:
- Scope: Targeted over 12,000 email addresses, mainly affecting enterprises in the EU, US, and Australia.
- Methodology: Utilizes Salesforce’s email service to mimic legitimate communications, referencing companies like Universal Music Group.
- Risks: Victims directed to counterfeit Facebook support pages, leading to credential theft and account hijacking.
Notable Quote:
- "Attackers use Salesforce's email service to make phishing emails appear legitimate." [02:32]

f. Malicious Machine Learning Models on Hugging Face

Overview: Researchers at Reversing Labs have uncovered malicious machine learning models on Hugging Face that exploit vulnerabilities in Python’s Pickle serialization format.
Details:
- Threat: Embedded payloads capable of executing arbitrary code.
- Impact: Exploitation through seemingly legitimate models, posing severe security risks.
- Response: Hugging Face is enhancing its security measures, and developers are urged to avoid unverified models and consider safer serialization alternatives.
Notable Quote:
- "These models contain embedded payloads capable of executing arbitrary code, posing serious security risks." [02:32]

g. Gravy Analytics Faces Fourth Data Breach Lawsuit

Overview: Gravy Analytics, now part of Unicast, is embroiled in a fourth lawsuit alleging a massive data breach exposing 17 terabytes of personal data.
Details:
- Data Exposed: Precise locations of millions of smartphones from apps like Tinder, Grindr, Candy Crush, and VPN services.
- Affected Regions: Users in the US, Europe, and Russia.
- Legal Allegations: Negligence, breach of contract, and unfair competition.
- Regulatory Actions: The FTC has banned Gravy from selling sensitive location data.

h. CISA Warns of Critical Microsoft Outlook Vulnerability

Overview: The Cybersecurity and Infrastructure Security Agency (CISA) has issued a warning about an actively exploited Microsoft Outlook vulnerability known as Moniker Link.
Details:
- Vulnerability Type: Remote code execution flaw allowing attackers to bypass Office Protected View.
- Impact: Enables malicious Office files to open in editing mode, leading to NTLM credential theft, remote code execution, and full system compromise.
- Affected Products: Multiple Microsoft Office applications.
- Action Required: Federal agencies must patch by February 27th as per CISA’s known exploited vulnerabilities catalog.

2. In-Depth Interview: Importance of Backups with John Anthony Smith

Guest Profile:

Name: John Anthony Smith
Title: Founder and Chief Security Officer at Phoenix24

Key Discussion Points:

a. The Critical Role of Backups in Cybersecurity

Insight: John Anthony Smith emphasizes that backups are not just a standard security measure but potentially the most crucial control against modern cyber threats.
Quote:
- "What we see threat actors commonly doing is having an increasing willingness to not only target backups but also target production systems both for mass encryption and mass deletion." [13:38]

b. Current State of Cyber Resiliency and Recovery Strategies

Observation: Many organizations overestimate the effectiveness of their backup and recovery mechanisms.
Statistics: According to Smith, "80 to 92% of the time, the recovery capabilities that organizations believe will allow them to timely recover simply do not survive." [15:06]
Issues Identified:
- Poor orchestration of backup systems.
- Inadequate alignment with breach contexts.
- Dependence on flawed vendor guidelines for backup strategies.

c. Lessons from High-Profile Breaches

Takeaway #1: Ensure absolute confidence in recovery capabilities beyond relying solely on backup tooling manufacturers.
- "You need experts in recovery to advise on the survivability of your backup and recovery facility, period." [18:42]
Takeaway #2: Organizations must be prepared for mass recovery scenarios and rigorously test their recovery processes.
- "You should have absolute confidence in that technical rehydration time through rigorous and regular testing." [18:57]

d. Risk Assessment and Investment in Recovery vs. Resistance

Argument: There is a disproportionate focus on preventing breaches rather than ensuring effective recovery post-breach.
Quote:
- "Cyber resiliency essentially can be summed up with two pillars, resistance to a breach or prevention, as many call it, and recovery. He said essentially all organizations are over investing in resistance and largely ignoring recovery." [25:20]
Recommendation: Shift investment towards assured recovery mechanisms to complement existing preventive measures.

e. Solutions and Partnerships

Strategy: Orchestration of backup and recovery systems requires expertise and alignment with real breach contexts, which organizations often lack internally.
Solution Offered by Phoenix24: Providing expert guidance to orchestrate backup controls that are survivable and ensure timely recovery.
- "We work breach, we have breach context. Therefore we know how to orchestrate recovery in a survivable and timely recoverable fashion." [21:45]

f. Industry-Wide Preparedness

Finding: Across all industries and organization sizes, preparedness for mass recovery is glaringly inadequate.
Quote:
- "It seems to be all industries, all scales, all revenue sizes. Largely, largely every industry is getting this wrong." [23:20]

3. UK Launches Cyber Monitoring Centre (CMC)

Overview: The UK has introduced the Cyber Monitoring Centre, a pioneering system designed to classify cyber incidents similarly to how meteorological events are categorized.

Details:

Leadership: Former NCSC Chief Kieran Martin spearheads the CMC.
Functionality: Ranks cyber incidents from Category 1 (minor) to Category 5 (catastrophic), based on financial losses and the number of affected organizations.
Test Runs:
- Synovus NHS Fiasco: Rated as Category 2.
- CrowdStrike’s Self-Inflicted Chaos: Rated as Category 3.
Purpose: Initially for cyber insurers, with aspirations to inform policymakers, businesses, and the UK government.
Skepticism: Critics question the long-term efficacy, but proponents argue its necessity.
Notable Quote:
- "If this was easy, somebody would have done it already." – Kieran Martin [Timestamp not specified]

4. Additional Highlights and Upcoming Content

Research Saturday Preview: An upcoming study titled "Cleopatra's Shadow," featuring a mass exploitation campaign deploying a Java backdoor through zero-day exploitation of Clio MFT software, to be discussed with Mark Manglikmot from Arctic Wolf.
Listener Engagement: The podcast encourages feedback and ratings to enhance future content delivery.

Conclusion

Key Takeaways:

AI in Government Auditing: While aiming for efficiency, Doge’s AI applications raise significant privacy and oversight concerns.
Encryption and Law Enforcement: The tension between data privacy and law enforcement access continues to evolve, with governments pushing for backdoors despite resistance from tech giants.
Application Vulnerabilities: Continuous vigilance is essential as even widely-used applications like Deep Seek can harbor critical security flaws.
Phishing and ML Threats: Attackers are leveraging sophisticated methods to exploit both human and machine vulnerabilities.
Data Breaches: The recurring lawsuits against data brokers like Gravy Analytics highlight the persistent issues in data security and privacy compliance.
Backup Strategies: Effective backup and recovery systems are indispensable, yet most organizations are inadequately prepared to handle advanced cyber threats.
National Cyber Strategies: Initiatives like the UK's Cyber Monitoring Centre signify proactive steps towards comprehensive cyber incident management.

For a comprehensive understanding of these topics, listeners are encouraged to engage with the full episode and explore the detailed discussions and expert insights provided by CyberWire Daily.

wavePod

Powered by Wave AI

Summary

1. Major Cybersecurity Headlines

2. In-Depth Interview: Importance of Backups with John Anthony Smith

3. UK Launches Cyber Monitoring Centre (CMC)

4. Additional Highlights and Upcoming Content

Conclusion

Summary

1. Major Cybersecurity Headlines

2. In-Depth Interview: Importance of Backups with John Anthony Smith

3. UK Launches Cyber Monitoring Centre (CMC)

4. Additional Highlights and Upcoming Content

Conclusion