Former cybersecurity officials lose clearances. - CyberWire Daily

Summary6 min read

CyberWire Daily - Episode Summary: Former Cybersecurity Officials Lose Clearances

Release Date: April 10, 2025
Host: Dave Buettner
Guest: Anushika Babu, Chief Growth Officer at AppSec Engineer

1. Political Developments and Security Clearances

Key Events:

Revocation of Security Clearances: On April 9, 2025, President Donald Trump signed executive orders stripping security clearances from Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency (CISA), and Miles Taylor, a former Department of Homeland Security official. Both individuals had been vocal critics of Trump’s administration.
- Dave Buettner highlights, “[...] both individuals had previously criticized Trump's administration. The president also directed the Department of Justice to investigate their actions” (00:00:35).
Senator Ron Wyden’s Hold on CISA Nominee: Senator Ron Wyden placed a hold on Sean Plenky’s confirmation as the head of CISA, citing concerns over unresolved vulnerabilities in the U.S. telecommunications sector. Wyden demands the release of a 2022 unclassified report detailing these cybersecurity shortcomings before proceeding with the nomination.
- Buettner states, “Wyden's objection stems from what he describes as a multi-year cover-up of significant vulnerabilities within the US Telecommunications sector” (00:03:10).
Senate Hearing with Lt. Gen. William Hartman: Lt. Gen. William Hartman, the acting head of U.S. Cyber Command and the NSA, testified before the Senate following the unexpected dismissal of his predecessor, Gen. Timothy Hogg. Lawmakers expressed bipartisan concern over the abrupt leadership change and its impact on cyber Command’s modernization and strategy against threats, particularly from China.
- Buettner notes, “Hartman defended the dual hat role, stressing its value for agility and unified national security efforts” (00:04:50).

2. Escalating Cyber Tensions in U.S.-China Trade Relations

The ongoing U.S.-China trade war has increasingly infiltrated the cyber domain. China has initiated an antitrust investigation into Google and imposed new tariffs and export controls in retaliation against U.S. economic measures. These actions underscore the deepening complexities of cyber diplomacy, where economic policies are intricately linked with cybersecurity strategies.

Buettner observes, “These actions highlight the deepening complexities of cyber diplomacy and the intertwining of economic policies with cybersecurity strategies” (00:05:30).

3. Research and Emerging Vulnerabilities

a. Effectiveness of Large Language Models (LLMs) in Cyber Threat Intelligence: A study by Mezhi, Masachi, and Thoma assessed the capability of LLMs to automate cyber threat intelligence (CTI) tasks using 350 real-world CTI reports. Results indicated that LLMs exhibit inconsistencies and overconfidence, struggling particularly with processing full-length CTI reports. Even with fine-tuning, improvements were minimal, highlighting the necessity for human oversight in critical cybersecurity contexts.

Buettner summarizes, “The study highlights concerns about deploying LLMs in CTI scenarios, emphasizing the need for human oversight due to the critical importance of reliability and confidence in cybersecurity contexts” (00:06:15).

b. Vulnerabilities in Connected Devices:

Nissan Leaf Electric Vehicles: Researchers at PC Automotive discovered vulnerabilities in the 2020 Nissan Leaf that allow remote hacking via the infotainment system’s Bluetooth. Demonstrated at Black Hat Asia 2025, the exploit permits spying activities such as location tracking and recording cabin conversations, as well as physical control over the vehicle’s features.
- Buettner reports, “The flaws now assigned 8 CVEs were confirmed by Nissan, which pledged ongoing cybersecurity improvements without revealing specific mitigations” (00:07:10).
TP-Link Topo H200 Smart Hub: A critical vulnerability in the TP-Link Topo H200 smart hub exposes users' Wi-Fi credentials due to plain text storage in firmware. Rated medium severity, this flaw affects firmware version 1.4 or earlier and underscores persistent IoT security concerns, as attackers with physical access can compromise entire home networks.
- Buettner states, “This issue underscores persistent IoT security concerns” (00:07:45).

c. Forescout’s 2025-Riskiest Connected Devices Report: Forescout’s report reveals that routers are now the most vulnerable devices in enterprise networks, accounting for over half of the most critical vulnerabilities. The overall device risk has increased by 15% from the previous year, with routers, firewalls, and ADCs being top targets, often exploited as zero-day vulnerabilities. Additionally, the report highlights a shift away from encrypted SSH to unencrypted telnet, raising further security concerns.

Buettner comments, “Modern threats span IT, IoT, OT and IOMT, demanding broader cross-domain security strategies” (00:08:45).

4. Law Enforcement Actions Against Botnets

Operation Endgame: European and North American law enforcement agencies arrested five users involved in the Smoke Loader botnet during the second phase of Operation Endgame. These individuals utilized the malware for various cybercrimes, including ransomware deployment, cryptocurrency mining, and surveillance. Smoke Loader, active since 2011, remains a potent modular malware due to its sophisticated evasion techniques and encrypted communications, despite previous takedowns.

Buettner notes, “This marks a shift in enforcement focus from infrastructure to the end users of malware” (00:09:30).

Europol’s identification of suspects was facilitated by a database seized in the operation’s first phase. The ongoing operation now includes a public portal for tips and updates, while security researchers continue to combat the threat with custom tools like Smoke Buster.

Buettner adds, “Operation Endgame is ongoing, with Europol launching a portal for tips and updates” (00:10:15).

5. Interview with Anushika Babu: Creative Uses of AI in Cybersecurity Marketing

Discussion Highlights: Anushika Babu discusses the transformative impact of AI on marketing within the cybersecurity sector. Initially, AI led to reductions in marketing departments by automating repetitive tasks. However, the perspective has shifted from fear of job loss to leveraging AI as a tool to enhance workflow efficiency and bridge gaps between marketing and sales teams.

Anushika Babu shares, “Marketing departments started to shrink... But today, people have taken a more positive stance, seeing AI as a tool to improve workflows” (13:13).

Key Use Cases:

Sales Transcript Analysis: AI tools are being used to transcribe sales demo calls, enabling marketers to identify patterns in customer objections and competitor mentions. This integration facilitates a feedback loop between sales and marketing, enhancing content strategy and customer engagement.
- Babu explains, “People have been downloading AI-written sales transcripts and finding patterns that benefit both sales and marketing teams” (14:00).
Content Marketing Solutions: Tools like Descript allow technical cybersecurity professionals, often camera-shy, to create and edit video content effortlessly by editing text transcripts. This lowers the barrier to producing engaging marketing materials without requiring extensive video editing skills.
- Babu mentions, “Tools like Descript really help because technical people are not going to be video editors” (18:00).
Survey and Data Analysis: AI aids in processing large datasets from customer surveys, identifying trends and suggesting improvements for future surveys. This capability enhances customer sentiment analysis and informs better marketing strategies.
- Babu states, “AI can find patterns of displeasure and suggest better formats for surveys” (19:45).

Potential Challenges:

AI Hallucinations: Babu cautions against inadequate prompt engineering, which can lead AI to produce inaccurate or misleading information. Properly formatted and context-rich prompts are essential to harness AI effectively without falling into pitfalls of over-reliance.
- Babu warns, “Don’t back your AI into a corner because it will be forced to lie” (16:59).

Future Outlook: Babu emphasizes that AI tools are here to stay and will fundamentally change marketing practices, akin to how calculators transformed mathematics. Embracing AI as a complementary tool will enable marketers to stay competitive and enhance their strategic capabilities.

Babu concludes, “AI is another tool that will change the way marketers market. You just rise to the occasion” (21:31).

6. Emerging Tools and Innovations

Flipper Zero and Busy Bar: The episode briefly touches on the latest innovations from the creators of Flipper Zero, a popular tool among security professionals. They have introduced Busy Bar, a device designed to enhance personal productivity by managing digital distractions. Equipped with a Pomodoro timer, LED display, tactile buttons, and integration with mobile apps, Busy Bar aims to create a focused work environment by silencing notifications and controlling smart home devices.

Buettner describes, “Busy Bar brings a hacker's sensibility to focus” (22:00).

Conclusion

The April 10, 2025, episode of CyberWire Daily provides a comprehensive overview of significant developments in the cybersecurity landscape, from political shifts and international tensions to innovative uses of AI in marketing and emerging security vulnerabilities. Through insightful discussions and expert interviews, the episode underscores the dynamic and interconnected nature of cybersecurity challenges and the evolving strategies to address them.

For more detailed insights and updates, listeners are encouraged to visit the CyberWire Daily website or reach out via their daily briefing email.

Note: Timestamps correspond to the transcript sections provided.

Loading summary

Transcript11 lines

[00:02]
Dave Buettner
You're listening to the Cyberwire network, powered by N2K. Secure access is crucial for US public sector missions, ensuring that only authorized users can access certain systems, networks or data. Are your defenses ready? Cisco's security service Edge delivers comprehensive protection for your network and users. Experience the power of zero trust and secure your workforce wherever they are. Elevate your security Strategy by visiting Cisco.com Go SSE that's Cisco.com Go SSE Trump targets former cybersecurity officials A senator blocks the CISA nominee over telecom security concerns the acting head of NSA and Cyber Command makes his public debut there's escalation of cyber tensions in the US China trade relations Researchers evaluate the effectiveness of large language models in automating cyber threat intelligence hackers at Blackhead Asia Pwn A Nissan Leaf A Smart Hub vulnerability exposes WI fi credentials A new report reveals router riskiness Endgame nabs smoke loader botnet users Our guest is Anushika Babu, Chief growth officer at AppSec Engineer, joining us to discuss creative ways people are using AI. And the folks behind Flipper Zero get busy. It's Thursday, April 10th, 2025. I'm Dave Buettner and this is your Cyberwire Intel Briefing. Thanks for joining us here today. It is great to have you with us. Yesterday, President Donald Trump signed executive orders revoking the security clearances of Chris Krebs, former director of the Cybersecurity and Infrastructure Security Agency, and Miles Taylor, former Department of Homeland Security official. Both individuals had previously criticized Trump's administration. The president also directed the Department of Justice to investigate their actions. During their tenure, Krebs had publicly refuted Trump's claims of election fraud in 2020, asserting the election's integrity, which led to his dismissal. At that time, Taylor, known for his anonymous 2018 op ed and subsequent book criticizing the Trump administration, had also faced the president's ire. These moves are part of Trump's broader effort to address dissent within his administration. It's hard to frame these moves as anything other than retaliatory and noteworthy that not only did the president strip Chris Krebs of his clearance, but but also everyone with a clearance at Sentinel 1, the cybersecurity firm where Krebs is now employed. In the legislative arena, Senator Ron Wyden has placed a hold on the confirmation of Sean Plenky, Trump's nominee to lead cisa. Wyden's objection stems from what he describes as a multi year cover up of significant vulnerabilities within the US Telecommunications sector. He insists that CISA release an unclassified report from 2022 detailing these cybersecurity shortcomings before proceeding with Planky's nomination. This action underscores the demand for greater transparency and accountability in addressing national cybersecurity challenges. Meanwhile, at a Senate Hearing, lawmakers questioned Lt. Gen. William Hartman, acting head of U.S. cyber Command and the NSA, following the surprise firing of his predecessor, Gen. Timothy Hogg. Senators from both parties voiced concern over the abrupt dismissal, calling it disrespectful and destabilizing. Though the hearing was brief and lightly attended, discussions touched on Cyber Command's modernization, leadership structure, and growing cyber threats from China. Hartman defended the dual hat role, stressing its value for agility and unified national security efforts. On the international front, the ongoing trade war between the US And China has increasingly extended into cyberspace. China has initiated an antitrust investigation into Google and imposed new tariffs and export controls in retaliation against U.S. economic measures. These actions highlight the deepening complexities of cyber diplomacy and the intertwining of economic policies with cybersecurity strategies. Collectively, these events depict a turbulent period for U.S. cybersecurity policy, characterized by internal political disputes, leadership uncertainties, and intensifying international cyber conflicts. The outcomes of these developments will likely have profound implications for the nation's cybersecurity posture and its approach to global cyber diplomacy. A recent study by Mezhi, Masachi and Thoma evaluates the effectiveness of large language models in automating cyber threat intelligence tasks. Using a Data set of 350 real world CTI reports, the researchers assessed LLMs performance under zero shot, few shot and fine tuned conditions. The findings reveal that LLMs struggle with processing full length CTI reports exhibiting inconsistencies and overconfidence in their outputs. Even with few shot learning and fine tuning improvements were limited. The study highlights concerns about deploying LLMs in CTI scenarios, emphasizing the need for human oversight due to the critical importance of reliability and confidence in cybersecurity contexts. Researchers at PC Automotive revealed a set of vulnerabilities in 2020 Nissan Leaf Electric vehicles that allow attackers to remotely hack the car via its infotainment system's Bluetooth, demonstrated at Black Hat Asia 2025. The exploit enables spying like tracking location and recording in cabin conversations, and physical control of features like doors, lights, and even the steering wheel while in motion. The flaws now assigned 8 CVEs were confirmed by Nissan, which pledged ongoing cybersecurity improvements without revealing specific mitigations. A critical vulnerability in the TP link Topo H200 smart hub exposes users WI fi credentials due to plain text storage in firmware. Attackers with physical access can extract these credentials, potentially compromising the entire home network. Rated Medium severity at 4.4, the flaw affects firmware version 1.4 or earlier. Discovered by Mumbai based researchers, the issue underscores persistent IoT security concerns. The Hub connects and controls smart devices, making the vulnerability a serious risk despite the need for direct device access. Forescout's 2025 riskiest connected devices report reveals Routers are now the riskiest devices in enterprise networks, responsible for over half of the most critical vulnerabilities. Device risk overall has jumped 15% from last year. While computers hold the most bugs, routers, firewalls and ADCs top the list for severity, often exploited as zero days. The top 20 riskiest device types now include 12 newcomers like Point of sale systems and healthcare workstations. IOMT devices also carry major threats. Retail leads in risk exposure, followed by finance, government, healthcare and manufacturing. Over 50% of non legacy Windows devices across sectors still run Windows 10. Nearing end of support there's also a shift away from encrypted SSH to unencrypted telnet, Forescout warns. Modern threats span it, iot, OT and IOMT demanding broader cross domain security strategies. Law enforcement in Europe and North America arrested five users of the Smoke Loader botnet service during the second phase of Operation Endgame. These individuals used the malware for cybercrimes like ransomware deployment, crypto mining and surveillance. This marks a shift in enforcement focus from infrastructure to the end users of malware. Europol identified suspects via a database seized from the operation's 2024 first phase. Smoke Loader, active since 2011, remains a potent modular malware despite earlier takedowns thanks to cracked versions. It uses sophisticated evasion techniques and encrypted communication to install various payloads. Some arrestees ran small scale crime as a service. Operations cooperation by suspects has yielded new intelligence. Operation Endgame is ongoing, with Europol launching a portal for tips and updates. Security researchers are countering the threat with custom tools like Smoke Buster. Coming up after the break, my conversation with Anushiko Babu from AppSec Engineer. We're discussing creative ways people are using AI and the folks behind the Flipper Zero get busy. Stay with us. Do you know the status of your compliance controls right now? Like right now, we know that real time visibility is critical for security, but when it comes to our GRC programs we rely on point in time checks. More than 8,000 companies like Atlassian and Quora have continuous visibility into their controls with Vanta. Here's the gist. Vanta brings automation to evidence collection across 30 frameworks like SoC2 and ISO 27001. They also centralize key workflows like policies, access reviews and reporting, and helps you get security questionnaires done five times faster with AI. Now that's a new way to GRC. Get $1,000 off Vanta when you go to vanta.com cyber that's vanta.com cyber for $1,000 off. Are you frustrated with cyber risk scores backed by mysterious data, zero context and cloudy reasoning? Typical cyber ratings are ineffective and the true risk story is begging to be told. It's time to cut the bs. Black Kite believes in seeing the full picture with more than a score. One where companies have complete clarity in their third party cyber risk using reliable quantitative data. Make better decisions. Reduce your uncertainty. Trust Black Kite Anushiko Babu is Chief growth officer at AppSec Engineer. I recently caught up with her to discuss some of the creative ways people are using AI.
[13:13]
Anushika Babu
So Dave, the thing is, I think marketing was literally the first chess piece to fall when AI really started becoming very commercial. I think marketing departments started to shrink, especially because a lot of marketing work today, especially in technology and SaaS, companies much like the ones that we are part of, have a lot of fat that can be trimmed, a lot of repetitive tasks. And so I feel like a lot of people kind of fell on that as the very first thing that they wanted to like root out and like cut the fat, so to speak. But I don't think like there was all that much method to the madness right at the beginning. Today I think people have taken less of a oh my God, I'm going to lose my job kind of stance and more of a oh, this is a great tool. I can totally use this to improve my workflows and make markups a little more efficient and then using it to integrate better visibility between marketing and sales and markups and making it less of, you know, working in silos kind of thing. For instance, one of the best users that I have seen lately, I mean just to kind of give you a problem statement around this issue first, is that the marketing guys are always going to be working in a silo away from sales and then sales is always working away from mark ops. And then one of the things that I have seen that has brought in an integration that has never been possible before is just at scale. People have been downloading AI, written out sales transcripts of demo calls and then One of the amazing things that marketing is doing is finding patterns within these transcripts of problems that the customers are facing or objections that are constantly being raised, other competitors that they hadn't thought of and things like that. And they're finding patterns that were not there before, which, yes, benefits the sales team, but also drives into the marketing material that is put out. So I love that this loop is being closed, which was never quite possible when humans are involved, human egos are involved, and sales doesn't want to give too much information to marketing and vice versa. And this problem has kind of been solved by such a simple thing as just a sales transcript, a demo call transcript that is being written out by AI and pattern finding at scale.
[16:00]
Dave Buettner
Yeah, that's a really interesting use case. I mean, are you finding that in general, this is a companion piece that these AI tools are helping to take away some of the grudge work that folks have to do that takes up a lot of time, that frustrates them?
[16:19]
Anushika Babu
Yes, exactly. So, I mean, that's the part that makes it fun. Right. Because there does not have to be that much fear around it. It is a tool like anything else. And if you take a step back and really see it for what it is, it is a tool and it can be used to do amazing things and be able to make you more competitive in a very, very clustered and, you know, a tight kind of market. It can give you a little bit of edge if you look at it correctly.
[16:47]
Dave Buettner
What are some of the potential perils here? I mean, we've certainly heard about AI platforms hallucinating and things like that. And this sort of thing requires some oversight.
[17:00]
Anushika Babu
Yeah. So one of the things that I teach in some of my workshops is also don't back your AI into a corner because it will be forced to lie, and it will lie. So one of the things that we actually, we did this experiment in one of my workshops was you write out a prompt that basically gives the AI an idea of exactly what outcome you're hoping to get. In the sense that I really hope that this place is. For example, if you are trying to really, really get an outcome from your AI that a kangaroo uses all four limbs and you keep pushing at that in your prompt, you say something like, oh, when the kangaroo uses its front four limbs, for example, if you start the prompt that way, you're basically backing the eye into a corner and creating a situation where it will hallucinate and it will give you the answer that you're trying to get out of it. Unfortunately, yes, it does that. So the idea is to learn prompt engineering that's accurate, formatted correctly. There is a right and wrong way to engineer prompts. It has to have a format, it has to have a context, it has to have an audience for who is going to be using the outcome of that prompt, stuff like that. So there is a whole anatomy to a prompt that you have to go around and try not to like, drop in hints about what would make you happy.
[18:37]
Dave Buettner
For the cybersecurity marketers in our audience, what are your recommendations in terms of getting started with these tools? Where are some of the good places to begin?
[18:48]
Anushika Babu
I think one of the places that cybersecurity marketers have a lot of difficulty with is content marketing. I feel like that might be the hardest part. One, because a lot of people that you will be working with that are very technical are also very camera shy and they hate being in front of the camera and they hate talking and they hate putting out that kind of marketing content and the content that requires you to be in some way a little bit exposed. So that kind of bothers them. So one of the things that I found cybersecurity marketers to embrace is something as simple as Descript or one of those tools, right? So basically it is just a video recording tool which lets you edit by deleting text. That's it. It comes out like a document and then you edit the document and that edits the video, which is very useful because a lot of these guys are not going to be video editors per se. But tools like that really do help. I have also found that simple just sales transcribing tools. Sales demo transcribing tools work really well. I know of marketers who are using GONG a lot and they use that to get the sales transcripts and be able to identify patterns. And I think they also do love the customer survey stuff. So basically they just get a lot of the most recent surveys that have gone out and just the results of it in like a spreadsheet, convert that into a CSV and upload it to AI. And even when you have like 5000, 6000 data points, especially when you have 5000, 6000 data points, and you don't want to have to go through all of that in a customer sheet. In a survey sheet. One of the excellent things that AI is able to do is find patterns of displeasure, annoyance that your customers might have, which will come out in surveys. And it can even suggest a better format for a survey the following time, depending on what redundancies are there in that one. Yeah. I mean, there are so many. Honestly, it's so good. Another one is the social media scheduling and knowing, you know, social media listening, I feel is even more important because you're kind of getting the idea of customer sentiment across entire social media channels, which is, which would have been impossible to track in any other way.
[21:27]
Dave Buettner
I guess it's fair to say that these tools are here to stay.
[21:32]
Anushika Babu
Yep, they're here to stay. And I mean, I don't think, I don't think it's wise to imagine that it's a trend. I do think the fear of it is a trend. I do think the, the hype around it is a trend also, in a way. But the overall, the amount of things it is going to change. It's like what the calculator did to math, right? Like, everybody has gone up in terms like as soon as the calculator came out, math became harder because obviously you have that tool so you can allow for students, for example, to rise to the occasion and just get better at it. It's the same thing with AI. It's another tool that has come out that will change the way marketers market. You just rise to the occasion.
[22:21]
Dave Buettner
That's Anushiko Babu, Chief growth officer at AppSec Engineer. What's the common denominator in security incidents? Escalations and lateral movement. When a privileged account is compromised, attackers can seize control of critical assets. With bad directory hygiene and years of technical debt, Identity Attack paths are easy targets for threat actors to exploit, but hard for defenders to detect. This poses risk in active directory, entra ID and hybrid configurations. Identity leaders are reducing such risks with Attack Paths Management. You can learn how attack path management is connecting identity and security teams while reducing risk with Bloodhound Enterprise, powered by Spectrops. Head to Spectrops IO today to learn more Spectreops. See your attack paths the way adversaries do. And finally, our neurodiversity desk tells us Flipper Devices. The same crew that gave security pros their beloved Flipper Zero, also known as the Swiss army knife of wireless mischief, is stepping into productivity with a new sidekick, the Busy Bar. But instead of sniffing RF signals, it's blocking distractions like a digital bouncer for your brain, designed with ADHD in mind. And honestly, anyone who's ever tried writing a report while Slack explodes, Busy Bar brings a hacker's sensibility to focus. It packs a pomodoro timer, LED display, tactile fidget buttons, and ties into the busy mobile app to silence alerts, wrangle smart home devices and beam a big Do Not Disturb sign to the world. Flip into Busy mode and your environment autotunes notifications vanish, blinds drop and lights dim like it's time to crack a CTF challenge. With Apple and Google Home Integration, your workspace becomes your ops center. Coming soon for just 249 bucks. Because operational security starts with personal focus. And that's the Cyber Wire. For links to all of today's stories, check out our daily briefing@thecyberwire.com we'd love to know what you think of this podcast. Your feedback ensures we deliver the insights that keep you a step ahead in the rapidly changing world of cybersecurity. If you like our show, please share a rating and review in your favorite podcast app. Please also fill out the survey in the show notes or send an email to cyberwire2k.com N2K's senior producer is Alice Carruth. Our Cyberwire producer is Liz Stokes. We're mixed by Trey Hester with original music and sound design by Elliot Peltzman. Our executive producer is Jennifer Ibin. Peter Kilpe is our publisher and I'm Dave Bittner. Thanks for listening. We'll see you back here tomorrow. Looking for a career where innovation meets impact Vanguard's technology team is shaping the future of financial services by solving complex challenges with cutting edge solutions. Whether you're passionate about AI, cybersecurity or cloud computing, Vanguard offers a dynamic and collaborative environment where your ideas drive change. With career growth opportunities and a focus on work life balance talents, you'll have the flexibility to thrive both professionally and personally. Explore open cybersecurity and technology roles today@vanguardjobs.com.