CyberWire Daily: Episode Summary – "Fingers Point East"

Release Date: May 28, 2025
Host: Dave Bittner, N2K Networks
Guest: Tony Valleka, CEO of Cyberproof

1. Introduction

In the May 28, 2025 episode of CyberWire Daily, host Dave Bittner delves into a spectrum of pressing cybersecurity issues, ranging from state-sponsored cyber espionage to innovative threat management strategies. The episode also features an insightful interview with Tony Valleka, CEO of Cyberproof, who discusses the evolving landscape of exposure management and the integration of AI in cybersecurity.

2. Key Cybersecurity News

a. Chinese State-Sponsored Cyber Espionage in the Czech Republic
The Czech Republic has accused Chinese state-backed hackers, specifically the APT31 group linked to China's Ministry of State Security, of conducting a cyber espionage campaign targeting its Ministry of Foreign Affairs since 2022. Despite targeting an unclassified network without breaching it, Czech Foreign Minister Jan Lipovský stated, "China's interference efforts aim to weaken Czech democracy" [04:50]. The Czech authorities have shared their findings with EU and NATO allies, receiving support amid growing condemnation of China's cyber threats. China has yet to respond to these accusations.

b. Leadership Crisis at CISA
The Cybersecurity and Infrastructure Security Agency (CISA) is undergoing a significant leadership upheaval, with nearly all top officials resigning or planning to leave by the end of May [06:15]. Key figures like Matt Hartman and Boyden Rohner are among the departing leaders, raising concerns about the agency's capacity to manage rising cyber threats effectively. Experts warn that this exodus could undermine national cybersecurity and the support of critical infrastructures just when it is most needed.

c. Malware Spread via Fake AI Video Generator Websites
Cybercriminals are exploiting the popularity of AI tools by creating fraudulent websites that mimic legitimate services like Luma AI and Canva Dreamlab. These fake sites disseminate malware, including StarkVail, which steals data and opens backdoors for further access [07:30]. Mandiant has attributed this campaign to the Vietnamese group UNC6032. Meta has collaborated with Mandiant to remove many malicious ads, highlighting the widespread threat posed by deceptive AI tool fronts.

d. Browser Security Updates
Google and Mozilla have released updates—Chrome 137 and Firefox 139 respectively—to address 21 security vulnerabilities, including high-severity flaws that could allow code execution or crashes [09:45]. Users are urged to update their browsers promptly to protect against these vulnerabilities, which are common exploitation targets for attackers.

e. Stealthy Phishing Campaign Delivering Remcos RAT via DBAT Loader
Researchers at Any Run have identified a sophisticated phishing campaign that delivers the Remcos Remote Access Trojan (RAT) through the DBAT Loader [11:10]. The attack employs obfuscated scripts and legitimate Windows tools to evade detection. Victims receive phishing emails containing malicious archives that trigger the attack chain, ultimately embedding Remcos into trusted processes for persistent access. This highlights the need for dynamic analysis to counter modern evasive threats effectively.

f. Fake Bitdefender Website Spreading Malware
A fraudulent Bitdefender download site, BitdefenderDownload.co, is distributing malware aimed at stealing financial data and ensuring long-term system access [13:00]. The site mirrors the legitimate Bitdefender download page and entices users to download a zip file containing Venom Rat, Storm Kitty, and Silent Trinity malware. Bitdefender is actively working to take down the site, and Chrome now blocks access to the malicious link. Users are advised to download antivirus software only from official sources.

g. Medusa Ransomware Breach of ReMax
Medusa ransomware has claimed responsibility for breaching the global real estate firm ReMax, exfiltrating 150 gigabytes of data and demanding a $200,000 ransom [14:00]. Although ReMax has not confirmed the breach, the leaked data reportedly includes sensitive information such as agent contact details and property schematics from 2021 to 2023. Security experts warn of potential risks like identity theft and fraud resulting from the exposed data.

h. Critical Vulnerability in Johnson Control's I Star Configuration Tool
CISA has issued an advisory regarding a critical memory leak vulnerability in Johnson Control's I Star Configuration utility tool, affecting all versions prior to 6.9.5 [15:30]. With a CVSS score of 7.4, this flaw could expose sensitive data and impact industrial control systems across vital sectors like energy and transportation. CISA recommends implementing defense-in-depth strategies, including network segmentation and regular security assessments.

i. Guilty Plea of Iranian National for Ransomware Attacks
Iranian national Sina Golenahad has pleaded guilty to deploying Robin Hood ransomware targeting several U.S. cities, including Baltimore and Greenville, North Carolina [17:20]. His actions have caused tens of millions in damages and disrupted essential public services. Golenahad faces up to 30 years in prison, with sentencing scheduled for August. The Justice Department highlighted the significance of international cooperation in apprehending cybercriminals, emphasizing that attacks on critical public systems will face severe consequences.

3. Interview with Tony Valleka, CEO of Cyberproof

a. Exposure Management and Risk-Focused Approach
In an in-depth conversation, Tony Valleka discusses the evolution of exposure management towards a more risk-focused approach. He emphasizes the shift from traditional "single pane of glass" models to systems that prioritize proactive threat mitigation based on cost-effectiveness. Valleka states, "The single pane of glass needs to start guiding people on what's the best dollar next dollar spent to reduce my cyber risk" [15:16]. This approach involves understanding where to allocate resources for maximum risk reduction, whether through exposure reduction, detection rule enhancements, or enhanced threat intelligence.

b. Tailoring Risk Assessment to Organizational Needs
Valleka highlights the importance of customizing risk assessments to fit an organization's specific needs, noting that "risk itself needs to be tailored to the organization that you have" [16:35]. He critiques traditional models that attempt to quantify risk in monetary terms, advocating instead for prioritizing actions that effectively mitigate the most pertinent threats.

c. Common Blind Spots in Risk Evaluation
Addressing common blind spots, Valleka points out that many organizations struggle to operationalize threat intelligence, making it difficult to prioritize exposures effectively [17:53]. He underscores the necessity of a continuous view of threat actors' activities and ensuring that security operations can detect and respond to current attack techniques.

d. Integration of AI in Cybersecurity
AI remains a pivotal topic, with Valleka discussing both its potential and challenges in cybersecurity [20:33]. He notes the emergence of agentic AI for tasks like threat hunting and Level 1 Security Operations Center (SOC) duties, stating, "This has a promise of maybe offloading today... purpose-built agents to do threat hunting and L1 SOC" [20:54]. Valleka also emphasizes the importance of regulatory frameworks for AI, such as the OAUTH top 10 for Large Language Models (LLMs), to guide ethical and effective AI usage in security contexts.

e. Advice for Cybersecurity Professionals
For those embarking on enhancing their organization's exposure management, Valleka advises focusing on execution and effective communication [24:07]. He encourages security teams to prioritize their actions, communicate risks in business terms, and maintain flexibility to adapt to the rapidly changing threat landscape.

f. Insights from RSAC 2025
Valleka shares his experiences from the RSAC 2025 conference, highlighting the innovation and problem-solving approaches of new startups [25:14]. He emphasizes the industry's responsibility to support and integrate innovative solutions to advance cybersecurity measures.

4. Emerging Concerns in Neurotechnology Privacy

Towards the end of the episode, Bittner addresses alarming developments in neurotechnology privacy. U.S. senators Chuck Schumer, Maria Cantwell, and Ed Markley have urged the FTC to investigate brain-computer interface companies for potential violations of mental privacy [26:30]. A Neuro Rights foundation study revealed that 29 out of 30 neurotech firms collect users' brain-related data, often without explicit consent. Without stringent regulations, these technologies risk becoming tools for invasive data mining, threatening individuals' mental privacy, identity, and autonomy. The segment underscores the urgent need for regulatory frameworks to protect sensitive cognitive data.

5. Conclusion

In this episode of CyberWire Daily, Dave Bittner provides a comprehensive overview of significant cybersecurity threats and trends, while Tony Valleka offers expert insights into evolving exposure management strategies and the integration of AI in cybersecurity practices. The discussion highlights the critical need for tailored risk assessments, proactive threat prioritization, and robust regulatory measures to safeguard both digital and cognitive privacy.

Notable Quotes:

• Tony Valleka on Single Pane of Glass Evolution:
  "The single pane of glass needs to start guiding people on what's the best dollar next dollar spent to reduce my cyber risk." [15:16]

• Valleka on Risk Tailoring:
  "Risk itself needs to be tailored to the organization that you have." [16:35]

• On AI's Role in Cybersecurity:
  "This has a promise of maybe offloading today... purpose-built agents to do threat hunting and L1 SOC." [20:54]

• Advice to Cybersecurity Professionals:
  "Step back, take a look at the landscape, pick your priorities, take a deep breath and execute." [24:07]

For more detailed insights and daily updates, visit CyberWire Daily.